Date: 3 March 2022
THESIS Law Firm, is a law firm incorporated in Greece, pursuant to Greek legislation and registered under Athens Bar Association number 80331. The head office is located at 4 Sekeri Street, Athens 10674 (hereinafter referred to as “We” or “Us” or “Our”).
THESIS Law Firm is highly committed to preserving the privacy and protecting any personal data that you may provide to Us, as well as the information We collect while operating Our business.
Pursuant to the applicable data protection law, meaning the General Data Protection Regulation (EU) 2016/679 (GDPR), Greek Law 4624/2019 for the implementation of the GDPR, Greek Law 2472/1997 and Greek Law ν. 3471/2006 for the incorporation of the Directive 2002/58/EC (E-Privacy Directive), as amended and in force, your data will be controlled by THESIS Law Firm (data controller).
1. WHAT KIND OF PERSONAL DATA WE COLLECT
In order to provide Our legal services, always committed to the confidentiality and trust in the relationship with Our clients, We collect and process the following personal data:
- Personal details, such as your name, the company you work for, your title or position and other contact information
- Contact information, such as your postal address, your e-mail address and phone number
- Financial data, such as credit/debit card numbers, bank account information, and other invoicing and payment related information
- Identification and background information provided by you or collected as part of Our business acceptance processes
- Personal data of other people: If you provide information to Us about any person other than yourself, your employees, counterparties, your advisers or your suppliers, you must ensure that they have been made aware of how their personal data will be used by Us, and that they have given their consent to you to disclose it to Us and to allow Us to use it
- Personal data provided to Us by or on behalf of Our clients or generated by Us in the course or providing services to them, which may include special categories of data
- Any other personal information you choose to give Us when you interact with Us
- We may collect information about you when you interact with Us through social media
- In case you apply for a position in THESIS Law Firm, the personal data We collect is limited to your name and job title, contact information and your curriculum vitae and any other information relevant to the potential recruitment that you agree to provide to Us. In case the recruitment doesn’t proceed, all the aforementioned personal data is deleted, unless you provide explicit consent to do otherwise.
2. HOW WE COLLECT PERSONAL DATA
The ways We collect personal data include the following:
- Directly from you or your organisation: in the course of acceptance processes and the provision of legal services and advice to you or your organisation, when you or your organisation provide services to Us, when you communicate with Us by phone, mail, email or otherwise
- By third parties: for instance when you are the subject of, or your data is otherwise included in, legal advice We are asked to provide to that third party client
- Using publically available sources such as business registries.
3. WHY WE COLLECT YOUR PERSONAL DATA – PURPOSES
We use your personal data for the following purposes:
- For the performance of contractual obligations or in order to take steps at the request of the data subject prior to entering into a contract:
- a) To register you as Our client
- b) To provide and administer legal services to you or your organisation
- c) To process invoicing, payments and other monetary transactions
- d) To process employment applications and for recruitment purposes. When your personal data is shared with Us for recruitment purposes, We will only use this personal data in order to contact you regarding the recruitment and other opportunities which you may have requested. If you apply for a position at THESIS Law Firm, your personal data will be processed in accordance with Our recruitment privacy notice which can be obtained by contacting Us at firstname.lastname@example.org
- To conduct Our business and to pursue Our legitimate interests, in particular:
- a) To provide legal advice and services to Our clients
- b) To administer and monitor Our relationship, including business acceptance, conflict checks, accounting, auditing purposes, as well as confirming legal representation of Our counter parties
- c) To exercise or defend Our legal rights and Our clients’ legal rights or to comply with court orders
- d) To protect the security of Our communications and other systems and to prevent and detect security threats, frauds or other criminal or malicious activities
- e) To provide this website
- For purposes required by law, including maintaining records, compliance checks or screening (e.g. anti-money laundering).
4. BASES OF PROCESSING YOUR PERSONAL DATA
We process your personal data on the following bases:
- On the basis of the provision of legal services and advice to Our clients, as well as supporting legal claims and representation of Our clients
- On the basis of Our legitimate interests related to the operation of Our business such as maintaining Our accounts, records, billing etc.
- For the performance of contractual obligations
- To comply with legal and regulatory obligations.
