Privacy Policy


Last updated: [24.09.2021]

This Privacy Policy explains how and under which purposes (the “Site” or “we”) collects, uses, discloses and protects your Personal Data when you visit our Site. This Privacy Policy is an integrated part of our Terms & Service and applies to all users and all data we collect through the Site. By visiting our Site, you are accepting the practices described in this Privacy Policy. If you do not agree to the terms of this Policy, please do not use the Site.

Please read our Privacy Policy carefully to get a clear understanding of your rights and of how we collect, use, disclose and protect your Personal Data when accessing and/or using our Site.      

Controller: Party that determines how and for what purposes Personal Data is processed.

EEA: European Economic Area.
GDPR: General Data Protection Regulation.
Personal Data: An information that can be related to a specific individual (e.g. individual’s name, location data, email address, credit card information etc.).  
Processor: Party that processes personal data on behalf of the controller.

2. Who We Are
The Company “XTERRA EUROPE SINGLE MEMBER PRIVATE COMPANY” is the Controller for your Personal Data. For any questions about this Privacy Policy, including any requests to exercise your legal rights, please find our contact details in clause 13 below (“Contact”) and contact us.  
Collection of Personal Data

    When you visit the Site, we collect certain information about your device, your interaction with the Site, and information necessary to process your purchases. We may also collect additional information if you contact us for customer support. In this Privacy Policy, we refer to any information that can uniquely identify an individual (including the information below) as “Personal Data” (see clause 1 above “Terms”). See the list below for more information about what Personal Data we may collect and why.

    3.1. Device information

    • Personal Information collected: version of web browser, internet protocol (IP) address, mobile device ID, operating system, time zone, cookie information, what sites or products you view, search terms, and how you interact with the Site.
    • Purpose of collection: to load the Site accurately for you and to perform analytics on Site usage to optimize our Site.
    • Source of collection: collected automatically when you access our Site using cookies, log files, web beacons, tags, or pixels.

    3.2. Order information

    • Personal Information collected: full name, username or similar identifier, billing address, shipping address, payment information (including bank account, valid credit card numbers, card brand, credit card’s expiration day), email address, telephone numbers and demographic information that you voluntarily give to us when you register with the Site.
    • Purpose of collection: to provide products or services to you, to fulfil our contract, to process your payment information, to arrange for shipping and to provide you with invoices and/or order confirmations, to communicate with you, to screen our orders for potential risk or fraud and, when in line with the preferences you have shared with us, to provide you with information or advertising relating to our products or services.
    • Source of collection: collected from you.

    3.3. Customer support information

    • Personal Information collected: name, phone number, call audio, other personal information provided during the call, email address, information about the device and browser used, network connection, internet protocol (IP) address, other personal information provided during the chat, website URL.
    • Purpose of collection: to provide customer support.
    • Source of collection: collected from you.

    4. Minors
    We do not intentionally collect Personal Data from children under the age of 15. If we receive actual knowledge that anyone under the age of 15 has provided Personal Data to us without the requisite parental consent, we will delete that information from the Site as quickly as is reasonably possible.  If you are the parent or guardian and believe your child has provided us with Personal Data, please contact us at the contact details below (clause 13 “Contact”) to request deletion.

    5. Use and Process of Personal Data
    5.1. Purposes for which we will use Personal Data

    We only use your Personal Data when the law allows us to. Specifically, we use your Personal Data to provide our services to you, which includes:

    - offering products for sale;

    - processing order and payments;

    - shipping and fulfilment of your order;

    - customer support in relation to your order;

    - keeping you up to date on i) changes to our terms/privacy policy, ii) new products, services, and offers (newsletters);

    - provide you with targeted advertisements or marketing communications we believe may be of interest to you. For example:

    • We use Google Analytics to help us understand how our customers use the Site. You can read more about how Google uses your Personal Information here: You can also opt-out of Google Analytics here:
    • We may share information about your use of the Site, your purchases, and your interaction with our ads on other websites with our advertising partners, as permitted by law. We collect and share some of this information directly with our advertising partners, and in some cases through the use of cookies or other similar technologies (which you may consent to).

