The Website https://mystery-pot.com/ hereinafter the “Website”, hereinafter “Mystery Pot” is under our management and as data controllers we are responsible for ensuring that all processing activities comply with legal requirements, but also with your reasonable expectation of processing your personal data, collected from you during your visit to our website and the use of our online services, i.e. all information that identifies you as a person or can identify you directly or indirectly.
As controllers of your personal data, we take the protection of the privacy of your personal data very seriously and have taken all the necessary measures in order to safeguard the security and confidentiality of information concerning visitors/users of its Website.
Please read this Privacy and Personal Data Protection Policy of our Website carefully in order to be informed about the information collected from you when you visit it and when you use its online services, the information posted on it, the use of these and your rights.
This Policy is subject to the information of data subjects in accordance with articles 13-14 of the General Data Protection Regulation of the EU 679/2016. If you have any questions about this Policy and in general how the company collects and processes your personal data, please contact the Data Protection Officer at: email@example.com.
Compliance with the general data protection regulation and Law 4624/2019
In the context of compliance with the obligations deriving from Greek and European legislation, in particular from the General Regulation on the Protection of Personal Data 2016/679 ("GDPR") on the protection of personal data, i.e. any information concerning the visitor of the website which will come to our knowledge, we undertake to provide sufficient guarantees for the implementation of appropriate technical and organizational measures to protect this data and to ensure its confidentiality and protection against alteration, prohibited dissemination or access and any other form of unlawful processing.
In the context of compliance with the obligations deriving from the contract between us, there may be access to personal data. Personal Data is indicative of name, surname, patronymic, patronymic, date of birth, VAT number, status. The contracting parties are subject, in this case, to their obligations deriving from the Greek and European legislation on the protection of personal data, in particular from the General Regulation on the Protection of Personal Data 2016/679 ("GDPR"), i.e. any information concerning the visitor to our website. In this context, we undertake to provide sufficient guarantees for the implementation of appropriate technical and organizational measures to protect this data and to ensure its confidentiality and protection against alteration, prohibited dissemination or access and any other form of unlawful processing.
By using this Website and without prejudice to the provisions of data protection legislation in the field of electronic communications, you provide your express consent for all the above cases of processing of your personal data.
Your consent can be revoked at any time, without affecting the legality of the processing of your data based on it until then. If you wish to withdraw your consent, please send a request to our Data Protection Officer at the email address: firstname.lastname@example.org.
Regarding the information that is automatically collected from your browsing on our website, please refrain from visiting it if you do not wish for the collection and processing of this information.
For what purposes we use the information we collect
- To contact you
When using our online services as above, we use the data you voluntarily provide us to contact you, depending on the content of your request
- For Statistical analysis
To learn more about how our Website is used by its visitors, we aggregate and analyze the data we collect. We may use this information, for example, to monitor and analyze the use of the Site, to enhance its functionality, and to better tailor its content and design to the needs of our visitors.
What personal data we collect
Mystery Pot collects data to run our operations and provide you with solutions to reduce food waste. We collect both Personal Data and Other Data in order to carry out these efforts.
We do not collect credit card information. Depending on the payment method, this may include a login ID sent to the payment service provider. To make purchases through the Mystery Pot app, we ask you to provide us with certain financial data (eg your PayPal username or credit card number) to facilitate payment processing.
The payment service provider must collect payment data (credit card number) as it is necessary to perform the contract with you and to comply with applicable law (such as rules aimed at combating money laundering). Without this collection you will not be able to use the Mystery Pot platform. Mystery Pot will only charge a nominal fee to process your payment.
When you use a mobile device, we collect and use your Apple ID for Advertising (IDFA) and Google Advertising ID (AAID) to identify your device and authorize activities related to our Services. These numerical values are not permanently associated with your device and, depending on your operating system, you can reset them in your device settings.
