Information Security and Privacy Policy

At DYO DEKA EKDOTIKI S.A., information security and the protection of personal data we process are top priorities. The company is committed to full compliance with all applicable laws and regulations regarding information security and personal data protection.

We invite you to read this policy carefully. It is structured in two main sections:

1. Company Identity & Data Controller

DYO DEKA EKDOTIKI S.A.

  • Address: 22 Vouli Street, Athens, 10563, Greece

  • VAT: 998936241

  • GEMI: 6518301000

  • Data Controller: DYO DEKA EKDOTIKI S.A.

This policy applies to our website and affiliated domains:
lifo.gr, en.lifo.gr, ampa.lifo.gr, mikropragmata.lifo.gr, tavernamag.com/shop, and lifoshop.gr, as well as our official social media pages.

Some of our pages or apps may contain links to third-party websites or services. These third parties have their own privacy policies which you should consult.

SECTION A – INFORMATION SECURITY

We have developed an Information Security and Data Protection Management System with the goal of:

  • Ensuring availability, integrity, and confidentiality of processed data

  • Compliance with legal and regulatory requirements

  • Protection of the company’s and collaborators’ interests

  • Maximizing reliability of information resources

  • Achieving business goals securely

Key focus areas:

  • Protect internal/external information from threats

  • Systematic risk assessment and timely management

  • Data archiving, virus protection, access control, and incident logging

  • Defined roles including an appointed Information Security Officer

Our company is committed to continuously improving this system and ensuring all staff and external partners adhere to it.

SECTION B – PERSONAL DATA PROTECTION

2. What Personal Data We Collect

a. Contact Forms:

  • Name, email, and your message

  • Stored for 6 months after request resolution

b. Website Usage Data:

  • IP address, device type, browser, click & view behavior

  • Used to create audience segments for content and ad personalization

  • Retention: up to 12 months

c. Public Comments:

  • Your input may be visible to other users

  • Avoid sharing sensitive personal info

d. Marketing Data:

  • Browsing behavior, preferences, service requests

  • Used for personalized offers and campaigns

  • Retention: up to 12 months

e. Website Optimization:

  • Logged to improve performance and user experience

  • Retention: up to 12 months

f. Contests & Events:

  • Name, email, phone, address (if needed)

  • Info used only for the specific purpose

  • Retention: up to 6 months (or 12 months for social media-based entries)

g. Job Applications:

  • CV and contact details

  • Used strictly for hiring evaluation

  • Retention: max 6 months post position fulfillment

h. Product Purchases (lifoshop.gr, tavernamag.com/shop):

  • Name, delivery address, payment data

  • Stored for 10 years or as required by law

3. Data Processing Purposes & Legal Basis

  • Service Improvement: Based on company’s legitimate interest

  • Legal Compliance: When responding to authorities

  • Legal Protection: Ensuring website terms and legal claims

  • Marketing & Segmentation: Based on legitimate interest

  • Newsletter: Based on user consent

  • Contests: Contractual necessity

  • Events Participation: Consent-based

  • Support Requests: Legitimate interest

  • Product Sales: Contractual necessity

3.1 Digital Advertising

We use cookies to deliver personalized advertising. Based on browsing behavior, you may receive targeted ads on our site or third-party platforms. These ads help sustain our free content and independence.

We do not share your personal data (e.g. name or email) with advertisers unless you’ve explicitly consented. You can manage your consent via our Cookie Policy.

3.2 Cookies

We use cookies and similar technologies (e.g. tags, scripts, web beacons) for:

  • Saving language and country settings

  • Measuring website usage

  • Showing personalized content and ads

For more details, refer to our full Cookie Policy.

4. Your Rights

You have the right to:

  • Access your personal data

  • Request correction or deletion

  • Object to processing or limit its scope

  • Withdraw consent at any time

  • Request data portability

  • File a complaint with Hellenic DPA

To exercise any of the above, email: dataprotection@lifo.gr

5. Data Retention

We retain data only as long as necessary for its intended purpose. Upon withdrawal of consent or fulfilment of purpose, data is deleted, except where law requires longer retention (e.g. unsubscribed email addresses for suppression lists).

6. Data Sharing & Third Parties

Personal data may be shared with:

  • Internal staff with access privileges

  • Website hosting and support providers

  • Data analytics partners

  • Event organizers and marketing campaign providers

  • Advertising partners

  • In case of asset sale, data may be transferred to third parties

Transfers outside the EEA will only occur with proper safeguards.

All parties are bound by confidentiality and data protection agreements.

7. Children’s Data

Our services are not intended for users under the age of 16. We do not knowingly collect or process data from children.

8. Data Security

We implement technical and organizational measures to safeguard your data from accidental or unlawful destruction, loss, or unauthorized access. However, full internet transmission security cannot be guaranteed.

9. Applicable Law

Disputes will be governed by Greek law and fall under the exclusive jurisdiction of Greek courts.

10. Changes to this Policy

This policy is reviewed annually and updated as needed. Updates will be posted on lifo.gr.

11. Contact

For questions or concerns regarding this policy, please contact us at:
dataprotection@lifo.gr