Privacy policy

Privacy policy

1. Data Controller
The company Hookah Stories General Partnership (O.E.), with registered seat in Corinth, Greece (hereinafter referred to as the “Company”), acts as the Data Controller of the personal data collected through the online store.
Contact details:
Email: hookahstoriess@gmail.com
Phone: +30 6975636236

2. Legal Framework
The processing of personal data is carried out in accordance with:

  • Regulation (EU) 2016/679 (GDPR)
  • Greek Law 4624/2019
  • Applicable Greek and European legislation on electronic commerce

3. Categories of Personal Data
Data provided by the user:

  • Full name
  • Billing and shipping address
  • Email address
  • Contact phone number
  • User account details
  • Order and transaction details

Data collected automatically:

  • IP address
  • Device and browser information
  • Traffic statistics
  • Cookies and similar technologies

4. Purposes of Processing & Legal Basis
The Company processes users’ personal data exclusively for specific, explicit, and lawful purposes, in accordance with Article 6 of Regulation (EU) 2016/679 (GDPR).
Specifically, processing is carried out for the following purposes and is based on the corresponding legal grounds:

  • Performance of a contract (Article 6(1)(b) GDPR):
    For the creation and management of user accounts, processing and completion of orders, communication regarding purchases, and provision of customer support services.
  • Compliance with legal obligations (Article 6(1)(c) GDPR):
    For compliance with tax, accounting, and other obligations arising from applicable legislation.
  • Legitimate interest of the Company (Article 6(1)(f) GDPR):
    For ensuring the proper operation of the online store, improving the services provided, analyzing statistical data, and for security purposes and prevention of malicious activities.
  • User consent (Article 6(1)(a) GDPR):
    For sending newsletters, promotional actions, and other commercial communications, where required by law.

The provision of consent is optional, and the user may withdraw it at any time, without affecting the lawfulness of processing carried out prior to the withdrawal.

5. Newsletter & Commercial Communication
Subscription to the newsletter is carried out exclusively upon the user’s explicit consent. Consent may be withdrawn at any time via the relevant link or by contacting the Company.

6. Data Transfer to Third Parties
Personal data may be transferred only to strictly necessary partners (e.g. hosting providers, technical support providers), in accordance with the GDPR.

7. Data Security
The Company implements appropriate technical and organizational security measures (SSL, restricted access, secure infrastructures) to protect personal data.

8. Rights of Data Subjects
The user has the right to:

  • Access
  • Rectification
  • Erasure
  • Restriction of processing
  • Data portability
  • Objection
  • Withdrawal of consent

Users also have the right to lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr).

9. Minors
The online store is addressed exclusively to individuals over the age of 18. We do not knowingly collect personal data from minors.

10. Data Retention Period
Personal data are retained only for as long as required by the purpose of processing or applicable legislation.

11. Amendments
This Privacy Policy may be amended from time to time. The current version is always available on the website.