We collect registration information and demographic information such as name, email address, password, country and exact location. We also collect your mobile phone number. When you use the Mystery Pot Platform, we automatically collect data, including Personal Data, about the services you use and how you use them. This data is necessary for the proper performance of the contract between you and us, in order to be able to comply with our legal obligations and in view of our legitimate interest in providing you with and improving the functions of the Mystery Pot Platform.
How and why we use your personal data
We use the data we collect to conduct our business, advertise and improve our existing Platform, develop new services, and improve and personalize your experiences when you interact with us. We also use your Personal Data to contact you.
We will use your Personal Data for the following purposes:
- To operate our business and our Services.
We use your personal data to create and manage your personal Mystery Pot account and to process your orders.
- The personalization of experiences in our Services, in order to know and understand our Customers better
We use your Personal Data to conduct analytics in order to offer you customized features. This includes displaying a map or list of stores near you that best suit your needs. We may perform profiling based on your interactions with the Mystery Pot Platform, your order history, your account data and preferences, and any other content you communicate on the Mystery Pot Platform. We process this data due to our legitimate interest in improving the Mystery Pot Platform and our Customers' experience on it and, where necessary, for the proper performance of the contract between you and the Shop.
- Create Account
To create a user account you will be asked to enter your basic data (email address, phone number, name, password). With this data you can connect to our website and application.
- Contact you and respond to your requests
- Customize our advertising and marketing
We use Personal Data and Other Data to facilitate our advertising and marketing campaigns, to provide you with information about products and services that we believe may be of interest to you. Since you have given us your consent, we may send you promotional messages, marketing offers, advertisements and other information that may be of interest to you based on your preferences and your social media advertising through the Social Media Platforms. This includes contests and other promotional activities. You will always have the option to ask Mystery Pot not to send you promotional materials or information. We will process your Personal Data for the purposes described above based on our legitimate interest to conduct marketing activities in order to offer you products that may be of interest to you.
- Create and maintain a reliable and secure environment
We may use Personal Data to detect and prevent fraud, spam, abuse, security incidents and other harmful activities. To conduct security investigations and risk assessments and to verify or authenticate any data or identifiers you provide to us.
Storage of personal data
The data we collect from you is stored in the Request Management System as well as in the backups we keep on our systems (eg email).
In order to make the visit to our website/app attractive and to enable the use of certain functions, we use so-called cookies on various pages. These are small text files stored in your browser. Some of the cookies we use are deleted at the end of the browser session, i.e. after closing the browser (so-called session cookies). Other cookies remain on your device and allow us to recognize your browser on your next visit (persistent cookies). You can set your browser so that you are informed about the cookie settings, or through the information banner (cookies banner) or finally from the cookies policy on our website and decide individually to accept or reject them for specific cases or generally. Not accepting cookies may limit the functionality of our website. ( If the processing takes place with your consent, the legal basis is Article 6 paragraph 1 (a) of the General Data Protection Regulation, i.e. your consent. Otherwise, the processing is based on our legitimate interest in accordance with Article 6 paragraph 1 ( f) of the General Data Protection Regulation. Our legitimate interest lies in the aforementioned purpose.
Fraud prevention and security of our platform
In order to protect our users and our platform from possible attacks, we constantly monitor the activities on our website. To this end, we use various technical means to ensure that suspicious behavior is detected and addressed in a timely manner. To achieve this goal, several monitoring mechanisms are used in parallel to prevent potential intruders from a possible access to our website.
The decision-making process is semi-automated and may have legal consequences for the data subject or affect them in a similar way. If semi-automated decision-making leads to a negative result for you and you do not agree with it, you can contact us at email@example.com. In this case, we will assess your case individually.
