Purpose of this Policy
Moratis Passas Law Firm (
MP) values your privacy and cares about the way in which your personal information is treated. We understand and take into serious consideration the fact that you are aware of and interested in your personal data and the respective processing carried out.
This Privacy Policy is addressed to individuals outside our firm with whom we interact, including but not limited to individual clients, representatives of client organizations/entities, vendors and visitors to our premises and to our website as well as to other users of our services.
This Privacy Policy provides detailed information about the type of personal data we collect and explains how MP processes your personal data as well as how you can manage and control the use and processing of your personal data, in accordance with the provisions of Greek and European data protection law including the General Data Protection Regulation (2016/679/ΕU), widely known as (“GDPR”), which came into force on 25 May 2018.
Who is the Controller of your Personal Data and how can you communicate with it?
Controller for the retention, collection, storage and further processing of your personal data is:
“Moratis Passas Law Firm”
Registered seat: 15 Voukourestiou str., 1st floor, PC 106 71, Athens, Greece
Tel.: +30 210 3606107
e-mail: office@morpas.gr
The purpose of this Privacy Policy is to provide you with information concerning the collection, retention, storage, use and processing of your personal data and about exercising your respective data protection rights.
MP in compliance with the applicable legal framework, has taken all the steps required by implementing the appropriate technical and organizational measures for the lawful retaining and further processing and safe storage of your personal data, , in particular from the risk of accidental or unlawful loss, breach of security, alteration, unauthorized disclosure of or their otherwise unlawful processing.
If you have any comments, questions or concerns about any provision contained in this Privacy Policy, or any other issues relating to the processing of personal data carried out by MP, or on our behalf you want to exercise your rights set out in this Privacy Policy, please contact us by:
Sending an email to:
office@morpas.gr or Calling us on: +30 210 3606107
What type of personal data we process and for which purposes?
Personal Data is any information that identifies you, such as your name, address or email address or your telephone number. MP processes the following personal data for the below purposes:
Personal Data we collect and process on your behalf
-
Personal Details: such as your name and surname, passport or identity card, VAT number, place of work, position and title;
-
Demographic Information: such as your gender, date of birth/age, nationality;
-
Contact Details: such as your postal address, email address and phone number(s);
-
Financial Information: such as payment-related information, billing address, payment method, bank account number or credit card number, invoice records, payment records, payment amount and date;
-
Matter Details: such as details of individuals instructing MP, personal data including in correspondence, transaction documents, evidence or other materials that we process in the course of providing services and legal advice;
-
Attendance Records: such as details of meetings and other events organized by or on behalf of MP that you have attended;
-
Employer Details: where you interact with us in your capacity as an employee, the name address, telephone number and email address of your employer, to the extent relevant;
-
Technical Information: such as information from your visits to our website (your IP address or other information) or in relation to materials and communications we send to you electronically;
-
Special Categories of Personal Data: please note that personal information provided to us by or on behalf of our clients or generated by us in the course or providing services to them may, depending on the nature of such services or any other business relationship with MP, include special categories of data;
-
Other: any other information relating to you which you may provide to us.
-
Purposes of processing
MP collects, retains and processes personal data which is relevant and limited to what is necessary in relation to the purposes of the processing.
We use your personal data for the purposes referenced below:
-
to provide legal advice or other services and for the establishment, exercise or defense of legal claims or proceedings;
-
to perform a contract, such as engaging with an individual to provide legal or other services;
-
to manage and administer our relationship with you and our clients;
-
to fulfil our regulatory and risk management obligations;
-
for administrative and security purposes, such as the management of access to our premises, systems and online platforms;
-
for recruitment purposes;
-
where the processing of your personal data is necessary for the purposes of legitimate interests pursued by us or for compliance purposes with national and/or European legislation and to the extent not overridden by your own fundamental rights and freedoms;
-
where you have provided your consent. Please note that where the processing of your personal data is based on your consent, you have the right to withdraw such consent at any time, without affecting the legitimacy of the processing based on said consent until the withdrawal thereof. The withdrawal of your consent can be made in writing or via email using the contact details referenced in section 2 above.
How we obtain your personal data.
We may collect your personal data:
-
directly from you, in the course of our relationship, as part of our business acceptance processes in the course of providing legal services;
-
when you use our website;
-
we may collect or receive information about you from third parties (such as law enforcement authorities);
-
From public resources when you make your personal data public.
To whom we disclose your personal data.
We do not disclose your personal data to third parties, except to those with whom we cooperate and as required to facilitate the provision of our services to you, always under conditions that ensure that your personal data is not subject to unlawful processing, meaning other than the purpose of the transmission thereof in accordance with the above, in accordance with applicable law and subject to applicable professional and regulatory requirements regarding confidentiality and professional secrecy. In addition, we may disclose your Personal Data to:
-
legal and regulatory authorities, upon request, or for the purposes of reporting any actual or suspected breach of applicable law or regulation;
-
accountants, auditors, lawyers and other outside professional advisors to MP, subject to binding contractual obligations of confidentiality;
-
third party Processors (such as providers of data hosting services and document review services);
-
any relevant party, law enforcement agency or court, to the extent necessary for the establishment, exercise or defense of legal rights;
-
any relevant party for the purposes of prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, including safeguarding against and the prevention of threats to public security.
