The protection of your personal data is important to us.
With this policy, “NOMIKI BIBLIOTHIKI S.A. -Publications, Technology & Education Group” (hereinafter the “Company” or “we” or “us”), having its registered office in Athens (23 Mavromichali Street, 10680), defines and informs you of the terms under which, acting as the “Data Controller” as defined by law, it collects, stores, uses and generally processes your personal data, which it collects when you visit, register with, or use its websites (hereinafter the “Websites”) and mobile applications (hereinafter the “Applications”), as well as when you transact with its physical stores.
This Privacy Policy also describes how your personal data are used, disclosed and protected, the choices available to you regarding your personal data, and how you can contact us. This Policy complies with Regulation (EU) 679/2016 (GDPR) and any other applicable legislation.
For any questions regarding this Privacy Policy or any issue relating to the processing of your Data and the exercise of your rights, you may contact us at: dataprotection@nb.org
1. ABOUT THE COMPANY’S WEBSITE
The website www.nb.org is the Company’s website, which includes the online store for the presentation and sale of its products and services.
Through the Company’s websites and applications, you may also access a wide range of services, including:
2. WHAT ARE PERSONAL DATA?
“Personal data” means any information relating to an identified or identifiable natural person, such as full name, postal address, email address, telephone number, etc., which identifies or may identify you (hereinafter “Personal Data” or “Data”).
3. WHAT IS PROCESSING OF PERSONAL DATA?
Any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
4. IS THE PROVISION OF YOUR PERSONAL DATA MANDATORY?
The provision of Data to the Company may be mandatory or optional, depending on the purposes described in this Privacy Policy.
Mandatory fields are indicated by an asterisk (*).
If you refuse to provide mandatory Data, it will be impossible to fulfill the purpose for which such Data are collected, such as performing a sales contract or providing services available on the Websites.
The provision of additional, non-mandatory Data is optional and serves exclusively to improve the quality of our services.
5. WHAT PERSONAL DATA DO WE COLLECT?
We collect only the personal data strictly necessary for the intended purposes, including:
a. Data provided during registration and account creation (mandatory: email and password; optional: name, surname, address, phone number)
b. Data provided through transactions and communications
c. Payment method information
d. Newsletter subscription data
e. Preferences regarding products and services
f. Website traffic data
g. Classified advertisement submission data (Name, Surname, Phone, Email, Content)
h. Trial registration data for the Qualex platform (full name, email, region, phone)
i. Cookie-related information
j. Technical data related to browsing, IP address, device, pages viewed, ads clicked, search terms
k. Social media username when interacting with us via social platforms
l. Educational and professional information (only for job applications)
6. HOW DO WE USE YOUR PERSONAL DATA?
Where applicable, we use your Data as follows:
The Company processes your Data in order to perform its contractual relationship with you, process orders for products and/or services, provide customer support services, comply with legal obligations, and defend against, assert or exercise legal claims.
If we do not collect your Data at the time of order completion (whether through our physical stores, in person, via telephone support by our sales representatives, or through our online store), we will not be able to process your order or comply with our legal obligations.
Please note that your Data may need to be transferred to third parties for the delivery of the product or service you have ordered (for further information on how we disclose personal data to third parties, please see sections 9, 10, 11 and 12 below).
In addition, we may retain your Data for a reasonable period in order to fulfill our contractual obligations, such as product returns, as provided for under consumer protection legislation, and to comply with our statutory obligations under applicable law (e.g. tax legislation).
The Company processes your Data in order to provide you with account functionality and facilitate the purchase of products and/or services.
The Company uses your Data to respond to requests, inquiries, refund requests and/or complaints. The information you share with us enables us to manage your requests and respond in the best possible manner.
We may also keep a record of your communications in order to improve future interactions. This processing is based on our contractual obligations, legal obligations and legitimate interests, namely the provision of optimal customer service and the continuous improvement of our services based on your experience.
With your consent, we will use your Personal Data, preferences and transaction details to inform you via email, internet, telephone and/or social media about relevant products and services, including personalized offers. You may withdraw your consent at any time.
Depending on your browsing activity, and subject to your prior consent, you may receive notifications regarding our offers, news, wish list and shopping cart. You may withdraw your consent at any time.
The Company may process your Data for the purposes of your participation in a rewards program, including the assessment of your application, the accumulation and redemption of points, and the enjoyment of customer benefits, as specified in the program’s terms and conditions. This enables us to provide you with personalized offers of interest to you. Participation is optional.
