Privacy Policy
August 1st 2024
This Privacy Notice outlines how the Law Office Papatriantafyllou & Thanasenari (referred to as “Papatriantafyllou & Thanasenari Law Office,” “we,” “our,” or “us”) with its principal office at 217 Alexandras Avenue in Athens (P.C. 11523) handles the collection, use, sharing, and processing of Personal Data (as defined below) in its role as data controller.
This Privacy Notice is applicable to (i) clients, prospective and former clients of Papatriantafyllou & Thanasenari Law Office, or their contact persons, including transaction counterparties and litigants other than our clients, (ii) individuals accessing our website www.pathlawfirm.gr (the “Website”), (iii) job candidates, (iv) suppliers, or (v) any other individuals whose Personal Data is processed by Papatriantafyllou & Thanasenari Law Office.
References to “you” or “your” in this Privacy Notice pertain to individuals whose Personal Data we process. “Personal Data” is defined as any information that, either alone or in conjunction with other information processed by Papatriantafyllou & Thanasenari Law Office, can identify or be used to recognize an individual directly or indirectly. We are dedicated to respecting and safeguarding your privacy.
1. Types of Personal Data We Collect
The categories of Personal Data we collect vary based on your interaction with us and the purpose for which the data is needed. Depending on the situation, we may collect:
Basic identification and contact data: Name, title, organization, phone number, email address, and other contact details.
IT and device data: Information about your usage of our Website, including data collected via cookies and other tracking technologies (e.g., IP address, browser type and version, time zone setting and location, device operating system, etc.).
Legal service-related data: Personal data necessary for delivering our legal services, found in documents, correspondence, and other materials processed for handling client files and cases.
Financial data: Bank account details, billing, and payment information.
Marketing and communications data: Preferences and details you provide when subscribing to our newsletter (name, position, email address).
Job applicant data: Information provided by job candidates.
CCTV data: Footage and information obtained through our premises’ entry control CCTV system.
2. How Personal Data Are Collected
We gather Personal Data directly from you, automatically, or from third parties:
2.1 Personal Data Collected Directly From You
We collect Personal Data directly when you:
- Communicate with us via our Website, email, post, in person, or over the phone for inquiries about our services or job applications.
- Assign us a project or case.
- Subscribe to our newsletter.
- Provide supplier services.
2.2 Personal Data Collected Automatically
We automatically collect certain IT and device data when you interact with our Website. CCTV data is also collected when you visit our premises.
2.3 Personal Data Collected From Third Parties
We collect Personal Data from third parties (e.g., clients, counterparties, public authorities, public registers, and other publicly available sources) when:
- Accessing publicly available sources for legal purposes.
- Conducting background checks to avoid conflicts of interest.
- Receiving Personal Data from clients for handling their cases where you might be involved as a representative, opponent, or counterparty.
- Receiving your Personal Data as an employee, vendor, supplier, client, consumer, or party to a contract with our client.
2.4 Personal Data Regarding Third Parties Collected From You
If you provide us with Personal Data about another individual, you must ensure that:
- The data has been lawfully collected and you are authorized to share it with us for the service we are providing.
- Only the necessary Personal Data is shared for our service provision.
3. How We Use Your Personal Data
We process Personal Data in compliance with applicable data protection laws (including GDPR, Greek Law 4624/2019, and ePrivacy Law 3471/2006) based on at least one of the following legal grounds:
- Performance of a contract.
- Compliance with a legal obligation.
- Legitimate interests pursued by us or a third party, unless overridden by your interests or fundamental rights.
- Your consent.
Below are the purposes for which we use your Personal Data and the corresponding legal bases:
Purpose of Processing | Types of Personal Data | Legal Basis for Processing |
To contract with you and provide legal services | Basic identification and contact data, Legal service-related data, Financial data | Contract, Legal obligation, Legitimate interests |
To respond to your inquiries | Basic identification and contact data, Legal service-related data, Other data in your inquiry | Legitimate interests |
To comply with legal obligations | Basic identification and contact data, Legal service-related data, Financial data, CCTV data | Legal obligation, Legitimate interests of authorities |
To recruit personnel | Basic identification and contact data, Job applicant data | Contract, Legitimate interests |
To send marketing communications | Marketing and communications data | Consent, Legitimate interest |
To monitor Website usage | IT and device data | Consent |
To exercise or defend legal rights | Basic identification and contact data, IT and device data, Legal service-related data, Financial data, CCTV data | Legitimate interests |
To contract with and manage suppliers | Basic identification and contact data, Financial data | Contract, Legal obligation |
If required by law or under contract, and you fail to provide necessary Personal Data, we may be unable to offer our legal services or respond to requests. We do not use automated decision-making, including profiling, that significantly affects you.
4. Sharing Your Personal Data
We do not share your Personal Data with third parties, except as follows:
- Suppliers and service providers: External providers may process your data for IT and system administration, hosting, and translation services.
- In the course of providing legal services: We may share data with third parties such as court bailiffs, notaries, opposing legal parties, technical experts, court experts, and witnesses. We may also share data with other law firms and affiliated lawyers.
- Other recipients: Law enforcement, governmental authorities, regulatory bodies, courts, professional advisers, auditors, accountants, insurers, and feedback or reference organizations like legal directories.
5. International Transfers of Personal Data
We transfer Personal Data in line with legal requirements. When necessary to transfer data outside the EU/EEA, we ensure an adequate level of protection through Standard Contractual Clauses or other measures. Any further transfers will comply with legal requirements.
6. Data Retention
Personal Data is retained as long as necessary for the purposes for which it was collected, such as providing legal services or until you unsubscribe from communications. After the data processing purpose is completed, data will be deleted or anonymized unless retention is required by law (e.g., regulatory and accounting requirements, or for legal claims).
7. Security of Your Personal Data
We implement suitable technical and organizational measures to secure your Personal Data, considering the current state of technology, implementation costs, nature, scope, context, and purposes of processing, as well as the risk to individuals’ rights and freedoms.
8. Your Rights
Under applicable laws, you have the following rights regarding your Personal Data:
- Right of access: Request information on whether we process your data, the categories of such data, and obtain a copy.
- Right to rectification: Request correction or completion of inaccurate or incomplete data.
- Right to erasure: Request deletion of data under certain circumstances.
- Right to restriction: Request restriction of processing under specific conditions.
- Right to object: Object to processing based on your situation, except where compelling legitimate grounds override your interests.
- Right to data portability: Receive your data in a structured, machine-readable format and transfer it to another controller.
- Right to withdraw consent: Withdraw consent for data processing at any time, including for electronic marketing.
- Right to lodge a complaint: File a complaint with the Hellenic Data Protection Authority (HDPA) regarding data processing.
More information on your rights is available on the HDPA website.
9. How to Contact Us
For concerns or questions about this Privacy Notice or to exercise your rights, contact us at info@pathlawfirm.gr.
10. Changes to This Privacy Notice
We may update this Privacy Notice to reflect changes in legal requirements or our practices, with the updated date reflecting when such changes occur.