1. Purpose of this Policy
AVK Legal is an IP and TMT law practice owned by Alexandros V. Koliothomas, Attorney at Law with Athens Bar Association registration number 26667, whose address is 17 Grammou Str., 152 35 Athens, Greece.
AVK Legal is the controller and responsible for your personal data.
3. Contact Details
4. The data we collect about you
We may collect personal data from you in the course of our business, including through your use of our Site, when you contact or request information from us, when you engage our legal services.
Our primary goal in collecting personal data from you is to help us:
- verify your identity
- provide our Services
- carry out requests made by you on the Site or in relation to our Services
- investigate or settle inquiries or disputes
- comply with any applicable law, court order, other judicial process, or the requirements of a regulator
- enforce our agreements with you
- protect the rights, property or safety of us, and
- use as otherwise required or permitted by law.
To undertake these goals we may process the following personal data:
- Name and job title.
- Contact information including email address.
- Payment information.
- Information that you provide to us as part of us providing the Services to you, which depends on the nature of your instructions to AVK Legal.
- Demographic information such as your address.
- Other information relevant to the provision of our Services.
AVK Legal is primarily engaged by corporate entities and as such those instructors are not data subjects. However, as part of such instructions personal data may be provided to us (e.g. personal data relating to any of our corporate clients’ or prospective clients’ officers or personnel, any opponent or vendor or purchaser or personal data relating to their legal advisors or personnel, as relevant or similar).
If you are an individual whose personal data is processed by us as a result of providing the Services to others (including individual clients and corporate clients) we will process a variety of different personal data depending on the Services provided.
This may include personal data relating, without limitation, to any of our corporate clients’ or prospective clients’ officers or personnel, any opponent or vendor or purchaser personal data including personal data relating to their legal advisors, other advisors or personnel as relevant or similar.
This is a non-exhaustive list which is reflective of the varied nature of the personal data processed as part of a law practice providing legal services.
5. Purposes for which we use your personal data
We may use your data for the following purposes:
- Fulfillment of Services. We collect and maintain personal data that you voluntarily submit to us during your use of the Site and/or our Services to enable us to perform the Services.
- Client services. Our Site uses various user interfaces to allow you to request information about our Services including electronic enquiry forms and a telephone enquiry service. Contact information may be requested in each case, together with details of other personal data that is relevant to your Service enquiry. This information is used in order to enable us to respond to your requests.
- Business administration and legal compliance. We use your personal data for the following business administration and legal compliance purposes:
– to comply with our legal obligations (including any know your Client or conflicts or similar obligations);
– to enforce our legal rights;
– to protect the rights of third parties; and
– in connection with a business transaction such as a merger, licensing or a restructuring, or sale.
- Client insight and analysis. We analyse your contact details with other personal data that we observe about you from your interactions with our Site, our email communications to you and/or with our Services such as the Services you have viewed.
– an IP address to monitor Site traffic and volume;
– a session ID to track usage statistics on our Site;
– information regarding your personal or professional interests, demographics, experiences with our products and contact preferences.
Our web pages contain “cookies” “web beacons” or “pixel tags” (“Tags”). Tags allow us to track receipt of an email to you, to count users that have visited a web page or opened an email and collect other types of aggregate information. Once you click on an email that contains a Tag, your contact information may subsequently be cross-referenced to the source email and the relevant Tag.
In some of our email messages, we use a “click-through URL” linked to certain website administered by us or on our behalf.
By using this information, we are able to measure the effectiveness of our content and how visitors use our Site and our Services. This allows us to learn what pages of our Site are most attractive to our visitors, which parts of our Site are the most interesting and what kind of offers our registered users like to see.
6. What is our legal basis to use or process your personal data
It is necessary for us to use your personal data:
- To perform our obligations in accordance with any contract that we may have with you.
- It is in our legitimate interest or a third party’s legitimate interest to use personal data in such a way to ensure that we provide the Services in the best way that we can.
- It is our legal obligation to use your personal data to comply with any legal obligations imposed upon us.
7. Disclosures of your personal data
We may disclose personal data with a variety of the following categories of third parties as necessary:
- Our professional advisers such as accountants.
- Government or regulatory authorities.
- Regulators/tax authorities/corporate registries.
- Third parties to whom we outsource certain services such as, without limitation, document processing and translation services, confidential waste disposal, IT systems or software providers, IT Support service providers, document and information storage providers.