If we engage a third party processor to process your Personal Data, the processor will be subject to binding contractual obligations to: (i) only process the Personal Data in accordance with our prior written instructions; and (ii) use measures to protect the confidentiality and security of the Personal Data, together with any additional requirements under applicable law.
Please note that any unauthorized access to your personal data by any person, including our employees, is strictly forbidden.
Where we transfer your personal information outside Europe, we will ensure that it is protected and transferred in a manner consistent with legal requirements applicable to the information. This can be done in a number of different ways, for instance:
-
the country to which we send the personal information may be approved by the European Commission
-
the recipient may have signed a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your personal information, or
-
where the recipient is located in the US, it may be a certified member of the EU-US Privacy Shield scheme.
In other circumstances, the law may permit us to otherwise transfer your personal information outside Europe. In all cases, however, any transfer of your personal information will be compliant with applicable data protection law.
You can obtain more details of the protection given to your personal information when it is transferred outside Europe (including a sample copy of the model contractual clauses) by contacting us using the details set out above.
Storage period of your personal data.
We will retain/store the personal data provided by you, only for as long as required to fulfill the purpose pursuant to which you have communicated such information to us and in compliance with the applicable legal provisions, which will not exceed the legal limitation period of 20 years.
Information that is automatically stored on your computer when visiting our website/ Use of cookies
We use “cookies” to facilitate the use of our website. Cookies are small text files that are stored by your browser on your device and are necessary for the use of our website. We use cookies to understand better how our website is used and to improve website navigation. The cookies we use do not store personal data or personal information that may lead to identification of the person to whom they relate and which has been collected by other means. If you do not wish us to collect information via cookies, please set up your internet browser to delete all existing cookies from your computer’s hard drive, block all cookies in the future and receive a warning before saving a cookie. More detailed information can be found in your browser's operating settings.
What are your rights with respect to your personal data?
You may exercise the rights referenced below, pursuant to the terms and specific provisions of GDPR:
-
Right to request access to your personal data that we process, as well as other information in relation to the processing thereof.
-
Right to rectification of your personal data, in case of inaccurate personal data concerning you or in case you want to update your information.
-
Right to object to the processing of your personal data when there is a legitimate interest, including your right to object to the processing of your personal data for promotional purposes.
-
Right to obtain restriction of processing of your personal data, which means you may request the restriction of the particular processing, provided that the accuracy of your personal data is contested by you or you have objections for the processing carried out or there is another reason provided for in the relevant Greek or European Legislation on the Protection of Personal Data.
-
Right to have certain Personal Data transferred to another Controller, in a structured, commonly used and machine-readable format, to the extent applicable.
-
Right to erasure of your personal data without undue delay and subject to your relevant request pursuant to the provisions of the applicable Greek and European Legislation on the Protection of Personal Data.
-
Consent withdrawal. Where we process your personal data based on your consent, you also have the right to withdraw such consent at any time and without affecting the legitimacy of processing for the period before the withdrawal of your consent (such withdrawal does not prevent the processing of your personal data in reliance upon any other available legal basis).
-
Right to be informed in cases of security breach incidents, where applicable.
Please note that the exercise of all or some of these rights is not absolute and may be subject to limitations set by law or by the overriding legitimate interests of MP. In any case you have the right to lodge a complaint at the competent Greek independent supervisory authority, which is the Hellenic Data Protection Authority (
http://www.dpa.gr/), in case you have further queries on the processing of your personal data or in case of unlawful processing thereof.
For all the above cases, as well as for any further information you may contact us with your relevant request, by using the above mentioned contact details under Section 2.
Security of personal data
We have implemented technical and organizational measures to ensure the lawful collection, processing and effective protection of your data from loss, alteration or unauthorized access thereto. We have, inter alia, implemented the following technical and organizational measures and procedures to protect your personal data:
-
access to your personal data is restricted to authorized persons
-
IT systems used to process the data are only accessible by authorized persons
-
access to above IT systems is monitored to detect and prevent any unauthorized access
-
adoption of specific procedures for the retention of your personal data and the safe deletion/ destruction thereof
Our procedures and security measures implemented are constantly reviewed for improvement with technological developments.
Updates and amendments to this Privacy Policy
MP reserves the right to modify/ update individual parts of this Privacy Policy without prior notice. Please always read the Privacy Policy before using our website as well as our services, to be informed about the current version of the Policy. Last update of this Privacy Policy: [April 2019].