Privacy Policy

Privacy Policy

Date: 3 March 2022

THESIS Law Firm, is a law firm incorporated in Greece, pursuant to Greek legislation and registered under Athens Bar Association number 80331. The head office is located at 4 Sekeri Street, Athens 10674 (hereinafter referred to as “We” or “Us” or “Our”).

THESIS Law Firm is highly committed to preserving the privacy and protecting any personal data that you may provide to Us, as well as the information We collect while operating Our business.

We provide this Privacy Policy to help you understand what We do with any personal data that We obtain from you. As defined by the applicable law, personal data is information about an identified or identifiable individual (data subject), such as name, e-mail address and telephone number etc. Please read the following carefully in order to understand Our views and practices regarding your personal data and how We will treat it in order to make informed decisions. 

Pursuant to the applicable data protection law, meaning the General Data Protection Regulation (EU) 2016/679 (GDPR), Greek Law 4624/2019 for the implementation of the GDPR, Greek Law 2472/1997 and Greek Law ν. 3471/2006 for the incorporation of the Directive 2002/58/EC (E-Privacy Directive), as amended and in force, your data will be controlled by THESIS Law Firm (data controller).

Please check this page regularly to review any changes We might make to this Privacy Policy.



In order to provide Our legal services, always committed to the confidentiality and trust in the relationship with Our clients, We collect and process the following personal data:

  • Personal details, such as your name, the company you work for, your title or position and other contact information
  • Contact information, such as your postal address, your e-mail address and phone number
  • Financial data, such as credit/debit card numbers, bank account information, and other invoicing and payment related information
  • Identification and background information provided by you or collected as part of Our business acceptance processes
  • Personal data of other people: If you provide information to Us about any person other than yourself, your employees, counterparties, your advisers or your suppliers, you must ensure that they have been made aware of how their personal data will be used by Us, and that they have given their consent to you to disclose it to Us and to allow Us to use it
  • Personal data provided to Us by or on behalf of Our clients or generated by Us in the course or providing services to them, which may include special categories of data
  • Any other personal information you choose to give Us when you interact with Us
  • We may collect information about you when you interact with Us through social media
  • In case you apply for a position in THESIS Law Firm, the personal data We collect is limited to your name and job title, contact information and your curriculum vitae and any other information relevant to the potential recruitment that you agree to provide to Us. In case the recruitment doesn’t proceed, all the aforementioned personal data is deleted, unless you provide explicit consent to do otherwise.



The ways We collect personal data include the following:

  • Directly from you or your organisation: in the course of acceptance processes and the provision of legal services and advice to you or your organisation, when you or your organisation provide services to Us, when you communicate with Us by phone, mail, email or otherwise
  • By third parties: for instance when you are the subject of, or your data is otherwise included in, legal advice We are asked to provide to that third party client
  • Using publically available sources such as business registries.



We use your personal data for the following purposes:

  • For the performance of contractual obligations or in order to take steps at the request of the data subject prior to entering into a contract:
  1. a) To register you as Our client
  2. b) To provide and administer legal services to you or your organisation
  3. c) To process invoicing, payments and other monetary transactions
  4. d) To process employment applications and for recruitment purposes. When your personal data is shared with Us for recruitment purposes, We will only use this personal data in order to contact you regarding the recruitment and other opportunities which you may have requested. If you apply for a position at THESIS Law Firm, your personal data will be processed in accordance with Our recruitment privacy notice which can be obtained by contacting Us at
  • To conduct Our business and to pursue Our legitimate interests, in particular:
  1. a) To provide legal advice and services to Our clients
  2. b) To administer and monitor Our relationship, including business acceptance, conflict checks, accounting, auditing purposes, as well as confirming legal representation of Our counter parties
  3. c) To exercise or defend Our legal rights and Our clients’ legal rights or to comply with court orders
  4. d) To protect the security of Our communications and other systems and to prevent and detect security threats, frauds or other criminal or malicious activities
  5. e) To provide this website
  • For purposes required by law, including maintaining records, compliance checks or screening (e.g. anti-money laundering).



We process your personal data on the following bases:

  • On the basis of the provision of legal services and advice to Our clients, as well as supporting legal claims and representation of Our clients
  • On the basis of Our legitimate interests related to the operation of Our business such as maintaining Our accounts, records, billing etc.
  • For the performance of contractual obligations
  • To comply with legal and regulatory obligations.

We process special categories of personal data: 

  • For the exercise or defense of legal claims 
  • Based on your consent
  • For employment and social security law related purposes 
  • If the process is necessary for the protection of vital interests and the data subject is physically or legally uncapable to provide consent
  • If the process refers to personal data which have obviously been published by the data subject 
  • For reasons connected with a statutory provision for reasons of public interest.



