25% off womenswear
Free home delivery over 50€
Hassle free returns
Delivering to over 30 countries
25% off lingerie
3 for 2 knickers
Your M&S Bra Fit
Book your bra fit Bra fit guide
25% off menswear
25% off babywear
Spend €25, save 20% across kidswear
25% off kidswear
25% off homeware
3 for 2 on Utensils
Marks and Spencer plc is a company registered in England and Wales which is part of the M&S group of companies (collectively referred to as "M&S", "we" or "us" in this policy).
Maintaining the security of your data is a priority at M&S, and we are committed to respecting your privacy rights. We pledge to handle your data fairly and legally at all times. M&S is also dedicated to being transparent about what data we collect about you and how we use it.
This policy, which applies to personal data collected via the M&S website at http://www.marksandspencer.com/en-gr/ aimed at customers in Greece (the “Website”) whether, you use your mobile device or go on line, provides you with information about:
- how we use your data;
- what personal data we collect;
- how we ensure your privacy is maintained; and
- your legal rights relating to your personal data.
M&S (and trusted partners acting on our behalf) uses your personal data:
Our international sales facilitation and fulfilment partner is Globale U.K. Limited (“Global-E”), a company registered in England and Wales (company registration number 08632376) whose registered office is at 2nd Floor, 167-169 Great Portland Street, London, W1W 5PF.
Marks and Spencer plc and Marinopoulos Holding Sarl together own Marks and Spencer Marinopoulos Greece S.A., a joint venture company, which operates M&S stores in Greece (“M&S Greece”).
In particular, if you purchase products from this Website, your personal data will be shared with and used by M&S Greece if necessary for the purposes of enabling you to collect or return your order in stores located in Greece. This policy only relates to the use of your data collected via this Website.
If you are a member of the Loyalty Scheme operated by M&S Greece for its customers, you will be awarded points on purchases made via this Website. In order to facilitate the award of points under the Loyalty Scheme for such purchases, information about your loyalty points and associated transactional personal data will be shared within M&S, and in particular provided to M&S Greece.
M&S uses your personal data for electronic marketing purposes (with your consent) and may send you postal mail to update you on the latest M&S offers. If you have agreed to receive marketing communications by email or text, details of your transactions will be shared within M&S and in particular provided to M&S Greece to enhance their understanding of customer behaviour in order to ensure you receive relevant promotional materials.
M&S and M&S Greece aim to update you about products & services which are of interest and relevance to you as an individual.
You have the right to opt out of receiving promotional communications at any time, by:
If you visit this Website, you may receive personalised advertisements whilst browsing other websites. These advertisements will relate to products you have viewed whilst browsing our Website on your computer or other devices, and/or which we believe are of interest to you.
In order to make certain services available to you, we may need to share your personal data with some of our service partners. These include IT, delivery and marketing service providers.
M&S only allows its service providers to handle your personal data when we have confirmed that they apply appropriate data protection and security controls. We also impose contractual obligations on service providers relating to data protection and security, which mean they can only use your data to provide services to M&S and to you, and for no other purposes.
Aside from our service providers, M&S will not disclose your personal data to any third party, except as set out below. We will never sell or rent our customer data to other organisations for marketing purposes.
We may share your data with:
To deliver products and services to you, it is sometimes necessary for M&S to share your data outside of the European Economic Area. This will typically occur when service providers are located outside the EEA or if you are based outside the EEA. These transfers are subject to special rules under data protection laws.
If this happens, we will ensure that the transfer will be compliant with data protection law and all personal data will be secure. Our standard practice is to use ‘standard data protection clauses’ which have been approved by the European Commission for such transfers. Those clauses can be accessed here.
We will not retain your data for longer than necessary for the purposes set out in this Policy. Different retention periods apply for different types of data, however the longest we will normally hold any personal data is 6 years.
M&S may collect the following information about you:
Our website are not intended for children and we do not knowingly collect data relating to children.
This list is not exhaustive and, in specific instances, we may need to collect additional data for the purposes set out in this Policy. Some of the above personal data is collected directly, for example when you set up an on-line account on our websites, or send an email to our customer services team. Other personal data is collected indirectly, for example your browsing or shopping activity. We may also collect personal data from third parties who have your consent to pass your details to us, or from publicly available sources.
M&S is committed to keeping your personal data safe and secure.
Our security measures include: -
M&S will never ask you to confirm any bank account or credit card details via email. If you receive an email claiming to be from M&S asking you to do so, please ignore it and do not respond.
