General Data Protection Policy

The company under the name “HOUSEMARKET S.A.” with a registered address at Peania Attica, (Athens International Airport “El. Venizelos”, Building 501, Airport Commercial Park P.C. 190 02) is the Data Controller of the stores' customers’ and visitors’ personal data, that are processed based on the present policy.

1. Data collection and processing

For the purposes of its physical stores’ operations and its services provision “HOUSEMARKET S.A.” controls personal data mainly from the subjects themselves, namely the stores’ customers and visitors. These data may concern the possession and use of the IKEA Family and/or IKEA for Business loyalty card, our website use and our e-shop services, any special services offered to our clients (such as delivery service, assembly service, Home Furnishing Advice service, Kitchen Design service etc.), our customer service, the systems security management, as well as any electronic, phone or written contact with our company etc.     

All these data are collected for purposes that are lawful and are being processed based on the provisions of the General Data Protection Regulation (EU) 2016/679 (GDPR) and of the national legislation. Prior to any processing the data subjects are fully and in a transparent way informed on the processing purposes, any third parties that receive these data, their rights as data subjects, the technical and organizational measures for the protection of the data, the means to contact our company etc.    

This present Data Protection Framework Policy aims to inform you on the general principles that we comply with concerning the management of your personal data in case any specific data processing notification refers to the present text or in case we receive your data without you being already a client of our products or services.

2. Lawful basis for processing

The lawful basis for the processing of your data that is necessary for the provision of our services is notified to you prior to the receipt of each service.

In case you contact us to submit a question regarding our products and services prior to the purchase or the receipt of a service, some of your data are necessary in order to reply to you, since it is part of our legitimate interests to facilitate the consumers to proceed with the purchase and to let them enjoy an exceptional buying experience at our stores.

If you contact us after the purchase or the receipt of a service the processing of your data is necessary in order to review our contractual obligations for the purpose of the performance of the specific transaction.

For the purpose of our legitimate interests we also have the right to send you commercial info by phone, mail, email, SMS, or any other appropriate means of communications, using your contact details (obtained in a lawful way), within the framework of a previous transaction with you (article 11, paragraph 3 Greek Act 3471/2006) and as long as you do not exercise your right to opt-out from such communication. This information may consist of information regarding our products, special or general offers, promotional activities organized by our company or in collaboration with other companies (without transferring your data to those companies) and marketing contests. In addition, in the context of marketing communications we may contact you using OTT services such as Viber, WhatsApp etc., for the purposes of better communicating with you and of keeping our communications costs low. For the purpose of our legitimate interests we may also contact you after the sale in order to evaluate your customer service experience regarding our company and our partners.

Finally, some personal data are processed for the purpose of complying with our legal obligations, for example when the tax authorities request the relevant data in order to carry out audits or when there are cases pending before regulatory, administrative or judicial authorities.  

 

Data information and update

Your personal data have to be updated in order to make sure that they still belong to you while we process them and for this reason we are required to rectify them, upon indication by you, in case they are inaccurate or altered.

Our company, as the Data Controller, puts every effort in order our customers’ data to be accurate and, when necessary, updated, by taking every reasonable measure for the immediate erasure or rectification of personal data that are inaccurate, in relation to the purposes of each processing.

 

Types and recipients of data

Based on the service(s) you have received you have been informed regarding the personal data collected by our company and who, other than our company, may be the recipients. You are notified regarding the exact personal data collected when you become an IKEA Family and/or IKEA for Business member, when you use our webpage and when you create an e-shop account.

However, we also collect your data in other ways as well. These data may be the following:

- identification and communication data, namely your name (surname and first name), your postal address, your e-mail address, your mobile phone or phone number.

- data that are included in your communication with our company, namely all these data that you share with us when you request information, when you return products, when you make a complaint etc.

We process these data mainly internally, though, sometimes we may use external call center services, commercial communication management and customer requests management providers as third parties, to whom the data necessary for the purposes of the performance of their tasks and your service as customers are transferred under strict conditions and procedures and who are contractually bound to operate under our guidance as processors and to respect the laws concerning the protection of your data. It is also possible for some of your data to be shared with IKEA of Sweden, particularly in case of complaints about defective products.

