Privacy Policy

August 1st 2024

This Privacy Notice outlines how the Law Office Papatriantafyllou & Thanasenari (referred to as “Papatriantafyllou & Thanasenari Law Office,” “we,” “our,” or “us”) with its principal office at 217 Alexandras Avenue in Athens (P.C. 11523)  handles the collection, use, sharing, and processing of Personal Data (as defined below) in its role as data controller.

This Privacy Notice is applicable to (i) clients, prospective and former clients of Papatriantafyllou & Thanasenari Law Office, or their contact persons, including transaction counterparties and litigants other than our clients, (ii) individuals accessing our website www.pathlawfirm.gr  (the “Website”), (iii) job candidates, (iv) suppliers, or (v) any other individuals whose Personal Data is processed by Papatriantafyllou & Thanasenari Law Office.

References to “you” or “your” in this Privacy Notice pertain to individuals whose Personal Data we process. “Personal Data” is defined as any information that, either alone or in conjunction with other information processed by Papatriantafyllou & Thanasenari Law Office, can identify or be used to recognize an individual directly or indirectly. We are dedicated to respecting and safeguarding your privacy.

1. Types of Personal Data We Collect

The categories of Personal Data we collect vary based on your interaction with us and the purpose for which the data is needed. Depending on the situation, we may collect:

Basic identification and contact data: Name, title, organization, phone number, email address, and other contact details.

IT and device data: Information about your usage of our Website, including data collected via cookies and other tracking technologies (e.g., IP address, browser type and version, time zone setting and location, device operating system, etc.).

Legal service-related data: Personal data necessary for delivering our legal services, found in documents, correspondence, and other materials processed for handling client files and cases.

Financial data: Bank account details, billing, and payment information.

Marketing and communications data: Preferences and details you provide when subscribing to our newsletter (name, position, email address).

Job applicant data: Information provided by job candidates.

CCTV data: Footage and information obtained through our premises’ entry control CCTV system.

2. How Personal Data Are Collected

We gather Personal Data directly from you, automatically, or from third parties:

2.1 Personal Data Collected Directly From You

We collect Personal Data directly when you:

  • Communicate with us via our Website, email, post, in person, or over the phone for inquiries about our services or job applications.
  • Assign us a project or case.
  • Subscribe to our newsletter.
  • Provide supplier services.

2.2 Personal Data Collected Automatically

We automatically collect certain IT and device data when you interact with our Website. CCTV data is also collected when you visit our premises.

2.3 Personal Data Collected From Third Parties

We collect Personal Data from third parties (e.g., clients, counterparties, public authorities, public registers, and other publicly available sources) when:

  • Accessing publicly available sources for legal purposes.
  • Conducting background checks to avoid conflicts of interest.
  • Receiving Personal Data from clients for handling their cases where you might be involved as a representative, opponent, or counterparty.
  • Receiving your Personal Data as an employee, vendor, supplier, client, consumer, or party to a contract with our client.

2.4 Personal Data Regarding Third Parties Collected From You

If you provide us with Personal Data about another individual, you must ensure that:

  • The data has been lawfully collected and you are authorized to share it with us for the service we are providing.
  • Only the necessary Personal Data is shared for our service provision.

3. How We Use Your Personal Data

We process Personal Data in compliance with applicable data protection laws (including GDPR, Greek Law 4624/2019, and ePrivacy Law 3471/2006) based on at least one of the following legal grounds:

  • Performance of a contract.
  • Compliance with a legal obligation.
  • Legitimate interests pursued by us or a third party, unless overridden by your interests or fundamental rights.
  • Your consent.

Below are the purposes for which we use your Personal Data and the corresponding legal bases:

Purpose of ProcessingTypes of Personal DataLegal Basis for Processing
To contract with you and provide legal servicesBasic identification and contact data, Legal service-related data, Financial dataContract, Legal obligation, Legitimate interests
To respond to your inquiriesBasic identification and contact data, Legal service-related data, Other data in your inquiryLegitimate interests
To comply with legal obligationsBasic identification and contact data, Legal service-related data, Financial data, CCTV dataLegal obligation, Legitimate interests of authorities
To recruit personnelBasic identification and contact data, Job applicant dataContract, Legitimate interests
To send marketing communicationsMarketing and communications dataConsent, Legitimate interest
To monitor Website usageIT and device dataConsent
To exercise or defend legal rightsBasic identification and contact data, IT and device data, Legal service-related data, Financial data, CCTV dataLegitimate interests
To contract with and manage suppliersBasic identification and contact data, Financial dataContract, Legal obligation

If required by law or under contract, and you fail to provide necessary Personal Data, we may be unable to offer our legal services or respond to requests. We do not use automated decision-making, including profiling, that significantly affects you.

4. Sharing Your Personal Data

We do not share your Personal Data with third parties, except as follows:

  • Suppliers and service providers: External providers may process your data for IT and system administration, hosting, and translation services.
  • In the course of providing legal services: We may share data with third parties such as court bailiffs, notaries, opposing legal parties, technical experts, court experts, and witnesses. We may also share data with other law firms and affiliated lawyers.
  • Other recipients: Law enforcement, governmental authorities, regulatory bodies, courts, professional advisers, auditors, accountants, insurers, and feedback or reference organizations like legal directories.

5. International Transfers of Personal Data

We transfer Personal Data in line with legal requirements. When necessary to transfer data outside the EU/EEA, we ensure an adequate level of protection through Standard Contractual Clauses or other measures. Any further transfers will comply with legal requirements.

6. Data Retention

Personal Data is retained as long as necessary for the purposes for which it was collected, such as providing legal services or until you unsubscribe from communications. After the data processing purpose is completed, data will be deleted or anonymized unless retention is required by law (e.g., regulatory and accounting requirements, or for legal claims).

7. Security of Your Personal Data

We implement suitable technical and organizational measures to secure your Personal Data, considering the current state of technology, implementation costs, nature, scope, context, and purposes of processing, as well as the risk to individuals’ rights and freedoms.

8. Your Rights

Under applicable laws, you have the following rights regarding your Personal Data:

  • Right of access: Request information on whether we process your data, the categories of such data, and obtain a copy.
  • Right to rectification: Request correction or completion of inaccurate or incomplete data.
  • Right to erasure: Request deletion of data under certain circumstances.
  • Right to restriction: Request restriction of processing under specific conditions.
  • Right to object: Object to processing based on your situation, except where compelling legitimate grounds override your interests.
  • Right to data portability: Receive your data in a structured, machine-readable format and transfer it to another controller.
  • Right to withdraw consent: Withdraw consent for data processing at any time, including for electronic marketing.
  • Right to lodge a complaint: File a complaint with the Hellenic Data Protection Authority (HDPA) regarding data processing.

More information on your rights is available on the HDPA website.

9. How to Contact Us

For concerns or questions about this Privacy Notice or to exercise your rights, contact us at info@pathlawfirm.gr.

10. Changes to This Privacy Notice

We may update this Privacy Notice to reflect changes in legal requirements or our practices, with the updated date reflecting when such changes occur.