ελ
Shape

Privacy Policy

1.    PERSONAL DATA PROTECTION STATEMENT

 In «FOURLIS HOLDINGS SOCIETE ANONYME» (hereinafter referred to as the «Company») we acknowledge the importance of personal data (hereinafter referred to as «data») of the visitors of the website www.fourlis.gr (hereinafter referred to as «the Webpage»  or «Website») and we guarantee their respect and protection, always in compliance with the General Data Protection Regulation issued by the European Parliament and with the generally applicable laws. The Company shall allow only authorized persons to have access to them and shall receive increased data security measures, among other things against any wrong handling, unauthorized access, amendment, disclosure.

The present Statement and the Privacy Policy shall apply for the website of the Company and its purpose shall be to provide information concerning the collection, storage, use and any other form of processing of the visitors’ and users’ data and information by the Company, acting in its capacity as Data Controller, as well as concerning your rights pursuant to the applicable provisions.

2.    DEFINITIONS

«General Data Protection Regulation»
or
«General Regulation»

«General Data Protection Regulation»
or
«General Regulation»		 Regulation (EU) 2016/679 of the European Parliament and the Council, dated 27th of April 2016, on the protection of natural persons against the processing of personal data and on the free movement of those data and on the repeal of the directive 95/46/EC (General Data Protection Regulation), which have been incorporated in the Greek laws by the Law 4624/2019 as currently codified by Law 5043/2023.
«Personal Data» Any information concerning an identified or identifiable natural person (“data subject”); the identifiable natural person is the person whose identity may be verified, directly or indirectly, especially by reference to identifying data, such as name, ID number, location data, or one or more factors relating to physical, genetic, or social identity.
«Special Category Data»
(Sensitive Personal Data)		 Personal Data that are particularly sensitive in relation to fundamental rights and freedoms and require special protection, as their processing could pose significant risks. These include data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, as well as genetic and biometric data for identification, health data, and data concerning a person’s sexual life or orientation.
«Processing» Any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, use, disclosure by transmission, dissemination, restriction, erasure, or destruction.
«Consent»
of the data subject		 Any indication of free, specific, explicit will, formed in full awareness, through which the data subject demonstrates, by providing a relevant statement or by proceeding to an obvious and clear positive act, that they agree to place their personal data under processing.
«Data Controller» The natural person or legal entity, the public authority, or service or any other body or organisation, that individually or jointly specify the scope, purpose and method of personal data processing; when the purpose and the method of this processing are specified by EU law or by the laws of a member state, the data controller or the special criteria for their appointment may be provided by EU law or by the laws of a member state.
«Processor» The natural person or legal entity, the public authority, or service or any other body or organisation processing personal data on behalf of the data controller.
«Cookies» Cookies are small text files saved on your computer or mobile device when you visit a webpage. They are primarily used to ensure that your visit to our website is as user-friendly as possible. However, cookies never contain personal information that could allow anyone to contact the visitor of the site, such as via email, etc.

 

3. PURPOSE OF COLLECTION AND PROCESSING OF PERSONAL DATA

The Company collects and processes only those data that are required for the achievement of the following purposes. More specifically:

3.1. For identification purposes and for establishing contact with you, for the examination, review and handling of the complaint, comment or request you have submitted.

3.2. For the proper and effective operation and management of our website, for the purpose of improvement of our services provided and of your web experience in our site.  

3.3. For safety reasons or in order to investigate any case of fraud or other violations of the terms of use of our website or of this policy.

3.4. For the understanding of the way you use and interact with the content of our website using cookies.

3.5. For the management of the contractual relationship with those having transactions with the Company, such as provision of services, execution of works, cash collections, payments, audits, fulfilment of contractual obligations, etc.

3.6. For the guarantee of prevailing legitimate interests of the Company, such as the transmission of data to competent authorities.  