The personal data that We collect about you shall not be transferred to and stored at a destination outside the European Economic Area (“EEA”). All information you provide to Us is stored on Our secure servers within the European Union (EU). In case your personal data is necessary to be transferred to entities or individuals in a third country, this will be done in compliance with the special requirements on transfers of personal data to countries outside the EU/EEA in accordance with the Applicable Law.



We retain personal data for the period of time necessary to fulfill the purposes, that it was collected for as outlined in this Privacy Policy, including the purposes of satisfying any legal, accounting, or reporting requirements and, when required by Us to assert or defend against legal claims, until the end of the relevant retention period or until the claims in question have been settled. 



We may disclose your personal data to:

  • Third parties such as tax authorities, corporate registries, banks, also including service providers that We work with in the course of the legal services We provide, such as foreign legal advisors for obtaining foreign legal advice, translators, court bailiffs, couriers, mediators, financial & technical experts, and other necessary servicers
  • Courts, law enforcement and other public authorities, government officials or attorneys or other parties, where it is reasonably necessary for the establishment, exercise or defense of a legal claim, for the provision of Our legal services, for the purposes of alternative dispute resolution process or upon request
  • Third parties who provide services to Us, such as IT systems or software providers, IT Support service providers, document and information storage providers, postal or courier providers who assist Us
  • We may, for strategic or other business reasons, decide to sell or transfer all or part of Our business.  As part of that sale or transfer, We may pass information we have collected and stored, including customer information, to anyone involved in the sale or transfer. 



Under the applicable legislation you have the following rights:

  • The right of access: You have the right to request a copy of the personal data We hold on you as well as information about how it is used.
  • The right to rectification: You have the right to request the correction of the personal data We hold on you if it is incorrect or incomplete.
  • The right to erasure: This right entitles you to require the erasure of your personal data from Our systems and records. However, this right applies only in certain circumstances (e.g. when We no longer need your personal data for the purpose for which it was collected or when you withdraw your consent to the use of your personal data and there is no other legal basis for Us to continue to use it).
  • The right to restrict processing: This right entitles you to restrict the processing of your personal data by Us. When this right is exercised, We are still permitted to store and use your personal data but only for the purposes you still allow. Any other use of the data is prohibited. 
  • The right to object to processing: You have the right to object to the use of your personal data in certain circumstances. However, We may continue to use your personal data, despite your objection, where there are compelling legitimate grounds to do so or We need to use your personal data in connection with any legal claims.
  • The right to data portability: This right allows you to obtain your personal data in a format that enables you to transfer that personal data to another organisation where the organisation is processing your personal data on the basis of consent or on the fulfilment of a contract and if processing is carried out by automated means. You have the right to have your personal data transferred by Us directly to the other organisation, if this is technically feasible.
  • The right to withdraw consent: To the extent that processing requires your consent, you may withdraw that consent at any time. However, the withdrawal of your consent will not affect the lawfulness of processing based on consent before its withdrawal.

If you would like to exercise your rights above or if you have any questions or concerns about Our Privacy Policy please contact Us at the following email:

If you believe that the processing of your personal data described above, is unlawful, you may also file a complaint with the Greek Data Protection Authority (1-3 Kifissias street, Postal Code 11523 Athens, Telephone: +30 2106475600, E-mail: 



We are committed to keeping the personal information provided to Us secure. To this effect We have implemented appropriate information security policies, rules, technical and organizational measures to protect the integrity, confidentiality, transparency and accessibility of the personal information We have in Our possession against unauthorized access, misuse, disclosure, unauthorized modification, unlawful destruction or accidental loss.

No information system can however be 100% secure, therefore We cannot guarantee the total security of your information. In addition We cannot guarantee or be held liable for the security of the information transmitted to Us by other networks (internet, wireless networks etc.).

All Our professional advisers, employees and data processors (i.e. those who process your personal information on Our behalf, for the purposes listed above), who have access to, and are associated with the processing of personal information, are obliged to respect the confidentiality of such personal information.



Our Website may, from time to time, contain links to and from the websites of Our partner networks, and advertisers. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that We do not bare any responsibility or liability for these policies. Please check these policies before you submit any personal data to these websites.



This Privacy Policy is in effect as of the date noted at the top of this Policy. We may change this Privacy Policy from time to time. When We do, We will post the revised version here and change the “last updated date” (the date it applies from) at the top of the statement. Please check the page here regularly for the most up-to-date version of the statement.

Any changes We may make to Our Privacy Policy in the future will be posted on this page.



If you want to contact Us about this Privacy Policy as well as for the exercise of your rights, you can reach Us at the following email: