Who is responsible for your personal data?
PISTIOLIS – TRIANTAFYLLOS & ASSOCIATES LAW FIRM, with the distinctive title PISTIOLIS – TRIANTAFYLLOS & ASSOCIATES – Andersen Legal seated on 103 Vas. Sofias street, Athens, Greece, PC. 11521, mail info@gr.AndersenLegal.com telephone +30 210 3626971, fax +30 210 3626974, website gr.AndersenLegal.com informs you that for the purposes of practicing its business activity proceeds to processing of natural persons’ personal data in accordance with the national legislation in force and Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter GDPR) and thus it establishes its role as a “data controller”.
Which personal data do we collect?
The personal data we collect may include:
- Contact information, such as your name, job title, postal address, including your home address, in case you have provided this to us, business address, telephone number, mobile phone number, fax number and email address.
- Payment data necessary for processing payments and fraud prevention, including digits of your credit/debit card numbers and other related billing information.
- Business information necessarily processed in a project or client contractual relationship with us or voluntarily provided by you, such as instructions given, payments made, requests and projects.
- Information collected from publicly available resources, such as the Hellenic General Commercial Registry.
- If legally required for compliance purposes, information about relevant and significant litigation or other legal proceedings against you or a third party related to you and interaction with you which may be relevant.
- Special categories of personal data when this is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
- Other personal data regarding your preferences where it is relevant to legal services that we provide; and/or
- Details of your visits to our premises.
- From time to time, it may include personal data about your membership of a professional or trade association or union.
For which purposes do we collect your data?
We may use your personal data for the following purposes only:
- Providing legal advice or other services or things you may have requested, including services or solutions as instructed or requested by you or your organization;
- Managing and administering your or your organization’s business relationship with us, including processing payments, accounting, auditing, billing and collection, support services;
- Compliance with our legal obligations (such as record keeping obligations), compliance screening or recording obligations;
- To analyse and improve our services and communications to you;
- Protecting the security of and managing access to our premises, IT and communication systems, online platforms, websites and other systems, preventing and detecting security threats, fraud or other criminal or malicious activities;
- For monitoring and assessing compliance with our policies and standards;
- To identify persons authorised to trade on behalf of our clients, customers, suppliers and/or service providers;
- To comply with our legal and regulatory obligations and requests anywhere in the world, including reporting to and/or being audited by national and international regulatory bodies;
- To comply with court orders and exercises and/or defend our legal rights; and
- For any purpose related and/or ancillary to any of the above or any other purpose for which your personal data was provided to us.
- Where you have expressly given us your consent, -when required- we may process your personal data also for the following purposes:
- Communicating with you through the channels you have approved, as aforementioned, to keep you up to date on the latest legal developments, announcements, and other information about us, via newsletter, briefs etc;
- Customer satisfaction surveys, marketing campaigns, market analysis, or other promotional activities or events; or
- With regard to marketing-related communication, we will – where legally required – only provide you with such information after you have provided the respective consent. We do not use your personal data for taking any automated decisions affecting you or creating profiles.
What is the legal basis of processing your data?
We process the personal data that we collect as above solely upon legal basis to do so.
The following legal bases apply on the processing to which we proceed:
- The provision of legal services you assign to us and you wish to receive from us. (i.e. fulfillment of our contractual obligations towards you, or steps taken prior to entering into a contract)
- The protection of our and your legitimate interests. Therefore, we use closed-circuit television (CCTV) in order to protect the security of natural persons, materials and buildings.
- The compliance with legal obligations to which the law firm is subject to, such as AML procedures or tax procedures.
- The consent you provide under certain circumstances, as stipulated by the legal framework, in order to receive updates for our services, news etc.
- With regards to special categories of data, we process them when this is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
With whom will we share your personal data?
We may share your personal data in the following circumstances:
If you are a client of PISTIOLIS – TRIANTAFYLLOS & ASSOCIATES LAW FIRM, with the distinctive title PISTIOLIS – TRIANTAFYLLOS & ASSOCIATES – Andersen Legal we may disclose your personal data to:
Lawyers – Associates, other legal specialists (including mediators), consultants or experts engaged in your matter; or
Foreign law firms for the purpose of obtaining foreign legal advice;
If we have collected your personal data in the course of providing legal services to any of our clients, we may disclose it to that client, and where permitted by law to others for the purpose of providing those services;
We may disclose your contact details on a confidential basis to third parties for the purposes of collecting your feedback on the firm’s service provision, to help us measure our performance and to improve and promote our services;
We may share your personal data with any third party to whom we assign any of our rights or obligations; Additionally, for the purposes of Golden Visa procedure, we may share your data with collaborating agents, if and only the latter act as intermediaries, as the case may be.
We may share your personal data with courts, law enforcement authorities, regulators or attorneys or other parties where it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim, or for the purposes of a confidential alternative dispute resolution process;
We may also instruct service providers within or outside of PISTIOLIS – TRIANTAFYLLOS & ASSOCIATES LAW FIRM, with the distinctive title PISTIOLIS – TRIANTAFYLLOS & ASSOCIATES – Andersen Legal domestically or abroad, to process personal data for the aforementioned purposes on our behalf and in accordance with our instructions only. However, PISTIOLIS – TRIANTAFYLLOS & ASSOCIATES LAW FIRM, with the distinctive title PISTIOLIS – TRIANTAFYLLOS & ASSOCIATES – Andersen Legal will retain control over and will remain fully responsible for your personal data and will use appropriate safeguards as required by applicable law to ensure the integrity and security of your personal data when engaging such service providers;
In these cases, we sign agreements with the third parties to whom we assign processing of personal data on our behalf, in order to ensure that processing takes place in accordance with the current legislative framework and that any natural person may freely exercise the rights conferred upon the latter.