4. WHICH CATEGORIES OF DATA WE COLLECT 

4.1. Data which the data subject itself communicates when they log-in or/and are navigated in our website or when they are submitting some kind of electronic comment, complaint, question or request and these data are required for the establishment of contact between the Company and the data subject. Furthermore, data which the data subject itself inserts by sending their curriculum vitae for applying to the offered job post, etc. More specifically:

  • Identification data, such as full name, TIN, date of birth, age, sex, country of origin and city of residence;
  • Contact details/data, such as e-mail address (email), fixed telephone number or/and mobile phone number;
  • Data about education and working experience, fulfilment of military service obligations, curriculum vitae of candidates applying for a job post in the Group, as well as statements of preference in relation to the employment (desirable city/country for work/employment, desirable job position, type of employment etc.). We do not seek to obtain, and we shall not collect special categories of data in relation to a candidate, unless this is permitted or required by the applicable legislation. In exceptional cases that such data (e.g. health data) are communicated to us, we shall process it because you are sending us such data in order to support your prospects for the job. These data shall be submitted for processing only to the extent that this is absolutely necessary for the assessment of the suitability of the applicant for the specific job position and tasks or for compliance with the legal obligation.

4.2. Cookies

As described in detail in the Cookies Policy, we shall collect information using cookies.  

4.3. Data of Devices

When you are visiting our website, we receive the URL address of the website from which you have logged in, the data and the time of your visit, the operational system of the device and the browser you are using, as well as the IP address of your device.  

4.4. In the context of a forthcoming or existing transactional relationship with the Company, the Company may process the following categories of data of those transacting with it:  

  • Identity card data and contact details, such as full name or name of the undertaking, in case that the data subject is a legal entity, TIN, Tax Office, address, fixed telephone number, mobile phone number, e-mail address.
  • Data which have been placed under processing in the context of a work, a sale and purchase contract or provision of a service, such as the bank account number, personal data related to performed and completed payments, requests and agreements in the context of implementation of a work or of a cooperation in general.
  • Data in relation to court cases or other legal procedures/proceedings against those transacting with the Company, collected from publicly available sources, databases, court authorities and credit rating agencies.

The Company and its webpage shall address individuals having reached the age of 18 years. If minors voluntarily visit our website, the Company shall bear no responsibility. In case that upon collection of data is made clear that the user is a minor, the Company shall not process their personal data.

5. LEGAL GROUNDS FOR PROCESSING

The processing of your personal data is required for the fulfilment of the aforementioned purposes. Unless otherwise specified upon collection of personal data the legal basis / ground for their processing shall be one of the following:

5.1. The processing is necessary and required for the application and implementation of a contractual relationship (Article 6.1.b. of the General Regulation).  

5.2. The processing is necessary and required for the purposes of the legitimate interests of the Company (Article 6.1f of the General Regulation).  

5.3. Your express consent to personal data processing has been given (Article 6.1.a of the General Regulation).

5.4. The processing aims at the fulfilment of your obligations provided by law, for example when the relevant data are requested from the tax authorities in the context of audits or in the event of pending cases before supervisory, auditing, regulatory, administrative or judicial authorities (Article 6.1.c. of the General Regulation).

6. DATA RECIPIENTS

Data recipients are the co-workers of the Company responsible for any specific processing.   

The Company may communicate, transmit or assign the processing of part or the entire data, to the following persons, provided the relevant legal requirements shall apply, and subject to compliance in any case with the business confidentiality obligation and the obligation for secrecy, such as for example:

  • to responsible co-workers of other Group subsidiaries, in the context of their business engagements (HOUSEMARKET SA, SPORTSWEAR MARKET SINGLE MEMBER SA, SPORTSWEAR MARKET ELLAS SINGLE MEMBER LLC, TRADE LOGISTICS SA, WELLNESS MARKET SA), in cases that the database and the data management system is common for all companies or in cases that this transmission is strictly required for the above-mentioned purposes.
  • To third parties (natural persons or legal entities) to which the Company respectively assigns the implementation of certain works to be performed on her behalf. 
  •  To companies processing, managing and maintaining databases and webpages. 
  • To companies providing development, maintenance services, configuration of IT applications, e-mail services, webhosting services including the cloud services.
  • To recruitment consultants, in the context of works required for the assessment and filling of each job vacancy or for other job vacancies that might arise and match the experience and the qualifications of the registered users, as well as for reasons of communication with them as regards the said vacancies 
  • to court, administrative, tax or other public authorities, regulatory bodies and lawyers, if this is required and necessary for the purpose of the Company’s compliance with the legislation or/and for the establishment, lodging or support of legal claims or for the defence and support of the Company’s rights.  

