Who is responsible for your personal data?
PISTIOLIS – TRIANTAFYLLOS & ASSOCIATES LAW FIRM, seated on 103 Vas. Sofias street, Athens, Greece, PC. 11521, mail email@example.com, telephone +30 210 3626971, fax +30 210 3626974, website www.ptlegal.eu informs you that for the purposes of practicing its business activity proceeds to processing of natural persons’ personal data in accordance with the national legislation in force Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, hereinafter GDPR) and thus it establishes its role as a “data controller”.
Which personal data do we collect?
The personal data we collect may include:
- Contact information, such as your name, job title, postal address, including your home address (in case you have provided this to us), business address, telephone number, mobile phone number, fax number and email address.
- Payment data necessary for processing payments and fraud prevention, credit/debit card numbers, security code numbers and other related billing information.
- Business information necessarily processed in a project or client contractual relationship with us or voluntarily provided by you, such as instructions given, payments made, requests and projects.
- Information collected from publicly available resources.
- If legally required for compliance purposes, information about relevant and significant litigation or other legal proceedings against you or a third party related to you and interaction with you which may be relevant.
- Special categories of personal data when this is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
- Other personal data regarding your preferences where it is relevant to legal services that we provide.
- Details of your visits to our premises.
From time to time, it may include personal data about your membership of a professional or trade association or union.
For which purposes do we collect your data?
We may use your personal data for the following purposes only:
Providing legal advice or other services or things you may have requested, including services or solutions as instructed or requested by you or your organisation;
Managing and administering your or your organisation’s business relationship with us, including processing payments, accounting, auditing, billing and collection, support services;
Compliance with our legal obligations (such as record keeping obligations), compliance screening or recording obligations;
To analyse and improve our services and communications to you;
Protecting the security of and managing access to our premises, IT and communication systems, online platforms, websites and other systems, preventing and detecting security threats, fraud or other criminal or malicious activities;
For monitoring and assessing compliance with our policies and standards;
To identify persons authorised to trade on behalf of our clients, customers, suppliers and/or service providers;
To comply with our legal and regulatory obligations and requests anywhere in the world, including reporting to and/or being audited by national and international regulatory bodies;
To comply with court orders and exercises and/or defend our legal rights; and
For any purpose related and/or ancillary to any of the above or any other purpose for which your personal data was provided to us.
Where you have expressly given us your consent, we may process your personal data also for the following purposes:
Communicating with you through the channels you have approved to keep you up to date on the latest legal developments, announcements, and other information about us, via newsletter, briefs etc;
Customer surveys, marketing campaigns, market analysis, contests or other promotional activities or events; or
Collecting information about your preferences to create a user profile to personalise and foster the quality of our communication and interaction with you (for example, by way of newsletter tracking or website analytics).
With regard to marketing-related communication, we will – where legally required – only provide you with such information after you have opted in and provide you the opportunity to opt out anytime if you do not want to receive further marketing-related communication from us. We will not use your personal data for taking any automated decisions affecting you or creating profiles other than described above.
What is the legal basis of processing your data?
We process the personal data that we collect as above solely upon legal basis to do so.
The following legal bases apply on the processing to which we proceed:
- The provision of legal services you assign to us and you wish to receive from us. (i.e. fulfillment of our contractual obligations towards you, or steps taken prior to entering into a contract)
- The protection of our and your legitimate interests. Therefore, we use closed-circuit television (CCTV) in order to protect the security of natural persons, materials and buildings.
- The compliance with legal obligations to which the law firm is subject to, such as AML procedures or tax procedures.
- The consent you provide under certain circumstances, as stipulated by the legal framework, in order to receive updates for our services, news etc.
- With regards to special categories of data, we process them when this is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity.
With whom will we share your personal data?
We may share your personal data in the following circumstances:
If you are a client of PISTIOLIS – TRIANTAFYLLOS & ASSOCIATES LAW FIRM, we may disclose your personal data to:
Lawyers – Associates, other legal specialists (including mediators), consultants or experts engaged in your matter; or
Foreign law firms for the purpose of obtaining foreign legal advice; Andersen Global (Swiss verein) by which our firm has signed a collaboration agreement.
