With this policy Grigorios Pan. Karydis (hereafter «Company» or «We»), in its capacity as Data Controller, as part of its commitment of being transparent, aims to inform you regarding the means of handling and processing of your personal data, the controls in place to protect them, as well as your rights, always in compliance with the applicable regulatory framework for protecting personal data.

Collection & Processing of personal data

During your browsing to our website or when you buy products from us or contact us, we may collect information that concerns you. We note that we collect and process only the information that is necessary for completing the following purposes and under the condition that we always possess the required lawful basis for the process. More specifically, the type of personal data we collect and retain may be, per case, the following: 

Type of personal dataPurpose of processingLegal Basis
Full name, email, country, area, city, address, postcode, phone numberData collection and processing for completing a product purchaseContract
Full name, email, phone numberData collection and processing for user registrationConsent
Full name, email, phone numberData collection and processing for receiving and managing complaints regarding productsConsent
Full name, emailHandling contact details for promoting new productsConsent
Full name, email, address, area, city, postcode, phone numberCollecting and handling contact details for customer support by phone or in person in the storeLegitimate interest
CookiesProper functionality and handling of our website, identifying, analyzing and solving technical issues (e.g. bugs) and securing from or identifying a possible fraud or other breaches regarding terms of use of our websiteLegitimate interest

The Company processes your data in order to complete its abovementioned legitimate interests, only under the condition they do not exceed your rights and freedoms.

In any case, the Company may process your data for purposes of complying with the obligations that are imposed by the applicable legal and regulatory framework, with the supervisory requirements, as well as with the decisions of authorities or courts.

Data transferring to third parties

Our Company may disclose your data to third parties/recipients (natural and legal persons), under the condition they implement the appropriate technical and organisational controls, as well as comply with their obligation of abiding by the confidentiality and non-disclosure agreements, such as FedEx (courier), Dreamhost (website and e-shop hosting services).

·                Company that manages websites and e-shops

·                Company that provides website and e-shop hosting services

·                Company that provides email services

·                Company that provides services regarding the development, maintenance and configuration of IT applications

·                Company that provides accounting services

·                Company that provides postal services

·                Company that provides a platform for electronic payments “VIVA Payments” & “Paypal” 

In any case, the Company guarantees that it will not transfer, disclose, offer, etc. your data to third parties for any purpose or use other than those explicitly disclosed in the current Policy. However, we retain the right to disclose information concerning you, if the legislation obliges us to do so, or if that disclosure is required by the competent supervisory, auditing, independent, judicial, public and/or other authorities.

Furthermore, the Company does not transfer your data to countries outside the European Economic Community («EEC»). In the event that there is a relevant need in the future, we commit that we shall proceed to your immediate notification, as well as to the application of the necessary controls for assuring the protection of your data.

Data retention period of your data

The Company retains your data for as long as the purpose for which the data was collected remains valid.

The Company may retain your data also after the fulfilment of the abovementioned purposes of collecting and processing, for a period up to 10 years after your latest purchase in which we handled your personal data, due to possible legal obligations, legitimate interests etc. These cases are:

·                Legal obligation of the Company related to a provision of the law.

·                For use before any audit authority within the statutory retention period. 

·                If necessary for the proper organisation and operation of the Company, provided that your data is anonymised.

·                Up until the lapse of the relevant claims to defend the rights and legitimate interest of our Company before any competent Court and any other public authority.

·                If there is an administrative or judicial litigation that is directly or indirectly related to your data, until a final judgment is given.

Finally, we shall retain your data for the period that we possess an active consent for the purposes that it was given, as mentioned above.

After the lapse of the retention period, our Company is responsible for erasing your data in paper form or stored in our information systems, in a secure manner.

Description of your Rights

Right to be informed/notified

You have the right to obtain and we are obligated to provide you with clear, transparent and easily comprehended information regarding the means of handling your personal data and rights.

Right to access

You have the right to obtain access to your personal data (if we process them) and to information regarding them, such as the purposes of the processing, the categories of personal data, their origin, and their possible recipients.

Right to rectification

You have the right to request the rectification of inaccurate information, as well as the completion of any potentially incomplete personal data that concern you.

Right to erasure

You have the ability to request the erasure or the removal of your personal data when it is no longer necessary for the purposes it was collected or processed in any other way, or when there is no legitimate justification to continue processing the data.

However, we might have the right or the obligation of retaining the information, in cases we have a special legal obligation to do so, or we have other valid legitimate justification to retain it.

Right to restriction of processing

On specific circumstances, you have the right to request to «exclude» or discontinue the further handling of your information. When the processing is limited, we are still able to store your information, but we could not use them for other purposes.

Right to data portability

You have the right to obtain a copy of your personal data that we retain, in a structured, commonly used and machine-readable format and to reuse, transfer or disclose it for your own purposes.

Right to withdraw consent

Where the legal basis of processing your data is “Consent”, you have the right to withdraw your consent at any time, without affecting the lawfulness of the processing based on a valid consent given before its withdrawal. 

Right to object

You have the right to object in processing your personal data, such as automated decision making, under specific circumstances.

You can exercise the abovementioned rights by sending an email at info@thelenscuff.com.

Means of Exercising your Rights

In the event that you wish to exercise one of the abovementioned rights you can address at info@thelenscuff.com by sending an electronic mail.

