GDPR - en

By reading the following text you automatically declare that you have received knowledge about the Terms of Use.

dermatakokkos.gr uses alphanumeric identification files (cookies) to improve the user experience based on the legislation of the European Union which is necessary. Cookies are necessary files to facilitate specific functions of our page, as they ensure its smooth and trouble-free operation.

Cookies are small harmless files (Text files), which are sent and stored temporarily on the computer of the user by enabling online pages such as dermatakokkos.gr. to communicate with the user by recognizing him after frequent use and facilitating his access to it and his transactions. This is achieved by collecting data, which also optimizes the content of our website.

G&X KOKKOS (as provided by the legislation and observing all the prescribed procedures) must inform the visitors of this website about the acceptance or not of cookies when they enter the site dermatakokkos.gr

If you press ACCEPT then you automatically declare that you accept the terms of use and the use of cookies on our pages as well as that you consent based on the new European GDPR directive. If you do not wish to be bound by these terms, then please leave our page.


A Few Words
To ensure the proper functioning of the website, we sometimes place small data files on your computer, so-called "cookies". The specific action is carried out following an order from the European Union (see below in detail).

What are cookies?
Cookies are small text files that a website stored on your computer or mobile device when you visit this website. In this way, the website remembers your actions and preferences (such as login code, language, font size and other display preferences) for a period of time, so you do not have to enter these preferences every time you visit the website or browse its pages.

How to control cookies?
You can control and/or delete cookies according to your wishes. You can delete all the cookies that are already on your computer (see here), as well as setting most browsers to disallow the installation of cookies. However, in this case, you may need to adjust some preferences yourself each time you visit a website, and some services may also not work.

European Union Directive >

"Storing information or gaining access to already stored information in the terminal equipment of a subscriber or user is only allowed if the specific subscriber or user has given his consent after clear and extensive information according to par. 1 of article 11 of Law 2472/1997, as applicable. Subscriber or user consent may be given through appropriate settings in the web browser or through another application. The above does not prevent storage or access of any technical nature, the sole purpose of which is to carry out the transmission of a communication via an electronic communications network or which is necessary for the provision of an information society service, which has been expressly requested by the user or the subscriber. By an act of the Personal Data Protection Authority (P.D.P.X.) the methods of providing information and declaring consent are specifically defined".

The European Directive 2009/ 136/EC concerning the amendment of Directive 2002/58/EC on the processing of personal data and the protection of privacy in the field of electronic communications. The integration was carried out through Law 4070/2012 (Regulations of Electronic Communications, Transport, Public Works and other provisions), which in turn amends the current Law 3471/2006 (on protection of personal data and private life in the sector of electronic communications).

According to the amendment, the currently valid par. 5 of no. 4 on "privacy":

"The use of electronic communications networks is prohibited cto store information or gain access to information stored on subscriber or user terminal equipment, in particular by installing spyware, hidden identifiers and other similar devices. Exceptionally, any storage or access of a technical nature is permitted, the sole purpose of which is to carry out or facilitate the transmission of a communication via an electronic communications network, or which is only necessary for the provision of a service to the information society, which has been expressly requested the user or subscriber. In the latter case, the use of such provisions is only permitted if the specific subscriber or user is provided with clear and extensive information, in accordance with article 11 of Law 2472/1997, as applicable, and the data controller grants the subscriber or user the right to refuse this processing. By an act of the Personal Data Protection Authority, the methods of providing information, providing the right to refuse or request consent are defined in particular. 5, par. 3 of Directive 2009/136/EC as follows:

"Storing information or gaining access to already stored information in the subscriber's or user's terminal equipment is only permitted if the specific subscriber or user has given his consent after clear and extensive information according to par. 1 of article 11 of Law 2472/1997, as applicable. Subscriber or user consent may be given through appropriate settings in the web browser or through another application. The above does not prevent storage or access of any technical nature, the sole purpose of which is to carry out the transmission of a communication via an electronic communications network or which is necessary for the provision of an information society service, which has been expressly requested by the user or the subscriber. With an act of the Personal Data Protection Authority (P.D.P.X.) the methods of providing information and declaring consent are defined in particular".


