Terms of Card Usage
PERSONAL DATA PROTECTION STATEMENT
Personal Data Protection Statement:
The société anonyme under the name “Everest Société Anonyme Holdings and Investments” (hereinafter referred to as “EVEREST”), as the Controller, is subject to all obligations and commitments arising from the personal data protection legislation, including the General Data Protection Regulation (EU) 679/2016 and Law No 4624/2019 (hereinafter referred to as the “Legislation on PD”).
With this Statement, EVEREST informs you, among other things, of the type of personal data, which are being collected and processed on your behalf, of the purpose, the duration and the processing of these data, of the third parties, to whom these data or part of them may be disclosed for their processing (hereinafter referred to as “Third parties”), as well as of your legal rights regarding the personal data provided to EVEREST and how they may be exercised in accordance with the Legislation on PD.
EVEREST, recognising its ongoing responsibility for the protection of your personal data, since they are being processed by the company as a Controller, has taken all technical and organisational measures particularly based on the principles of proportionality, purpose limitation and processing time limitation and data minimisation, solely for the purpose of processing, for which they have been collected, and solely for the time period of the purpose of processing, so that your personal data is absolutely secure. EVEREST reserves the right to amend and update the present Statement at any time in order to be in compliance with the Legislation on PD.
EVEREST has designated the company under the name “NetBull IT Services Ltd.” as the Data Protection Officer.
Who we are:
EVEREST is active on the mass catering market and is one of the largest catering chains in Greece. EVEREST provides its services to customers through its network of stores, which operate under a franchise system, through its website “www.everest.gr” (hereinafter referred to as the “Website”), through the mobile application “everest app” (hereinafter referred to as the “Application”), etc.
We would also like to assure you that EVEREST does not process personal data which belongs to minors under the age of 18.
What type of personal data is collected and for what purpose:
It must be pointed out that under no circumstances shall the provision of your personal data be obligatory. This means that you voluntarily provide us at least with the personal data needed in order for EVEREST to properly and effectively provide the services you wish to receive. It is pointed out that the non-provision of the, so called, “non-mandatory” personal data for any reason, under no circumstances shall allow EVEREST to refuse to provide the services you wish to receive and is associated with these non-mandatory personal data.
Customers, who create an account through the Website or/and the Application, will hereinafter be referred to as “Users” for the sake of brevity. However, customers, who only wish to use the Website (not the Application) without creating a user account, are able to simply use it as guests (hereinafter referred to as "Guests").
More specifically, in order to use the Website, the Application and the Rewards, Loyalty and Benefits Program “EVEREST Bite Club” (hereinafter referred to as the “Program”) the following personal data is collected:
1. Full name:It is necessary to collect the full name of the Users in order for the user to create and manage his account, to grant full access to the services provided through the Website or/and the Application and mainly to prepare the order placed through them (preparatory actions to delivery) of the EVEREST price list products, to identify users if they wish to participate in the Program and to register customers through the tablets available in the stores of the network participating in the Program.
The full name of the Guests is collected solely for the preparation of the order placed through the Website (preparatory actions to delivery) of the EVEREST price list products.
2. Mobile phone number:
EVEREST collects the Users’ mobile phone number when creating an account on the Website or the Application in order to use it as their “username” to log in to their account, to identify Users if they wish to participate in the Program, to check whether a customer is a member of the Program or not only by providing his number to the cashier of the store participating in the Program, to be able to register in the Program through the tablets available in the stores of the network participating in the Program, to be able to register in the Program by sending an SMS, to receive newsletters, offers and advertising content by SMS (and viber) for the purposes of direct marketing or/and promotional activities to Users after obtaining their consent and as for those participating in the Program to effectively implement the Program by offering benefits etc.
Guests provide EVEREST with their mobile phone number only for the preparation of their order (preparatory actions to delivery) of the EVEREST price list products through the Website
3. Phone number:
The Users’ or Guests’ phone number is optionally collected in case they wish to place an order online to facilitate the preparation and delivery of the order (preparatory actions to delivery) of the EVEREST price list products.
4. E-mail address:
EVEREST collects the Users’ e-mail when creating an account on the Website or the Application in order to use it as their “username” to log in to their account, to identify Users if they wish to participate in the Program, to be able to register in the Program through the tablets available in the stores of the network participating in the Program, to receive newsletters, offers and advertising content by e-mail for the purposes of direct marketing or/and promotional activities to Users after obtaining their consent and as for those participating in the Program to effectively implement the Program by offering benefits etc.
The e-mail address of the Guests of the Website is collected exclusively for sending the receipt of the order placed through it.
5. Postal address:
It is necessary to collect the Users’ and Guests’ postal address and its type, e.g., house, workplace etc., in case they want to use the delivery service, in order to facilitate the preparation of the order (preparatory actions to delivery) of the EVEREST price list products. Information, such as the postcode, floor, doorbell indication etc., is optional.
6. Credit or debit card information:
It is necessary for EVEREST to collect the data and information of the Users’ and Guests; credit or debit cards, whether they choose to prepay (before the delivery of the order through the Website or the Application) the price of the transaction using their credit or debit card, or to pay at the time of the delivery the price of the transaction using their credit or debit card.
