top of page

Privacy Policy

 

Apostolakos Law is a law office at 3 Merlin Str., Athens Greece, Tel.: +30 2103315181, e-mail: office@apostolakoslaw.com (“Apostolakos Law”, “we”, “us”). Apostolakos Law informs you, in accordance with Regulation (EU) 2016/679 (“GDPR”), Law 4624/2019 and further provisions of the relevant legislation on the protection of personal data, in its capacity as controller, that it processes personal data you may provide by contacting us for the provision of services, by interacting with our web page, or in the context of general relationships with us, in accordance with the following.

 

1. Personal data we may collect and process

1.1. Personal data includes any information that may lead either directly or in combination with other elements to your unique identification as a natural person. 

1.2. By contacting Apostolakos Law, we can collect information such as name, passport or identity card, VAT number, place of work, gender, date of birth/age, nationality, postal address, email address and phone number, zip code, telephone area code, payment-related information, billing address, payment method, bank account number or credit card number, invoice records, financial statements, tax statements, property records, or any other information relating to you which you may provide to us.

1.3. We may collect information during your visits to our website such as IP address, browser information, device, time zone, browser plug-in, operating system and platform, mobile device information; unique device identifier or mobile equipment identifier; device and component serial numbers online activity on other websites, applications, or social media; length of our website visits and page interaction information. To learn more please refer to our Cookies Policy.

1.4. Please note that personal information provided to us by or on behalf of our clients in the course or providing services to them may, depending on the nature of such services, include special categories of data.

1.5. If you provide information to us about any person other than yourself, you must ensure that said person has given his/her consent for you to disclose it to us and that he/she has been made aware of how his/hers personal data will be used by us.

 

2. How we obtain personal data

We may collect your personal data: i) directly from you in the course of the provision of legal services, ii) when you use our website, iii) by third parties, iv) from public sources e.g., business registries, property registries etc.

 

3. Purposes of processing

3.1. We process the personal data which are relevant and limited to what is necessary for the purposes of the processing.

3.2. We use personal data: i) to provide legal advice and related services, ii) to perform a contract, such as the provision of legal services, iii) for the establishment, exercise or defense of legal claims or proceedings, iv) to manage our relationship with our clients, v) for security purposes, vi) to process invoicing and payments, vii) for recruitment purposes, viii) to monitor and improve our services, ix) to provide and monitor our website, x) to comply with our legal obligations.

 

4. Lawful basis of processing

We use your personal data on the following legal bases: 

  • For legitimate business purposes

  • For the establishment, exercise or defense of legal claims or proceedings

  • For the performance of contractual obligations

  • To comply with legal and regulatory obligations

  • In cases where we have received your consent, in particular when the processing does not apply to any of the legal bases mentioned above the processing of the data is based on your consent (see in particular cookies).

 

5. Storage period of your personal data

We will retain/store the personal data provided by you, only for as long as required to fulfill the purpose pursuant to which you have communicated such information to us and in compliance with the applicable legal provisions.

 

6. Security of personal data

We have implemented technical and organizational measures to ensure the lawful collection, processing and effective protection of your data from loss, alteration or unauthorized access thereto. We have, inter alia, implemented the following technical and organizational measures and procedures to protect your personal data: i) access to your personal data is restricted to authorized persons, ii) IT systems used to process the data are only accessible by authorized persons, iii) access to above IT systems is monitored to detect and prevent any unauthorized access. Our procedures and security measures implemented are constantly reviewed for improvement with technological developments.

 

7. Data recipients

7.1. Any unauthorized access to your personal data by any person is strictly forbidden. We do not disclose your personal data to third parties, except to those with whom we cooperate and as required to facilitate the provision of our services to you, always under conditions that ensure that your personal data is not subject to unlawful processing, in accordance with applicable law and subject to applicable professional and regulatory requirements regarding confidentiality and professional secrecy. 

7.2. We may disclose your Personal Data to: i) legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation, ii) accountants, auditors, lawyers and other outside professional advisors, subject to binding contractual obligations of confidentiality, iii) third parties such as IT providers, data hosting service providers and, website hosting service providers, iii) any relevant party, law enforcement agency or court, to the extent necessary for the establishment, exercise or defense of legal rights, iv) any relevant party for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including safeguarding against and the prevention of threats to public security.

7.3. If we engage a sub-processor to process your personal data, the sub-processor will be subject to binding contractual obligations to: (i) only process the personal data in accordance with our prior written instructions; (ii) use measures to protect the confidentiality and security of the personal data. 

7.4. We use IT providers and website hosting service providers (“provider(s)”) to deploy and manage our website. The providers we use implement and maintain industry-standard technical and organizational security measures as required to appropriately ensure the protection of personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access, and the confidentiality and integrity of personal data. The providers we use hold ISO 27001, ISO 27701, ISO 27017, ISO 27018 and TLS Certifications. We will restrict the providers’ access to information only to what is necessary to provide said services and will prohibit providers from processing information for any other purpose. Our use of any specific provider to process information shall comply with applicable data protection laws and jurisdiction specific terms (if any) and will be governed by a contract between Apostolakos Law and such providers that sets forth a level of protection and security comparable to this policy. You may reasonably object to the appointment or replacement of a provider by us on documented reasonable grounds relating to data protection, by submitting a written and reasoned objection to us.

7.5. Where we transfer your personal information outside the European Economic Area (EEA), we will ensure that it is protected and transferred in a manner consistent with legal requirements applicable to the information. Such transfer will occur provided that: (a) an adequate level of protection is ensured, based on EU adequacy decisions, corporate binding rules, standard contracts and approved codes of conduct; or (b) appropriate guarantees have been provided for their processing under the law. 

 

8. Third party links and websites

Our website contain links to third party websites. Their products and services may use or offer third-party products or services. Information collected by third parties, which may include location and site data or contact information, is governed by the respective third-party privacy practices. We urge you to read the privacy practices of the above third parties. We do not accept any responsibility or liability for these policies.

 

9. Your rights relating to your personal data

9.1. Under the applicable legislation you have the following rights:

  • The right to be informed and to receive confirmation as to whether the personal data held by us are being processed.

  • The right of access to your personal data.

  • The right to be informed in advance and to consent to the disclosure/transmission of data to potential recipients to whom personal data may be disclosed, in particular regarding recipients in third countries or international organizations.

  • The right to receive copies, physical or electronic, of personal data processed.

  • The right to restrict the processing of your data.

  • The right to object to any further processing of your personal data that we hold (right to object).

  • The right to request the deletion of your personal data from the files we hold (right to be forgotten) under certain conditions, such as when the data is no longer needed, you have revoked your consent, the data has been illegally processed, etc. 

  • The right to data portability.

  • The right to revoke your consent at any time. Revocation of consent shall not affect the lawfulness of the proceedings based on the prior consent of the revocation and re-issuance of revoked consent is permissible. 

9.2. If you believe that the processing of your personal data described above, is unlawful, you may also file a complaint to the Hellenic Data Protection authority. For the competence of the Authority and the manner of submitting a complaint, you can visit its website (www.dpa.gr - Citizens - Submit a complaint to the Authority) where there is detailed information.

 

10. Updates and amendments to this Privacy Policy

Apostolakos Law reserves the right to modify/update individual parts of this Privacy Policy without prior notice. Please always read the Privacy Policy before using our website as well as our services, to be informed about the current version of the Policy. Last update of this Privacy Policy – October 2022.

bottom of page