Scope< /strong>

Both the currently valid wording and the new one, find scope for all kinds of cookies, and directly affect the entire range of digital marketing and online advertising.

More specifically, the wording in force until now allowed the use of cookies under the condition of clear and extensive information to the user, without specifying exactly how the information will be carried out. As a rule, the information was provided through relevant references in the privacy policy of the respective website.

The new wording continues to require the user to be clearly and extensively informed about the cookies that are going to be installed on their device, it introduces but also the parameter of the mandatory obtaining of consent from him before installation (opt-in), in compliance with European Law. At the same time, however, it provides for the use of the relevant privacy settings in the user's browser as a legal way of obtaining consent. which is necessary and essential for the proper operation of each website, in order to provide the respective service (functional cookies).

The position of the Personal Data Protection Authority

- The consent of the subscriber or user may initially be given through the website of the internet service provider using appropriate mechanisms (e.g. with pop-up windows). The acceptance of "cookies" can be done once for all "cookies" installed by the same service provider of the information society.

- Alternatively, as stated in Law 3471/2006, " Consent may also be given through appropriate settings in the web browser or through another application." Caution! This setting is only valid if the consent of the subscriber or user is requested for each "cookie", while prior acceptance of the reception of "cookies" through default settings of the browser is not understood as consent.

- For for example, web browsers or other applications, which by default reject third-party cookies and require an active choice on the part of users in order for them to accept both the placement and the continued transmission of information contained in cookies by certain websites, may to provide valid and effective consent.

- Conversely, if the browser's default settings allow all cookies to be accepted and user action is required to disable them, the requirements for the consent set by the specificarticle.

- The requirements of the article are also not satisfied by browser settings that allow the advance rejection of "cookies" from specific information society service providers (e.g. through "black" lists predefined by the subscriber or user) or similar mechanisms that, although providing the subscriber or user with more options, do not support his prior consent to receive cookies from providers he has not blocked.

- The subscriber or user must have the possibility to withdraw his consent in the same way in which he declared it. In the text of the position, a clear separation is also made, and correspondingly with a relevant opinion issued by the Working Group of the Article 29 on 7/6, of cookies that are installed for the purpose of advertising and statistical analysis (web analytics - google analytics - adwords remarketing). According to the text, both of these categories of cookies do not fall under the exception of obtaining consent provided by law.

GDPR (General Data Protection Regulation)

The GDPR comes into force from May 25, 2018 "General Data Protection Regulation" [Regulation (EU) 2016/679 OF THE European Parliament and of the Council of 27 April 2016 .( see the sample document here)

The General Data Protection Regulation (GDPR) of the European Union defines measures that should be followed in order to ensure the confidentiality, integrity and availability of personal data. It defines the way in which organizations will manage the data of their employees, customers and partners and concerns all persons residing in the European Economic Area (EEA).

Legislation for the protection of personal data, at the European level (Directive 95/46), previously existed as a Directive with non-mandatory application, but the introduction of the New Regulation, which has a mandatory character, emphasizes the trend observed worldwide regarding the increased interest of citizens in their personal data which in one way or another is disclosed to third parties, for the purpose of their protection and management.

Personal data is any element of information that is linked to a person (otherwise Data Subject) and can be used directly or indirectly to identify him.

The basic distinction between those who process personal data is between Controllers and Processors. Their difference is that the former determine the purposes and the way of data processing, while the latter operate under their instructions. The difference is often subtle, while even a very simple function can make a company a processor (eg hosting personal data on its servers). However, the Executors until now were only responsible towards the Responsibles for their acts and omissions. But now they will be directly responsible and against anyone, when they process their data, in cases where they do not comply with the existing legislation or if they acted contrary to the instructions of the controllers.

GDPR applies to any organization (including businesses) that “processes” personal data of natural persons located in the European Union. "Processing" means any operation carried out on personal data, with or without the use of automated means, such as e.g. collection, registration, organization, structure, storage, adaptation, alteration, retrieval, information retrieval, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, deletion or destruction.

