At oikos² (operating as https://oikosoikos.com/, referred to as “we”, “us”, or “our”), we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, make a purchase, or interact with our services.

This policy applies to all users of https://oikosoikos.com/ (the “Website”).

1. Who we are – Data Controller The data controller is: oikos² / Padua,
Italy and some operations in Nicosia, Cyprus  Email: [email protected]

2. What personal data we collect We may collect the following types of personal data:

Data you provide directly

  • First name, last name
  • Delivery and billing address
  • Email address
  • Phone number (optional / for delivery updates)
  • Payment information (handled by our payment processor – we do not store full card details)
  • Order notes / special requests
  • Account information (if you create an account: email, password hash, wishlist, order history)

Automatically collected data

  • IP address
  • Browser type and version
  • Operating system
  • Device information
  • Pages visited, time spent, referral source
  • Cookies and similar technologies (see our Cookie Policy below)

3. How we collect your data

  • When you place an order
  • When you create an account or add items to wishlist
  • When you contact us (email, contact form if added later)
  • Automatically via cookies, server logs, and analytics tools

4. How we use your personal data We process your data for the following purposes and legal bases (primarily under GDPR Art. 6):

PurposeLegal basisCategories of data
Process and fulfill your ordersContract (Art. 6(1)(b))Name, address, email, payment info, order details
Send order confirmations & shipping updatesContract + Legitimate interestEmail, phone (if provided)
Create & manage your customer accountContract / ConsentEmail, password, order history
Send marketing emails (newsletter, promotions)Consent (you can opt-in)Email, name
Prevent fraud & secure the websiteLegitimate interestIP, order behavior, device info
Comply with legal obligations (tax, accounting)Legal obligationName, address, order value
Analyze website usage & improve servicesLegitimate interestAnonymized analytics data
 
 

5. Cookies & similar technologies We use cookies and similar tracking technologies.

Essential cookies – required for the website to function (cart, checkout, session). Analytics cookies – help us understand how visitors use the site (e.g., Google Analytics, Matomo, or similar – if used). Marketing / advertising cookies – may be used for retargeting (if you run Meta/Google ads).

You can manage cookies via our cookie banner or your browser settings. For more details see our Cookie Policy [link if separate, or include short version here].

6. Sharing your personal data We share data only when necessary:

  • Payment processors (Stripe, PayPal, etc.) – only transaction data, no full card details stored by us
  • Shipping / courier companies (e.g., ACS, DHL, Geniki Taxydromiki, etc.) – name, address, phone, order ID
  • Hosting / cloud providers (e.g., Shopify, WooCommerce backend, or custom host)
  • IT service providers (under strict DPA)
  • Authorities – if required by law (tax office, police, courts)
  • Business transfers – in case of merger/acquisition

We do not sell your personal data.

7. International data transfers Some recipients (e.g., US-based analytics or advertising tools) may be located outside the EEA. Where applicable, we use:

  • Adequacy decisions, or
  • Standard Contractual Clauses (SCCs), or
  • Other approved safeguards under GDPR Chapter V.

8. How long we keep your data

  • Order data: 6–10 years (accounting & tax legal obligation in most EU countries)
  • Account data: until you delete your account (inactive accounts may be deleted after 24–36 months)
  • Marketing consent data: until you withdraw consent
  • Analytics logs: usually 14–26 months (depending on tool)

9. Your rights under GDPR (if you are in the EU/EEA/UK/Switzerland) You have the right to:

  • Access your data
  • Rectify inaccurate data
  • Erase data (“right to be forgotten”) – subject to legal retention obligations
  • Restrict processing
  • Data portability
  • Object to processing (especially direct marketing)
  • Withdraw consent at any time
  • Lodge a complaint with your national Data Protection Authority (in Cyprus: Commissioner for Personal Data Protection)

To exercise your rights, email us at [email protected].

10. Security We implement appropriate technical and organizational measures to protect your data (HTTPS, secure hosting, limited access, etc.). However, no method of transmission over the Internet is 100% secure.

11. Children Our website is not intended for children under 16. We do not knowingly collect data from children.

12. Changes to this Privacy Policy We may update this policy from time to time. The updated version will be posted here with a revised “Last updated” date.

13. Contact us If you have questions about this Privacy Policy or our data practices: Email: [email protected]

Thank you for trusting oikos² with your data.