ppl privacy notice

Preamble

At Papanikolopoulou & Partners Law (ppl) we are committed to lawfully processing and protecting personal data of our clients, employees, and third parties with whom we interact. As a law firm, the confidentiality and security of your information is our top priority. We only collect and process personal data which is necessary for the services we provide and ensure that it is treated with the utmost care and diligence. We adhere to the principles of transparency, fairness, and accountability in our data practices, and we maintain robust security measures to protect your personal information and, to this end, we apply all appropriate organisational and technical measures.

This Privacy Notice outlines how we collect, use, store, and safeguard your personal data in compliance with the EU General Data Protection Regulation (GDPR) and applicable Greek laws.

We will amend this Privacy notice from time to time, in order to reflect changes to our processing or recent legal development; therefore, we encourage you to periodically check our website for any amendments.

By contracting our services, interacting with us, or browsing our website, you acknowledge the terms set forth in this Privacy Notice.

Data controller

Papanikolopoulou & Partners Law (ppl). ppl is a law firm established under law 4194/2013 and registered in Athens Bar Association with no.81023 with offices at Green Plaza, Agiou Konstantinou 59-61, Maroussi 15124, Attica, Greece. 

Types of personal data collected and their sources

When providing or marketing our services or interacting with you, or when you browse our website, we may gather personal data. We collect data directly from you or your authorized representatives, from third parties within the course of our activities, as well as from publicly available sources, such as LinkedIn, the internet and the press. 

Such personal data may include: 

  1. Basic personal details, such as your name (including title or salutation), surname, ID or passport number, the company you are associated with, your job title or role; 
  2. Contact details, including your mailing address, email, and phone number(s); 
  3. Financial data, such as your tax id, invoicing and payment-related details; 
  4. Professional background, education and experience data, when you provide us with your CV. 
  5. Personal information, which may include personal data of special categories such as criminal records, health data etc. collected within the course of the provision of our services and referring mainly to our clients’ representatives or employees;
  6. Technical data: information derived from your browsing our website: IP address, device, browser and other information collected via cookies and other tracking tools.
  7. Any other information you or a third party have shared with us within the context of the provision of our services.
Purposes of processing

We process your personal data, only to the extent each time required, in the course of and in connection with the provision of our services and, in particular, in order to: 

  1. Provide, enhance and promote our services; 
  2. Comply with our legal obligations, including performing AML controls; 
  3. Manage our business activities; 
  4. Recruit lawyers and employes;
  5. Monitor implementation of our internal policies and procedures, such as client acceptance, risk management, conflict checks etc.; 
  6. Provide and optimize our website, prevent cyber security attacks and investigate any related incident;
  7. Foster professional relationships with clients, prospective clients and peers; 
  8. Establish and defend our legal claims; 
  9. Protect third parties including our lawyers, employees and vendors.
Legal basis for processing

We process personal data where:

  1. Processing is necessary for the performance of a contract to which you are a party or in order to take steps at your request prior to entering into a contract;
  2. Processing is necessary for us in order to be compliant with our legal obligations;
  3. Processing is necessary for the purposes of our legitimate interests, such as the provision of our services, the management and growth of our business, as well as the establishment, exercise and defense of our legal claims;
  4. Processing is necessary for the legitimate interests of our clients, including their representation or defense in legal cases;
  5. You have given your consent to the processing for one or more specific purposes; we note that you can withdraw your consent at any time; accordingly, where processing is exclusively based on your consent, upon withdrawal of such consent, we will stop processing for the future.
Potential recipients of personal data

Potential recipients of your personal data processed by ppl may be ppl lawyers, our designated employees, and vendors providing services to us (such as IT, advisors, translators, Trusted Parties Network partners). Such vendors are bound either by statutory or by contractual confidentiality obligation, irrespective of whether GDPR directly applies to them. Additionally, we may share your personal data with your counterparties in a transaction as necessary for the provision of our services. Finally, where mandatory, your personal data may be shared with public/ independent authorities or regulatory bodies.

Retention period

We will retain your personal data for as long as you interact with us. Following the end of our relationship, we will retain personal data for as long is necessary, depending on the purpose of processing. Such time period is based on the requirements of the GDPR and other applicable laws, taking also into account mandatory minimum periods, best practices and processing purposes. Retention period will not exceed twenty years, unless a legal proceeding is still pending.

Automated decision making

We don’t make decisions solely based on profiling without any human intervention. We may use profiling in order to promote our services to specific clients.

Transfer to third countries

We may store or transfer your personal data to third countries, outside the European Union or the European Economic Area, including transferring your personal data to countries without the same level of protection for personal data. Such storage may derive from our use of cloud services. The transfer will most probably occur via professional email when responding to you on a request, or within the course of the provision of our services, as may be required within a specific project, in case several of the recipients are based in third countries. In each case we will ensure that transfer is compliant with applicable laws.

Protection of personal data

We are committed to protecting your personal data and we implement all necessary technical and organisational measures to ensure that it is protected against unauthorised access, use, disclosure, alteration or destruction. We have adopted and implemented information security policy, which includes best practices such as the use of passwords and access control together with up-to-date security arrangements.

Your rights regarding your personal data

Pursuant to GDPR and applicable Greek laws you have the following rights:

  • Right of Access: You have the right to request access to the personal data we hold about you. Right to Rectification: If any of the personal data we hold about you is inaccurate or incomplete, you have the right to request corrections.
  • Right to Erasure (“Right to be Forgotten”): You have the right to request that we delete your personal data, subject to certain conditions set by GDPR.
  • Right to Restrict Processing: You may request that we limit the processing of your personal data in specific situations.
  • Right to Data Portability: You can request to receive your personal data in a structured, commonly used format and have the right to transfer that data to another controller.
  • Right to Object: You have the right to object to the processing of your personal data, especially where we are processing it based on legitimate interests or for direct marketing purposes.
  • Right to Withdraw Consent: If we process your personal data based on your consent, you can withdraw your consent at any time; withdrawal will not affect the lawfulness of processing before your withdrawal.

 

In order to exercise any of your rights above, you may send an email to ppl@ppl.law. We will respond and accommodate your request to the extent possible.

  • Right to Lodge a Complaint: If you believe that our processing of your personal data violates GDPR, you have the right to file a complaint with the Hellenic Data Protection Agency, as indicated in its website