    For more information about how targeted advertising works, you can visit the Network Advertising Initiative’s (“NAI”) educational page at

    You can opt out of targeted advertising by:

    Additionally, you can opt out of some of these services by visiting the Digital Advertising Alliance’s opt-out portal at:; and

    - create and maintain a trusted and safer environment and comply with our legal obligations. 

    5.2. Lawful basis for processing

    Pursuant to the General Data Protection Regulation (“GDPR”, Regulation EU 2016/679), we process your Personal Data under the following lawful bases:

    • Your explicit consent;
    • The performance of the contract between you and the Site, specifically to create your account and provide the products/services requested;
    • Compliance with our legal obligations (such as tax law or lawful law enforcement requests);
    • To protect your vital interests;
    • For our legitimate interests, which do not override your fundamental rights and freedoms (e.g. recovering debts due to us, keeping our records updated, developing our business, preventing fraud etc.).

    We do not sell, trade or otherwise transfer your Personal Data for commercial purposes.

    Please contact us if you need clarifications about the specific lawful basis we are relying on to process your Personal Data. 

    5.3. Change of purposes

    We only use your Personal Data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so or/and receive your explicit and clear consent.  

    6. Sharing of Personal Data
    We share your Personal Data with service providers to help us provide our services and fulfil our contracts with you, as described above. For example:
    • We use Shopify to power our online store. You can read more about how Shopify uses your Personal Data here:
    • We use Stripe for payments. You can read more about how Stripe uses your Personal Data here:
    • We may share your Personal Data with our employees, officers, insurers, professional advisers, agents or suppliers as reasonably necessary for the purposes set out in this policy.
    • We may share your information with third parties that perform services for us or on our behalf, including payment processing, shipping or delivery services, data analysis, email delivery, customer service and marketing assistance.
    • We may share your Personal Data to comply with applicable laws, orders and regulations, to respond to a subpoena, search warrant or other lawful request for information we receive, or to otherwise protect our property, our legal rights and our customers (including but not limited to enforcing our Terms & Service, to preventing fraud and reducing credit risk). We might share information with relevant financial institutions if we consider it strictly necessary for fraud detection and prevention purposes.
    7. Protection of Personal Data
    We have implemented appropriate technical and organizational measures and procedures to prevent your Personal Data from being accidentally lost, accessed in an unauthorized way, misused, altered or disclosed. Furthermore, we limit access to your Personal Data to those employees, agents and other third parties who have a business need to know and require from them to maintain the confidentiality, security and integrity of such Personal Data in accordance with this Privacy Policy.

    Please be aware that despite our efforts, no security measures are perfect or impenetrable. In case of a breach, we will notify you and any applicable regulator (in Greece the Data Protection Authority, as we are legally required to do so.   

    8. Retention of Personal Data
    We will retain your Personal Data for as long as it is required to fulfil the purposes we collected it for (including the purposes of satisfying any legal, accounting or reporting requirements), unless the applicable laws require or allow for a longer period of time. You can ask us to delete your Personal Data at any time. For more information on your right of erasure, please see the clause 9 below (“Your rights”).

    In case of erasure, we will destroy your Personal Data in a way that will not allow the data to be restored or reconstructed.

    9. Your rights
    9.1. GDPR

    You have the following rights over your Personal Data.

    • The right to access. You have the right to request access to your Personal Data that we hold and information regarding their processing. In case you request to receive your Personal Data, those will be provided to you in a commonly used and machine – readable format.
    • The right to rectification. You have the right to request that we rectify any inaccurate Personal Data about you and to have any incomplete Personal Data about you completed.
    • The right to erasure. You have the right to request that we erase your Personal Data to the extent that they are no longer necessary for the purpose for which we need to keep processing them, as we have explained above, or when we are no longer legally permitted to process them.
    • The right to cancel/limit processing. You have the right to request that we cancel or limit the processing of your Personal Data.
    • The right to data portability. You have the right to ask that we transfer the Personal Data you gave us from one organization to another, or give it to you.
    • The right to object. Where the processing of your Personal Data is based on our legitimate interest, you will also have the right to object to the processing of your Personal Data. To the extent that we may engage in decision-making based solely on automated processing, including profiling, which produces legal effects concerning you or which significantly affects you, you have the right not to be subject to such decision-making.

