Skip to main content

Karam Crete Spa GDPR compliance

General Data Protection Regulation

Karam Crete considers the protection of your personal data very important and respects the principle of transparency regarding their processing. With this text, we wish to inform you specifically regarding the processing of your personal data while using the website (hereinafter the Website).

1. What categories of personal data do we collect and for what purpose?

For simple browsing of the Website (browsing), no registration is required.

In this case, we can not identify you.

Your personal data through the Karam Crete Website may be processed in the event that a user of the Website subscribes as a subscriber to the Karam newsletter or Loyalty club.

  • Your contact details eg Name and email address, which you provide to us when you register for the Loyalty Club
  • Data that you provide to us for the service and management of the request, through the contact form, as follows (Name, sheet, age, email, telephone number).
  • Data that you provide to us for the subscription to the newsletter (name, e-mail address) through the relevant form.
  • Data resulting from the use of shortcuts to social media Facebook, Twitter, Instagram and the video site Youtube. You can use these shortcuts to recommend our products to your friends.
  • Data that you provide to us for your participation in competitions through the Karam Crete newsletter, as follows (Name, Gender, Address, date of birth, City, TK, Contact telephone (mobile or landline number), Email etc).

2. How long do we keep your personal data?

For browsing no registration is required on the Website. In case a user of the Website wishes to register through our registered customer system for purchases, then the User’s personal data is retained as long as their account is active.

3. Will Karam process your personal data for other purposes?

Karam Crete will not process your personal data for purposes other than those listed above. In the event that Karam wishes to use your personal information for other purposes, it will do so only after informing you of this and obtaining your express consent.

4. Who are the recipients and for what purpose are personal data transmitted to them?

Recipients of your personal data may be third parties with which we work for the design, technical support, improvement of the Website and the individual services provided through it. In these cases, these third parties are the processors on behalf of Karam Crete, who undertake the execution of a specific project following our instructions and applying strict procedures regarding the processing of your personal data. In these cases, Karam Crete is still responsible for the processing of your personal data.

Recipients of personal data may be:

  1. Financial institutions through which electronic purchases of products and/or services are made.
  2. Third companies that cooperate with Karam Crete for the development & support of the website, which follow the processing rules and security requirements set by Karam and specifically:
  3. The company FIFART IKE (Distinctive Title Digital Agency Lexis), based in Greece (57 Panepistimiou Street, Athens, 10564), provides technical support to our isotope. The transmission of data concerns only cases of technical support (eg solving technical problems – research problems during your order, etc.).
  4. The company MAILCHIMP supports the service of sending and sending personalized information through Newsletters and is based in the USA.

The processing of your personal data for the above purposes by our partners is carried out mainly within Greece and the European Union (EU). In case we cooperate with companies outside the EU, they will process your data, only after our order and in case there is an adequacy decision of the European Commission or if the appropriate clauses are agreed that ensure a high level of security in relation to the processing of your personal data.

Apart from the above cases, the Companies do not disclose, process or disclose your personal data to third parties, except in cases where their notification/transmission is required by applicable law.

5. What are your rights as a user of the Website with the processing of your personal data?

The rights you can exercise include:

  • Right of access: You have the right to receive information about your personal data that we process (eg the purposes of the processing, the types of data, the recipients to whom they are notified, the period for which they are kept) and to provide you with copies of them.
  • Right of correction: You have the right to request a correction of your data (eg correction of address, contact details, ID number).
  • Right of deletion: You have the right to request the deletion of your personal data in case they are no longer necessary in relation to the purposes for which they were processed or in case you revoked the consent on the basis of which we collected and processed them.
  • Right to restrict processing: You have the right to request the restriction of processing for a specific purpose.
  • Right to data portability: You have the right to receive your personal data provided to the company in a structured, commonly used format that is also legible.
  • Right to object to the processing of your personal data in cases where you do not wish the processing of your personal data.

You also reserve the right to submit a written complaint to the competent supervisory authority, the Personal Data Protection Authority (1-3 Kifissias Ave., 115 23, Athens +30 210 6475600, contact email

Karam Crete will respond to your requests free of charge without delay within one month of receiving the request. In exceptional cases, this deadline may be extended for two (2) months if required due to the complexity of your request. In any case, we will inform you about this extension and the reason for the delay.

If we consider your request to be manifestly unfounded or excessive we reserve the right to request a reasonable fee for the satisfaction of taking into account the administrative costs for its execution or even to refuse to follow up on your request.

6. What kind of measures are taken to protect your personal data?

Karam Crete takes appropriate organizational and technical measures for the security of the data and their protection against accidental or unlawful destruction, accidental loss, alteration, prohibited dissemination or access and any other form of unlawful processing.

These are indicative:

  • measures to prevent unauthorized persons from accessing data processing systems (access control).
  • measures to ensure that data processing systems cannot be used by unauthorized persons (denial of access control).
  • measures to ensure that persons authorized to use data processing systems have access only to the data for which they have been authorized and that personal data may not, during processing, or use, or after recording be transmitted, copied, modified or deleted by unauthorized persons (data access control).
  • measures to ensure that during electronic transmission or during transfer or recording, personal data may not be transmitted, copied, altered or removed by unauthorized persons and that executors may be checked and identified processing, to which personal data has been transferred via data transmission equipment (data transfer control).
  • measures to ensure that it is possible to retrospectively examine and verify whether and by whom personal data have been entered, modified or deleted in data processing systems (data entry control).
  • measures to ensure that personal data processed by third parties/contractors are processed only in accordance with the subscriber’s instructions (contractor control).
  • measures to ensure that data collected for different purposes can be processed separately (separation rule).