Privacy Policy

1. About Piperakis-Kostopoulos Law Firm

PK Law Firm is committed to protecting the confidential and personal information entrusted to it and complies with the current Privacy Act. As part of this fundamental obligation, PK Law Firm is committed to the appropriate protection and use of personal information / data (sometimes referred to as “personally identifiable information” or “PII”) that it collects online or in the course of providing its services, or through communications / collaborations with any third party. Our commitment to the protection of personal data is extension of PK Law Firm’s commitment to client confidentiality and based on the belief that respecting individuals’ personal data is not something we simply have to do, but something that improves the way we work.

PK Law Firm has adopted this Privacy Policy to help establish and maintain an adequate level of Personal Data protection during the collection, processing, disclosure and cross-border transfer of Personal Data, relating to existing, retired and future Staff, clients, contractors and associates of PK Law Firm.

We encourage you to read this Privacy Policy carefully, which sets out the context in which we process your personal data and explains your rights and our obligations during such processing.

 

 

2. What information and personal data we hold about you

This information and personal data can either be provided directly by you or the legal entity you work for, or provided by a third party (supplier, service provider, business partner, etc.).

We may collect different types of personal data about you depending on the purpose for which we collect it, such as:

  • dentification data (e.g. surname, first name, gender, date and place of birth, nationality, identity card or passport number, email address and/or postal address, landline and/or mobile phone number and car license number, etc. )
  • job details (eg job title, position and company name)
  • financial information (eg bank account information)
  • electronic identification data, when this is required to provide services to our company (e.g. login, access right, passwords, employee number, IP address, online identifiers/cookies, log files, access and login times, registration audio, such as CCTV or photographs).

3. Collection of Confidential or Personal Information

When Piperakis-Kostopoulos Law Firm and/or its staff collect personal or confidential information from another member firm or a third party, they shall:

  • keep personal data confidential and secure and disclose that information only to those employees who have a legitimate business reason to access that information and to public authorities in accordance with relevant law
  • adopt additional security measures and / or restrictions on their disclosure at the written request of the third party from which this data is collected.

When Piperakis-Kostopoulos Law Firm acts as a Data Processor, it must comply with the GDPR and:

  • process personal data only in accordance with the instructions of the Data Controller who transmitted the data, who is required to comply with the requirements of the GDPR
  • keep the personal data until the end of the data processing services, subject to any requirements of the applicable legislation
  • immediately notify the DPA that transmitted this data to it regarding any legally binding requirement, any disclosure of the data, any accidental or unauthorized access or any requests made directly by the data subject;
  • not respond to any request for disclosure of the data, unless authorized by the DPO who transmitted the data or the subject or as required by law.

When Piperakis-Kostopoulos Law Firm acts as a Data Controller, it must comply with the GDPR and must:

  • implement all appropriate measures for compliance and data protection
  • implement the appropriate technical and organizational security measures for the protection of personal data,
  • report data breaches to the Data Protection Authority and the data subject, in accordance with applicable law
  • cooperate with the supervisory authorities
  • facilitate the exercise of the subjects’ rights

 

4. For what purpose we use your personal data

We process your personal data for a specific purpose and only process personal data that is necessary and relevant to achieve that purpose.

In particular, we process personal data for the following purposes always in accordance with the nature of our cooperation as well as with applicable legislation and regulations:

  • to perform contractual obligations towards you or to take pre-contractual measures at your request and/or consent;
  • to organize our supplier partners and subcontractors;
  • to monitor activities at our facilities, including compliance with applicable policies as well as applicable health and safety rules;
  • to manage our online resources, including infrastructure management and business continuity;
  • to preserve the company’s financial interests,
  • to ensure compliance with our policies, local law requirements, taxation, deductions and management of potential cases of fraud or fraud, as well as conducting audits and defending against legal disputes;
  • to keep records,
  • to issue invoices,
  • for any other purpose required by law and authorities.

5. How we use your personal data

In accordance with Greek and EU law, we will not process your personal data unless we have a relevant justification provided by law. Therefore, we will only process your personal data if there is a legitimate basis for doing so, such as:

  • Performance of a contract: where the processing of your personal data is necessary to fulfill our obligations under a contract (written or oral) or during the negotiation stage to take over your case.
  • Legal obligation: when we need to process your personal data to comply with a legal obligation, such as keeping records for tax purposes or providing information to a public body or law enforcement authority;
  • Legitimate interest: when the pursuit of our legitimate interests does not have a serious impact on the rights and freedoms of subjects.
  • Your consent: n some cases, in addition to your contract, we will ask you for specific permission to process some of your personal data and we will only process your personal data if you consent to this. You can withdraw your consent at any time by contacting us at law@piperakis-kostopoulos.com .