Your data and comments collected by HOUSEMARKET A.E. when you communicate with the company either by using the online contact form at www.ikea.gr , or leaving comments or making evaluations of the products/services of HOUSEMARKET S.A., or via email, by phone or through social media (such as Facebook, Instagram etc.), concerning issues handled by the Customer Service Department, are retained by HOUSEMARKET S.A. for 2 years starting from the date of your contact and then get anonymized for statistical purposes.
 

Data subject rights  

All natural persons, as data subjects, can exercise their rights at any time, as provided by the General Data Protection Regulation (EU) 2016/679 (particularly by Articles 12 to 23 of the Regulation) and the national legislation, namely:

1. the right of information and access to their personal data that are being processed by our company
2. the right to restriction of processing of their personal data that are being processed by our company
3. the right to rectification or erasure in part or in total (right to be forgotten) of their personal data that are being processed by our company
4. the right to object to processing of their personal data that are being processed by our company and
5. the right to their personal data portability, under the condition that they are not being processed by our company for compliance with a legal obligation.

The abovementioned rights can be exercised, under the restrictions provided by the relevant legislation, particularly GDPR and Greek Act 4624/2019, by submitting a request to the e-address dpo@fourlis.gr. In case you exercise your right of access to your personal data you may give our company some time in order to compile them. Any copies of your data are being notified to you at no cost, unless our company finds that your requests are repeated and are exercised excessively. 

In case you exercise any of the abovementioned rights, HOUSEMARKET S.A. will take all  necessary measures in order to comply with your relevant request within one (1) month from the date of valid submission, whereas in case our company needs more time, you will be notified accordingly. It has to be cleared that in order for the abovementioned rights to be validly exercised, you may be asked to properly identify yourself, for the purpose of verifying that the personal data indeed belong to the natural person exercising its rights.

You may also opt-out at any time from all commercial communications by our company to one or all of your contact details (email, SMS or Viber), either as described above, or by calling at +30210 6293011 or by clicking on the “unsubscribe” link that exists in all our marketing emails. 

 

Personal data retention period

Your personal data are generally being retained and processed by our company for a time period of six (6) months unless you have been notified otherwise on a specific service or processing activity. You may always request for the erasure of your data while using your abovementioned right, as well. Our company retains your contact data for the purposes of commercial communications until you exercise your opt-out right for all or a specific marketing communication.

However, some data concerning your transactions with our company that are necessary may be retained as information for the purpose of demonstrating the lawfulness of your data processing and of ensuring our company’s legal claims.

 

Special categories data

The provision of our services and the communication with you do not entail sharing special categories data or sensitive personal data (such as health data, political beliefs data etc.).

Transparency requirement

For any information regarding your personal data as well as their processing and protection you may address the Data Protection Officer (DPO) of our company at the electronic address dpo@fourlis.gr or/and by phone at +30210 6293011. In case you consider yourself not satisfied with our response or with how your personal data are being processed you have the right to lodge a complaint with the competent supervising authority (Hellenic Data Protection Authority, Kifisias Av. 1-3, P.C. 115 23, Athens, tel. +30210 6475600, email complaints@dpa.gr).

Technical and organizational measures

Our company, its data processors and any third person or entity acting under our company’s authority are bound to implement appropriate technical and organizational measures for the best possible protection of your personal data against accidental or unlawful loss, destruction or damage, unlawful or unauthorized disclosure of or access to them and unauthorized or unlawful processing, in general (remote access included), as well as  for ensuring the ability to restore the availability and access to them.

The specific measures aim to ensure a level of security towards the risk that your data may be facing, taking always into account the type and severity of the specific data,  our company’s technical abilities, the state of the art, the costs of implementation and the nature, scope, context and purposes of processing, while implementing processes for regularly testing, assessing and evaluating the effectiveness of these technical and organizational measures.

In any case, HOUSEMARKET S.A., its processors and any third person or entity acting under our company’s authority are contractually bound to ensure the confidentiality of your personal data, as well as not to disclose them or not to allow access to them by any third party without having informed you in advance, unless provided otherwise by the relevant legislation.

HOUSEMARKET S.A. states that your personal data will not be used for any other purpose, except for those mentioned in the present Policy, unless you have been previously duly  informed and, if it deems necessary, after having obtained your explicit consent.