Palaiologue · Legal
Privacy Policy
01
Who We Are
Palaiologue is a fashion house producing small-batch clothing inspired by Byzantine and Greek folk traditions, designed and made in Thessaloniki, Greece. We operate the online store at palaiologue.com.
For the purposes of the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and Greek Law 4624/2019, Palaiologue is the Data Controller of the personal data you provide to us or that we collect when you visit our website or place an order.
Questions about this policy? Contact us at privacy@palaiologue.com — we aim to respond within five business days.
02
Data We Collect
Data you provide to us
| Category | Examples | When collected |
|---|---|---|
| Identity | First and last name | Account creation, checkout |
| Contact | Email address, phone number | Account creation, checkout, contact form, newsletter sign-up |
| Delivery | Billing and shipping address | Checkout |
| Payment | Payment method type, last four digits (card number and CVV are never stored by us) | Checkout — processed directly by Stripe or PayPal |
| Account | Username, encrypted password, order history | Account creation |
| Communications | Messages sent via contact form, emails, or support requests | When you contact us |
| Marketing preferences | Newsletter subscription status, consent records | Newsletter sign-up |
Data collected automatically
When you visit our website, we automatically collect certain technical information:
- Usage data: pages visited, time spent, referring URLs, links clicked
- Device data: IP address (anonymised after 24 hours), browser type and version, operating system, screen resolution
- Cookie data: session identifiers, preference settings — see Section 7 for full details
We use Google Analytics 4 with IP anonymisation enabled. We do not receive personally identifiable browsing data.
Data we do not collect
We do not knowingly collect special category data (health, ethnicity, religion, political opinions, biometric data) or financial account credentials. We never store full payment card numbers or CVV codes on our servers.
03
Legal Bases for Processing
Under GDPR Article 6, we process your personal data on the following legal bases:
| Legal basis | When we rely on it |
|---|---|
| Contract (Art. 6(1)(b)) | Processing necessary to fulfil your order, manage your account, and provide customer service |
| Legal obligation (Art. 6(1)(c)) | Retaining transaction records for Greek tax law (L. 4308/2014), fraud prevention obligations |
| Legitimate interests (Art. 6(1)(f)) | Website security, fraud detection, improving our services, anonymised analytics — always balanced against your rights |
| Consent (Art. 6(1)(a)) | Sending marketing emails or newsletters; placing non-essential cookies. You may withdraw consent at any time. |
04
How We Use Your Data
- Process and fulfil your orders, including shipping, tracking and returns
- Create and maintain your customer account
- Send order confirmations, shipping notifications and receipts
- Respond to enquiries, complaints, and support requests
- Send marketing emails and newsletters — only with your explicit consent
- Prevent and detect fraud, abuse, and security incidents
- Comply with our legal and regulatory obligations (accounting, tax, consumer law)
- Improve our website, product assortment, and customer experience through anonymised analytics
We do not use automated decision-making or profiling that produces legal or similarly significant effects on you.
05
Sharing Your Data
We do not sell, rent, or trade your personal data. We share data only where strictly necessary with trusted third parties acting as Data Processors under binding contracts:
| Recipient | Purpose | Location |
|---|---|---|
| Stripe / PayPal | Secure payment processing | EU / USA (SCCs) |
| LiteSpeed / Hosting provider | Website hosting and server infrastructure | EU |
| Courier / shipping partner | Order delivery (name, address, phone) | Greece / EU |
| Mailchimp / newsletter provider | Email marketing (subscribers only) | USA (DPF certified) |
| Google Analytics | Anonymised website analytics | USA (DPF certified) |
| Akismet | Spam detection on comment forms | USA (SCCs) |
We may also disclose your data where required by Greek or EU law, or in response to a lawful request from a competent authority.
06
International Transfers
Where we transfer personal data outside the European Economic Area (EEA), we ensure an adequate level of protection using one or more of the following safeguards:
- The recipient country has been deemed adequate by the European Commission
- EU Standard Contractual Clauses (SCCs) approved under Article 46 GDPR
- The EU-U.S. Data Privacy Framework (DPF) — for certified U.S. recipients
You may request a copy of the relevant safeguards by contacting us at privacy@palaiologue.com.
07
Cookies
We use cookies and similar technologies to operate our website, remember your preferences, and understand how visitors use our site. You can manage your cookie preferences at any time via our cookie banner or your browser settings.
Strictly necessary cookies
Required for the website and shop to function. These cannot be disabled.
Analytics cookies (with consent)
Marketing cookies (with consent)
You may withdraw cookie consent at any time by clicking “Cookie Preferences” in the site footer, or by clearing cookies in your browser settings.
08
How Long We Keep Your Data
| Data type | Retention period | Reason |
|---|---|---|
| Order records | 10 years after transaction | Greek tax and accounting law (L. 4308/2014) |
| Customer account data | 3 years after last activity, then deleted on request | Contract performance, customer service |
| Marketing consent records | Until consent is withdrawn + 3 years | Compliance with GDPR consent obligations |
| Support correspondence | 3 years from resolution | Legitimate interest in documenting complaints |
| Analytics data | 14 months (GA4 default) | Site improvement (anonymised) |
| Server logs / IP addresses | 30 days | Security and fraud detection |
After the applicable retention period, data is securely deleted or anonymised. You may request earlier deletion — see Section 9.
09
Your Rights Under GDPR
As a data subject under GDPR, you have the following rights. To exercise any of them, contact us at privacy@palaiologue.com. We will respond within 30 days.
Right of Access
Request a copy of all personal data we hold about you (Art. 15).
Right to Rectification
Ask us to correct inaccurate or incomplete data (Art. 16).
Right to Erasure
Request deletion of your data where no legal obligation requires us to keep it (Art. 17).
Right to Restriction
Ask us to restrict processing of your data in certain circumstances (Art. 18).
Right to Portability
Receive your data in a structured, machine-readable format to transfer elsewhere (Art. 20).
Right to Object
Object to processing based on legitimate interests or for direct marketing (Art. 21).
Right to Withdraw Consent
Withdraw consent for marketing or cookies at any time, without affecting prior processing.
Right to Lodge a Complaint
You may complain to the Greek Data Protection Authority (HDPA) at dpa.gr.
We may need to verify your identity before fulfilling a rights request. We will not charge a fee unless the request is manifestly unfounded or excessive.
10
Children’s Privacy
Our website and services are not directed at children under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately at privacy@palaiologue.com and we will delete it promptly.
11
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal obligations. When we make material changes, we will:
- Update the “Last updated” date at the top of this page
- Display a notice on our website for at least 30 days
- Email registered customers if the changes significantly affect their rights
We encourage you to review this policy periodically. Continued use of our website after changes take effect constitutes acceptance of the revised policy.
12
Contact Us
For any questions about this Privacy Policy, to exercise your rights, or to raise a data protection concern, please contact us:
Palaiologue
Thessaloniki, Greece