Our Identity and the Legal Framework of our Data Protection Obligations
We are a Lawyers’ Partnership, incorporated in Athens, Greece under PD 51/2005, with principal place of business at 14 Solonos 106 73 Athens, Greece. We are licensed, registered and regulated by the Athens Bar Association under registration number 8008. Our practice and conduct fall under the provisions of L41942013 (the Lawyers Code), which, among others, particularly regulates our confidentiality and conflict avoidance duties. We keep and process any personal data that we collect, in accordance with the EU General Data Protection Regulation (2016/679) and applicable domestic legislation, among others L2472/2017, L4131/2013, L3471/2006, L3917/2011 and several pieces of secondary regulation issued by the Greek Personal Data Protection Authority, an Independent Authority seated at 1-3, Kifissias Ave 115 23, Athens Greece, Telephone +30-210 6475600, Fax +30-210 6475628 E-mail: email@example.com. Inquiries or complaints in regard with the collection and processing of personal data may be addressed to the above Authority, while issues of professional conduct relating to confidentiality and conflict matters, may be addressed to the Athens Bar Association, seated at 60 Academias street, 106 79 Athens, Greece, Telephone: +30-210-3398102-3, Fax: +30-210-3610537 E-mail: firstname.lastname@example.org. Please note that the domestic personal data protection legislation is under amendment. Due to frequent changes in the legal environment pertaining to the protection of personal data, we may amend our policy from time to time.
Collection and Processing of Personal Data
Our legal advisory and dispute resolution activities involve our receiving and processing personal data relating to identifiable individuals.
The primary source of the personal data, which we receive, is our clients. Our clients – if individuals, supply us with their own personal data or – if legal entities, with personal data of their managers and other personnel, c/o their managers, under their own responsibility.
In several occasions, personal data supplied to us is included in documents, which in turn are either supplied to us by our clients or by their counter – parties in the course of their legal affairs or is collected by us in the form of submissions or testimony or other documentary exhibits, supplied by parties, in the course of dispute resolution processes, in which we participate in the capacity of instructed counsel; moreover we may collect personal data from from public records or third-party sources, such as a credit reporting agencies under contract.
Apart from the aforesaid private data, several suppliers of products or services provide us with personal data, for the purpose of transacting with our firm.
We also obtain private data through the exchange of business cards in several occasions, such as business meetings, interaction with administration officials, conferences and similar professional functions and activities.
Of course, we also keep personal data of our employees and other business associates, for the purposes of our professional relations. Occasionally, we receive unsolicited resumes of persons wishing to be employed by our firm. The latter are deleted immediately; in the event that we would consider keeping a resume for a maximum of one year, we advise the individual accordingly, in which case such individuals may request their personal data to be forgotten earlier.
We do not employ data mining practices or investigations in order to collect personal data.
We do not treat the persons who have supplied us with their personal data (as above explained) as “subscribers”, in any manner. Our policy does not include the direct mailing of newsletters or other marketing or promotional material to persons who have supplied us with their personal data. We do not use telecommunications technologies or social media tools for data mining or targeted, individualized marketing, advertising or promotional purposes.
Anyone, following proper independent identification, may place an inquiry with us, to find if we keep their personal data and may request to be stricken off our records, unless they are a party to an on-going dispute resolution process, in which we act as instructed counsel. We may be contacted for these matters, using the link under “contacts” below.
Information on the personal data we keep
We have and operate a secure database, which holds contact data. This may include a variety of any of the following data: Name(s) and/or Address(es) and/or telephone number(s) and/or fax number(s), and/or email addresses and/or tax registration numbers and/or identity card or passport numbers and/or firm, company or organisation with or without business Address(es) and/or telephone number(s) and/or fax number(s), and/or email addresses and/or tax registration numbers and or company registry numbers. Access to our database is restricted to specific users and both the database server access and the access to the records are separately restricted. For reasons of our professional security, this database is kept for an indefinite period of time, in order to allow us to trace persons who have – or claim to have transacted with our firm at any time. We do not share the details held on this database with any third parties.
We have and operate a secure database, which holds our time accounting system, for the purposes of billing our clients. This database is restricted to specific users and both the database server access and the records access are separately restricted. The records in this database are kept for a minimum of 5 years, which constitutes the statute of limitation for legal fees and tax purposes. We do not share the information held on this database with any third parties, other than the records concerning a specific customer, with such customer himself.
We have and operate a files server system, in which files and records relating to our clients’ legal business with our firm, are stored. Several documents concerning our clients are stored in electronic form. Several files in our database are individually password protected for unauthorised reading and/or copying and/or printing etc.This database is restricted to specific users and both the database server access and the files access are restricted. Many records in this database are kept for a minimum of 20 years, which constitutes the statute of limitation for most legal purposes. We do not share the information held on this database with any third parties, other than records concerning a specific customer, with such customer himself or persons expressly authorised by such customer.
We maintain a physically protected physical file, in which physical documents, relating to our clients’ legal business with our firm are stored for a minimum of 10 years and thereafter moved to a third party secure warehouse, in which they are kept for a further period of 10 years, thus covering in many cases, a 20 year period in total, which constitutes the statute of limitation for most legal purposes.
We do not hold or use any sensitive personal data which relate to racial or ethnic or political or religious or philosophical matters genetic data/biometric data to identify a person, data concerning someone’s health or a person’s sex life or orientation, unless we have the individual’s explicit consent to do so, for professional purposes, or where that data has been made public by the individuals themselves.
The criteria we use for determining data retention periods are based on various legislative requirements, including by way of an example, tax or accounting purposes, a continued legitimate need to hold personal data for our professional functions, secondary regulation or guidance issued by relevant regulatory authorities a.o.
Upon lapse of the aforesaid period, save few exceptions, our electronic files are securely deleted and our physical files are destroyed by means of a secure pulping process, performed and certified by our secure warehousing provider.
We protect our data using hardware and software that protects against intrusion, ransomware viruses and malware, however we disclaim any liability, given the fact that despite our continuing investment and efforts, we cannot guarantee security.
We may disclose personal data to third parties to companies and/or organisations who are our service providers under contract, who may from time to time include, tax and accounting professionals, IT suppliers, data hosting providers, banks and/or other payment processing providers, indicatively under the following circumstances: (a) permission of the individual or (b) compliance with legal obligations or (c) within dispute resolution processes, in which we act as instructed counsel or expert (d) in the course of transactions with individuals through the banking or other payment services system, who’s personal data we lawfully possess.
Rights of the individuals in relation to their personal data
Subject to independent verification of their identity, individuals have the following rights:
(a) The right to learn about their personal data that we hold; the purposes for which we hold such data and if and under which circumstances such data may be disclosed to third parties. (b) The right to request that their personal data is updated (c) The right to request that their personal data is forgotten (d) The right to request that any transfer of their personal data shall require their express consent, provided however that this request shall not be observed where it runs contrary to our legal obligations, including our duties in the course of dispute resolution proceedings.
You may contact Cocalis & Psarras on any matter relating to your personal data by using the link provided or by telephone at +30 210 3613661 or by facsimile at +30 210 3641258 or by mail at Cocalis & Psarras, 14 Solonos street, 106 71 Athens, Greece.