If we have collected your personal data in the course of providing legal services to any of our clients, we may disclose it to that client, and where permitted by law to others for the purpose of providing those services;
We may disclose your contact details on a confidential basis to third parties for the purposes of collecting your feedback on the firm’s service provision, to help us measure our performance and to improve and promote our services;
We may share your personal data with any third party to whom we assign or novate any of our rights or obligations;
We may share your personal data with courts, law enforcement authorities, regulators or attorneys or other parties where it is reasonably necessary for the establishment, exercise or defence of a legal or equitable claim, or for the purposes of a confidential alternative dispute resolution process;
We may also instruct service providers within or outside of PISTIOLIS – TRIANTAFYLLOS & ASSOCIATES LAW FIRM, domestically or abroad, e.g. shared service centers, to process personal data for the aforementioned purposes on our behalf and in accordance with our instructions only. However, PISTIOLIS – TRIANTAFYLLOS & ASSOCIATES LAW FIRM will retain control over and will remain fully responsible for your personal data and will use appropriate safeguards as required by applicable law to ensure the integrity and security of your personal data when engaging such service providers;
In these cases, we sign agreements with the third parties to whom we assign processing of personal data on our behalf, in order to ensure that processing takes place in accordance with the current legislative framework and that any natural person may freely exercise the rights conferred upon the latter.
We may also use aggregated personal data and statistics for the purpose of monitoring website usage in order to help us develop our website and our services.
Otherwise, we will only disclose your personal data when you direct us or give us permission, when we are required by applicable law or regulations or judicial or official request to do so, or as required to investigate actual or suspected fraudulent or criminal activities.
For how long do we retain your personal data?
Your personal data will be deleted when it is no longer reasonably required for the purposes mentioned above and more specifically following the below criteria:
- When processing is required by law, your personal data will be stored for as long as required by the relevant provisions.
- When processing is based upon the provision of legal services and/or the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity, your personal data is retained until the claims in question have been settled and the respective legal services have been provided or until the statute of limitation period for any possible claim against our firm lapse or according to our engagement letter.
- When you withdraw your consent (where applicable) and we are not legally required or otherwise permitted to continue storing such data. It is underlined however that withdrawal of your consent does not affect the legality of processing based on your consent for the time period before the withdrawal.
How do we collect your personal data?
We may collect personal data about you in a number of circumstances, including
When you or your organisation seek legal advice from us or use any on-line client services;
When you or your organisation browse, make an enquiry or otherwise interact on our website;
When you or your organisation offer to provide or provide services to us.
What rights do you have with respect to personal data?
Right of Access:
You have the right to be aware and verify the lawfulness of the processing. Therefore, you enjoy the right of access to your data and to receive supplementary information with respect to their processing.
Right to Rectification:
You have the right to study, rectify, update or amend your personal data by contacting us in the aforementioned contact details.
Right to erasure:
You have the right to submit a request of your personal data’s erasure as long as we process it upon your consent or in order to protect our legitimate interests. In all other cases, such as for instance upon provision of legal services, or compliance with legal obligation such right might be subject to restrictions or may not exist at all.
Right to restrict processing:
You have the right to request restriction of processing of your personal data in the following cases: (a) when the accuracy of your personal data is contested and until the respective verification is concluded, (b) when you object to the erasure of your personal data and you request instead of erasure, the restriction of its use, (c) when your personal data is not required for the purposes of processing, however it is required for the establishment, exercise or defence of legal claims, and (d) when you object to processing and until the verification that legitimate grounds override the reasons you invoke to object to processing.
Right to object processing:
You have the right to object at any time to processing of your personal data in cases where this is required for the purposes of legitimate interests we pursue as data controllers.
Right to data portability:
You have the right to receive at no cost your personal data in a form allowing you to have access, to use and process them in a commonly used method of processing. Furthermore, you have the right to request, provided that this is technically feasible, to transmit the data to another data controller. Such right exists for the data you have provided and their processing is carried out by automated means upon your consent or the performance of a contract.
Right to withdraw the consent:
When processing is based upon your request (for the receipt of updates and targeted advertising), you have the right to freely withdraw it; Withdrawal of your consent does not affect the legality of consent-based processing during the period before such consent was revoked.
To exercise any of your aforementioned rights you may address Mrs. Anthi Delenika, postal address Vas. Sofias 103, Athens 11521, e-mail: firstname.lastname@example.org, phone: +302103626971.
Right to lodge a complaint with the Hellenic Data Protection Authority
Furthermore, we inform you that automated processing may take place and in particular the necessary profiling for the targeted advertising of the services available from PISTIOLIS – TRIANTAFYLLOS & ASSOCIATES LAW FIRM according to your preferences and interests, through the platforms that we use in order to communicate with you.
Security of Personal Data
PISTIOLIS – TRIANTAFYLLOS & ASSOCIATES LAW FIRM applies appropriate technical and organizational measure in order to safeguard processing of personal data and to avoid accidental loss or destruction and non-authorized or/and unlawful access to the data, use, amendment or disclosure. In any case Internet’s performance and the fact that it is free to anyone, does not allow to provide guarantees that non- authorized third parties will not obtain the possibility to violate the technical and organizational measures, having access and potentially proceeding to use of personal data for non-authorized or/ and unlawful purposes.
Updates to this Privacy Notice