Free shipping for purchases over €100

Privacy Policy

“Maria Sullaj” hereinafter “The Company”, attaches great importance to the legal processing, security and protection of your personal data, in whatever capacity you communicate or cooperate with us, such as prospective or active customers, consumers, website visitors, employees , suppliers, businesses, individuals, consumers, passengers or cooperating third parties. This Privacy Policy also describes how we use, share and protect your personal data, the choices you have regarding your personal data, and how you can contact us. This Protection Policy is in accordance with the conditions deriving from European Regulation 679/2016 and any other relevant applicable legislation. By using our website and signing the relevant declaration of consent, you unconditionally accept the practices described herein, the terms of which shall henceforth govern the contractual relationship between us and are incorporated into the terms of use of each of our services.

1. What is your Personal Data.

Your personal data includes any information on paper or electronic media that can lead, either directly or in combination with others, to your unique identification or identification as a natural person. This category includes, as the case may be, information such as name, tax identification number, social security number, physical and email addresses, landline and mobile phone numbers, calling and called phone numbers, recipients of SMS/MMS messages, your bank account details, bank/ of your debit/credit/prepaid cards, e-mail addresses, history of your online searches (log files, cookies, etc.), and any other information that allows your unique identification according to the provisions of the General Regulation on the Protection of Personal Data (GDPR 2016/679) , of Law 4624/2019, of the currently applicable Greek legislation as well as of the decisions of the Personal Data Protection Authority (PDPA).

2. What is Personal Data Processing?


Any act or series of acts carried out with or without the use of automated means, on personal data or sets of personal data, such as the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, information retrieval, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, deletion or destruction.

3. What Personal Data we collect about you.

We take care to collect only your absolutely necessary Personal Data, which is appropriate and clear for the intended purpose. This Data includes the following:

a. Data you provide us when you register and create a user account on the Company’s Websites or Apps, via the internet or your mobile or through your personal contact with our stores or our sellers and specific data such as email address (e-mail)* and access code/login password (as mandatory) and name, surname, postal address, phone number (as optional):

b. Data and information that you provide to us through transactions between us (purchases, orders, etc.) and communication between us (through physical stores, our online store, our sellers, telephone, email or through any other manner). For example, we collect notes from our conversations with you, details of any complaints or comments you make, details of purchases you made, products added to or removed from your basket, wish list ), voucher redemptions, which of our websites you visit and how and when you contact us.

c. Data related to the payment method for the transactions you carry out with us.

d. Data you provide to us when you subscribe to our newsletter.

e. Data about the products and services that you usually choose in preference. In order to recommend products or services of interest to you and further enhance your shopping experience with us. Of course, you always have the option not to share such information with us.

f. Traffic data of our website.

g. Information collected from the use of cookies in your browser. Learn more about how cookies are used here.

h. In order to provide the best possible website experience, we collect technical information about your internet connection and browser, as well as the country and telephone code where your computer is located, the web pages displayed during your visit, advertisements which you click on and any search terms you entered.

i. Your social media username, if you interact with us through these channels, to help us respond to your comments, questions or feedback.

4. Lawful processing

The company will use your information for the following lawful processing purposes (according to Article 6 GDPR), as the case may be, with your express consent which you can freely withdraw at any time, or for the performance of a contract or pre-contractual relationship with you, or for the serving our legitimate interest or to protect your vital interest, namely: To manage your calls to seek information with the aim of completing your requests, purchases and orders. To respond to your requests and questions, regarding our products/services as well as updating and responding to your suggestions and comments on improving our products and services. To analyze our website traffic and improve your experience and to provide you with information about products, services, special offers and promotions. For our internal operations and analysis such as internal management, fraud prevention, use of management, invoicing, accounting, billing and control information systems. Providing the Data to the Company may be necessary to achieve the purposes specified in this Privacy Policy or may be optional. If you refuse to provide the information that is considered mandatory, it may, for example, make it impossible for the Company to fulfill the sales contract or provide the other services available on its Websites.

5. What are the collection and processing principles

This Privacy Policy aims to inform you about the terms of collection, processing and transmission of your personal data that we may collect as Processors. The company and its staff apply the ten Processing Principles of GDPR 2016/679 (lawfulness, objectivity, transparency, purpose limitation, data minimization, accuracy, storage time limitation, integrity, confidentiality and accountability). The Company protects and ensures your eight Rights regarding the use of your Personal Data (update, access, correction, deletion, restriction of processing, portability, objection and non-automated decision-making based on profiles, as specified in Greek legislation). The above applies without any discrimination and applies to all the processing we carry out and to all the services we provide independently.

