Privacy policy

 For BLABLATOYS IKE (P.C), based in Acharnes, Attica, at 4 Tymfristou street, postal code 13678, Greece, Tax Identification Number 801168982, General Commercial Registry Number 150686509000 (hereinafter referred to as the "Company," "we," "us"), respecting and protecting your personal data is a priority and, as such, we are committed to keeping your data secure and processing it lawfully and with complete transparency.

 By reading this Privacy Policy, you will learn what personal data the Company collects through the website glarmy.com, how and for what purposes, how we process and protect this data, and what your rights are regarding our processing of it.

 Personal data is processed in accordance with the provisions of the General Data Protection Regulation (GDPR 2016/679), any specific national and European legislation for certain sectors, the Greek legislation on the protection of personal data (Law 4624/2019, as applicable), as well as on the protection of personal data and privacy in the electronic communications sector (Law 3471/2006, as applicable) and the decisions of the Hellenic Data Protection Authority (HDPA).

1.      Who We Are

 The Company is the Data Controller of your personal data. We are active in the production, import and marketing of toys, construction sets, school supplies, stationery, clothing and footwear, sports equipment, beach essentials, baby products, seasonal items, party supplies, gaming equipment, and other items. Through our website www.glarmy.com (hereinafter referred to as "e-shop"), which is also our online store, we introduce ourselves to you, present our services and products, offer you the opportunity to purchase the products of your choice remotely, inform you about related topics, and give you the opportunity to contact us in various ways to have your questions answered and use our services. We place particular emphasis on the selection of our partners, the quality of the products we offer to consumers, and the quality of the after-sales support services we provide, honoring the trust you have placed in our Company for half a century.

2.      Definition of Key Terms

 Personal data: any information relating to an identified or identifiable natural person, such as identification details (name, age, residence, occupation, marital status, contact details, etc.), physical characteristics (weight, height, etc.), education (degrees, grades), work (previous employment, work behavior, etc.), financial situation (income, assets, financial behavior), interests, activities, habits. The natural person to whom the data refer is called the data subject.

 Sensitive Personal Data: racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data for the purpose of uniquely identifying a person, data concerning the subject's health, data concerning his or her sex life or sexual orientation, criminal prosecutions and convictions, as well as membership of associations related to the above.

 Processing of personal data: any operation performed with or without the use of computers, on personal data or sets of personal data, such as collection and recording, organization, structuring, storage, adaptation or alteration, retrieval and searching for information, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

 Data Controller: the natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of the processing of personal data.

 Data Processor: the natural or legal person, public authority, agency, or other body that processes personal data on behalf of the controller.

 Recipient: the natural or legal person, public authority, agency, or other body to whom personal data are disclosed, whether a third party or not.

 Consent of the data subject: any freely given, specific, informed and unambiguous indication by which the data subject declares, with a statement or a clear affirmative action, that they agree to the processing of personal data relating to them.

 Personal data breach: a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

3.       Categories of Data Subjects

 The personal data that is processed and covered by this Privacy Policy concerns the users of the e-shop, the customers of the e-shop and those who contact us by any means.

4.      Legal Basis for the Processing of Personal Data

 For the processing of your data, as described below, the Company relies on the following legal bases:

 • Performance of a contract or, at your request, preparatory actions for the conclusion and performance of a contract: In order for the customer to complete their orders in the e-shop or receive answers to their questions to the Company, it is necessary that we process the personal data that they provide when registering on the e-shop and/or entering their order in the order form and/or submitting their query. Your data is required for the execution of the purchase contract, from the order to the shipment of the products and the issuance of tax documents, as well as for your support in case of problems with the order or for the purpose of your overall service by the customer service department.

  •  Legitimate interests – legal obligations: The processing of certain personal data is necessary for the improvement of the Company's products and services (processing of statistical and non-identifiable data), detecting fraud attempts and generally safeguarding the Company's legitimate interests, but also for the purposes of complying with national and / or European legislation.

 • Consent – agreement: The processing of your personal data for marketing purposes, sending informational / promotional messages, or for your convenience / service and provision of privileges, as well as the activation of non-essential cookies (see Cookie Policy) is based on your consent.

5.      What Personal Data We Collect

 The Company has designed the e-shop so that users can visit it without having to reveal their identity, unless they wish to do so. Visitors to the e-shop are asked to provide us with their personal data only if they wish to order products, register with the e-shop and / or our newsletter and / or contact us.

 In order to carry out any transaction through the e-shop and place product orders, we collect:

• full name;

• shipping address and postal code of the area;

• billing address for the order (if different from the shipping address);

• billing details (if you have selected the issuance of an invoice, additional details will be requested, such as company name, profession, tax identification number, and tax office);

• telephone number;

• email address;

• payment details, i.e. payment methods and related identifiers, such as IBAN, card number segment, Apple Pay/Google Pay payment tokens, IRIS details, or other identifiers provided by the authorized payment provider. Your credit card details (type, name on the card, number, CVV, expiry date) are not processed by the Company nor stored on its own storage media during the transaction, but are entered directly into the secure environment of our partner company NEXI GREECE PAYMENTS INSTITUTION S.A., to which we have entrusted the routing of cards. The e-shop also supports payment via Iris, Apple Pay, and Google Pay. Similarly, in all these cases, the Company does not receive or store the user's full payment details, but only technical information necessary to complete the transaction (such as unique identifier, amount, date, and status of the payment) from the authorized payment provider.

