Purchasing Products via the website
By purchasing a product from the company, the user expresses her/his wish to have the company process a set of personal information in order to complete the transaction. This data is objectively and legally essential to the function of the provided service.
When the user is in the process of ordering a product from the website, she/he will be required to fill necessary fields in the order form. The data will then be processed by the company for the purpose of fulfilling the order. In doing so the company will perform a series of actions which might can include gathering, organizing, rectifying, storing, adjusting, searching the data.
For the purposes of completing the order, we collect data which include the name, surname, billing and shipping address, member ‘s date of birth, telephone number, e-mail address, member’s name, member’s code of each user. Finally, communications’ data such as for e.g., IP address that are technically necessary for your navigation on our website or/and for making purchases that are maintained for as long as the law provides for businesses like ours.
The company shall hold on to the user’s data for however long the contractual relation is maintained between them. For those users that have registered to the website, the data will be held for as long as these users have an active account. Some of the data provided by the user will be stored for longer for tax purposes. These data include the user’s name, billing address and product order.
The user shall rest assured that the company is absolutely committed to implementing modern and suitable means of technological processing (e.g., encryption, anonymity) as well as organizational measures in order to achieve data security.
Reserving a table in Peskesi Restaurant or expressing an interest to book an experience at Peskesi Organic Farm
When the user is in the process of expressing her/his interest in booking an experience at Peskesi Organic farm or reserving a table in Peskesi Restaurant she/he will be required to fill necessary fields in the website. The data will then be processed by the company for the purpose of fulfilling the order. In doing so the company will perform a series of actions which might can include gathering, organizing, rectifying, storing, adjusting, searching the data.
For the purposes of completing the order, we collect data which include the name, surname, telephone number, e-mail address, allergies that they might have, finally communications’ data such as for e.g., IP address that are technically necessary for your navigation on our website or/and for making purchases that are maintained for as long as the law provides for businesses like ours.
The company shall hold on to the user’s data for however long the contractual relation is maintained between them and will proceed to deleting them after 1 week following the reservation, 1 week following a visit to Peskesi Organic Farm or 3 weeks following an expression of interest to book a visit to Peskesi Organic Farm which did not result in a booking. For those users that have registered to the website, the data will be held for as long as these users have an active account.
The user shall rest assured that the company is absolutely committed to implementing modern and suitable means of technological processing (e.g., encryption, anonymity) as well as organizational measures in order to achieve data security.
User’s Rights
The User, may, as appropriate, exercise the following rights:
- The right of access (learning which data of theirs the Company is processing, for what reasons and its recipients)
- The right of amendment (rectifying any inaccuracies or lack of data)
- The right of deletion / right of oblivion (purge from Company files, should their presence, however, no longer be necessary)
- The right of restricting processing (In case of doubt being presented so as to the accuracy of data etc.)
- The right of portability (for the Customer to receive their data at a structured and commonly used format)
Such rights are exercised sans cost for the user, with the sending of relevant postage or email to the Data Protection Officer (DPO), unless they are repeated often and due to volume, they possess administrative weight for the Company, hence the user shall be burdened with the relevant cost.
Should the user exercise any of those rights, the Company shall undertake any possible means for the satisfactory conclusion of such a request within thirty (30) days from receiving the relevant request, after the Company notifies such either for its execution, or the subjective reasons which prevent it.
Third party data processing
It is the responsibility of the company, as the controller, to use processors that have put in place appropriate technical and organizational measures to ensure that the processing meets the requirements of EU Regulation 2016/679 and any other applicable European and national legislation.
Processing by the processor, a partner of the Company, is governed by a contract or other legal act under the law of the Union or the Member State which binds the processor in relation to the Company and determines the subject matter and duration of processing, the nature and purpose of the processing, the type of personal data and the categories of data subjects and the controller’s obligations and rights. This Convention or other legal act provides in particular that the processor:
- processes personal data only on the basis of documented Company’s instructions as a controller, including with regard to transfers of personal data to a third country or international organization, unless it is required to do so under Union law or the law of the Member State to which the processor is a subject. In this case, the processor shall inform the controller of this legal claim in question prior to processing, unless that law prohibits such information on important grounds of public interest;
- ensures that persons authorized to process the personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality;
- takes all necessary measures pursuant to Article 32 of (EU) Regulation No 2016/679,
- complies with the conditions set out above for the recruitment of another processor,
- taking into account the nature of the processing, assists the controller with the appropriate technical and organizational measures, to the extent possible, for the fulfilment of the controller’s obligation to respond to requests for exercising the data subject’s rights laid down in EU Regulation 2016/679;
- assists the controller in ensuring compliance with the obligations pursuant to EU Regulation 2016/679 Articles 32 to 36, taking into account the nature of processing and the information available to the processor;
- at the choice of the controller, deletes or returns all the personal data to the controller after the end of the provision of services relating to processing, and deletes existing copies unless Union or Member State law requires storage of the personal data;
- makes available to the controller all information necessary to demonstrate compliance with the obligations laid down in this Article and allow for and contribute to audits, including inspections, conducted by the controller or another auditor mandated by the controller.
As regards point (h) of the first subparagraph, the processor shall immediately inform the controller if, in his opinion, an instruction infringes this Regulation or other Union or Member State data protection provisions. Where a processor engages another processor for carrying out specific processing activities on behalf of the Company as a controller, the same data protection obligations as set out in the contract or other legal act between the Company as the controller and the processor, as provided for in paragraph 3, shall be imposed on the other processor by a contract or other legal act in accordance with the law of the Union or of the Member State, especially to provide sufficient assurances to implement appropriate technical and organizational measures in order processing meets the requirements of this Regulation. When the other processor fails to meet data protection obligations, the initial processor remains fully accountable to the Company as the controller for the fulfilment of the obligations of the other processor.
Submission of a complaint by the user
The user can contact the Data Protection Officer (DPO) for whichever issue might involve the processing of her/his data. The details of the DPO are as follows:
ΜΙΧΑΛΙΤΣΗ ΜΑΡΙΑ ΤΟΥ ΒΑΣΙΛΕΙΟΥ
ΚΑΠΕΤΑΝ ΧΑΡΑΛΑΜΠΗ 6-8,
Heraklion, P.C. 71202
Crete, Greece
2810288887
COOKIES
A cookie is a small text file that a website stores on your computer or mobile device when you visit the site.
- First party cookies are cookies set by the website you’re visiting. Only that website can read them. In addition, a website might potentially use external services, which also set their own cookies, known as third-party cookies.
- Persistent cookies are cookies saved on your computer and that are not deleted automatically when you quit your browser, unlike a session cookie, which is deleted when you quit your browser. Every time a user visits the website he will be asked to accept or reject the cookies.
By storing a user’s cookies, the website memorizes her/his preferences so as it is possible to make suggestions to the user for new products that she/he may be interested in or display ads on social media. Thus, the user is given the opportunity to choose from a new range of products that he may not have known, to be informed about offers, etc.
Cookies can also be used to establish anonymized statistics about the browsing experience on our website.
The 3 types of first-party cookie we use are to:
- store visitor preferences
- make our websites operational
- gather analytics data (about user behavior)
Visitor preferences
These are set by us and only we can read them. They remember:
- if you have agreed to (or refused) this site’s cookie policy
- if you have already replied to our survey pop-up (about how helpful the site content was) – so you won’t be asked again
Operational cookies
There are some cookies that we have to include in order for certain web pages to function. For this reason, they do not require your consent. In particular:
- authentication cookies
- technical cookies required by certain IT systems
Authentication cookies
These are stored when you log in to our website, using our authentication service. When you do this, you accept the associated privacy policy.
Analytics cookies
We use these purely for internal research on how we can improve the service we provide for all our users. The cookies simply assess how you interact with our website – as an anonymous user (the data gathered does not identify you personally). Also, this data is not shared with any third parties or used for any other purpose. The anonymized statistics could be shared with contractors working on marketing projects or on developers of new products. However, you are free to refuse these types of cookies – via the cookie banner you’ll see on the first page you visit.
Promotional – Marketing cookies (targeting or advertising cookies):
These cookies are used to deliver adverts that are more appealing to each user and more relevant to their interests. They are also used for targeted advertising with the purpose of limiting irrelevant and repetitive ads.
Third-party cookies
Some of our page’s display content from external providers, e.g., YouTube, Facebook and Twitter. To view this third-party content, you first have to accept their specific terms and conditions. This includes their cookie policies, which we have no control over. But if you do not view this content, no third-party cookies are installed on your device.
These third-party services are outside of the control of the company. Providers may, at any time, change their terms of service, purpose and use of cookies, etc.
Our website uses the following cookies:
| Platform / Application | Cookie Name | Category | Domain | Description | Duration |
| CookieHub | cookiehub | Απαραίτητα | Website Domain | Used by CookieHub to store information about whether visitors have given or declined the use of cookie categories used on the site. |
1 year |
| PHP.net | PHPSESSID | Απαραίτητα | Website Domain | Cookie generated by applications based on the PHP language. This is a general purpose identifier used to maintain user session variables. It is normally a random generated number, how it is used can be specific to the site, but a good example is maintaining a logged-in status for a user between pages. |
session |
| Cloudflare | __cfduid | Απαραίτητα | Website Domain | The _cfduid cookie helps Cloudflare detect malicious visitors to our Customers’ websites and minimizes blocking legitimate users. It may be placed on the devices of our customers’ End Users to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It is necessary for supporting Cloudflare’s security features. |
30 days |
| Cloudflare | __cfruid | Απαραίτητα | Website Domain | Used by the content network, Cloudflare, to identify trusted web traffic. | session |
| Cloudflare | __cf_ob_info | Απαραίτητα | Website Domain | The __cf_ob_info cookie provides information on: The HTTP Status Code returned by the origin web server, The Ray ID of the original failed request, and The data center serving the traffic. |
session |
| Cloudflare | __cf_use_ob | Απαραίτητα | Website Domain | The __cf_use_ob cookie informs Cloudflare to fetch the requested resource from the Always Online cache on the designated port. |
session |
| Google Tag Manager | cookiePreferences | Απαραίτητα | Website Domain | Registers cookie preferences of a user | 2 years |
| Google reCAPTCHA | _GRECAPTCHA | Απαραίτητα | google.com | Google reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis. |
180 days |
| WordPress | wp-settings-[UID] | Απαραίτητα | Website Domain | WordPress also sets a few wp-settings-[UID] cookies for logged in users. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface. |
1 year |
| WordPress | wordpress_[hash] | Απαραίτητα | Website Domain | WordPress uses the cookie wordpress_[hash] to store the authentication details on login. The authentication details include the username and double hashed copy of the password. This usage of the cookie is limited to the admin console area, the backend dashboard of the website. The cannot be seen on front-end of the website, even when logged in. |
1 year |
| WordPress | wordpress_logged_in_[hash] | Απαραίτητα | Website Domain | The cookie wordpress_logged_in_[hash] is used to indicate when you are logged in, and who you are. This cookie is maintained on the front-end of the website as well when logged in. |
session |
| WordPress | wp-settings-{time}-[UID] | Απαραίτητα | Website Domain | WordPress also sets a few wp-settings-{time}-[UID] cookies. The number on the end is your individual user ID from the users database table. This is used to customize your view of admin interface, and possibly also the main site interface. |
1 year |
| WordPress | wp-saving-post | Απαραίτητα | Website Domain | Used to track if there is saved post exists for a post currently being edited. If exists then let user restore the data |
|
| WordPress | wordpress_test_cookie | Απαραίτητα | Website Domain | WordPress also sets a cookie named wordpress_test_cookie is set by WordPress to check if the cookies are enabled on the browser to provide appropriate user experience to the users. |