In the event that you submit a request for exercising your rights, the Company shall respond in your relevant request within 1 (one) month from its submission. The said deadline could be extended by 2 (two) more months, following a prior notice, taking into consideration the complexity of the request and the amount of the requests under processing.

Our response to your request above is provided free of charge. However, in case that your request is obviously unfounded, excessive or recurring, we may either notify you regarding the charging with a reasonable fee, or to deny responding to your request.

Security and Protection of personal data

The personal data processing procedure is carried out in a way that ensures its confidentiality. More specifically, it is carried out exclusively by appointed for this purpose personnel, while all the appropriate organisational and technical controls for securing and protecting the data, apply. These controls include technics and procedural activities, as well as activities for monitoring and detecting, that aim to secure data from misuse, unauthorized access or disclosure, loss, modification or destruction.

Lodging complaints to a Supervising Authority

You have the right to lodge a complaint regarding the processing of your data performed by our Company, to any supervising authority of a member state of the European Union and especially to the Data Protection Authority. If you have concerns regarding the means of processing your personal data, please visit the Data Protection Authority’s website for more details, or you can contact them at:

Hellenic Data Protection Authority

Postal Address: Kifissias 1-3, 11523, Athens

Calling Center: +30-210 6475600

Fax: +30-210 6475628

Electronic mail: contact@dpa.gr

Modifications and Updates to this Privacy Policy

We may review and revise this policy with a view to our continuous compliance with the legal and regulatory requirements and the optimal protection of your data and the support of your rights on these data.

You shall be notified for any review we perform by publishing an updated version on our website or by contacting you through electronic mail.

Contact us

If you have any question about the present Policy or any other matter regarding the protection of your personal data, please do not hesitate to contact us through email at info@thelenscuff.com.

Other useful links

Website Terms

Cookies Policy, IP addresses & Similar Technologies

GDPR Terms & Definitions

«personal data»: means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;  

«processing»: means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

«restriction of processing»: means the marking of stored personal data with the aim of limiting their processing in the future;

«profiling»: means any form of automated processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance at work, economic situation, health, personal preferences, interests, reliability, behavior, location or movements;

«controller»: means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law;

«personal data breach»: mean a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed;

For more information regarding the new Regulation you can visit the following web address: https://ec.europa.eu/commission/priorities/justice-and-fundamental-rights/data-protection/2018-reform-eu-data-protection-rules_en

In the event of a discrepancy between any post or link on our site and Greek and European legislation, we apply the provisions of applicable Greek and European legislation.


All intellectual property rights subsisting in and/or relating to the E-shop, including trademarks, belong to the sole ownership of the Company or their lawful owners. The reproduction, copy, sale, resale and/or the commercial or other exploitation of all or part of the contents of www.thelenscuff.com is forbidden. 


14.1.    The Terms and Conditions as well as the sale of goods contract between the consumer and the Company are governed by Greek law. The competent courts for the resolution of any dispute regarding the Terms and Conditions as well as the conclusion, interpretation or performance of the sales of goods contract between the consumer and the Company are the courts of Athens.

14.2.    For the out-of-court settlement of disputes, the consumer may refer to the Conciliation Committees of alternative dispute settlement pursuant to article 11 L. 2251/1994 on the Greek Protection of Consumers Act (for more information on out-of-court-alternative disputes settlement please see the Ministry of Development website  at http://www.mindev.gov.gr/προστασία-του-καταναλωτη/εναλλακτικη-επιλυση-καταναλωτικων-δ/).

14.3.    Consumers residing in the Union may resort to an alternative disputes resolution entity (ADR) for the out-of-court settlement of cross border disputes stemming from online purchases, which proposes a solution or brings the parties together with the aim of facilitating an amicable solution. It is noted that the option of an electronic resolution of consumer disputes is available (see https://webgate.ec.europa.eu/odr/main/?event=main.home.show).

14.4.    The protection afforded by the law provisions regarding contracts concluded by distance as well as these Terms and Conditions apply to consumers who are natural entities and in relation to their dealings with the E-shop that do not fall within their commercial, craft, business or professional activities.

14.5.    In case of doubt between the Greek text of the Terms and Conditions and the English version, the Greek text prevails.


Should any of the provisions of the Terms and Conditions is declared invalid or unenforceable, such invalidity or unenforceability shall not prejudice the remaining provisions of the Terms and Conditions, which shall remain in full force and effect.


The Terms and Conditions constitute the entire agreement between the consumer and the Company for the sale of goods through the E-shop.

17.          AMENDMENT

The Company has the right to, at anytime, and without prior notice, unilaterally amend:

i)               the Terms and Conditions,

ii)              the content and information contained in the website www.thelenscuff.com which relate to the products available through it.

18.          COOKIES-

18.1.    What are the cookies used at www.thelenscuff.com. A cookie is a small piece of data used by browsers (Chrome, Mozilla Firefox κλπ) and assist in the better functioning of the website allowing it to recognise the user’s preferences each time he revisits it.

18.2.    The user may alter the settings of its browser to block certain or all cookies or even fully deactivate them altogether. However, if cookies are blocked or deactivated, parts of the contents of www.thelenscuff.com will not appear. To see the cookies used by www.thelenscuff.com click here.