Privacy Policy

Last Updated: August 2023

1. General

In the context of this Privacy Policy the terms ”KIORTSIS & ASSOCIATES LAW OFFICES”, “Law Offices”, “we” “us”, refer to the entity under the name KIORTSIS & ASSOCIATES LAW OFFICES. This Privacy Policy explains the way our Law Offices collect, process and share personal data when you visit our website or when we provide our services to you.

2. Data controller

The contact data of our office, as data controller, is as follows:

Kiortsis & Associates Law Offices
136, Solonos Str.
106 77 Athens
Greece
E-mail: info@kiortsis.gr
Tel.: 0030.210.3802401

3. When do we collect data?

With this Privacy Policy we inform you of the purposes for which and how we collect and process your personal data, when you

– visit our website,

– seek legal advice from us,

– are already one of our clients, while providing services to you or for invoicing purposes,

– provide services to us,

– apply for a job with us,

– your data is provided to us by a third party because you are the subject of the legal advice or you are included in the legal advice we are asked to provide to a third party,

– correspond with us by phone, email or other electronic means, or in writing, or when you provide other information directly to us, including in conversation with our lawyers, consultants and staff,

– attend our seminars or other events or sign up to receive personal data from us such as newsletters, including training,
– give us, in your function as a Client’s representative, your consent to mention the Client as a reference on our website or to name the Client as a reference and yourself as a so-called “referee” for an attorneys-ranking,

– when we receive documents, requests, orders, petitions, warrants, calls etc. from third parties (natural or legal persons), such as supervisors, prosecutors, customs authorities and supervisory authorities, courts, tax authorities, in order to investigate crimes and protect you against fraud or other forms of crime and any infringement of legally protected rights and interests.

Although this Privacy Policy applies to any processing data performed by us and on our behalf in the frame of our professional activities, we are not in any way responsible for any separate and further processing that might take place, either when we share your data (after you have been informed accordingly) directly or indirectly with third parties in the course of litigation or meditation proceedings, negotiations or discussions on your behalf or when you access a link that directs to a third-party website that may be found on our website.

4. Which type of personal data do we collect and how do we process the personal data?

In general, we will not share your personal data with any third party unless this is required for the carrying out of the instructions, we have received from you.

If you choose to entrust us with your legal representation, in the process of providing services to you, you will disclose personal data that concern yourself, your employees, or other parties, which we will need to process in order to provide you the requested legal services.

Further, we process certain data of visitors of our website in order to ensure its security and operation as well as to improve our website which safeguards our legitimate interests (Article 6 (1) lit f) GDPR). For these purposes, the following data are collected and saved on our website: anonymized, shortened IP-address, country, date, time and length of the website access including the individual sites visited along with your respective times entered and exited, browser type and operating system. This data does not enable personal identification of our website visitors.

Incidentally, you may completely eliminate the use of cookies – if you would like to do so, please consult your browser manual.

In order to be able to fulfil the abovementioned purposes, we work together with service providers, who process your personal data on our behalf and for our purposes – but not for their own purposes.
Especially, we process your data as follows:

– If you send us a request either via telephone, per mail, email or fax, we process the contact data you have made available to us, such as your name and surname, your email address, your position at the requesting company, your address, respectively the address of the requesting company, in order to answer your request and in order to take steps at your request prior to entering into a contract (Article 6 (1) lit b) GDPR).

– If you have given us a mandate, we process your personal data, such as your name and surname, your email address, your position at the mandating company, your address, respectively the address of the company that is our client as well as your account and payment information, respectively the company’s account and payment information, in order to carry out pre-contractual measures or in order to fulfil our contractual obligations from the client relationship (Article 6 (1) lit b GDPR) as well as to fulfil our legal and professional obligations (Article 6 (1) lit c GDPR).

– If you supply us with goods and/or services, or are otherwise our business partner, without being one of our Clients’, we process your personal data, such as your name and surname, your email address, your position with the relevant company, your address, respectively the address of the company that is our supplier/business partner, as well as the company’s account and payment information in order to carry out pre-contractual or contractual measures.