We process special categories of personal data:
- For the exercise or defense of legal claims
- Based on your consent
- For employment and social security law related purposes
- If the process is necessary for the protection of vital interests and the data subject is physically or legally uncapable to provide consent
- If the process refers to personal data which have obviously been published by the data subject
- For reasons connected with a statutory provision for reasons of public interest.
5. WHERE WE STORE YOUR PERSONAL DATA
The personal data that We collect about you shall not be transferred to and stored at a destination outside the European Economic Area (“EEA”). All information you provide to Us is stored on Our secure servers within the European Union (EU). In case your personal data is necessary to be transferred to entities or individuals in a third country, this will be done in compliance with the special requirements on transfers of personal data to countries outside the EU/EEA in accordance with the Applicable Law.
6. HOW LONG WE KEEP YOUR PERSONAL DATA
7. WHO WE SHARE YOUR PERSONAL DATA WITH
We may disclose your personal data to:
- Third parties such as tax authorities, corporate registries, banks, also including service providers that We work with in the course of the legal services We provide, such as foreign legal advisors for obtaining foreign legal advice, translators, court bailiffs, couriers, mediators, financial & technical experts, and other necessary servicers
- Courts, law enforcement and other public authorities, government officials or attorneys or other parties, where it is reasonably necessary for the establishment, exercise or defense of a legal claim, for the provision of Our legal services, for the purposes of alternative dispute resolution process or upon request
- Third parties who provide services to Us, such as IT systems or software providers, IT Support service providers, document and information storage providers, postal or courier providers who assist Us
- We may, for strategic or other business reasons, decide to sell or transfer all or part of Our business. As part of that sale or transfer, We may pass information we have collected and stored, including customer information, to anyone involved in the sale or transfer.
8. YOUR RIGHTS
Under the applicable legislation you have the following rights:
- The right of access: You have the right to request a copy of the personal data We hold on you as well as information about how it is used.
- The right to rectification: You have the right to request the correction of the personal data We hold on you if it is incorrect or incomplete.
- The right to erasure: This right entitles you to require the erasure of your personal data from Our systems and records. However, this right applies only in certain circumstances (e.g. when We no longer need your personal data for the purpose for which it was collected or when you withdraw your consent to the use of your personal data and there is no other legal basis for Us to continue to use it).
- The right to restrict processing: This right entitles you to restrict the processing of your personal data by Us. When this right is exercised, We are still permitted to store and use your personal data but only for the purposes you still allow. Any other use of the data is prohibited.
- The right to object to processing: You have the right to object to the use of your personal data in certain circumstances. However, We may continue to use your personal data, despite your objection, where there are compelling legitimate grounds to do so or We need to use your personal data in connection with any legal claims.
- The right to data portability: This right allows you to obtain your personal data in a format that enables you to transfer that personal data to another organisation where the organisation is processing your personal data on the basis of consent or on the fulfilment of a contract and if processing is carried out by automated means. You have the right to have your personal data transferred by Us directly to the other organisation, if this is technically feasible.
- The right to withdraw consent: To the extent that processing requires your consent, you may withdraw that consent at any time. However, the withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal.
If you believe that the processing of your personal data described above, is unlawful, you may also file a complaint with the Greek Data Protection Authority (1-3 Kifissias street, Postal Code 11523 Athens, Telephone: +30 2106475600, E-mail: email@example.com).
We are committed to keeping the personal information provided to Us secure. To this effect We have implemented appropriate information security policies, rules, technical and organizational measures to protect the integrity, confidentiality, transparency and accessibility of the personal information We have in Our possession against unauthorized access, misuse, disclosure, unauthorized modification, unlawful destruction or accidental loss.
No information system can however be 100% secure, therefore We cannot guarantee the total security of your information. In addition We cannot guarantee or be held liable for the security of the information transmitted to Us by other networks (internet, wireless networks etc.).
All Our professional advisers, employees and data processors (i.e. those who process your personal information on Our behalf, for the purposes listed above), who have access to, and are associated with the processing of personal information, are obliged to respect the confidentiality of such personal information.
10. LINKS TO OTHER WEBSITES AND SOCIAL MEDIA
Our Website may, from time to time, contain links to and from the websites of Our partner networks, and advertisers. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that We do not bare any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.
12. HOW TO CONTACT US