The natural persons related to your company are - for example - all your employees, old and new, even those who work remotely, Customers and Your potential Customers, your Partners and Suppliers, during the years of operation of your company. It is also everyone who has left their details from time to time in the Chat or Ticketing system, completed an online form on the website >or in your Newsletter . They are natural persons with whom you do business every day and many more, who filled in their information to participate in a prize draw or in your company's event. They are still the natural persons you have never met, but never mindall this you have in your hands a lot of personal data, the CVs of the candidates. The list does not end here.

10 Steps to align your business with GDPR innovations:

1. Update

Read the Regulation, identify aspects of it that may affect your business. Consult your Advisor with your questions and to get a clear picture of the distance to cover towards compliance. Talk to your HR, computer or database management technician.

2. Logging of activities

List company activities that fall under the regulation. As controllers you have the responsibility to comply with the Regulation and to demonstrate your compliance.

3. Communication

Check if the information provided to citizens, customers or partners, through forms or the website needs to be differentiated and adapted accordingly. If your business has a Privacy Policy, check which aspects need updating to comply with the Regulation.

4. Rights

The Regulation strengthens the existing rights of citizens and, in addition, creates new rights. Right to rectification, Right to be Forgotten, Right to restrict processing, Obligation to notify change, Right to Portability.

Therefore businesses must check their closets for personal data collected many years ago that can create a risk of non-compliance from scratch. You may need to disclose to the public a standardized procedure for exercising rights.

5. Legal Basis

Each activity of the business must obey the conditions for legal processing defined by the Regulation. The business should be able to justify, if necessary, the legal basis on which its activity is based.

6. Consent

The Regulation, like existing legislation, distinguishes between "consent" and "express consent" obtained for the processing of sensitive data. However, the Regulation sets specific conditions for obtaining consent. Implicit acceptance (e.g. pre-checked Privacy Policy acceptance box), without a clear confirmation action, does not constitute consent. If your company's activities are based on consent, pay special attention to the relevant point of the Regulation. For an information society service directly to a child, the consent of the person having the child's primary care should be obtained.

7. Breach of personal data

The business must take up-to-date technical and procedural measures to protect the data it handles. In the event of a breach or interception of databases, the company must inform the Personal Data Protection Authority and/or the affected persons. Examine whether the security measures applied by the company meet the requirements of the Regulation.

8. High risk activities

The regulation recognizes certain activities as high risk. A business involved in such activities may be required to appoint a Data Protection Officer (DPO). The DPO can be an employee of the company or an external partner. A company that uses or develops/designs computerized data processing systems or new technologies or applications, should take into account the references of the regulation regarding the integration of security barriers (data protection by design and by default), i.e. preventive protection and not after the fact . Related to the above is the obligation to conduct an impact assessment regarding the protection of personal data (Data Protection Impact Assessment), especially in cases of large-scale processing, monitoring of publicly accessible space (CCTV cameras) or profiling.

9. Single Window and Consistency Mechanism

A business that is based and operates in more than one Member State has the right to designate the Member State that will deal with the Personal Data Protection Authority of that state. For decisions taken jointly between separate companies (eg contracts, tenders, etc.), the Regulation introduces the institution of joint controllers. For cross-border cases that require the cooperation of the Authorities, the Regulation introduces the coherence mechanism and Msdefines the role of each Authority, as "head" or "competent" or "interested" Authority.

10. Notices, Links, Transmissions

The Regulation abolishes the existing system of Notifications in third countries and creates new, corresponding obligations, with which businesses should be prepared to comply. Such obligations are process recording, risk assessment, codes of practice, process certification and DPO. Every company should know which of these obligations it is subject to. For any data breach, businesses will now be judged not only on the adequacy of the measures they took to prevent the possibility of a breach using protection methods (encryption or pseudonymization or anonymization that must be done in such a way that it is difficult to decoding of the method by third parties), but also their actions after it took place.

In summary, the new legislative framework for the protection of personal data established by the GDPR creates significant obligations for most businesses and above all the need for introspection and self-control . In an environment of ever-increasing public awareness, the need to adapt to the requirements of the GDPR creates an incentive to proactively control the operation of your business, in order to avoid serious unpleasant consequences as a consequence of negligence, ignorance or underestimating the relevant risks.