Credit/debit card details will be requested upon completion of the order, as long as they choose the relevant payment method, and will be used solely for their electronic transmission through the secure Viva Wallet environment to complete the payment. EVEREST does not store any credit/debit card information in its electronic systems or in physical files.
The verification of the cardholder may require the transfer of the User's card details to a third party collaborating with Viva Wallet, which completes the card payment process.
7. Invoicing information:
Invoicing information is collected, such as the TIN and the Tax office, for the invoice, as a legal tax document, to be issued, if requested during the order.
8. Order History Information:
Information regarding the recent purchases of the Users through the Website or/and the Application or those participating in the Program is collected in order to make their future orders easier.
9. Facebook ID, Gmail:
If the User chooses to order through the Website or/and the Application, he may use his Facebook or Gmail account. The User’s e-mail address is the necessary information we collect from his social media.
10. Personalised communication - Preferences (“profiling”)
In order to achieve the most effective implementation of the Program for those participating in the Program, their data collected may be used to analyse their profiles and classify them into the corresponding customers categories (custom audiences) in order to send them personalised newsletters according to their preferences.
- How personal data is collected:
Your personal data is being collected when showing your interest in our services, when making a purchase through EVEREST online services or from our stores, when we provide our services to you through the Website, the Application, and the Program.
- Who else is the recipient of your personal data:
EVEREST, as the Controller, defines the exact purposes of the collection and processing of your personal data and takes all necessary security measures. EVEREST does not transfer your personal data to third parties, except to its approved collaborators bound by written agreement, either as Controllers or as Processors, who implement and support the services provided by EVEREST or provided to EVEREST by other services, such as collaborators supporting the smooth operation of the Website and the Application, IT services providers protecting and securing its electronic systems, advertising companies as well as collaborating businesses for the implementation of the company’s programs and the customer rewards programs, the companies conducting customer satisfaction surveys.
- Access may also be given to:
-external partners of EVEREST, who provide accounting or legal services, consulting services in general, IT services, computerisation services, website services, especially in the framework of social media campaigns, security technician/occupational physician services etc,
-external partners of EVEREST, who provide survey or/and advertising services, provided that you have given your consent,
-Lawyers, bailiffs, or other people necessary for the judicial or out-of-court settlement of the claims of EVEREST,
-Public services, administrative and judicial authorities, supervisory and regulatory authorities, if required by law, court decision or any other act binding on EVEREST, in the context of compliance with its general obligations under the law.
Third Parties process your data strictly for the purpose, for which they have been collected, and take all appropriate security measures to prevent any unlawful processing. All the above-mentioned include Sieben S.A. and ATCOM S.A. Furthermore, payments using a credit, debit and prepaid card are processed through our third-party collaborator's digital electronic payment platform “Viva Wallet,” which meets the requirements of the PCI-DSS Payment Card Industry Data Security Standard. In addition, for electronic card payments, strong customer authentication is applied under the 3-D secure protocol, in compliance with the European Directive No 2015/2366 (PSD2) and the Strong Customer Authentication requirements.
In any case, EVEREST shall not make available for sale or transmit otherwise or publish the personal data of the guests/users of the Website and the Application and its customers’ personal data in general to third parties, except those mentioned above, without the guest’s/user’s, customer’s consent, excluding the application of relevant legal orders and towards competent authorities only.
In any case, the access of unauthorised persons, including our employees, to your personal data is prohibited.
- Why do we use (process) your personal data?
We use your personal data for the following purposes:
5.1. For your full access to the services provided through our Website or/and Application and especially for the preparation of the order of EVEREST price list products, namely for the provision of our products and services, which is based on the conclusion and execution of an agreement or - upon your explicit request - on preparatory actions for the conclusion and execution of an agreement.
5.2. For the purposes of direct marketing or/and promotional activities, such as the participation in Competitions or e-mails sent from time to time to those who have given their consent to receive our newsletters and offers by SMS or e-mail, as well as for the implementation of the Program in order to inform the participants of the benefits they may receive. Every informative e-mail gives the recipient the opportunity to state that he does not wish to receive other such e-mails (newsletters). This may also be done by sending a request to contact-us@everest.gr and by changing the relevant settings in the account.
5.3. For creating the profiles of those participating in the Program for the effective implementation of the Program.
5.4. For analysis through statistical procedures aiming at the creation and provision of personalised offers.
5.5. For cases where the processing of your personal data is necessary for the purposes of our legal interests or for the purposes of our compliance with the Legislation on PD
5.6. For the compliance of EVEREST with the obligations imposed by the law, such as for tax purposes, for the compliance with the legislation on e-commerce.
- How long do we keep your personal data?
When the processing is imposed as an obligation by provisions of the law, your personal data is retained for as long as the relevant provisions require.
In order to prepare the order of its products, EVEREST shall retain your personal data for as long as it is absolutely necessary to meet this purpose, to fully satisfy its customers’ requests regarding their orders and to establish, exercise or/and support the legal claims based thereon.