session |
| WordPress | wordpress_sec_{hash} | Απαραίτητα | Website Domain | Current user location – Logged in users only | session |
| WordPress | wp-postpass_{hash} | Απαραίτητα | Website Domain | This cookie is used to grant access to password protected areas of the site. | 10 days |
| WooCommerce | woocommerce_cart_hash | Απαραίτητα | Website Domain | Helps WooCommerce determine when cart contents/data changes. | session |
| WooCommerce | woocommerce_items_in_cart | Απαραίτητα | Website Domain | Helps WooCommerce determine when cart contents/data changes. | session |
| WooCommerce | wp_woocommerce_session_ | Απαραίτητα | Website Domain | Contains a unique code for each customer so that it knows where to find the cart data in the database for each customer. |
session |
| WooCommerce | woocommerce_recently_viewed | Απαραίτητα | Website Domain | Powers the Recent Viewed Products widget | session |
| WooCommerce | tk_ai | Απαραίτητα | Website Domain | Gathers information for our own, first party analytics tool about how our services are used. A collection of internal metrics for user activity, used to improve user experience. |
session |
| Website Domain | tinv_wishlistkey | Απαραίτητα | Website Domain | Wishlist Info/Contents | 1 month |
| Youtube | PREF | Προτιμήσεων | youtube.com (3rd party) | This cookie stores your preferences and other information, in particular preferred language, how many search results you wish to be shown on your page, and whether or not you wish to have Google’s SafeSearch filter turned on. |
10 years |
| Youtube | YSC | Προτιμήσεων | youtube.com (3rd party) | Registers a unique ID to keep statistics of what videos from YouTube the user has seen. | Session |
| Youtube | VISITOR_INFO1_LIVE | Προτιμήσεων | youtube.com (3rd party) | A cookie that YouTube sets that measures your bandwidth to determine whether you get the new player interface or the old. |
240 days |
| Youtube | GPS | Προτιμήσεων | youtube.com (3rd party) | Registers a unique ID on mobile devices to enable tracking based on geographical GPS location. |
Session |
| GCLB | Προτιμήσεων | Advertiser’s website domain (1st party) | This cookie is used in context with load balancing – This optimizes the response rate between the visitor and the site, by distributing the traffic load on multiple network links or servers. |
Session | |
| CONSENT | Προτιμήσεων | .gstatic.com | Used by Google to store user consent preferences | 17 years | |
| SEARCH_SAMESITE | Προτιμήσεων | google.com | SameSite prevents the browser from sending this cookie along with cross-site requests. The main goal is mitigate the risk of cross-origin information leakage. It also provides some protection against cross-site request forgery attacks. |
1 year | |
| Google Analytics | _ga | Στατιστικών | google-analytics.com (3rd party) or advertiser’s website domain (1st party) | ID used to identify users | 2 years |
| Google Analytics | _ga_ | Στατιστικών | google-analytics.com (3rd party) or advertiser’s website domain (1st party) | ID used to identify users | 2 years |
| Google Analytics | _gid | Στατιστικών | google-analytics.com (3rd party) or advertiser’s website domain (1st party) | ID used to identify users for 24 hours after last activity | 24 hours |
| Google Analytics | _gat | Στατιστικών | google-analytics.com (3rd party) or advertiser’s website domain (1st party) | Used to monitor number of Google Analytics server requests when using Google Tag Manager | 1 minute |
| Google Analytics | _dc_gtm_ | Στατιστικών | google-analytics.com (3rd party) or advertiser’s website domain (1st party) | Used to monitor number of Google Analytics server requests | 1 minute |
| Google Analytics | AMP_TOKEN | Στατιστικών | google-analytics.com (3rd party) or advertiser’s website domain (1st party) | Contains a token code that is used to read out a Client ID from the AMP Client ID Service. By matching this ID with that of Google Analytics, users can be matched when switching between AMP content and non-AMP content. |
30 seconds till 1 year |
| Goolge Analytics | _gat_gtag_ | Στατιστικών | google-analytics.com (3rd party) or advertiser’s website domain | Used to set and get tracking data | 1 hour |