6. What are the ways of collecting your Personal Data

The Company collects your personal data by accepting the terms of use of each of our services, such as:

When you call our numbers, when you email us, or fill out an application or order.

When you contact our offices or our staff and our call center, either for purchases or to express your opinion, complaints or comments.

When you send us the postal address for issuing or sending invoices or service receipts and for home delivery details of your order.

When you visit our website, through which we collect, with your express consent, through cookies, information from your terminal device, such as your Internet Protocol (IP) address, the operating system used, the type and version of your browser (browser) etc.

7. Minimizing, storing and deleting your data

The Company will always ask you for the minimum personal data required by law to connect to our online platforms and services, to purchase products / services, to place an online order, to communicate through websites with other users or to participate in contests or promotions. Our Company keeps your personal data only for as long as is required by the contractual terms of each service, in combination with the current legislation, based on the purpose of each processing, and then anonymizes or destroys them. You can ask us and find out what data we collect about you and correct or delete it by completing a relevant application available to us, unless its retention is required by law for tax, evidentiary or judicial purposes and for the prosecution of illegal acts .

8. Cookies Policy

In accordance with the European E-Privacy Directive 2009/136/SE (which will be replaced by the ePrivacy Regulation) and the 25.2.2020 Directives of the APDPH, our website accepts the use of “cookies”. These are online tools for collecting and analyzing information from social media platforms or partner websites of third parties in order to measure traffic, improve the operation, content and overall appearance of our website and adapt to the needs of our customers. When using our website, your personal data is processed by third parties, such as social networks and search engines, e.g. Google Analytics, Facebook social Plug-ins, etc., without any involvement, influence or control on the part of the Company and transmitted either within or outside the European Economic Area (27 EU Member States plus Iceland, Liechtenstein and Norway), for which they are exclusively responsible third parties. If you do not wish third parties, such as Google, Facebook, Twitter, to receive information from your browser, when you visit the Company’s websites you can opt out of the terms provided by the respective Usage Policy available on the website of each such third party. Although most browsers automatically accept the use of cookies, you can always change the settings on your computer, choosing not to accept cookies, or being asked to accept each of them separately. However, you should be aware that doing so will limit the range of browsing options available to you on each website and the user experience.

9. Transmission of your data to third parties

As a rule, our Company does not pass on your personal data to third parties, except when we act as an intermediary and to the extent that this is necessary to complete your order and fulfill requests regarding the services provided by us. Such third parties may be official government and regulatory bodies (e.g. prosecuting and prosecuting authorities, cybercrime prosecution, APDPC, EETT), when called upon to comply with the law and to prevent illegal activity against us and our customers (e.g. telephone fraud, verbal abuse, insult to personality, etc.). Third parties may also be accounting and law firms. In our Company, we choose reliable providers and try to set contractual restrictions on third parties who receive your personal data, in order to ensure their lawful use. However, we cannot guarantee that they will not use or disclose this data without your permission. For this reason we recommend that you carefully review the privacy practices of any third party providers/suppliers whose products or services you purchase through our websites. In order to process your data, we may need to transfer your information to other countries, including countries primarily within and exceptionally outside the European Economic Area (EEA), based on EU adequacy decisions, binding corporate rules, standard contracts and approved codes of conduct. Access to your Data is given to the absolutely necessary personnel of the Company, who are bound by confidentiality, and the companies cooperating with us or third-party service providers, who process your Data as Processors on our behalf and in accordance with our orders.

10. How is your Data shared?

Data Sharing by Our Company The Company shares your Data with:

Third party service providers who process personal data on behalf of the Company, for example (but not limited to) credit card and payment processing, transfers and deliveries, hosting, management and maintenance of our data, email distribution, research and analysis, management of promotions, as well as management of certain services and elements. When we use third party service providers we enter into agreements obliging them to implement appropriate technical and organizational measures to protect your personal data.
Other third parties, to the extent required for the following purposes: (i) compliance at the request of a body of the Greek State, court order or applicable law, (ii) prevention of illegal uses of our Websites and Apps or violations of the Website Terms of Use Our Sites and Apps and our policies, (iii) our own protection against third-party claims, and (iv) contributing to the prevention or investigation of cases of fraud (e.g. counterfeiting).
Other third parties to whom you yourself have given your consent.