• Order documentation;

• Order history.

 In the event that delivery of products is requested to a third party and not to the person placing the order, the latter acknowledges that they will be fully responsible for informing and obtaining the consent of the person designated as the recipient for the disclosure of their personal data to the Company and assumes full responsibility for any claims that person may have against the Company.

 If you choose to register with the e-shop and create a user account, the following additional information is collected:

• username;

• password;

• date of registration;

• additional identification details, if you choose to log in via a third-party provider (e.g. Facebook, Google, Apple), such as the username registered with the third-party provider, date of birth, profile photo, e-mail registered with the third-party provider, gender, and any other information you have registered with the third-party provider and consent to be transferred to the Company when creating an account through the third-party provider.

If you choose to subscribe to our newsletter, we only require the email address to which you would like to receive our updates.

For each e-shop user, we collect device and navigation data:

• Device data: Data about your device (such as IP address, device type, operating system, etc.);

• Browsing data: Data about your internet browsing and use of the e-shop. We monitor how you use the e-shop, whether you open or forward our communications, your searches on the e-shop, the products you click on, the products you add to your "Basket," your interaction with the e-shop's features (such as marking products as "Save," "Favorite," "I have it," etc.), your visits to partner websites, technical issues related to errors and security of navigation and transactions, browser type, referral information, i.e. information about which website or link you used to access the e-shop, advertising identifiers, statistical information, and other information we collect through cookies (see Cookie Policy).

 When using third-party features within the e-shop, such as social media login mechanisms (mentioned above), share buttons, embedded widgets (e.g., Facebook, Google, Instagram, LinkedIn, Pinterest, YouTube, TikTok), etc., we may receive information that the respective third parties transmit to us, in accordance with their own privacy policies and your account settings.

 Finally, we process data that you provide to us when you give us your opinion on our services and products, such as comments, ratings, responses to customer satisfaction surveys, as well as text and/or audio and/or video messages you send us via any available means of communication with your questions, comments, suggestions, requests, etc.

6.      Processing Purposes

 We use your personal data for the following purposes:

• Provision of our services; To enable us to provide you with our services in the best possible way, ensuring their quality and the secure use of the e-shop.

• Customer service; To assist you with any issues related to the provision of our services.

• Marketing; For marketing, promotion, and public relations purposes.

• To improve our services and satisfy our legitimate interests, e.g. by keeping statistics or conducting market research – customer and user satisfaction.

• In the context of organizational and auxiliary functions necessary for the proper functioning of the Company.

• Compliance with our legal obligations, such as, indicatively, the issuance of documents for each transaction and our other tax obligations.

• Legal protection of the Company.

7.      When and How We Share your Personal Data with Others

 As part of our activities, we contract with third-party partners who provide services on our behalf. Therefore, we may need to share your personal data with them. However, we only share with them the personal data that is necessary for them to provide the services we request, and we require them to protect your data and not use it for other purposes.

 These third parties receiving and processing data on behalf of the Company may be accounting firms, courier companies, internet and e-commerce service providers, web hosting providers, payment service providers, data storage and security service providers, e-shop performance analysis and measurement service providers, online map providers, customer service providers, marketing and advertising service providers and other categories of partners to whom data may need to be transferred from time to time in the context of the operation of the e-shop, with whom the Company cooperates and who are subject to the specific strict conditions for the processing of personal data that they have agreed with the Company as the data controller. The Company requires its employees and third-party partners to take all necessary technical and organizational measures, including appropriate policies and procedures, to protect and prevent the disclosure of the personal data of its customers that they process.

 Furthermore, your personal data may be transferred to the competent authorities (e.g. tax authorities, judicial authorities, police, supervisory bodies) and exclusively to them, when required by law or court order or prosecutor's order/decree, as well as for the protection of the Company's rights.

 We do not offer or sell your personal data.

8.      Your Rights

• Right to be informed:

 You have the right to receive clear information about how we use your personal data. For example, why we collect your personal data, where it is stored, for how long, for what purpose, etc.

• Right of access:

 You have the right to access your personal data.

• Right to rectification:

 You have the right to request that we rectify your personal data if it is incorrect or out of date.

• Right to erasure/right to be forgotten:

• Right to object to processing based on legitimate interests:

 You have the right to request the deletion of your personal data from our computers and files, provided that this does not conflict with our legal and regulatory obligations.

• Right to withdraw consent:

 You may withdraw your consent to the processing of your personal data even if the processing was carried out with your consent. If this withdrawal prevents us from performing the contract we have agreed with you, you should contact us again so that we can find a new way of working together that is beneficial to both parties.

• Right to object to data processing based on legitimate interests:

 If you believe that you have a legitimate interest, you have the right to object to the processing of your data.

