Privacy Policy

Our business provides specialized beauty services, which include among others makeup artist-aesthetic services, manicure-pedicure, tanning technician services and also offers for sale beauty preparations, makeup, skincare as well as pharmaceutical herbal decoctions.

Under this Personal Data Protection Policy (hereinafter for brevity the "Policy") we inform you about our practices concerning privacy protection and specifically the personal data we may receive either directly from you or from our transactions with you, the way we may use them, the way we protect them by keeping them secure, to whom they may be disclosed, as well as your related rights. Our business informs you that only if you wish, it is possible to process your personal data, which you entrust to us, always in accordance with applicable Greek legislation and the provisions of the General Data Protection Regulation (EU) 2016/679.

Our business and any branches it maintains continuously strive to take those technical and organizational measures that ensure the best possible protection and security of your personal data, which we always use in accordance with this Policy. This Policy constitutes a summary of the practices we use to ensure personal data protection and may be readjusted at regular intervals, respecting the importance of your personal data privacy and prioritizing their protection.

I. WHO WE ARE – SCOPE OF APPLICATION

The sole proprietorship of Konstantinos Leonidas Karagiannis, son of Dimitrios (hereinafter called for brevity "Leo Carell") is responsible for the personal data you disclose to us. Leo Carell is the "Data Controller" for the purposes of applicable personal data protection legislation.

This Policy applies to all branches that Leo Carell maintains, which are also obliged to comply with personal data protection rules and are responsible for any violation of this Policy and applicable relevant legislation.

This Policy applies to every service or function provided by us and refers to this Policy or refers to it (hereinafter collectively called our "Services"), for the present website, for every web location or online application, every promotional activity of Leo Carell online and offline, for access to our Services, whether using any electronic means or other device, as well as during the provision of our Services without using the aforementioned electronic means.

We note that it is important to read this Policy carefully. In case you do not agree, you should not use our Services.

II. DEFINITION OF "PERSONAL DATA"

"Personal data" means any information relating to an identified or identifiable natural person ("data subject"). An identifiable natural person is one whose identity can be established, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. Personal data includes information such as email address, home address, mobile phone number, usernames, personal preferences and purchasing habits, user-generated content. Additionally, they may include unique numerical identifiers, such as your computer's IP address, as well as cookies.

III. COLLECTION AND USE OF PERSONAL DATA BY US

A. PURPOSES OF DATA COLLECTION

The collection of data by us is carried out for the purposes of providing the services you have requested from us and with a view to improving the services offered. Specifically, we collect data for the following purposes:

i. The management of the sale of our products, e.g. communication and information regarding product availability and order progress, execution of your order, shipping of products to your address, management of any debts you may have to Leo Carell, processing returns, provision of warranties, etc.

ii. For organizational reasons (e.g. customer list with appointments within the day, customers with special offers),

iii. Improvement of services provided: in order to better respond to your needs, to provide personalized and improved services we rely on your past preferences, for commercial promotion purposes of products and services that match your needs, to inform you about our offers and services, etc.,

iv. The security of our systems,

v. Compliance with current Greek and European legislation.

B. WHAT DATA DO WE COLLECT?

i. Data we are required to request from you for the provision of our Services

  • Customer Details e.g. full name, patronymic, contact telephone, home address, email,
  • Billing Details e.g. VAT number, credit/debit card number,
  • Personal Details (e.g. date of birth, country and city of residence, floor of residence).

ii. Information you provide to us

  • When providing our services, you may create accounts/profiles, for which we may ask you to provide us with information, such as full name, e-mail,
  • In case of participation in any of our competitions or promotional activities, you may be asked for full name, contact details, e-mail, personal or professional interests, etc.

iii. Information regarding your use of our Services

Indicatively:

  • Device information (e.g. unique device identifiers, IP address, device settings for accessing our Services, etc.),
  • Location information (e.g. GPS of your device, etc.),
  • Other information regarding your use of our services (e.g. interaction with content offered through a Service),
  • Through the cookies of the browser you use when browsing our Website, in order to respond, promote and route your request accurately. In this case, we may collect information about the type of browser you use for the purposes of managing our system and to compile aggregate information for visitors to our Website, of a purely statistical nature, which do not identify the identity of any natural person,
  • When you use the contact forms to request more information or post a comment and this in the context of investigating your request so that we continuously improve the services we provide to you.

iv. Other information we collect

We collect information when using our services, in accordance with the above. Additionally, we may receive information about you from publicly and commercially available sources, always in accordance with what is permitted by current legislation, as well as from third-party social networking services when you choose to connect with these services.

In any case, you have the right to refuse to provide us with the information that may be requested from you, as mentioned above, for the provision by us of the requested services, which may of course affect your ability to use them.

C. LEGAL BASIS FOR PROCESSING

Depending on the purpose for which the data is used, the legal basis for processing your data may be:

i. Your consent,

ii. Our legitimate interest and, specifically:

  • For legal reasons, when processing is required by current legislation,
  • For the execution of a contract (to provide the Services you requested from us),
  • For the improvement of our Services: with a view to the qualitative upgrade of the services provided by us and better understanding your needs and expectations, we are able to provide you with even better Services,
  • Prevention of fraud incidents: to ensure that every payment is completed without a fraud incident or misappropriation occurring,
  • The security of our tools: to protect the tools you use (our websites, devices, etc.), to ensure they function properly and are continuously improved.