| Google Analytics | __utma | Στατιστικών | google-analytics.com (3rd party) or advertiser’s website domain (1st party) | ID used to identify users and sessions | 2 years after last activity |
| Google Analytics | __utmt | Στατιστικών | google-analytics.com (3rd party) or advertiser’s website domain (1st party) | Used to monitor number of Google Analytics server requests | 10 minutes |
| Google Analytics | __utmb | Στατιστικών | google-analytics.com (3rd party) or advertiser’s website domain (1st party) | Used to distinguish new sessions and visits. This cookie is set when the GA.js javascript library is loaded and there is no existing __utmb cookie. The cookie is updated every time data is sent to the Google Analytics server. |
30 minutes after last activity |
| Google Analytics | __utmc | Στατιστικών | google-analytics.com (3rd party) or advertiser’s website domain (1st party) | Used only with old Urchin versions of Google Analytics and not with GA.js. Was used to distinguish between new sessions and visits at the end of a session. |
End of session (browser) |
| Google Analytics | __utmz | Στατιστικών | google-analytics.com (3rd party) or advertiser’s website domain (1st party) | Contains information about the traffic source or campaign that directed user to the website. The cookie is set when the GA.js javascript is loaded and updated when data is sent to the Google Anaytics server |
6 months after last activity |
| Google Analytics | __utmv | Στατιστικών | google-analytics.com (3rd party) or advertiser’s website domain (1st party) | Bevat custom informatie die door de webdeveloper is ingesteld via de _setCustomVar methode in Google Analytics. Deze cookie wordt iedere keer geupdate als er nieuwe gegevens naar de Google Analytics server worden gestuurd. |
2 years after last activity |
| Google Analytics | __utmx | Στατιστικών | google-analytics.com (3rd party) or advertiser’s website domain (1st party) | Used to determine whether a user is included in an A / B or Multivariate test. | 18 months |
| Google Analytics | __utmxx | Στατιστικών | google-analytics.com (3rd party) or advertiser’s website domain (1st party) | Used to determine when the A / B or Multivariate test in which the user participates ends | 18 months |
| YouTube | YSC | Στατιστικών | youtube.com (3rd paty) | This cookie is set by YouTube video service on pages with YouTube embedded videos to track views. |
session |
| Vimeo | vuid | Στατιστικών | vimeo.com | This first party cookie created by Vimeo is used to assign a Vimeo Analytics unique id. | 1 year |
| Google Analytics | _gac_ | Marketing – Προώθησης | google-analytics.com (3rd party) or advertiser’s website domain (1st party) | Contains information related to marketing campaigns of the user. These are shared with Google AdWords / Google Ads when the Google Ads and Google Analytics accounts are linked together. |
90 days |
| xs | Marketing – Προώθησης | facebook.com (3rd party) | Used in conjunction with the c_user cookie to authenticate your identity to Facebook. Contents: Session ID, creation time, authentication value, secure session state, caching group ID |
session | |
| c_user | Marketing – Προώθησης | facebook.com (3rd party) | Used in conjunction with the xs cookie to authenticate your identity to Facebook. Contents: User ID |
90 days | |
| m_user | Marketing – Προώθησης | facebook.com (3rd party) | Used to authenticate your identity on Facebook’s mobile website. Contents: Email, User ID, authentication value, version, user agent capability, creation time, Facebook version indicator |
90 days | |
| sb | Marketing – Προώθησης | facebook.com (3rd party) | Facebook browser identification, authentication, marketing, and other Facebook-specific function cookies. |
persistent | |
| fr | Marketing – Προώθησης | facebook.com (3rd party) | Used by Facebook to deliver a series of advertisement products such as real time bidding from third party advertisers. |
90 days | |
| locale | Marketing – Προώθησης | facebook.com (3rd party) | This cookie contains the display locale of the last logged in user on this browser. This cookie appears to only be set after the user logs out. The locale cookie has a lifetime of one week. |
60 days till 3650 days | |