We may also use aggregated personal data and statistics for the purpose of monitoring website usage in order to help us develop our website and our services.
Otherwise, we will only disclose your personal data when you direct us or give us permission, when we are required by applicable law or regulations or judicial or official request to do so, or as required to investigate actual or suspected fraudulent or criminal activities.
For how long do we retain your personal data?
Your personal data will be deleted when it is no longer reasonably required for the purposes mentioned above and more specifically following the below criteria:
- When processing is required by law, your personal data will be stored for as long as required by the relevant provisions.
- When processing is based upon the provision of legal services and/or the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity, your personal data is retained until the claims in question have been settled and the respective legal services have been provided or until the statute of limitations period for any possible claim against our firm has been concluded or according to our engagement letter.
- When you withdraw your consent (where applicable) and we are not legally required or otherwise permitted to continue storing such data. It is underlined however that withdrawal of your consent does not affect the legality of processing based on your consent for the time period before the withdrawal.
International transfers of personal data
Your personal data may be transferred to locations outside the European Union (EU) or the European Economic Area (EEA), including countries which might not enjoy the same level of personal data protection. Reasons for your personal data transfer may be the existing adequate safeguards as the case may for each recipient, such as Commission Adequacy Decisions or standard contractual clauses as approved by the European Commission and are currently in force. In absence of the latter, the transfer is based on a specific derogation in accordance with the GDPR requirements, such as when the transfer is required for the performance of the contract between us and you, as the data subject. We safeguard that for transfers of such kind there is an appropriate level of data protection and that the transfer is legitimate.
How do we collect your personal data?
We may collect personal data about you in a number of circumstances, including
When you or your organisation seek legal advice from us or use any on-line client services;
When you or your organisation browse, make an enquiry or otherwise interact on our website;
When you or your organisation offer to provide or provide services to us.
What rights do you have with respect to personal data?
Right of Access:
You have the right to be aware and verify the lawfulness of the processing. Therefore, you enjoy the right of access to your data and to receive supplementary information with respect to their processing.
Right to Rectification:
You have the right to study, rectify, update or amend your personal data by contacting us in the aforementioned contact details.
Right to erasure:
You have the right to submit a request of your personal data’s erasure as long as we process it upon your consent or in order to protect our legitimate interests. In all other cases, such as for instance upon provision of legal services, or compliance with legal obligation such right might be subject to restrictions or may not exist at all.
Right to restrict processing:
You have the right to request restriction of processing of your personal data in the following cases: (a) when the accuracy of your personal data is contested and until the respective verification is concluded, (b) when you object to the erasure of your personal data and you request instead of erasure, the restriction of its use, (c) when your personal data is not required for the purposes of processing, however it is required for the establishment, exercise or defence of legal claims, and (d) when you object to processing and until the verification that legitimate grounds override the reasons you invoke to object to processing.
Right to object processing:
You have the right to object at any time to processing of your personal data in cases where this is required for the purposes of legitimate interests we pursue as data controllers.
Right to data portability:
You have the right to receive at no cost your personal data in a form allowing you to have access, to use and process them in a commonly used method of processing. Furthermore, you have the right to request, provided that this is technically feasible, to transmit the data to another data controller. Such right exists for the data you have provided and their processing is carried out by automated means upon your consent or the performance of a contract.
Right to withdraw the consent:
When processing is based upon your request (for the receipt of updates, you have the right to freely withdraw it; Withdrawal of your consent does not affect the legality of consent-based processing during the period before such consent was revoked.
To exercise any of your aforementioned rights you may address Mr. Yiannis Pavlitzoglou postal address Vas. Sofias 103, Athens 11521, email: yiannis.pavlitzoglou@gr.AndersenLegal.com, phone: +30 2103626971
Right to lodge a complaint with the Hellenic Data Protection Authority
You have the right to lodge a complaint to the Hellenic Data Protection Authority via its website, (www.dpa.gr), Fax: +30 210 6475628, Email Address: firstname.lastname@example.org, post to its offices: Hellenic Data Protection Authority Kifisias Avenue 1-3, 11523, Athens or physical submission to its premises.
It is further underlined that the provision of certain personal data is a statutory or contractual requirement, or a requirement necessary to enter into a contract as the case may be. Therefore, non-provision of the personal data required may render impossible the compliance with the legislative provisions, or the performance of the contract, or the requirements necessary to enter into a contract as the case may be.
Security of Personal Data
PISTIOLIS – TRIANTAFYLLOS & ASSOCIATES LAW FIRM, with the distinctive title PISTIOLIS – TRIANTAFYLLOS & ASSOCIATES – Andersen Legal applies appropriate technical and organizational measure in order to safeguard processing of personal data and to avoid accidental loss or destruction and non authorized or/and unlawful access to the data, use, amendment or disclosure. In any case Internet’s performance and the fact that it is free to anyone, does not allow to provide guarantees that non authorized third parties will not obtain the possibility to violate the technical and organizational measures, having access and potentially proceeding to use of personal data for non authorized or/ and unlawful purposes.
Updates to this Privacy Notice