ARTICLE 1 – Aim of the personal data protection policy
ARTICLE 2 - Definitions
For the purposes herein, the following concepts shall be understood as following:
"Personal data": any information relating to an identified or identifiable person ("data subject"); an identifiable person is one whose identity can be ascertained, directly or indirectly, in particular by reference to an identifier such as name, ID number, location data, online identifier or one or more factors that characterize the physical, physiological, genetic, psychological, economic, cultural or social identity of the said person.
"Special categories of personal data": personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the purpose of unambiguous identification of a person, data relating to health or data relating to a person's sex life or sexual orientation.
"Processing": any operation or series of operations carried out with or without the use of automated means, on personal data or sets of personal data, such as collection, registration, organization, structuring, storage, adaptation or alteration, retrieval, information retrieval, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, deletion or destruction.
"Pseudonymisation": the processing of personal data in such a way that the data can no longer be attributed to a specific data subject without the use of additional information, provided that such additional information is kept separate and is subject to technical and organizational measures to ensure that they cannot be attributed to an identified or identifiable person.
"Controller": an individual or legal entity, public authority, agency or other entity that, separately or jointly with others, determines the purposes and manner of processing personal data; when the purposes and manner of such processing are determined by the Union law or the law of a Member State, the controller or the specific criteria for his/her appointment may be provided for by the Union law or the law of the Member State.
"Processor": an individual or legal entity, public authority, agency or other entity that processes personal data on behalf of the controller.
"Consent" of the data subject: any indication of will, free, specific, explicit and fully informed, by which the data subject declares its agreement, by statement or by a clear positive action, that its personal data will be subject of processing.
"Personal Data Breach": the breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access of personal data transmitted, stored or otherwise processed.
"Health-related data": Personal data related to the physical or mental health of an individual, including the provision of health care services, which disclose information about the state of its health.
"Applicable legislative framework": the provisions of the currently applicable Greek and EU legislation for the protection of personal data, which govern the operation of our Firm. Indicatively, Law 4624/2019, Regulation (EU) 2016/679, Law 3471/2006, Directive 2002/58/EC, Law 4194/2013, P.D. 81/2005.
ARTICLE 3 - General Principles of Personal Data Processing
Our Firm adheres to the following principles when processing personal data:
1. The principles of legality, objectivity and transparency. According to these principles, personal data are processed lawfully and legitimately in a transparent manner in relation to the data subject.
2. The principle of limiting the purpose of processing. According to this principle, personal data are collected for specified, explicit and legitimate purposes and are not further processed in a manner incompatible with these purposes.
3. The principle of data minimization. According to this principle, personal data are appropriate, relevant and limited to what is necessary for the purposes for which they are processed.
4. The principle of accuracy. According to this principle, personal data are accurate and, when necessary, updated. Furthermore, all reasonable measures are taken to immediately delete or correct personal data that is inaccurate, in relation to the purposes of the processing.
5. The principle of limiting the storage period. According to this principle, personal data are kept in a form that allows the identification of the data subjects only for the period required for the purposes of the processing.
6. The principles of integrity and confidentiality. Personal data are processed in a way that guarantees their appropriate security, including their protection against unauthorized or illegal processing and accidental loss, destruction or damage, using appropriate technical or organizational measures.
ARTICLE 4 - Collected data
Οι πληροφορίες που συλλέγονται περιλαμβάνουν ονοματεπώνυμο, πατρώνυμο, μητρώνυμο, έτος γέννησης, τόπο γέννησης, φύλο, υπηκοότητα, διεύθυνση κατοικίας, κατάστημα εργασίας, ηλεκτρονική διεύθυνση, αριθμό σταθερού ή και κινητού τηλεφώνου και τηλεομοιοτυπίας, Αριθμό Δελτίου Ταυτότητας (ΑΔΤ), Αριθμό Φορολογικού Μητρώου (ΑΦΜ), Αριθμό Επαγγελματικού Μητρώου (εφόσον υφίσταται), ΑΜΚΑ και λοιπές πληροφορίες μητρώων ασφαλιστικών ταμείων, αριθμό τραπεζικού λογαριασμού ή/και στοιχεία πιστωτικών/χρεωστικών καρτών τραπέζης, δεδομένα που αφορούν στην οικογενειακή κατάσταση, στοιχεία εκπαίδευσης και επαγγελματικής κατάρτισης.
ARTICLE 5 - Special Categories of Personal Data
In accordance with the current legislation, the Company may collect and process personal data of minors, following the express consent of the minor, as long as he has reached the age of 15, otherwise his legal representative. In the event that the above information is provided by a third party, the processing of personal data is permitted as long as it is necessary for the purposes of the legal interests pursued by the Company or its principal.