In all these cases, upon registration, access or/and processing of the visitor’s and the registered user’s personal data, the co-workers, and authorised agents of FOURLIS Group and of the Group’s companies shall be committed to fully comply with the provisions of the Regulation as well as with the applicable legislation on personal data protection. Further, FOURLIS Group and the Group’s companies shall require from their co-workers, the maintainers of the Webpage, as well as from their individual partners (third parties) to take all necessary technical and organizational measures, including the appropriate policies and procedures, so that the disclosure of Personal Data processed on their own behalf can be prevented.  

The Company shall guarantee that it will not proceed to any transmission, communication, concession etc. of your personal data to third parties for any purpose whatsoever or for use beyond the information explicitly disclosed by this Policy.

FOURLIS Group and the Group’s Companies shall not transmit or store the above data to/in third countries. The personal data collected shall be submitted for processing to servers located in the EU or in the EEA.

7.    DATA RETENTION TIME UPDATE

The Company shall maintain the personal data for as long as it is required for the fulfillment of the purposes described in this policy, unless the applicable legislation provides for a longer compulsory period of time. The criteria governing the determination of the data retention time shall include the following: a)for as long as it is required so that the Company shall always comply with any legal obligation imposed on it; b)for as long as its contractual relationship with the data subject lasts; c)for as long as it is required in view of the relevant legal stand of the Company (such as for example defense and support of rights before the competent courts, audits and controls of regulatory authorities etc.).

In case of a candidate as registered user (user account) in the system, for the filling of a job vacancy, his/her Personal Data shall be maintained in the database for a period of 24 months as of the registration date, and provided that the candidate is not in a recruitment process. This reasonable period of time was selected on the basis of the legitimate interest of the parties and the technical capabilities of the system (article 6 par.1f’ of the Regulation).  

Once a year, FOURLIS Group and the Group’s Companies shall request from the registered user:  

  • To confirm that he/she wishes to keep the user’s account and his/her Personal Data in the electronic base of the system;
  • To review the correctness of the data retained and to update them provided there are changes in them.

The registered user may at any time change, modify or correct his/her data by logging in his/her account in the Webpage (login) and inserting his/her e-mail and his/her password.  

Any candidate wishing for his/her data not to be retained or kept for the above period of time, may exercise the right to erase them, as below provided.

8. TECHNICAL AND ORGANISATIONAL PROTECTION MEASURES

FOURLIS Group and the Group’s Companies, the processors acting on their behalf and their authorized agents shall be contractually committed to apply the appropriate technical and organizational measures for the best possible protection of Personal Data against any coincidental or illegal destruction or loss, alteration, illegal disclosure of Personal Data or illegal access to them and in general against their illegal processing (including the remote access to them), as well as for guaranteeing the recovery option of their availability and the access to them. These measures shall aim at ensuring a safety level that corresponds to the danger that might threaten the specific data, always taking into account the type, kind and the significance of the data, the evolution of technology, the application cost and the nature, scope of application, framework and the purposes of each specific processing, applying at the same time procedures for the regular testing, assessment and evaluation of effectiveness of these technical and organizational measures. In any case, they shall be contractually committed to keep Personal Data secret and confidential and not to communicate or disclose them or allow access to them to any third party without the previous notification of the data subject, except for the cases explicitly provided by law.

FOURLIS Group and the Group’s Companies shall take the necessary technical and organizational measures for data protection, as above described, however, they cannot guarantee the data safety transferred through the Website, or via connected websites or applications. The candidates shall acknowledge and accept, as users of web services, that the transmission and dispatch of information via internet has always inherent risks.  

