We inform you that for our company “KOSTIS LIGHTING” the protection of our customers‘ personal data is a matter of great significance. On this scope, whether the processing is done by our company, or by third parties acting on our account, all measures are taken to protect the processed personal data and reassure that the processing complies to the set legal requirements.

What is the GDPR?

The General Data Protection Regulation (GDPR) is the new legal instrument of the European Union which sets the rules for the processing of personal data in order to preserve the human right of the protection of personal data.

Data Controller

The company “KOSTIS LIGHTING”, Glyka Nera, 49 Lavriou av., email: , tel.: 2106615400, website: www., as legally represented, informs that in our daily activities we process personal data of our clients according to the national legislation and the European Regulation 679/2016 “on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC”.

Which is the personal data that we process?

The only personal data that we process is the personal data which our clients provide to us such as name, email, mobile or home/work phone number, company name, address, profession etc. Comments will be processed only if necessary for our professional activities.

Which are the legal reasons for the processing of your personal data?

The legal reasons are the following :
a) providing the services you wish to receive from us, thus the fulfillment of our contractual obligations towards our clients
b) preserving the legal interests of our clients and of our company
c) compliance with legal obligations applicable to us, such as paying taxes and complying with applicable labor laws.

By consenting to the process of your personal data you also declare that you are at least 16 years old. If you are under 16 years old, you can use our web page only with parental participation and approval.

How and why do we process your personal data?

Your personal data is collected and processed when our web sites’ communication forms are being filled in. For the completion of our clients’ orders some of the personal data may be transferred by us to collaborating companies such as transportation companies for the needs of the delivery of our products. The transportation companies may also communicate directly with you for extra details serving the above scope. For the execution of payments, your personal data is also transferred to collaborating banks. In order to avoid malicious leaks of your personal data during the execution of the above activities, our company uses high standard safety systems.
The personal data that is collected on our web sites may also be used for promotion and advertising reasons so that are clients are informed on new products and offers that may interest them. Such promotion actions shall be done via email, SMS, instant messaging or telephone, provided that our clients have consented to that according to the set legal requirements.

Duration of personal data storage

The duration of personal data storage varies depending on the following parameters :
– When the processing derives as a legal obligation, your personal data shall be stored for as long as such storage is imposed by law.
– When the processing is executed on the basis of a contract, the personal data shall be stored for as long as necessary for the execution of the contract, or, if such contract is breached, for as long as needed for proceeding to the appropriate legal actions.
– When the processing is executed for promotional reasons (marketing activities), personal data shall be stored until the client’s consent to such processing is adjured. Such adjuration can take place at any moment, without though affecting the legitimacy of any processing that took place before the said adjuration.

Which are your rights concerning your personal data ?

Your rights under the GDPR include the following:
– Right to access – You are entitled to receive certain information about the processing. Such information is provided in this document. You are also entitled to a copy of the personal data concerning you that we are processing.
– Right to rectification – You are entitled to obtain rectification of inaccurate personal data concerning you and to have incomplete personal data completed.
– Right to erasure – Under certain circumstances, you are entitled to have your personal data erased. This is the so-called “right to be forgotten”. Please note that the right to erasure is conditional and an attempt to invoke this right might not lead to an action.
– Right to restriction of processing – The data subject shall have the right to obtain from the controller restriction of processing where one of the following applies: (a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; (b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; (c) the controller no longer needs the personal data for the purposes of the processing, but it is required by the data subject for the establishment, exercise or defense of legal claims; (d) the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject.
– Right to data portability – You are entitled to receive without charge your personal data (or have the personal data directly transmitted to another data controller) in a structured, commonly used and machine-readable format from us.
– Right to object – You are entitled to object to the processing activities conducted by us if the processing is based on our legitimate interest.
– Right to adjuration of consent – When the processing is executed under the client’s consent, the client has the right to adjure his consent. Such adjuration can take place at any moment, without though affecting the legitimacy of any processing that took place before the said adjuration. For consent adjuration contact with:
– Right to file a complaint – You also have the right to lodge a complaint with the supervisory authority, which is the Hellenic Data Protection Authority (Αρχή Προστασίας Δεδομένων Προσωπικού Χαρακτήρα/DPA, tel: +30 210 6475600, Fax: +30 210 6475628, email:

Security measures

KOSTIS LIGHTING adapts every suitable technical and organizational measure to ensure the safe processing of your personal data and the prevention from loss or destruction and non authorized access, use, amendment or disclosure of it. Nevertheless, the way internet is developed and the fact that anyone has access to it, does not permit us to guarantee that non authorized malicious third persons shall not gain access to our clients’ personal data for non authorized/illegal purposes.

Use of cookies

Our web site may use cookies for the identification of visitors/users of our web site. Cookies are small files which are stored on a user’s computer. They are designed to hold a modest amount of data specific to a particular client and website and can be accessed either by the web server or the client’s computer. They are used to facilitate visitors/users to have access to certain services provided by our web sites, for statistical or promotional and marketing reasons (e.g. newsletters). The visitor/user can adjust his browser so that the use of cookies is notified or so that the use of cookies is not allowed in any case. Visitors/users of our web pages that are not willing the use of cookies for their identification, shall not have access to certain services of our web pages (e.g. e-shop). Finally, our web pages may file the visitor΄s/user’s IP address for statistical reasons, action to which the visitor/user consents by declaring his consent to the processing of his personal data.