If you are using a computing device in a public location, we recommend that you always log out and close the website browser when you complete an online session.
In addition, we recommend that you take the following security measures to enhance your online safety both in relation to M&S and more generally: -
- keep your account passwords private. Remember, anybody who knows your password may access your account.
- when creating a password, use at least 8 characters. A combination of letters and numbers is best. Do not use dictionary words, your name, email address, or other personal data that can be easily obtained. We also recommend that you frequently change your password. You can do this accessing your account, clicking ‘your account’, clicking ‘your data’ and selecting ‘change password’.
- avoid using the same password for multiple online accounts.
You have the following rights:
If you wish to exercise any of the above rights, please contact us using the contact details set out below.
We are required to set out the legal basis for our ‘processing’ of personal data.
M&S collects and uses customers’ personal data because is it necessary for:
In general, we only rely on consent as a legal basis for processing in relation to sending direct marketing communications to customers via email or text message.
Customers have the right to withdraw consent at any time. Where consent is the only legal basis for processing, we will cease to process data after consent is withdrawn.
The normal legal basis for processing customer data, is that it is necessary for the legitimate interests of M&S, including:-
What are cookies?
The cookies stored on your computer or other device when you access our websites are designed by:
The main purposes for which cookies are used are: -
If you want to disable cookies you need to change your website browser settings to reject cookies. How you can do this will depend on the browser you use. Further details on how to disable cookies for the most popular browsers are set out below: -
This depends on which cookies you disable, but in general the website may not operate properly if cookies are switched off. If you only disable third party cookies, you will not be prevented from making purchases on our sites. If you disable all cookies, you will be unable to complete a purchase on our sites.
If you have any questions about how M&S uses your personal data that are not answered here, or if you want to exercise your rights regarding your personal data, please contact us by any of the following means:
When contacting us, please remember to quote your name and contact details along with any M&S account number or correspondence reference you may have.
You have the right to lodge a complaint with the Information Commissioner’s Office. Further information, including contact details, is available at https://ico.org.uk.
" Marks and Spencer – Marinopoulos Greece S.A. " (hereinafter the "Company"), based in Athens and on Ermou Street 33-35, P.C. 105 63, collects and further processes your personal data only if absolutely necessary, for clear and legitimate purposes, under Regulation (EU) 2016/679, Law 4624/2019 and Law 3471/2006, as applicable.
When you tag the Company to one of your posts, in accordance with the terms and conditions of the social network platform you use, your post is automatically added to the Company's page.
In addition, the Company may republish your post or your "story" to which you have tagged.
In principle, the Company does not collect directly or indirectly data of persons who have not reached the age of 15. However, since it is impossible to cross-check and verify the age of the persons entering or using the website, it is recommended that parents and guardians of minors contact the Company immediately if they find any unauthorized disclosure of data on behalf of the minors for whom they are responsible, in order to exercise the rights granted to them accordingly, such as deleting their data. In the event that the Company becomes aware that it has collected the personal data of a minor, it undertakes to delete it immediately and to take all necessary measures to protect such data.
The Company ensures that it is able to respond directly to the requests of the subjects, for the exercise of their rights in accordance with the Existing Legislation.
Each data subject shall have the following rights:
A) Request access to his personal data held by the Company
B) Request the rectification of his personal data
C) Request the deletion of his personal data (right to be forgotten)
D) Request the restriction on the processing of his personal data.
In addition, the data subject is entitled to object to the processing of his personal data by a Company.
In case of exercise of any of the above rights, the Company will respond immediately and in any case within thirty (30) days of the submission of the request, informing you in writing of the progress of its satisfaction.
For any complaint you may make regarding this information note or privacy issues, if we do not meet your request, you may contact the Hellenic Data Protection Authority via the following link: www.dpa.gr.
For the exercise of all the above rights, as well as for any matter relating to the processing of your personal data by the Company you can contact the Data Protection Officer of the Company at GR.firstname.lastname@example.org.
In accordance with Existing Law, the Company acts as Joint Controller with the provider of the social networking platform you use. In particular, Joint - Controllership concerns the activities of processing access to the statistics of access to the Company's page.
Therefore, the Company does not control or is responsible for any other processing operation carried out by the Joint Controllers.
For more information about data protection policies by the Joint - Controllers:
Data Transfers outside the EEA.
The Company does not transmit your personal data to third countries and/or International Organizations.
This policy was last updated in July 2021