6. Who has access to your personal data and to whom is it transmitted?

Η Piperakis-Kostopoulos Law Firm does not share personal data with unaffiliated third parties, except as necessary for legitimate professional and business needs, to carry out your requests and if it is required or permitted by law or professional standards.

Η Piperakis-Kostopoulos Law Firm works with trusted partners, service providers, so that they can process your personal data on our behalf. Piperakis-Kostopoulos Law Firm will only pass on personal data to them if they meet our strict data processing and security standards. Piperakis-Kostopoulos Law Firm shares with them only the personal data they need to provide their services.

Η Piperakis-Kostopoulos Law Firm ensures that external service providers who access or use confidential information are bound by contractual obligations to maintain the confidentiality and security of the information. Piperakis-Kostopoulos Law Firm includes a confidentiality clause in its General Terms and Conditions and agreements that may be entered into with third parties (i.e. external service providers who have access to confidential information). 

In Addition Piperakis-Kostopoulos Law Firm may also transfer certain personal data outside the EEA to companies working with us or on our behalf for the purposes described in this Privacy Statement. Piperakis-Kostopoulos Law Firm may also store personal data outside the EEA. If this happens, your personal data will continue to be protected by contracts we have made with organizations outside the EEA, which are in a form approved by the European Commission. By providing personal data online, visitors consent to such transfer and/or storage of their personal data abroad.

PK Law Firm will not pass on the personal data you provide to any third parties, for their own direct use for promotional purposes (marketing). In particular, regarding the posting of your business name or you individually in the PK Law Firm client list, for which you expressly hereby consent to, PK Law Firm undertakes to posts these data for as long as you consent and until either the expiration of the legal period or submission of deletion request.

 

7. Protection of Personal Data

We have implemented appropriate organizational and technical measures to provide a high level of privacy protection and security of your personal data from any form of unlawful processing such as accidental or unlawful destruction or alteration, accidental loss, unauthorized disclosure or access. PK Law Firm integrates the protection of personal data as an integral part of its business activities in order to protect the rights of subjects, such as user management policy, different roles and responsibilities, backups, physical security measures, personal data destruction policy etc.

Η Piperakis-Kostopoulos Law Firm ενσωματώνει την προστασία των προσωπικών δεδομένων ως αναπόσπαστο μέρος των επιχειρησιακών της δραστηριοτήτων από σχεδιασμό και εξ ορισμού, προκειμένου να προστατεύσει τα δικαιώματα των υποκειμένων, όπως η πολιτική διαχείρισης χρηστών, οι διαφορετικοί ρόλοι και αρμοδιότητες, τα αντίγραφα ασφαλείας, τα μέτρα φυσικής ασφάλειας, η πολιτική καταστροφής προσωπικών δεδομένων κ.λπ.

8. Preservation and access to personal data

To the extent not prohibited by applicable laws and regulations,Piperakis-Kostopoulos Law Firm:

  • keeps the personal data for at least 10 years and in any case until the purpose of the data processing is achieved, subject to any requirements to keep the information for a different period, in the context of compliance with applicable law, regulation, professional requirements or standards.
  • provides a process for determining and monitoring the nature of the personal data it holds about you.
  • allows you to access your personal data maintained by PK Law Firm and allows you to review and correct any errors in relation to your personal data as required by applicable laws and regulations.

9. The rights to protect your data

Your rights include: the right to access the data, the right to correct erasure / the right to be forgotten, the right to limit the purpose of the processing of personal data, the right to object to the processing of personal data, the right to data portability, the right to withdraw consent at any time (when the processing is based on consent) and the right to lodge a complaint with the supervisory authority.

For any complaint you can contact us at law@piperakiskostopoulos.com .

Finally, you always have the right to file a complaint with the Personal Data Protection Authority (DPA) [www.dpa.gr/ Telephone Center: 210 64 75 600, Fax: 210 64 75 628, Email: complaints@dpa.gr

10. Changes to this Policy

PK Law Firm may periodically update this Policy to reflect developments in Personal Data Protection. When we modify this Policy described herein, we will revise the “updated” date at the top of this page. We encourage you to periodically review this Policy in order to be informed of how we manage personal data.