– If you have given us your consent that we may keep your application on file, we process the abovementioned data for the purposes of our records. In this case, we base this on your consent to be kept on file (Article 6 (1) lit a GDPR), which you may withdraw at any time by sending us a relevant email.

– If you are an addressee of our Client’s claims, an opposing party of our Client in a proceeding, an Intervener on our Client’s side or if you are otherwise involved on the same side as our Client, e.g. as our Client’s joint litigant, we process your personal data, such as your name and surname, your email address, your position in the company you are working for, your address or the address of the company acting in such a role in order to fulfil our legal obligations (Article 6 (1) lit c GDPR) as well as in order to safeguard our legitimate interests in duly fulfilling our mandate (Article 6 (1) lit f) GDPR).

– If you apply for a position as an employee at our Law Office, we process the personal data which you provide us with in your CV, such as your academic title, your name and surname, your email address, your address as well as your career history in order to carry out pre-contractual measures, e.g. to initiate an employment or substitution agreement (Article 6 (1) b GDPR).

– If you give us your consent to be named as reference, we may process the name of the client on our website. If you grant us your consent to be named for the corresponding reference ranking of lawyers (e.g. WTR 1000, IAM 1000, Legal 500, Global Law Experts, etc), we may process your data to the Ranking provider. You may withdraw your consent in this regard at any time by sending us a relevant email. Insofar as the corresponding Ranking provider does not have its seat within the EU, we base our transfer on an adequacy decision pursuant to Article 45 (3) GDPR.

Please note that, if you do not provide us with the relevant personal data, might not be able to enter into a contractual relationship with you.

5. Which are the principles of collection and processing?

Our Law Offices and its trained personnel apply the following GDPR Processing Principles EU 2016/679:

1) Lawfulness, fairness and transparency. According to this principle, personal data are being processed lawfully and fairly, in a transparent manner.

2) Purpose limitation. According to this principle, personal data are being collected and processed for specific, clearly identified and lawful purposes.

3) Data minimization. According to this principle, the personal data must adequate, necessary and sufficient to properly fulfil the Offices’ stated purposes.

4) Accuracy. According to this principle, personal data held by our Offices must be accurate and up-to-date. Inaccurate data shall be corrected or deleted.

5) Confidentiality and Integrity. According to this principle, processing is conducted in a way which protects personal data from unlawful processing, loss, destruction or alteration.

6) Storage time limitation. According to this principle, our Offices hold personal data in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.

7) Accountability of the responsible for the processing. According to this principle, the controller is responsible for complying with the Regulation and bears the burden of proof before judicial and supervisory authorities.

6. Do we share your personal data with others?

In general, we will not share your personal data with any third party unless this is required for the carrying out of the instructions, we have received from you.

However, we might share your personal data with public bodies and authorities, regulatory authorities and governmental agencies, to the extent this is permitted by you, or this is required by the applicable legislation and not forbidden by our professional obligations. In such circumstances, we shall make all reasonable efforts to notify you beforehand, unless prior notice is prohibited by the applicable legislation, or if this is not possible or justified under the applicable circumstances.

If we use third parties in order to process your personal data on our behalf, we conduct prior due-diligence in order to ensure that they have already taken the appropriate technical and organizational measures to protect your personal data.

Each of our third-party providers that processes your personal data on our behalf, does so only for the same purposes for which we are allowed to process your personal data. The processing is conducted exclusively, in accordance with our instructions.

7. Do we transfer your data to countries outside EU?

If you are a visitor of our website, we will not transfer any of your personal data, outside the European Economic Area, therefore outside of the European Union, Norway, Iceland or Lichtenstein.

For clients or third parties involved in legal proceedings, your personal data might be transferred outside the EEA if this is necessary for the protection of our clients’ rights.