In addition, we shall retain the data of the account you created on the Website or/and the Application for as long as you are having the account and have not requested its deletion. We may retain your data for a longer time period if this is necessary to meet legal or regulatory requirements, settle disputes, prevent fraud and misuse or imposition of the terms and conditions regarding the access to the Website.
For promotional/advertising activities (marketing activities), your personal data is retained until the revocation of your consent. You may exercise your right at any time. Revoking your consent does not affect the legality of the processing based on your consent during the period prior to its revocation. In any case, if two years have passed since giving your consent and you have not used the services of EVEREST during that period, your personal data will be automatically deleted.
For the protection of its legal interests, EVEREST shall only retain the Users’ mobile phone number for a period of one (1) month, who had been registered but deleted their account, in case they create a new account on purpose so that they can receive again the benefits of new users.
Order History information is retained for a period of two (2) months to facilitate the user regarding his new orders
The full name of the Guests shall be retained for a period of two (2) months, solely for the preparation of the order placed through the Website (preparatory actions to delivery) of the EVEREST price list products.
In case any legal claim of a User or Guest arises against EVEREST, his details shall be retained until this claim becomes final.
Guaranties taken for personal data protection:
When you provide us with your personal data, we take measures to ensure that it is kept and managed securely. We take adequate technical and organisational measures to protect your personal data. We update and check the security technology we use on an ongoing basis. We give access to your personal data only to those employees and stores of the EVEREST network, who need to know this data in order to provide you with the services you desire. In addition, we educate all employees on the importance of confidentiality and the privacy and security of your personal data. Among other things, we have taken the following technical and organisational measures and procedures to protect your personal data from any loss, alteration, illegal processing, or change:
- access to your personal data is given only to the number of authorised persons for specific purposes
- IT systems used for data processing are accessed only by authorised persons
- access to these IT systems is monitored to detect and prevent unauthorised access immediately
- use of information systems and programs for computers installed in such a way as to minimize the use of personal data or/and the user’s identification data;
- adoption of individual procedures for the protection of personal data and their secure deletion/destruction;
- periodic audit (every 2 years) and deactivation of inactive accounts.
Users’/Consumers’ rights and how they may submit their requests to EVEREST:
8.1. You may exercise the following rights as set out in the Legislation on PD at any time:
The right to information and access to your personal data, which we process, as well as to information regarding their processing.
The right to correct your personal data, namely the right to correct any inaccurate information.
The right to delete your personal data, unless their processing is required to fulfil a legal obligation, for reasons of public interest or to exercise or defend ourselves against legal claims.
Without prejudice to the above mentioned, the right of restriction of processing (objection, opposition) of your personal data.
The right to data portability either to receive your personal data, provided to us with your consent, in a structured format (e.g., CD or USB drive) to use it anywhere else or to request EVEREST to transfer it to another controller, provided that this is technically possible.
The right to object to the processing of your personal data. By exercising this right, you may fully or partially object to the processing of your data.
8.2. In cases, where we process your personal data based on your consent, you also have the right to withdraw your consent at any time or change the degree of consent you have given without affecting the lawfulness of the processing for the period prior to the withdrawal of your consent.
You may contact us for any questions regarding the processing of your personal data or the use of cookies by us or to exercise your rights, by sending an e-mail to our e-mail address contact-us@everest.gr.
Transfer of personal data outside the EU:
Your personal data collected by EVEREST are not transferred or processed outside the European Union.
Use of Cookies:
We use cookies (small text files stored on your device while browsing the internet) to support our website, to provide our online services and to collect information. Cookies allow us, among other things, to store your preferences and settings, to provide ads based on your interests, and to analyse how our website and online services work.
Please find out more about our Cookies Policy at the following link https://www.everest.gr/cookies/.
Version Information - Changes and Updates:
The present Statement was last updated on 21-11-2019.
EVEREST reserves the right to amend and update the present Statement, either in whole or part of it, at its sole discretion at any time. Any amendments to the present shall apply as soon as the amended Statement is posted on the website. There will also be an indication on the website indicating the change. In any case, as long as you continue using the website, the services of EVEREST and the Google App, after amendments have been applied, as described above, you will be deemed to have accepted these amendments. If you do not agree with the terms of the present Statement as it may be amended, either in whole or part of it, you must cease using our services. We may periodically send e-mails to remind you of the changes and updates to the present Statement, but you should check our website frequently to stay informed of the current and applicable Personal Data Protection Statement.
Please visit the website of EVEREST “www.everest.gr” regularly to stay informed of any changes to the present.
In case you wish to submit any questions regarding the terms of the present Statement, please either send us an e-mail to contact-us@everest.gr or contact us by telephone at 210 – 3541600.
In case EVEREST does not adequately satisfy your request, without sufficiently justifying its refusal, or generally in breach of its obligations under the Legislation on PD, you are entitled to file a Complaint or other complaints to the Personal Data Protection Authority (www.dpa.gr), telephone:2106475600, fax:2106475628, e-mail: contact@dpa.gr.