| _fbp | Marketing – Προώθησης | facebook.com (3rd party) | Facebook Pixel advertising first-party cookie. Used by Facebook to track visits across websites to deliver a series of advertisement products such as real time bidding from third party advertisers. |
90 days | |
| js_ver | Marketing – Προώθησης | facebook.com (3rd party) | Records the age of Facebook javascript files. | 90 days | |
| rc | Marketing – Προώθησης | facebook.com (3rd party) | Used to optimize site performance for advertisers | 90 days | |
| campaign_click_url | Marketing – Προώθησης | facebook.com (3rd party) | Records the Facebook URL that an individual landed on after clicking on an ad promoting |
90 days | |
| Marketing – Προώθησης | |||||
| __fb_chat_plugin | Marketing – Προώθησης | Website Domain | Used to track the user’s interaction with the website’s Facebook chat-widget. | session | |
| common/cavalry_endpoint.php | Marketing – Προώθησης | Website Domain | Collects data on visitor behaviour from multiple websites, in order to present more relevant advertisement – This also allows the website to limit the number of times that they are shown the same advertisement. |
session | |
| _gcl_au | Marketing – Προώθησης | Advertiser’s website domain (1st party) | Used by Google AdSense for experimenting with advertisement efficiency across websites using their services. |
365 days | |
| 1P_JAR | Marketing – Προώθησης | .gstatic.com | These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback. |
1 Year | |
| AID | Marketing – Προώθησης | google.com | Download certain Google Tools and save certain preferences, for example the number of search results per page or activation of the SafeSearch Filter. Adjusts the ads that appear in Google Search. |
session | |
| SID | Marketing – Προώθησης | google.com | Download certain Google Tools and save certain preferences, for example the number of search results per page or activation of the SafeSearch Filter. Adjusts the ads that appear in Google Search. |
3 months | |
| HSID | Marketing – Προώθησης | google.com | Download certain Google Tools and save certain preferences, for example the number of search results per page or activation of the SafeSearch Filter. Adjusts the ads that appear in Google Search. |
2 years | |
| APISID | Marketing – Προώθησης | google.com | Download certain Google Tools and save certain preferences, for example the number of search results per page or activation of the SafeSearch Filter. Adjusts the ads that appear in Google Search. |
session | |
| SAPISID | Marketing – Προώθησης | google.com | Download certain Google Tools and save certain preferences, for example the number of search results per page or activation of the SafeSearch Filter. Adjusts the ads that appear in Google Search. |
179 days | |
| SSID | Marketing – Προώθησης | google.com | Download certain Google Tools and save certain preferences, for example the number of search results per page or activation of the SafeSearch Filter. Adjusts the ads that appear in Google Search. |
1 year | |
| SIDCC | Marketing – Προώθησης | google.com | Download certain Google Tools and save certain preferences, for example the number of search results per page or activation of the SafeSearch Filter. Adjusts the ads that appear in Google Search. |
1 year | |
| OTZ | Marketing – Προώθησης | google.com | Aggregate analysis of website visitors | 1 year | |
| ANID | Marketing – Προώθησης | google.com | Google uses this cookies to make advertising more engaging to users and more valuable to publishers and advertisers |
347 days | |
| DV | Marketing – Προώθησης | google.com | This cookies is used to collect website statistics and track conversion rates and Google ad personalisation |
session | |
| NID | Marketing – Προώθησης | google.com | This cookies is used to collect website statistics and track conversion rates and Google ad personalisation |
1 day | |
| IDE | Marketing – Προώθησης | doubleclick.net | Used by Google’s DoubleClick to serve targeted advertisements that are relevant to users across the web. Targeted advertisements may be displayed to users based on previous visits to a website. These cookies measure the conversion rate of ads presented to the user. |
390 days | |
| RUL | Marketing – Προώθησης | doubleclick.net | Used by DoubleClick to determine whether website advertisement has been properly displayed – This is done to make their marketing efforts more efficient. |
1 year |