This processing is carried out on the basis of our legitimate business interests.
In order to ensure that you are presented with content of interest on our Websites or Applications, we will use Data you have provided to us with your consent for application notifications or, in the case of our Websites, your consent to the placement of cookies on your device.
For example, we may display a list of products you recently viewed or provide recommendations based on your purchase history and other Data you have shared with us.
We may send you survey and evaluation requests to improve our services. These communications do not contain promotional content and do not require prior consent when sent by email or SMS. We have a legitimate interest in doing so, as it helps us make our products and services more relevant to you. You may opt out at any time through your online account preferences.
This includes the use of your Data to maintain, update and secure your account. We also monitor browsing activity to promptly identify and resolve issues and protect the integrity of our website. This processing is based on our legitimate interests.
For example, we verify your password during login and use automated IP address monitoring to detect potentially fraudulent access attempts from unexpected locations.
This processing is carried out on the basis of our legitimate business interests and also helps protect our customers from fraudulent transactions.
Including obligations arising from applicable laws or court decisions.
We may send communications required by law or necessary to inform you about changes to our services, such as updates to this Privacy Policy, product recall notices, or legally required order-related information. These service messages do not contain promotional content and do not require prior consent when sent via email or SMS.
If we do not process your Personal Data for these purposes, we will not be able to comply with our legal obligations.
Finally, please note that your Data are processed either by duly authorized Company personnel or through the Company’s IT systems and electronic devices, and exceptionally by third parties who are contractually bound by confidentiality and data protection obligations and who perform tasks strictly necessary for the operation of our Websites, services and online sales. Further information is provided in sections 9 and 10 below.
For information regarding the use of cookies, please refer to our Cookie Policy.
7. WHAT IS THE LEGAL BASIS FOR PROCESSING YOUR DATA?
The Company processes your Personal Data on the following legal bases:
8. WHO HAS ACCESS TO YOUR DATA?
Access is limited to authorized Company personnel and cooperating third-party service providers acting as Data Processors under contractual agreements.
9. DISCLOSURE OF YOUR DATA
We may share your Data with:
You may also share information through social media integrations at your own discretion.
10. POLICY REGARDING THIRD-PARTY DATA PROCESSORS
Third-party processors:
Indicative partners include: Facebook, Google, YouTube, Instagram, Twitter, LinkedIn, ACS, LiveChat, CookieYes, Convertful, HubSpot, Moosend, OneSignal, PayPal, Viva Wallet, Klarna, IRIS, Digital Wallets (Apple Pay, Google Pay, Samsung Pay), Microsoft, Meta.
11. HOW DO WE ENSURE COMPLIANCE BY DATA PROCESSORS?
Processors are contractually bound to confidentiality, security measures, and GDPR compliance.
12. DATA TRANSFERS
Data are stored within the EU. Where transfers occur outside the EU/EEA, including the USA, we ensure adequate safeguards such as Standard Contractual Clauses or equivalent protections.
13. DATA RETENTION PERIOD
We retain Personal Data only as long as necessary for the stated purposes or legal obligations.
Indicative periods:
Data are then deleted or anonymized.
14. DATA SECURITY
We apply advanced organizational and technical security measures.
The website uses TLS 1.2 encryption for secure transactions.
User credentials are encrypted, and password confidentiality is solely the user’s responsibility.
15. YOUR RIGHTS
You have the right to:
You may opt out of marketing communications at any time.
16. EXERCISING YOUR RIGHTS
Requests may be submitted to dataprotection@nb.org with subject “Exercise of Right”.
Certain actions (e.g. profile edits, newsletter unsubscribe, push notification settings) may be performed directly.
Identity verification may be required.
17. RESPONSE TIME
We respond free of charge within one (1) month, extendable by two (2) additional months for complex requests.
18. APPLICABLE LAW
Greek law applies, as shaped by GDPR (EU 2016/679), Law 4624/2019, and applicable EU and national legislation.
Disputes are resolved via mediation and, failing that, arbitration under EODID regulations.
19. COMPLAINTS
You may lodge a complaint with the Hellenic Data Protection Authority
Address: 1–3 Kifisias Ave., 11523 Athens
Tel: +30 210 6475600
Email: contact@dpa.gr
20. POLICY UPDATES
This Privacy Policy may be updated periodically. Significant changes will be published on our website and communicated appropriately.