D. RETENTION PERIOD OF YOUR DATA

Our company, depending on the quantity, nature and sensitivity of personal data, as well as the purposes for which we process them, determines the time of the appropriate retention period of the data, and we retain your personal data only as long as necessary to fulfill the purposes for which we collected them, e.g. fulfillment of legal obligation. Additionally, our company reserves the right to anonymize your data, so that they cannot be associated with you, in order to use this information indefinitely for research or statistical purposes, without requiring further notification to you.

IV. CONDITIONS FOR THIRD PARTY ACCESS TO YOUR PERSONAL DATA

Our basic principle is that we will not disclose your information to third parties for their own independent business purposes or commercial promotion purposes without your consent.

With our goal of optimal service provision to you, we provide access to your personal data or part of them to our competent staff and specifically:

  • To the company's staff, depending on their position (e.g. reception),
  • To the IT department,
  • To DHL, "DHL GROUP" or ELTA Courier member of "ELTA S.A", which offers Leo Carell distribution services for e-shop products to customers,
  • To National Bank of Greece which offers Leo Carell secure and encrypted electronic payment system services for the e-shop,
  • To our legal department, if deemed necessary.

Beyond the above, we may disclose your personal data to the following mentioned parties, as follows:

  • To trusted business partners to provide you with promotional material, advertisements or to provide services you requested,
  • To third parties who perform processing on our behalf or for us, e.g. companies that send mass e-mails on our behalf, banks, law firms, etc.,
  • To agents, service providers and Suppliers, to whom we may assign the conduct of certain functions, and who are obliged to protect your personal data in accordance with this Policy, as well as to apply appropriate measures for their security,
  • To third parties to comply with Law requirements or for the protection of our services (e.g. when lawfully requested by a State Authority), to comply with accounting and taxation rules and special laws on record keeping, to confirm our compliance with the policies governing our services,
  • To third parties, following your consent or upon your instruction.

V. YOUR RIGHTS

We respect your right to privacy protection. Your rights for controlling your personal data are as follows:

i. Right to information: you have the right to receive clear, transparent and comprehensible information regarding how we use your personal data, as well as regarding your rights themselves. This is why we provide you with the information set out in this Policy,

ii. Right of access - communication of the data subject with the Data Controller: You have the right of access to the personal data we maintain about you (subject to certain legal restrictions), as well as communication with the Data Controller, whose details are mentioned below. For the provision of information you may request, we may impose a reasonable charge, which takes into account the administrative costs this entails, while obviously unfounded, excessive or repeated requests may not be answered,

iii. Right to withdraw consent: you have the right to withdraw your consent for the processing of your data by us, when such processing is based on your consent. Such withdrawal of consent does not affect the lawfulness of processing carried out based on such consent during the period before its withdrawal. If you wish to object and withdraw your consent, contact us using the methods listed below,

iv. Right to data correction: In the case of incorrect and/or non-current data and/or incompletely filled data, you have the right to request correction of personal data. You can correct your data either through your account, if you have one, or by contacting us at the contact details listed below,

v. Right to deletion of data from our files: In some cases you have the right to request deletion of your personal data. It is noted that this is not an absolute right, as we may have legal or legitimate reasons to retain your personal data. If you wish us to delete your personal data, contact us using the methods listed below,

vi. Right to restriction of data processing: You have the right to request that we restrict the processing of your data. If you ask us to restrict the processing of your data, we store them but cannot use or process them further. According to the New General Data Protection Regulation (GDPR), this right applies in the following described cases:

  • the accuracy of personal data is contested by the data subject (i.e., by you) for a time period that allows the data controller to verify the accuracy of your personal data,
  • the processing is unlawful and the data subject (i.e., you) opposes the deletion of personal data and requests instead the restriction of their use,
  • the data controller (i.e., Leo Carell) no longer needs the personal data for the purposes of processing, but they are required by the data subject for the establishment, exercise or support of legal claims,
  • the data subject (i.e., you) has objected to processing pending verification of whether the legitimate grounds of the Personal Data Controller override those of the data subject.

vii. Right to object to the method of data processing:

  • You have the ability to object to receiving direct commercial promotion notifications. In this case, you can contact us, at the contact details listed below, or even more easily, by clicking on the "UNSUBSCRIBE" link,
  • You have the right to object to the processing of your personal data when such processing is based on legitimate interest as mentioned above, as you consider that it affects your fundamental rights and freedoms.

viii. Right to portability: You have the right to copy or move data from our database to another. This applies only in the case of data that you have provided and the processing is based on your consent or on some contract and such processing is carried out by automated means.

For handling your requests according to the above, we may request confirmation of your identity.

VI. CONTACT DETAILS

For any question, inquiry or concern, contact our company by sending an electronic mail message to the address www.leo-carell.com or send a letter to the following address:

Leo Carell Shop

Voukourestiou 37, str,

Athens, Greece 10673

Tel: +30 2110061994

Date of Last Update: 25.05.2026