     Finally, we inform you that:

    • You have the right to file a claim before the Greek Data Protection Authority (
    • To the extent that the legal basis for our processing of your Personal Data is consent, you have the right to withdraw that consent at any time (e.g. unsubscribe from the newsletters). Withdrawal will not affect the lawfulness of processing before the withdrawal.

    If you would like to exercise these rights, please contact us through the contact details below (clause 13 “Contact”). Your requests must be addressed within one month, unless they are exceptionally complex or numerous.    

    For information on how data transfers comply with the GDPR, see Shopify’s GDPR Whitepaper:

     9.2. Automatic decision-making

    You have the right to object to processing based solely on automated decision-making (which includes profiling), when that decision-making has a legal effect on you or otherwise significantly affects you. An example of a legal effect is a decision that impacts and individual’s legal or civil rights or their rights under a contract. Examples of significant effects include decisions that have a financial impact on individuals or impact their employment.

    We do not engage in fully automated decision-making that has a legal or otherwise significant effect using customer data.

    Our processor Shopify uses limited automated decision-making to prevent fraud that does not have a legal or otherwise significant effect on you.

    Services that include elements of automated decision-making include:

    • Temporary denylist of IP addresses associated with repeated failed transactions. This denylist persists for a small number of hours.
    • Temporary denylist of credit cards associated with denylisted IP addresses. This denylist persists for a small number of days.
    10. Cookies
    A cookie is a small amount of information that’s downloaded to your computer or device when you visit our Site. Cookies make your browsing experience better by allowing the website to remember your actions and preferences (such as login and region selection). This means you don’t have to re-enter this information each time you return to the site or browse from one page to another. Cookies also provide information on how people use the website, for instance whether it’s their first time visiting or if they are a frequent visitor. However, cookies never contain any personal information that could allow anyone to contact the Site visitor such as e.g. e-mail, etc.

    We may use a number of different cookies, including:

    • Necessary cookies. These cookies are essential to the operation of our Site and make it usable and secure by enabling basic functions.
    • Preference cookies. These cookies are used to remember your preferences and to recognize you when you return to our Site.
    • Analytics cookies. These cookies help us understand how visitors interact with our Site.
    • Advertising cookies. These cookies are used for targeted advertising.  

    For more information regarding the types of cookies used in our Site, please contact us through the contact details below (clause 13 “Contact”).

    The length of time that a cookie remains on your computer or mobile device depends on whether it is a “persistent” or “session” cookie. Session cookies last until you stop browsing and persistent cookies last until they expire or are deleted. Most of the cookies we use are persistent and will expire between 30 minutes and two years from the date they are downloaded to your device.

    You can control and manage cookies in various ways. Please keep in mind that removing or blocking cookies can negatively impact your user experience and parts of our website may no longer be fully accessible.

    Most browsers automatically accept cookies, but you can choose whether or not to accept cookies through your browser controls, often found in your browser’s “Tools” or “Preferences” menu. For more information on how to modify your browser settings or how to block, manage or filter cookies can be found in your browser’s help file or through such sites as

    11. Do Not Track

    Please note that because there is no consistent industry understanding of how to respond to “Do Not Track” signals, we do not alter our data collection and usage practices when we detect such a signal from your browser.

    12. Changes
    We may update this Privacy Policy from time to time in order to reflect, for example, changes to our practices or for other operational, legal, or regulatory reasons, so please check this policy from time to time. All such updates shall be effective when posted. Privacy Policy changes will apply to the information collected from the date we publish the revised Privacy Policy, as well as to existing information held by us. The use of our Site after the posting of such changes shall constitute acceptance of such changes.

    13. Contact
    For more information about our privacy practices, if you have questions, or if you would like to make a complaint, please contact us by e-mail at or by mail using the details provided below:

    XTERRA Europe SMPC

    Office Plus+ Business Centre Gounari 78, 16561 Glyfada Athens Greece

    TIN: 801483146, Business Registry No.: 157746401000

    If you are not satisfied with our response to your complaint, you have the right to lodge your complaint with the relevant data protection authority (clause 9.1. “Your rights”).