8. Protection of your personal data

We keep your personal data up to date and safe. We use reasonable technical and physical measures in order to prevent your personal data from unauthorized disclosure, use, destruction, accidental loss, etc. We make every reasonable effort to maintain the accuracy and completeness of your personal data. Should they change, please let us know.

9. Targeted Marketing

We do not use automated tools to track and evaluate your profile and your preferences in order to serve ads or send you personalized offers. In addition, we do not share your personal information with third parties who want to direct advertisement to you, unless you have explicitly consented to them.

10. Unsolicited commercial communication

Our Law Offices do not allow the transmission of bulk or spam commercial emails. In addition, we do not allow the sending of messages to and from our clients that use or contain invalid or fake headers, invalid or inaccurate domain names, techniques that conceal the origin of each message, false or misleading information or which otherwise violate the terms of use of our website. We do not allow the collection of emails or general information of our clients through our website or our services in any way. We do not allow or authorize any attempt to use our services in a way that could harm, render unavailable, overburden any part of our services or which could prevent anyone wishing to use our Services from doing so.

11. How long do we keep your personal data?

We generally store your personal data only for as long as it is necessary for the fulfilment of the respective purpose for which your personal data was collected. This includes satisfying any legal, accounting, or reporting requirements and, where legal claims are involved, until the end of the relevant retention period.

If we collected the data due to your consent, we will stop processing your data, once this consent is revoked or not valid anymore. However, in specific cases it is necessary to retain your personal data for a longer period, if this is required due to a legitimate interest or if we have to retain the data to comply with legal requirements.

12. Your rights

Based on Data Protection laws, you have the following rights:
– the right to withdraw your consent (if the processing of your personal data is based on your consent, you have the right to withdraw this at any time).

– the right of access to your data (you are entitled to know whether we process any personal data of yours, where we store them, what kind of data we keep, for which purpose, for which time period we keep them, etc.).

– the right to information (you are entitled to be informed whether we process any personal data of yours, where we store them, what kind of data we keep, for which purpose, for which time period we keep them, etc.).

– the right to rectification (you have the right to ask the rectification of inaccurate personal data or the completion of incomplete data).

– the right to delete the data (you have the right to ask us to delete your personal data).

– the right to restriction of processing (you have the right to ask us, where legislation provides for this, to restrict the data processing).

– the right to data portability (you have the right to receive the personal data in a structured, commonly used and machine-readable format).

– the right to object (you can ask us to object to the processing of your personal data, where legislation provides for such a right).

– the right not to be subject to a decision based solely on automatic means (you may ask that the use of data is handled by human intervention, and you may express your opinion).

Data processing may be subject to legal privilege or may be necessary for defending legal rights. The exercise of your above-mentioned rights might therefore be restricted by law. Furthermore, your above rights, and especially the right of access, the right to information, the right to erasure and the right to data portability might not be satisfied if this is in contrast to regulatory obligation or if this involves a disproportionate effort.

13. Who do I contact?

In case you would like to exercise one of the aforementioned rights, please contact us by mail, email or telefax:

Kiortsis & Associates Law Offices
136, Solonos Str.
106 77 Athens
Greece
E-mail: info@kiortsis.gr
Tel. & Fax: 0030.210.3802401

In order for us to verify the data subject and to enable us to satisfy the right in question, we will need to check your entitlement. We therefore might ask for further information such as:

– Proof of identity (copy of ID card or passport).

– if you are acting as an authorized agent, proof of authorization.

– Detailed information related to your request.

14. Complaint with the Hellenic Data Protection Authority

In case you wish to file a complaint to the authorities, you have the right to contact the Hellenic Data Protection Authority (www.dpa.gr).

15. Amendments to the Privacy Policy

This Privacy Policy shall be in effect as of the date declared at its beginning. We reserve the right to update and change this Notice from time to time in order to reflect any changes to the way in which we process your personal data or changing legal requirements. Any changes we may make to our Notice in the future will be posted on this page and, where appropriate, notified to you by email.

Scroll to Top