Free shipping on all online orders over €89.90

Shopping Cart

Your cart is empty

Continue Shopping

Privacy policy

PRIVACY POLICY

 

Last updated: June 26, 2025

1. Who We Are

The company NS MATTRESSES (hereinafter "the Company", "we", "us", "our"), with its registered office at 18th km Veria – Edessa, P.C. 59200, Greece, and contact email info@naoussa-strom.gr, is the Data Controller of the personal data collected through the e-shop www.naoussa-strom.gr.

The Company is not obligated to appoint a Data Protection Officer (DPO); should a DPO be appointed in the future, their contact details will be posted here.

2. What Categories of Data We Collect

  • Identity data: full name, Tax Identification Number (TIN) / Tax Office (for invoicing purposes), age / date of birth where required.

  • Contact data: shipping & billing address, telephone number, e-mail.

  • Transaction data: order history, payment method, purchase value.

  • Payment data (processed only): card number, expiry date, CVC – this information is not stored on our servers; it is routed through the secure environment of our payment providers, Viva Payments S.A. & PayPal.

  • Technical data: IP addresses, device identifiers, log files, cookies (see § 8).

3. Purposes & Legal Bases for Processing

Purpose Legal Basis (GDPR)
Execution of online orders, payment & product delivery Art. 6(1)(b) – performance of a contract
Issuing invoices, maintaining accounting records Art. 6(1)(c) – legal obligation
Customer service & after-sales support Art. 6(1)(b) & (f) – performance of a contract / legitimate interest
Commercial communication (newsletters, offers) Art. 6(1)(a) – consent / Art. 11 of Greek Law 3471/2006
Network security & fraud prevention Art. 6(1)(f) – legitimate interest
Website optimization & usage statistics (analytics) Consent via cookie banner or anonymised data

4. Recipients & Data Processors

Your data may be disclosed to:

  • Payment providers (Viva Payments S.A., PayPal);

  • Courier companies for the delivery of orders;

  • Hosting & cloud providers (within the EU/EEA) for the operation of the e-shop;

  • Professional advisors (accountants, lawyers) where necessary;

  • Public authorities (tax, judicial, police) upon a lawful request.

We sign Data Processing Agreements (DPAs) (Art. 28 GDPR) with all processors to ensure an equivalent level of protection.

5. International Transfers

We do not transfer data outside the EU/EEA. If such a transfer becomes necessary (e.g., to a cloud server in the US), we will implement Standard Contractual Clauses (SCCs) or another lawful mechanism and will inform users in advance.

6. Retention Period

  • Tax & transactional data: up to 10 years, in accordance with the Tax Procedure Code.

  • Account customer data: up to 5 years after the last purchase or until a deletion request is made.

  • Newsletter data: until consent is withdrawn.

  • Cookies: as stated in the cookie table (§ 8).

    After the above periods expire, the data is deleted or anonymised.

7. Data Subject Rights

You have the following rights (Articles 12-22 GDPR):

  • Access to your data;

  • Rectification of inaccuracies;

  • Erasure ("right to be forgotten"), where applicable;

  • Restriction of processing;

  • Objection to processing based on legitimate interest or for direct marketing;

  • Data portability (in a structured, commonly used format);

  • Withdrawal of consent (without retroactive effect).

To exercise your rights, please contact us at info@naoussa-strom.gr; we will respond without delay and within 1 month. If you believe we are violating the law, you may lodge a complaint with the Hellenic Data Protection Authority (HDPA).

8. Cookies & Similar Technologies

We use cookies for the proper functioning of the site, personalization, and usage analysis. Categories:

  • Strictly Necessary (always-on, do not require consent).

  • Functionality (preferences); require consent via banner.

  • Analytics & Performance (Google Analytics 4 with IP anonymization); require consent.

  • Advertising / Remarketing (e.g., Meta Pixel); require consent.

The cookie banner provides equal choices to "Accept all" / "Reject" / "Customise settings". You can withdraw or modify your cookie settings at any time via the "Manage cookies" link in the footer.

9. Data Security

  • SSL/TLS encryption throughout the connection.

  • PCI-DSS compliance of our payment providers; no card details are stored on our servers.

  • Firewalls, role-based access control, strong passwords, regular backups.

  • Regular vulnerability scans & staff training.

  • Breach notification procedure: notification to the HDPA and affected users within 72 hours where required (Art. 33-34 GDPR).

10. Minors

Our services are intended for individuals over 18 years of age. If you are under 18, please obtain parental/guardian consent before using the e-shop. If we become aware that we have collected data from a minor without parental consent, we will delete it immediately.

11. Policy Updates

We may amend this policy for compliance reasons or to improve our services. Any material changes will be communicated via a notice on the website. The current version will always indicate the "Last updated" date.

Free Shipping with purchases over €89.90

Free Cash on Delivery on all courier shipments

For purchases over €199.00, 3 interest-free installments are possible.