Sharing of Data by you:

When you use certain social media features on our Sites or Apps, you may create a public profile that includes information such as your username, profile picture, and city. You may also share content with your friends or the general public, including information about your interaction with the Company. We encourage you to use the tools we provide to manage Company social media sharing to control the information you make available through Company social media assets.
11. What is the policy we apply with the third party Processors of your Data according to the above:

We provide only the information needed to perform their specific services.

They can only use your Data for the exact purposes we set out in our contract with them.
We work closely with them to ensure that your privacy is respected and protected at all times.
If we stop using their services, any of the data they hold will be deleted or anonymized.

To improve your experience as a customer on our Websites and Apps, we use the following companies, who will process your Personal Data as part of their contracts with us:

Facebook Google YouTube

Instagram Twitter LinkedIn

ACS Hotjar

In case you wish to receive more information regarding the sharing of your Data with third parties, please contact us by email at [email protected] .

12. How do we ensure that Processors respect your Data?


Those performing the processing on our behalf have agreed and contractually committed to the Company:

to maintain confidentiality,
not to send your Data to third parties without the Company’s permission,
take appropriate security measures,
to comply with the legal framework for the protection of personal data and in particular Regulation 979/2016/EU (otherwise known as GDPR).
13. Security of your personal data

In any case, we take appropriate technical and organizational measures to ensure the confidentiality, integrity and availability of your data. We aim to ensure that your personal information is transferred, stored and processed in accordance with appropriate international security standards and procedures. At the Company we have trained and responsible staff, while we recognize the importance of protecting your privacy and all your personal information. For this purpose, we have appropriate security policies and use appropriate technical and operational tools, such as anonymization, pseudonymization, data encryption, tokenisation, use of firewalls, establishment of access levels, authorized employees, staff training, periodic audits, compliance with international security and operational standards continuity. Any of our partners who have access to the above information, uses it to exclusively serve the above purposes. We share the information you give us exclusively in the ways described in this Policy and in accordance with your express and specific consent per type of processing which you can freely revoke at any time by contacting us.

14. Data Transfer


The personal data we collect (or process) in the context of our Websites and Apps will be stored within the European Union. However, some of the Data recipients with whom the Company shares your Personal Data may be located in countries other than the one in which your Personal Data was originally collected. The legislation in those countries may not provide the same level of data protection compared to the country that originally provided your Personal Data. However, when we transfer your Personal Data to recipients in other countries, including the US, we are committed to protecting your Personal Data as described in this Privacy Policy and in accordance with applicable law. We take measures to comply with applicable legal requirements for the transfer of personal data to recipients in countries outside the European Economic Area or Switzerland that do not ensure an adequate level of protection. We use various measures to ensure that your Personal Data transferred to these countries is adequately protected under data protection rules. These include signing the Contractual Clauses, certifying that the recipient has adopted the European binding rules or adheres to the EU-US and Switzerland-US Privacy Shield.

15. How long do we keep your Data?

We retain your Personal Data for as long as necessary to fulfill the purposes set out in this Privacy Policy (unless a longer retention period is required by applicable law). Generally this means that we will keep your Personal Data for as long as you have an account with our Company. In relation to your Personal Data relating to product purchases, we retain this data for a longer period in order to comply with our legal obligations (such as tax and commercial law and for warranty purposes where applicable). At the end of this retention period, your data will be completely deleted or anonymized, for example by aggregating with other data, so that it can be used in a de-identified way for statistical analysis and business planning. Some examples of Customer Data retention periods: • Orders When you place an order, we will keep the personal data you have given us for five years to enable us to comply with our legal and contractual obligations. • Warranties If your order included a warranty, the relevant Personal Data will be retained until the end of the warranty period. • Newsletter Your declaration of consent to send a newsletter (newsletter) is kept for as long as the newsletter is sent to you by the Company, and in any case no more than six months from the cessation of its sending.

16. Display of targeted advertisements

Provided you have given us written consent, we may use your personal data together with other information we have collected, after human intervention by our commercial department, to display advertisements relevant to your apparent preferences, on our website or on another website. However, we do not use automated tools to identify and evaluate your consumer profile and genetic preferences with other personal information (such as your email address) in order to display advertisements or send you personalized information. In addition, we do not share your personal information with third parties so that they can send you relevant advertisements, unless you have expressly consented to them in writing. If you want us to stop sending you updates or offers, you can use the unsubscribe link at the end of every email you may have received from us (unsubscribe).