- Third parties engaged in the course of the services we provide to clients such as counsel, arbitrators, mediators, bailiffs, witnesses, court, opposing party and their lawyers, experts such as tax advisors.
- Third party service providers to assist us with client insight analytics, such as Google Analytics.
- Third party postal or courier providers who assist us in delivering documents related to a matter.
Please note this list is non-exhaustive and there may be other examples where we need to share with other parties in order to provide the Services as effectively as we can.
We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes and in accordance with our instructions.
8. Third party contractors and other controllers
As mentioned above, we may appoint sub-contractor data processors as required to deliver the Services, such as, without limitation, document processing and translation services, confidential waste disposal, IT systems or software providers, IT Support service providers, document and information storage providers, who will process personal data on our behalf and at our direction. We conduct an appropriate level of due diligence and put in place contractual documentation in relation to any sub-contractor to ensure that they process personal data appropriately and according to our legal and regulatory obligations.
Further, we may appoint external data controllers where necessary to deliver the Services (for example, but without limitation, accountants, bailiffs or other third party experts). When doing so we will comply with our legal and regulatory obligations in relation to the personal data, including but without limitation, putting appropriate safeguards in place.
9. International transfers
In order to provide the Services we may need to transfer your personal data to locations outside the jurisdiction in which you provide it.
If you are based within the European Economic Area (EEA), please note that where necessary to deliver the Services we will transfer personal data to countries outside the EEA.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA.
10. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
11. How long do we keep your personal data for
For visitors to the Site, we will retain relevant personal data for at least three years from the date of our last interaction with you and in compliance with our obligations under the EU General Data Protection Regulation, or for longer if we are required to do so according to our regulatory obligations or professional indemnity obligations.
For Service provision to any client, we will retain relevant personal data for at least five years from the date of our last interaction with that client and in compliance with our obligations under the EU General Data Protection Regulation, or for longer as we are required to do so according to our regulatory obligations or professional indemnity obligations. We may then destroy such files without further notice or liability.
12. Your legal rights
You have the following rights in relation to the personal data we hold about you:
- Your right of access. If you ask us, we will confirm whether we are processing your personal data and, if necessary, provide you with a copy of that personal data (along with certain other details). If you require additional copies, we may need to charge a reasonable fee.
- Your right to correction. If the personal data we hold about you is inaccurate or incomplete, you are entitled to request to have it corrected. If you are entitled to correction and if we have shared your personal data with others, we will let them know about the correction where possible. If you ask us, where possible and lawful to do so, we will also tell you who we have shared your personal data with so that you can contact them directly.
- Your right to erasure. You can ask us to delete or remove your personal data in some circumstances such as where we no longer need it or if you withdraw your consent (where applicable). If you are entitled to erasure and if we have shared your personal data with others, we will let them know about the erasure where possible. If you ask us, where it is possible and lawful for us to do so, we will also tell you who we have shared your personal data with so that you can contact them directly.
- Your right to restrict processing. You can ask us to ‘block’ or suppress the processing of your personal data in certain circumstances, such as where you contest the accuracy of that personal data or you object to us. If you are entitled to restriction and if we have shared your personal data with others, we will let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we will also tell you who we have shared your personal data with so that you can contact them directly.
- Your right to data portability. You have the right, in certain circumstances, to obtain personal data you have provided us with (in a structured, commonly used and machine readable format) and to reuse it elsewhere or to ask us to transfer this to a third party of your choice.
- Your right to object. You can ask us to stop processing your personal data, and we will do so, if we are:
– relying on our own or someone else’s legitimate interests to process your personal data, except if we can demonstrate compelling legal grounds for the processing; or
– processing your personal data for direct marketing purposes.
- Your rights in relation to automated decision-making and profiling. You have the right not to be subject to a decision when it’s based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for entering into, or the performance of, a contract between you and us.
- Your right to withdraw consent. If we rely on your consent (or explicit consent) as our legal basis for processing your personal data, you have the right to withdraw that consent at any time.
- Your right to lodge a complaint with the supervisory authority. If you have a concern about any aspect of our privacy practices, including the way we have handled your personal data, you can report it to the Greek Data Protection Authority (www.dpa.gr).
Please note that some of these rights may be limited where we have an overriding interest or legal obligation to continue to process the data or where data may be exempt from disclosure due to reasons of legal professional privilege or professional secrecy obligations.
13. Third-party links