Personal data is considered any type of information that can, directly or indirectly, identify a person regardless of whether it is related to his personal, professional or public life. It can be a name, a photo, an email address, bank details, work performance details, purchases, VAT number, education, username or computer ip address and many more.

- G&X KOKKOS (dermatakokkos.gr) keeps its customers' data encrypted (SSL) throughout their browsing on the pages-footers of G&X KOKKOS (dermatakokkos.gr).

- The customer using the services of G&X KOKKOS (dermatakokkos.gr) consents and automatically authorizes G&X KOKKOS (dermatakokkos.gr) through the systems it has (order form, newsletter forms, etc.) to collect the personal information required (e-mail, name, etc.) to complete the action desired by the customer. Consent and authorization is automatically given by the relevant "check box" in the various forms - applications available at dermatakokkos.gr or in fields where the customer will voluntarily enter his details (eg entering the e-mail in the newsletters form).< /p>

- Γ&X KOKKOS (dermatakokkos.gr) maintains and stores the customer's personal data as long as the customer remains an "active customer" at Γ&X KOKKOS (dermatakokkos.gr) and keeps his services or products there.

- Γ&X KOKKOS (dermatakokkos.gr) DOES NOT disclose the data it holds to third parties except to the highest prosecutorial or police authorities if and when requested in an official and legal manner.

- The customer reserves the right to change or delete the data stored at Γ&X KOKKOS (dermatakokkos.gr) if he sends an e-mail to This email address is being protected from spambots. You need JavaScript enabled to view it. requesting the considered action. This specific action is carried out ONLY from the owner's stated e-mail registered at the beginning of the customer's cooperation with Γ&X KOKKOS (dermatakokkos.gr). In the event that the customer requests the deletion of his data, he should be aware that based on tax law in Greece, the data stored in the invoicing system of G&X KOKKOS (dermatakokkos.gr) are NOT DELETED. They will be deleted from the dermatakokkos.gr site but cannot be deleted from the invoicing system.

- The customer's details may be used (re-marketing) by dermatakokkos.gr and ONLY to inform the customer periodically about product or service offers or for security updates to the service he has purchased from dermatakokkos.gr ( eg malicious action against his site by a third party).

- In the event that personal data is leaked (or there is a suspicion of leakage) due to a security gap in the system of Γ&X KOKKOS (dermatakokkos.gr) or from unauthorized use (hacking), then Γ&X KOKKOS (dermatakokkos.gr) is obliged to inform the Personal Data Protection Authority within 72 hours.

- The customer enters the site of G&X KOKKOS (dermatakokkos.gr) and to activate or renewif he buys or communicates about a product or service he should fill in the relevant forms - applications that exist. The information is stored dynamically in the dermatakokkos.gr system and is used by dermatakokkos.gr to complete the action requested by the customer through these forms (eg call me back, service renewal, etc etc).

- When the customer enters the site of Γ&X KOKKOS (dermatakokkos.gr) his IP is recorded dynamically and automatically in the server logs which is used internally by Γ&X KOKKOS (dermatakokkos.gr) ONLY for statistics reasons (monthly customer visits, country of origin, etc.).

- In case of malicious action (or even suspicion) of IP abuse by third-party unauthorized users (spam, hacking, etc.), Γ&X KOKKOS (dermatakokkos.gr) reserves the right to temporarily or permanently suspend the IP(s) addresses or entire range of addresses (mask).

- The navigation from category to category or to subpages on the Γ&X KOKKOS site (dermatakokkos.gr) is done with internal hyperlinks (links). In the event (if and when necessary) that the visitor is transferred to an external third-party site with problematic or altered content, the responsibility lies with the owner or administrator of the terminal site and not with Γ&X KOKKOS (dermatakokkos.gr)

- The collection of your data on the social media pages of G&X KOKKOS (dermatakokkos.gr) (facebook, twitter, youtube, etc.) is based on the terms of use that govern the specific websites. Γ&X KOKKOS (dermatakokkos.gr) may use the information that is in public view through its official accounts (likes, tweets, views, etc.) ONLY for internal use of the company's statistics. Responsible for the collection and storage of personal data are the respective websites and not G&X KOKKOS (dermatakokkos.gr).

Indicative Cookies used by our Site