ARTICLE 6 - Data of minors
In accordance with the current legislation, the Firm may collect and process personal data of minors, following the express consent of the minor, as long as it has reached the age of 15, otherwise its legal representative. In case the above information is provided by a third party, the processing of personal data is permitted as long as it is necessary for the purposes of the legal interests pursued by the Firm or its client.
ARTICLE 7 - Lawful bases of processing
The processing of personal data made available to our Firm takes place:
1. Upon the client's legal consent.
2. When the processing is necessary for the performance of a contract.
3. For the purposes of the legitimate interests pursued by the Firm or its client.
4. For the Firm's compliance with its legal obligation.
In particular, in cases of special categories of personal data (sensitive personal data), the processing takes place:
1. Upon the client's legal consent.
2. As long as it is necessary for the establishment, exercise or support of legal claims.
ARTICLE 8 - Cookies - Disclaimer for Third Party Websites
Our Firm, in addition to the cookies necessary for the operation of www.psarakislegal.com website, also uses the ones mentioned in our respective Cookies policy for the continuous improvement of the website visitor's experience.
ARTICLE 9 - Purposes of Processing
Our Firm may collect and process personal data for the following purposes:
1. To fulfill the Firm's contractual obligations.
For the representation and defense of its clients before Courts and Authorities and the general provision of legal services. Furthermore, the Firm, in the context of fulfilling its employer obligations, collects and processes personal data of its employees, while at the same time, it collects and processes personal data of its associates in general in the context of the business relationships it develops.
n case of sending proposals for cooperation, the Firm processes the sent personal data for the purpose of evaluating the qualifications of the candidate associates. The legal basis of the processing is the consent of the applicant. The data is kept for the reasonable period of one year, to inform the applicant in the event of a new associate's position being offered. In any case, the subject has the right to request the immediate deletion of his personal data.
ARTICLE 10 - Transmission to Third Parties
The Firm may transmit the above data to third parties in the cases provided for by the current legislative framework as its obligation. In these cases, it must adequately inform the data subjects before proceeding with said transmission.
The Firm does not transmit personal data to countries outside the European Union.
ARTICLE 11 - Subscribe to newsletters
If a data subject subscribes to our Firms's newsletter, its email address will be used exclusively for this purpose and will not be shared with third parties. At any time, the data subject can choose to have it deleted. The subscription in our newsletter is valid for the calendar year of the subject's registration and for the following. Of course, the data subject will have the possibility to choose the renewal of its subscription in our newsletter. If it does not choose to renew the subscription, its email address will be deleted from our newsletter.
These data are never disclosed to third parties. The recipient of the newsletters (Newsletters) can be deleted from the mailing list by using the Unsubscribe/Delete option.
ARTICLE 12 - Data Retention Period
The personal data we collect in the context of our activity are kept for the period of time necessary to process the assignment and as long as we have not received a request from the data subject to delete them . After completing the assignment, they are kept in the form of a file only with the legal consent of the client. In any case, data can be kept for as long as required by current legislation(e.g. tax legislation).
ARTICLE 13 - Rights of Personal Data Subjects
Data subjects may at any time exercise their rights provided by applicable legislation regarding the collection and processing of personal data. These rights are as follows:
1. The Right of Access to data.
2. The Right to correct data.
3. The Right to delete data.
4. The Right to restrict data processing.
5. The Right to Data Portability.
6. The right to object to data processing.
In case it is provided for by the applicable legislation, our Firm may refuse to satisfy in whole or in part the data subject's request, related to his personal data.
The rights can be exercised in person, by post to the address of the Firms's headquarters (2 Lykavittou street, PC 10671, Athens), as well as by e-mail to email@example.com. The data subject is identified with a public document (photocopy or attached to the e-mail message) from which the identity of the person is derived (indicatively: police ID, passport, driver's license).
Our Firm undertakes to respond within a reasonable period of one month from the receipt of the request and the identification of the data subject. If the satisfaction of the request, due to its nature, requires more time or there is a large number of requests, our Firm will inform the data subject with reasons for the delay within one month of receiving the request.
If the request is made by electronic means, the information shall be provided, if possible, by electronic means, unless the data subject requests a different way of information.
If the data subject's request is groundless or excessive/abusive, in particular due to its repetitive nature, our Firm reserves the right to make its satisfaction conditional on the payment of a reasonable fee or to refuse to respond to the request, in accordance with General Data Protection Regulation and the applicable legislation.
In addition, if the data subject considers that there is a violation of its personal data, it has the right to contact the Personal Data Protection Authority (DPA) (www.dpa.gr).
The processing of personal data is carried out in a way that ensures its privacy. Our Firm uses the appropriate technical and organizational security measures and rules to protect the personal data of the data subject from any unauthorized access, disclosure, loss or accidental/unlawful destruction and any other form of unlawful processing.
ARTICLE 14 - Civil Protection Updates
Our Firm may modify this Personal Data Protection Policy without prior notification.
Issue: March 2021