enel+30 210 38 43 857
·
info@alfalegal.gr
Mon - Fri 09:00-17:00
·

Privacy Policy

PRIVACY & PERSONAL DATA

PROTECTION POLICY

Last Updated: 20 NOVEMBER 2020

  1. Scope

This Privacy and Personal Data Protection Policy (hereinafter referred to as “Privacy Policy”) governs the processing of the personal data of clients and other natural persons who interact with the law office of Nikolaos P. Anastasopoulos, with Athens Bar Association registration number 34261, known as “LAW OFFICE NIKOLAOS P. ANASTASOPOULOS  –   ALFALEGAL” and any associates thereof (hereinafter jointly referred to as “the Office“, “we“, “our“) and sited at 56, Panepistimiou Str., Athens | P.C. 10678 | tel. +30 210 3843857.

With rigorous adherence to the applicable EU and national framework for the protection of personal data, and in particular, the General Data Protection Regulation (EU) 2016/679 (hereinafter referred to as the ‘GDPR’ or ‘Regulation’),the Law 4624/2019 and the relevant privacy provisions of the relevant Lawyers’ Code of Professional Conduct, our Office provides this Privacy Policy in order to inform you in the most transparent possible way about what information we collect, how we use it and what rights you have when you interact with us during your physical presence on our premises and/or with the Office’s website https://alfalegal.gr (hereinafter referred to as the ‘Website’).

This Privacy Policy shall in no way substitute or alternate the obligation of legal professional privilege; on the contrary, it reinforces our Office’s commitment to the best possible protection of the personal data it processes and applies beyond and in parallel to legal professional privilege. In particular, it should be noted that confidentiality obligations arising from the principle of security, as specified in particular in Article 32 of the GDPR, are aligning with the rules of the Lawyers’ Code of Professional Conduct on Confidentiality governing the legal profession.

Please read this Privacy Policy carefully as it will help you make informed decisions about the use and processing of your personal data.

  1. DEFINITIONS

For the purposes of this Privacy Policy, concepts such as ‘personal data’, ‘special categories of personal data’ or ‘sensitive data’, ‘processing’, ‘data subject’, ‘controller’ and ‘processor’, ‘consent’ and so forth shall be interpreted in accordance with Article 4 GDPR.

Applicable legislation” means the provisions of the applicable national and EU legislation to which the operation of our Office is subject to and defines issues of personal data protection, including but not limited to:

  • Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation, GDPR) and any implementing laws thereof.
  • Law 4624/2019 on the protection of the natural persons from the processing of personal data, as applicable.
  • Law 3471/2006 on the protection of personal data and privacy in the field of electronic communications, as applicable.
  • Directive 2002/58/EC of the European Parliament and of the Council of 12 July 2002 concerning the processing of personal data and the protection of privacy in the electronic communications sector (Directive on privacy and electronic communications, as in force.
  • Law 4194/2013 (Government Gazette Α΄208/27.09.2013) – Lawyers’ Code of Professional Conduct, as applicable.
  • Decisions and guidelines of the competent national and European authorities and bodies, such as the Greek Data Protection Authority (https://www.dpa.gr), the European Data Protection Board (EDPB) and the Article 29 Working Party (WP29).
  1. ACTING AS CONTROLLER AND/OR PROCESSOR

Our Office may carry on its business either as a Controller or as a Processor.

For example, our Office acts as a Controller in cases where it provides direct advisory support and/or represents our clients before judicial and other authorities, while it acts as a Processor in those cases, where legal advice and/or services of the Data Protection Officer are provided as an external associate of legal entities of private or public law.

  1. GENERAL PRINCIPLES FOR THE PROCESSING OF PERSONAL DATA

When processing personal data, our Office guarantees compliance with the basic principles of applicable legislation, as specified in particular by the GDPR and in particular ensures that:

  1. It has legally collected and processes such data, in compliance with the provisions of the Applicable Legislation and its requirements.
  2. It processes the necessary personal data and only for specified, explicit and legitimate purposes.
  3. It does not disclose personal data to third parties unless it is necessary and permissible under the Applicable Legislation. In such case, it shall disclose only the data which are strictly necessary in relation to the purpose of the disclosure and shall ensure that the data subjects are informed before proceeding.
  4. It takes appropriate contractual, technical and organisational measures to ensure that personal data are processed in such a way as to guarantee the appropriate security of personal data, including their protection against unauthorised or unlawful processing and accidental loss, destruction or damage. Furthermore, reviews of the adequacy and effectiveness of these measures take place from time to time.
  5. It makes the necessary efforts to ensure that the personal data which are kept and processed are always accurate and up to date.
  6. It does not retain the personal data collected for a longer period than the purposes under which they were collected and processed. However, it may also keep them for a longer period if the processing of such data is necessary:

(a) to establish, exercise or support legal claims of clients of our Office in the context of our partners and associates legal practice,                                                                                              

(b) to comply with a legal obligation requiring processing under specific provisions of law,

(c) for reasons of public interest.                                                                                             

 

  1. DATA WE COLLECT

Our Office, in the context of its activities and in compliance with the regulatory framework of the Lawyers’ Code of Professional Conduct, collects personal data of:

  •  
  • Opposing parties.
  • Our external associates.
  • Other individuals with whom we interact within our legal practice, such as third parties, and generally associates with whom we cooperate.

The information collected directly or indirectly by our Office includes the following categories of data:

  • Identification and demographic data: full name, father’s name, mother’s name, year of birth, place of birth, sex, nationality, ID Card Number.
  • Contact details: home and/or work address, e-mail address, telephone numbers (mobile and landline).
  • Fiscal, financial information and assets: Tax Registration Number (VAT number) and Tax Office, legal documents (receipts, invoices, etc.), tax and real estate forms (E1, E9, etc.).
  • Occupational information: Occupational Register Number (if any), Social Security Registration Number and other information on insurance fund registers, ERGANI data, family status data, education and vocational training data.
  • Bank details: bank account number and/or bank credit/debit card details.
  • Other personal information: photographs, documents and information of personal interest, in the context of the professional management of each case.

Please note that this data may not always belong directly to people with whom our Office interacts but also to third parties, opposing parties or not (e.g., family members of a client, employee or opposing party, information concerning their children, and so forth).

  1. SPECIAL CATEGORIES OF PERSONAL DATA

On a case-by-case basis, when handling legal cases and always within the framework of our legal practice, our Office may collect and process data belonging to specific categories of personal data (p.p. sensitive personal data), such as health data, copies of criminal records and other relevant judicial data.

  1. MINORS’ DATA

Under the applicable legal framework, the Office may collect and process personal data of minors (i.e., individuals who have not reached yet the age of 18), either directly or indirectly, through their parents and guardians or those with parental responsibility, or even through third parties, always in the context of legal case management.

However, since it is not always possible to check the age of persons entering or using the website of our Office, parents and guardians of minors, in particular those under the age of 16, should contact us immediately if they find any unauthorized disclosure of data on behalf of the minors for who they are responsible, in order to exercise the rights granted to them accordingly, such as erasure of their data.

  1. DATA COLLECTION AND RETENTION

Our Office uses multiple physical and/or digital communication channels to collect the required and necessary personal data, such as case files, e-mail, telephone and online conferences and communications.

Such personal data may be incorporated into physical and/or electronic files and databases, which constitute the necessary documentation for the establishment of case files, which are provided to our Office either directly by our clients, or indirectly because of our access to the materials of the case (e.g. copies of opposing parties’ documentation, documents in connection with criminal proceedings, etc.).

The personal data provided to our Office, is kept in secure physical and/or digital places with classified access by authorized associates (where appropriate), such as, but not limited to, locking cabinets, login to PC with updated codes in accordance with the best cybersecurity practices, electronic files with security code, updated security and encryption protocols at rest and in transit, as well as appropriate contractual guarantees with third-party external partners.

  1. PURPOSES OF DATA PROCESSING

Under the provisions of the GDPR, in conjunction with the Lawyers’ Code of Professional Conduct, the activity of our Office consists in the general provision of legal services (legal counseling and advocacy) and Data Protection Officer or compliance services.

In this context, our Office may collect and process personal data in order to:

  1. represent, defend and support our clients out of court and before courts and public authorities or agencies.
  2. provide legal advice and opinions.
  3. provide Data Protection Officer or compliance services.
  4. LEGAL BASES OF DATA PROCESSING

The processing of personal data available to our Office takes place in order:

  1. To fulfil contractual obligations either within the framework of any mandate given to us to represent and defend the rights and interests of our clients, or in the context of the provision of legal counseling services or Data Protection Officer services.
  2. To comply with legal obligations under provisions of law or court orders.
  3. To defend the legitimate interests of our Office, namely:
  • The promotion of our Office on the internet and on social media to the extent permitted by the Lawyers’ Code of Professional Conduct (mainly concerns associates’ information).
  • Claiming debt recovery and defending the interests of our Office and its associates.

 

  1. INTERNET TECHNOLOGIES

Our Office guarantees the respect of visitors’ privacy when browsing our Website (https://alfalegal.gr). In this context, we inform you of the following:

  • COOKIES: When you visit the Website of our Office, if you give us your consent, we may use cookies and similar tracing technologies (such as web beacons and pixels) to access or store information about your digital interaction with For more information about the cookies we use and how you can provide or revoke your consent, see our Office Cookies Policy.
  • GOOGLE MAPS: The Website uses Google Maps service application via APIs. For more information about Google’s Privacy Policy, see here. If you accept the Google Maps API, you are deemed to agree to the relevant Google’s Terms of Service.
  • LINKEDIN PLUGINS: The Website uses “Linkedin” social media plugins to refer to a corresponding profile/page on it. For more information about Linkedin’s Privacy Policy, see  here.

 

  1. DISCLAIMER ABOUT LINKS TO THIRD-PARTY WEBSITES/LINKS FROM OUR WEBSITE

Links may be provided on our Website, which redirect the visitor to third-party websites. Our Office has not control over these third-party websites and accepts no responsibility for the content posted or further links displayed on them. Our Office shall not be held liable for the privacy practices of third parties or the content of third-party websites.

  1. WHO HAS ACCESS TO YOUR INFORMATION AND WHERE WE TRANSFER IT

In principle, our Office does not directly transmit or sell your data to third parties inside or outside the EU/EEA.

Access to your personal information is available on a case-by-case basis only to authorized externals of our Office, such as associate lawyers, consultants or experts, bailiffs, accountants, courier, as well as third-party service providers in the context of technical support of our Office’s equipment and applications.

Our Office engages only third parties who ensure an adequate level of protection of the personal data we process in the course of our activities, entering into appropriate contractual commitments for adequate security and protection of your data.

In certain cases, and upon your consent, we may share and disclose some of your information to cooperating third parties, allowing you always to withdraw your consent just as easily or by contacting us.

  1. DATA RETENTION PERIOD

The personal data we collect in the course of our activity shall be retained for a predetermined and limited period of time, depending on the purpose of the processing, after which the data is deleted from the archives of our Office, unless a different retention period is provided for or permitted by applicable law.

  1. DATA SUBJECTS’ RIGHTS

In addition to the strict application of legal professional privilege, our Office shall ensure that individuals (data subjects) can exercise the rights granted to them by the Applicable Legislation with regard to the collection and processing of personal data concerning them. These rights are as follows:

  1. To be informed on how your personal data is being processed and request access to your personal data with the provision of relevant copies where possible.
  2. To rectify any incorrect data being kept.
  3. To erase data kept (right to be forgotten), unless this is not permitted for legitimate reasons.
  4. To limit the processing of the data retained.
  5. To transmit your data retained by us (known as the right to portability), if and to the extent practicable.
  6. To object to the further processing of your data.
  7. To withdraw any previously given consent.

Our Office shall ensure that these rights are exercised upon your request, sufficiently documented, within one month of its receipt and data subject’s identification. This period may be extended to two (2) additional months if the request is complex or there is a large number of requests. In this case, our Office will inform you of the reasons for the delay within one month of the receipt of your request. Also, within the above period (one month), our Office will inform you appropriately as well in case of any refusal to satisfy in whole or in part your submitted request, as well as the reasons for the refusal.

However, in certain cases, our Office may reject the satisfaction of certain rights/requests in relation to your personal data, such as when:

  • Refusal of access is required or permitted by law
  • Providing access would have a negative impact on the rights and freedoms of third parties
  • Where the request is manifestly unfounded or excessive.

Furthermore, where your claim is manifestly unfounded or excessive, in particular because of its repetitive nature, our Office reserves the right to seek for a reasonable fee or to refuse to respond to your request.

  1. HOW TO EXERCISE YOUR RIGHTS

In the event that you wish to exercise in whole or in part your rights under the GDPR, as set out above, you may submit your request under the reference ‘PRIVACY’ as a subject by:

  • Post: Law Firm NIKOLAOS P. ANASTASOPOULOS,

56, Panepistimiou Str., Athens, P.C. 106 78.

 

 

  1. LODGING A COMPLAINT WITH THE NATIONAL SUPERVISORY AUTHORITY

Our Office undertakes to make every endeavour to meet your requests in the exercise of your GDPR rights.

However, if the reply you receive from us does not satisfy you or if you consider that your personal data continues to be infringed, then you have the right to contact the national Data Protection Authority (DPA), lodging a complaint (https://www.dpa.gr  -> lodging of a complaint).

  1. UPDATES OF THIS PRIVACY POLICY

Our Office reserves the right to modify, in whole or in part, this Privacy Policy in order to comply with legal and regulatory changes and the particular needs of our Office.

The updated versions of this Privacy Policy will be posted on the website of our Office with a date indication to let you know which version is the most recently updated version. The updated version shall enter into force from the posting on the Website and your free access to it.

In any case, we recommend you to frequently review this Privacy Policy for accurate and timely information about how we protect your personal data.