17. Is your Data secure?

We are committed to safeguarding your Personal Data. Recognizing the importance of the security of your Personal Data, we have taken all appropriate organizational and technical measures to secure and protect your Data from any form of accidental or unlawful processing. We use the most modern and advanced methods to ensure maximum security. www.nb.org uses the TLS 1.2 protocol for secure online commerce. This encrypts all Data you provide, including your credit card number, name and address, so that it cannot be decrypted or changed in transit over the Internet. In addition, the information used to identify you as an account user is two: the Login Code (Username) and the Personal Secret Security Code (Password). Each time you register your details, you are given access to your personal account. This specific process is achieved safely through encryption during their transfer to the internet and the Company’s servers. By the same standards, you are given the possibility to change your Personal Secret Security Code (Password) as often as you wish. After entering the desired code, the new code is coded and stored in the Company’s systems. For this reason, the only person who knows your password is yourself and you are solely responsible for keeping the password confidential from third parties. These measures are reviewed and amended when deemed necessary.

18. Unsolicited Commercial Communication

Our Company does not allow the use of our website or our services for the transmission of bulk or unsolicited commercial e-mail messages (spam). Furthermore, we do not allow messages from and to our customers that use or contain invalid or falsified headers, invalid or non-existent domain names, techniques to hide the origin of each message, false or misleading information or violate website terms of use. We do not in any way allow the collection of email addresses or general information of our customers and subscribers through our website or services. We do not permit or authorize any attempt to use our services in a manner that could damage, disable, overburden any part of our services, or interfere with anyone who wishes to lawfully use our services. If we believe there is any unauthorized or inappropriate use of any of our services, we may, without notice, at our sole discretion, take appropriate action to block messages from a particular domain, message server email, or an (IP) address. We have the ability to delete any account using our services that, in our sole discretion, transmits or links to the transmission of any messages that violate this policy.

19. What are your rights?

You have the right to access your Personal Data. This means that you have the right to be informed by us if we are processing your Data. If we process your Data, you can ask to be informed about the purpose of the processing, the type of your Data we keep, to whom we give it, how long we store it, whether automated decision-making takes place, but also about your other rights, such as correction, deletion of data, restriction of processing and filing a complaint with the Personal Data Protection Authority. You have the right to correct inaccurate personal data. If you find that there is an error in your Data you can submit a request to us to correct it (eg correct a name or update a change of address). You have a right to erasure/right to be forgotten. You can ask us to delete your data if it is no longer necessary for the above-mentioned processing purposes or you wish to revoke your data in the event that this is the only legal basis. You have the right to portability of your Data. You can ask us to receive the Data you have provided in readable form or ask us to pass it on to another controller. You have the right to restrict processing. You can ask us to restrict the processing of your Data pending the consideration of your objections to the processing. You have the right to object and withdraw consent to the processing of your Data. You can object to the processing of your Data and we will stop processing your Data, unless there are other compelling and legitimate reasons that override your right. If you have given your consent to the collection, processing and use of your personal data, you can withdraw your consent at any time with future effect:

Opting Out of Receiving Marketing Communications. You can choose not to receive marketing communications by changing your email and sms registrations, clicking the delete link or following the instructions included in the message.
Alternatively you can contact us using the contact details we give you in term 17 below. In case we rely on our legitimate interest: In cases where we process your personal data based on our legitimate interest, you can ask us to stop for reasons related to your personal situation. We must then do so unless we believe we have a compelling legitimate reason to continue processing your Personal Data.

20. How can you exercise your rights?

To exercise your rights, you can submit a request to the email address [email protected] with the title “Exercise of Right” and we will examine it and respond to you as soon as possible.

21. Where can you go if we breach the applicable law for the protection of your Personal Data?

You have the right to submit a complaint to the Personal Data Protection Authority (postal address Kifisias 1-3, P.K. 115 23, Athens, tel. 210. 6475600, e-mail address (e-mail) [email protected] ), if you consider that the processing of your Personal Data violates the applicable national and regulatory legal framework for the protection of personal data.

22. Validity of Privacy and Privacy Policy

We update this Privacy Policy whenever necessary. If there are significant changes to the Privacy Policy or the way we use your Personal Data, we will post an update to this on our website before the changes take effect and we will notify you as soon as possible. We encourage you to read this Policy periodically to know how your Data is protected.