9.    RIGHTS OF THE DATA SUBJECTS

Any visitor or registered user, as data subject, may exercise at any moment his/her rights, as these are provided in the Regulation, and, particularly, in articles 12 to 23 of this Regulation and in the national laws, and, more specifically:

  1. the right to receive information and to access his/her data processed by FOURLIS Group and the Group’s companies, as well as the right to receive supplementary information about their processing;
  2. the right to limitation of his/her data processing, that is the suspension of this processing, provided that the accuracy of the data is questioned, there are objections as to their processing or there occurs any other reason prescribed in the respective Greek or European Legislation on Personal Data Protection;
  3. iii.         the right to update, correct, supplement his/her personal data;
  4. the right to submit a request for erasure of the entire or part of his/her personal data, which shall be satisfied provided that there occurs no other legal ground for processing, such as, indicatively, the obligation for personal data processing imposed by law;
  5. the right to object, thus raise objections against the processing of his/her personal data, when there is a relevant legitimate interest.
  6. the right to portability of his/her personal data.

The data subject may exercise his/her above-mentioned rights as follows:

  • With regard to the right to access, to erase the data partly or entirely, to correct/supplement the Personal Data and to object to their processing, FOURLIS Group and the Group’s Companies shall provide the registered users with the option to review, correct/supplement their Personal Data through their personal account or to request access, erasure in part or in whole and correction of their data via e-mail correspondence to the e-mail address dpo@fourlis.gr.
  • With regard to the right of portability of Personal Data, FOURLIS Group and the Group’s Companies shall provide the registered users with the option to receive /obtain their Personal Data or/and transmit them to another data controller using a structured, commonly used and readable by computer equipment format, which will be indicated by the competent supervisory authority, by submitting a relevant request to the e-mail address: dpo@fourlis.gr.

In case of exercise of any of the aforementioned rights, FOURLIS Group and the Group’s companies shall take any possible step towards the satisfaction of the request of the data subject within one (1) month as of the date of its valid submission. In this case, the data subject shall be notified of the retention and maintenance of their minimum necessary personal data for the purpose of guaranteeing the Company’s legitimate interests. It is clarified that in order for the exercise of the aforementioned rights be considered lawful and valid, the identification of the complainant may be required, so that it is guaranteed that the personal data in relation to which any of the above-mentioned acts is requested, shall actually belong to the natural person who requests the execution of the specific act.

10. RIGHT TO WITHDRAW CONSENT

In case that the data subject has declared their consent for the processing of specific personal data by the Company, they have the right to revoke their consent at any moment or to change the degree of their consent already granted, and this revocation shall be effective in the future. The revocation of the consent does not influence the legality of processing based on the consent before its revocation. In case of revocation of the consent, the Company may further process the personal data, provided only that there is another legal ground for the processing.

11. DATA CONTROLLER

Data Controller shall be «FOURLIS HOLDINGS SA». For any information in relation to their data, as well as their processing and protection, any and all data subjects may address the Data Protection Officer of FOURLIS Group to the email dpo@fourlis.gr and by using the call line 0030-210 6293011.

Data Controllers together with FOURLIS Group (FOURLIS Holdings SA) shall jointly be all subsidiaries of the Group (HOUSEMARKET SA, SPORTSWEAR MARKET SINGLE MEMBER SA, SPORTSWEAR MARKET ELLAS SINGLE MEMBER LLC, TRADE LOGISTICS SA, WELLNESS MARKET SA), in the cases that the database and the data management is common for all the companies. 

12. TRANSPARENCY OBLIGATION – RIGHT TO ADDRESS THE DATA PROTECTION AUTHORITY

The competent authority shall be the Hellenic Data Protection Authority. The data subject, provided they consider that they are not satisfied by the method of collection, processing and management of their data, they have the right to file a complaint with the competent supervisory authority (Data Protection Authority, www.dpa.gr, 1-3, Kifisias str., P.C. 11523, Athens, tel.0030 2106475600, email: complaints@dpa.gr). The data subject should have previously informed the Company and this notification should have been preceded by an effort of the data subject to file a relevant complaint with the Company.

13. AMENDMENTS TO THE PRESENT POLICY

FOURLIS Group and the Group’s Companies may amend and update the present Policy at any period of time and for any reason whatsoever, without prior notice, apart from the uploading of the updated statement in their webpage.  

The present Policy shall be effective as of July 2025.