Privacy Policy
Last updated: 2 July 2026
1. Introduction
This Privacy Policy describes how the online store POOQ collects, uses, stores and protects the personal data of its visitors and customers. We are committed to protecting your privacy and to processing your data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable Greek and European law.
2. Data controller
The controller of your personal data is ΚΟΥΚΟΣ ΗΛΙΑΣ – ΛΙΑΝΙΚΟ ΕΜΠΟΡΙΟ ΣΥΣΚΕΥΩΝ ΚΙΝΗΤΗΣ ΤΗΛΕΦΩΝΙΑΣ ΚΑΙ ΕΞΑΡΤΗΜΑΤΩΝ (distinctive title «POOQ», trading name «POOQ»), Sole proprietorship, with its registered office at Σπύρου Λάμπρου 65, 45333 Ιωάννινα, VAT No. 1228082000 / Ioannina Tax Office.
For any matter concerning the processing of your data, you can contact us at pooqshops@gmail.com.
3. What personal data are
Personal data is any information relating to an identified or identifiable natural person. An identifiable natural person is one whose identity can be established, directly or indirectly, by reference to an identifier such as a name, an identity number, location data or an online identifier.
4. What data we collect
- Account details: first name, last name, email, password (stored only in encrypted form).
- Order & shipping details: address, telephone, order history, invoices.
- Payment: card details are sent directly to the payment provider and are not stored on our servers.
- Communication: the content of the messages you send us by email or through the contact form.
- Technical data: IP address, browser information, cookies and device identifiers (see the Cookie Policy).
5. Purposes of processing
- fulfilling and shipping your order,
- managing the customer account and order history,
- customer service and responding to enquiries,
- fulfilling legal obligations (invoicing, accounting, taxation),
- analysing website usage and improving our services (with your consent, through cookies),
- commercial communication and newsletter or coupons (only with express consent, which can be withdrawn at any time).
6. Legal bases
Processing is based on Article 6(1) of the GDPR (EU 2016/679):
- Performance of a contract — for processing and shipping your order.
- Legal obligation — for invoicing and tax records.
- Legitimate interest — for security, fraud prevention and improving our services.
- Consent — for analytics, advertising and newsletter cookies.
7. Data recipients
The data you provide us is not disclosed to third parties for their own purposes. However, we may share it with the following partners/providers, strictly to the extent necessary for the purposes above, who act as processors on our behalf:
- Courier companies — ACS Courier and BOX NOW (only the shipping details required).
- Payment providers — Piraeus Bank (card acceptance) and the partner bank for bank transfer.
- Email delivery service — Resend, Inc. (transactional email).
- Store infrastructure — self-hosted Medusa server.
- Search service — self-hosted Meilisearch.
- Form abuse protection — Cloudflare Turnstile.
- Usage analytics — Google Analytics 4 (Google Ireland Ltd.), enabled only after consent.
- Behavioural analytics — PostHog (PostHog Inc., EU region — eu.posthog.com), enabled only after consent.
- Advertising partners — Meta Pixel (Meta Platforms Ireland Ltd.) and Google Ads (Google Ireland Ltd.), enabled only after consent for the advertising cookie category.
- Accountants & legal advisers — to fulfil legal obligations.
- Public authorities — where required by law.
Advertising partners
If you accept the advertising cookie category, we use Meta Pixel and Google Ads to measure the effectiveness of our advertising campaigns and for remarketing. The data collected by these services is subject to the respective privacy policies of the providers: Meta and Google. You can withdraw your consent at any time from the cookie preferences centre.
8. Transfers outside the EEA
Some of the above recipients (Google, Meta, Resend) are based in or process data in countries outside the European Economic Area, mainly in the United States. These transfers are carried out on the basis of the European Commission's Standard Contractual Clauses or other lawful safeguards under Article 46 of the GDPR.
9. Retention period
- Account details: for as long as your account is active.
- Order details & invoices: ten (10) years, in accordance with Greek tax law.
- Marketing consent: until it is withdrawn.
- Analytics data (GA4): up to 14 months.
- Communications: up to two (2) years, unless a longer retention obligation applies.
10. Your rights
Under Articles 15–22 of the GDPR you have the following rights:
- access to your data,
- rectification of inaccurate information,
- erasure (“right to be forgotten”),
- restriction of processing,
- data portability,
- objection to processing,
- withdrawal of your consent at any time.
To exercise any of the above rights, send an email to pooqshops@gmail.com. We will respond within one (1) month of receiving your request.
11. Right to lodge a complaint
You have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA), Kifisias 1–3, 115 23 Athens, dpa.gr.
12. Data security
We apply reasonable technical and organisational measures to protect your data: encrypted connection (HTTPS), restricted database access, password encryption and regular software updates. Card details are not stored on our systems.
13. Minors
The store's services are not directed at minors under 18 years of age. Registration on the website requires full legal capacity.
14. Changes to the policy
We reserve the right to amend this policy. The date of the last update is shown at the top of the page.
15. Contact
For any question regarding this policy: pooqshops@gmail.com, tel. 2651064693, or by post: Σπύρου Λάμπρου 65, 45333 Ιωάννινα.