Use and sharing of information
The company respects your right to have your privacy and information about you protected and for this reason uses this information for the aforementioned purposes. For this reason, it does not share, transmit or make your information accessible to third parties, unless this is required to fulfill the processing purposes described in this Policy. We also do not transfer this information outside the European Union (Comment to customer: Confirm that there is no transfer outside the EU). We may make information about you available to other companies, applications or persons in the circumstances listed below:
We may share aggregated information or information that does not directly identify you with third parties to enable us to develop our Website content and services. Please note that we do not in any way share your contact information with third parties for this purpose.
We may use or may in the future use third parties to provide services related to our Website, such as database management, maintenance services, data processing, and the distribution of e-mail and text messages. These third parties will only have access to the information that identifies you as strictly necessary to perform their above tasks on our behalf and with express contractual commitments to protect your privacy and personal data.
We may share information about you to respond to subpoenas, search warrants, court proceedings, court orders, legal proceedings or other law enforcement action by any competent authority, including the Personal Data Protection Authority and the Data Protection Supervisory Authorities of other countries members of the European Union, as well as to assert and defend our legal rights or to counter claims against us.
Please note that third parties may independently collect data about you, including your IP address and information about the websites you visit and the links you click, through cookies, link clicks or other means during your visit. For more information, see below in the "Cookies" section.
We use different data processors for our daily processing activities. They process your personal data in accordance with the requirements of Article 28 of the General Data Protection Regulation, only in accordance with our instructions and have no claim regarding them. We monitor processors and only work with those who meet our high data protection requirements.
Because we use different data processors which we may change from time to time, it is not possible to identify specific recipients of personal information. However, if you are interested, we will share the details of the processor(s) used in the given period upon request.
When collecting information directly from you, we take reasonable care to determine which of the personal information collected is about minors. In any case, if we find that we have collected any personal information from a minor under the age of 16 without verifiable parental consent in accordance with Article 8 of the EU General Data Protection Regulation 679/2016, we will delete the information from the database us as soon as possible. If you believe that we may have collected information from a minor under the age of 15, please contact their Data Protection Officer at firstname.lastname@example.org.
Information retention time
The company will keep the personal data it collects through its Website for the absolutely necessary time to fulfill the above processing purposes and its legal obligations. If you withdraw your consent to the collection and processing of your personal data, we will delete your data from our electronic and physical records, unless keeping them becomes necessary in compliance with our legal obligation or for the exercise, establishment or defense of rights or of our legal interests before judicial authorities.
Security of information
The security of your personal data is for us an absolute commitment. To achieve this, we apply all modern and appropriate technical and organizational measures for the purposes of the processing, the responsiveness and adequacy of which we check at regular intervals.
You can exercise, as the case may be, the following rights:
- a) the right of access, to find out which of your data we are processing, for what purpose and the recipients thereof,
- b) the right to rectification, to correct any omissions or inaccuracies of your data;
- c) the right to erasure or otherwise "right to be forgotten", to delete your personal data from our records, however, if their processing is no longer necessary or the retention of your data is not required in order to comply with our legal obligations or for the defense of our legal interests before the Courts,
- d) the right to restrict processing, in case of questioning the accuracy of your data,
- e) the right to portability, to receive your data in a structured and commonly used format;
- f) the right to object, if you do not wish to use your data for the purposes of direct marketing of our services, including objecting to profiling. (We inform you in any case that our Website does not use your data for direct marketing purposes and does not perform profiling based on automated methods of processing your data).
To exercise your rights, please send a corresponding request to the Data Protection Officer at email@example.com.
We will make every effort to respond to each of your requests within thirty (30) days of receipt. However, in the event that, due to the complexity of your request or the volume of information, it is not possible to satisfy your request within thirty days, the company undertakes to inform you within the above period in writing of the reasons for the delay and to make every effort to satisfy your request as soon as possible and in any case within two (2) additional months.
However, we reserve the right not to satisfy your request, in the event that it is deemed manifestly unfounded or excessive, informing you about the reasons for not satisfying it.
In any case, you have the right to submit a complaint to the Personal Data Protection Authority (www.dpa.gr)