• Right to data portability:

 You have the right to transfer your data from our database to another.

• Right to restrict processing:

 You have the right to request that we restrict the processing of your data (e.g., we can store it but not use or process it) in accordance with the provisions of the General Regulation.

• Right to disable cookies:

 You have the right to choose whether and which cookies you accept, with the exception of the essential cookies, i.e. those that are absolutely necessary for the operation of the e-shop.

 Finally, you have the right to lodge a complaint with the competent Greek independent authority, which is the Hellenic Data Protection Authority (http://www.dpa.gr/).

9.      Transfer of Personal Data Outside the EU

 In principle, your personal data that we collect and process is not transferred outside the European Union. In any case, we undertake that your personal data will not be transferred outside the EU without ensuring an adequate level of protection of your personal data in accordance with applicable law [transfers based on an adequacy decision, transfers subject to appropriate safeguards, binding corporate rules, explicitly defined derogations for specific situations (CHAPTER V GDPR)].

10.  Other Electronic Services and Third-Party Functions

 The e-shop may provide links to other online services and websites for your convenience and information, and may include third-party features such as applications, tools, graphics, and plug-ins (e.g., Facebook, Google, Instagram, TikTok, YouTube, Shopify). These services, websites, and third-party features operate independently of us. The privacy practices of these third parties, including details about the information they may collect about you, are governed by the privacy policies of those parties, which we encourage you to read. The Company is not responsible for the information practices of these third parties.

11.  Retention Period and Storage of Personal Data

 The Company retains and processes visitor-customer data until the completion of the specific order.

 The Company retains and processes registered-user data until the user requests the deletion of their account.

 Data processed on the basis of the data subject's consent is retained and processed until the relevant consent is withdrawn or the period for which consent was given expires.

 Necessary personal data relating to the customer's transactions with the Company, as well as to the notification, consent and withdrawal of consent for the processing of their data, shall remain as customer information in accordance with the law and for as long as is necessary to ensure proof of the legitimacy of the processing of their data by the Company, safeguarding the legal claims of the parties and the Company's compliance with its legal obligations or, in the event of a claim, until the irrevocable resolution of any dispute.

 Your personal data is stored securely, as appropriate, in electronic and physical files, in our email account, on the e-shop server and cloud backup, and in software that we use for organizational and communication purposes.

12.  Special Category Data

 The Company does not collect or require the disclosure of sensitive personal data in the context of the operation of the e-shop.

13.  Children’s Personal Data

 The Company does not knowingly collect or request personal data from children under the age of 16 through its e-shop. If we become aware that we have collected personal data from a child under the age of 16, we will immediately delete that data from our records. If you believe that a child under the age of 16 may have provided us with personal data, please contact us as set out in the "How to contact us" section of this Privacy Policy.

14.  Security - Measures We Take to Protect your Data

 In order to protect your personal data, we take physical, technical, and organizational measures to protect it, whether it is in physical or electronic form. We update and review the security technology we use on an ongoing basis. We restrict access to your personal data to those employees who need to know that data in order to provide benefits or services to you. In addition, we train employees on the importance of confidentiality and maintaining the privacy and security of your personal data. Among other things, we have implemented the following technical and organizational measures and procedures to protect your personal data from any loss, alteration, unlawful processing, or modification:

- anonymization/pseudonymization, where possible;

- use of antivirus software;

- access to the Company's electronic media only with a password;

- detection and managing of security breaches;

- procedure for managing data subject requests;

- keeping backup copies;
 
- data minimization;

- sending emails to you using security protocols that guarantee, as far as possible, the prevention of data leakage;

- cooperation with a payment service provider that ensures state-of-the-art 3D Secure security measures;

- measures for the physical security of printed material and IT devices, such as locking cabinets with documents, fire protection system, alarm system.

 In addition, the e-shop has a TLS certificate. The TLS (Transport Layer Security) protocol is currently the global standard on the internet for certifying websites to internet users and for encrypting data between internet users and web servers. Encrypted TLS communication requires all information sent between a client and a server to be encrypted by the sending software and decrypted by the receiving software, thus protecting personal information during transmission. Furthermore, all information sent using the TLS protocol is protected by a mechanism that automatically verifies whether the data has been altered during transmission.

 Moreover, the password you enter when registering with the e-shop is your personal security. In order to view any of your personal information, you must first enter your username and password. For this reason, you must keep this information safe so that it does not fall into the hands of third parties. In addition, we advise you to create passwords using symbols along with alphanumeric characters.

 Finally, we would like to remind you that credit card details are not stored on the Company's storage media during the transaction, but are entered directly into the secure environment of the partner company that handles card routing.

15.  How to Contact us

 You can contact us with any questions regarding the processing of your personal data or our use of cookies, or to exercise your rights, using the e-shop contact form or by sending an email to info.glarmy@gmail.com.

16.  Changes and Updates

 This Policy was last updated on December 14, 2025. We reserve the right to modify and update this Policy at any time, for any reason, without notice to you, other than by posting the updated Policy on the e-shop, so we encourage you to check this page often to stay informed about the current and applicable Privacy Policy.