Επικοινωνία Όροι Απόρρητο Επιστροφές
— Legal

Privacy Policy

Last updated · 30 April 2026

Draft notice. Awaiting legal counsel review before publication.

Data controller

The controller of your personal data is Penesi, a sole proprietorship registered at Stadiou 25, Peristeri, 12131 Athens.

Trade name
Penesi — Studio
VAT no.
[to be filled]
Email
contact@penesi.studio.com

Data we collect

We collect only the data necessary to fulfil your order and improve your experience in the shop.

Identification

Full name, billing & shipping address, phone, email.

Order details

Items, quantities, value, payment method (no card numbers — these are processed by the payment provider).

Browsing data

IP, device type, browser, pages visited, time spent. Collected only with your consent via the cookie banner.

Purposes of processing

  • Order fulfilment — shipping, invoicing, after-sales support.
  • Legal compliance — issuing tax documents, transmitting to myDATA / AADE (Greek tax authority).
  • Communication — if you subscribe, we send new collection notes & announcements.
  • Improving the shop — anonymous statistics (only with consent).

Processing is based on Article 6 of the GDPR — specifically performance of a contract for order data, legal obligation for tax data, and your consent for newsletter and analytics.

Sharing & recipients

Your data is only shared with necessary processors:

  • Payment providers — Stripe, Apple Pay, Google Pay (PCI-DSS).
  • Couriers — ELTA Courier, ACS, Speedex (only what's needed for delivery).
  • Accountancy & AADE — invoice transmission via Oxygen Pelatologio / myDATA.
  • Cloud / hosting — Shopify (US-based, with Standard Contractual Clauses).
  • CDN & security — Cloudflare (global edge network, cookieless analytics).
  • Statistics — Google Analytics 4 (US-based, EU-US Data Privacy Framework, IP anonymization). Activated only with your consent.

We never sell your data to third parties for advertising purposes.

Retention period

  • Order data & invoices — 10 years (Greek tax law obligation).
  • Account & contact details — until you request deletion.
  • Newsletter — until you unsubscribe.
  • Cookies / analytics — see Cookie Policy.

Your rights

Under the GDPR you have the right to:

  • Access your data.
  • Correct inaccurate information.
  • Erasure ("right to be forgotten").
  • Restrict processing.
  • Data portability (receive your data in a structured format).
  • Object to processing for direct marketing.
  • Withdraw consent at any time.

To exercise your rights, email contact@penesi.studio.com. For complaints, you may also contact the Hellenic Data Protection Authority (www.dpa.gr).

Contact

For any question about this policy, write to contact@penesi.studio.com. We respond within 5 working days.