Privacy Policy

Below you can find a summary of our Privacy Policy.

This Policy is established by Sioufas and Associates Law Firm, hereinafter referred to as the “Company’’. The Company commits to protect the personal data gathered in the course of users visiting our website and receiving other services. This Privacy Policy outlines the commitment of the Company to protect personal data and, in particular, the collection, use, transmission and retention thereof.

A standard form is available on the Company’s website for purposes of facilitating communication with everyone concerned. This form may be applied for any queries or requests and is automatically directed to the competent department or agent. To enable processing of such queries and requests, we may source and store your full name, email address, residence address, contact details and other information you may have communicated to us. Such data are applied strictly in order to adequately address your queries or requests and shall not be disclosed to parties other than those mentioned in this Policy or as required or permitted by law. In addition, the telephone numbers of the Company are made available to enable a direct communication, to the extent necessary. Users are offered the option to register to the Company’s newsletter by filling in their name and email address. In any event, should any user wish to withdraw their consent, they may deregister from the Company’s newsletter, the relevant option being available within the message received by the registered users. Deregistration entails deletion of the user’s email address from the Company’s systems. Whenever the website is used for recruitment purposes by the candidates, such subjects must take knowledge of the Privacy Notice for Recruitment. According to Regulation (EU) 2016/679, the lawful processing of personal data is subject to a legal ground being founded. In the cases envisaged above, the legal ground enabling us to process personal data is the granting of your explicit consent for such processing, by means of filing of the relevant form, should you agree with this Policy.

The Company may disclose by transmission personal data collected, only to the extent this is necessary for the management of lawful operations. Such transmissions shall be subject to appropriate protective measures (e.g. clauses of personal data disclosure to sub-contractors, to suppliers, et.c.). Further, we may transmit personal data subject to such processing being required to ensure compliance with a legal obligation imposed on us.

The Company is bound not to retain personal data beyond the period this is necessary, as well as to ensure that it shall securely delete same. More info as to retention and deletion may be found at the “Communication” option of the Menu.

This section sets out the rights arising from the Regulation (EU) 2016/679 and how the subjects of the personal data may exercise such rights. For more clarifications please refer at the “Communication” option of the Menu.

5.1. Right of Access

The Company deems that the personal data collected directly from the subjects are accurate and complete. Every individual may have access to their own personal data by using the Application for the Exercise of Rights by the Subjects.

5.2. Right to Rectification and Erasure

The subjects of personal data are entitled to demand the update, erasure or withdrawal of any information relating to same, which is retained, and any third party processing or using the data must comply with such request. An erasure request may not be rejected, unless it falls into the ambit of an exception. The right to erasure may be exercised by using the Application for the Exercise of Rights by the Subjects. The Company is obliged to erase the personal data if one of the following conditions is fulfilled:

  • The personal data are no more necessary for the purposes they were originally collected or processed for;
  • The lawful basis the Company relies on for holding the data consists in consent and the subject withdraws such consent;
  • The subject objects to processing of their personal data conducted in reliance on Controller legitimate interests and there is no overriding legitimate interest capable of framing processing;
  • The personal data have been unlawfully processed.

Upon receipt of a request for erasure of personal data and subject to authentication of the requestor’s identity and either of the above conditions being met, whereas no legal ground preventing processing exists, the Company must accommodate the request by deleting the relevant data in their entirety. The request must be filed with the Registry of Personal Data Subjects Requests. Should the Company be unable to erase the personal data, it must ensure that it:

  • is not in a position and will not attempt to rely on the personal data for purposes of justifying any decision in any way relating to or affecting the individual concerned;
  • shall not concede access to the personal data to any other party;
  • protectsthe personal data by means of an appropriate technical and organizational mechanism and commits to permanently delete the information upon becoming available.

5.3. Right to Restrict Processing

The data subjects are entitled to require the controller limit the processing of data by filing the Application for the Exercise of Rights by the Subjects.

5.4. Right to Object

The data subjects are vested with the right to object, on grounds relating to their particular situation, at any time, to processing of personal data concerning same, by filing the Application for the Exercise of Rights by the Subjects.

5.5. Right to Data Portability

The data subjects must be entitled to receive upon request a copy of their personal data provided, in a structured format, by filing the Application for the Exercise of Rights by the Subjects. Such applications must be processed within one (1) month, as they do not entail excessive hardship and do not jeopardize privacy. A data subject is further entitled to request that his/her data be immediately transferred to another system. Such request must be accommodated free of charge. In the event that the Company is not in a position to roll out all the necessary steps within one (1) month, the DPO must provide to the data subject within this specified period to the subject or the authorized agent thereof the following:

  • An acknowledgment of receipt of the request;
  • Any information sourced up to that date;
  • Details of any information or amendments requested and not supplied to the subject, the reason for dismissal and information on available remedies against such dismissal;
  • An estimated date for the provision or the remaining responses;
  • An estimation of the cost to be borne by the data subject ( e.g. if the request is excessive)
  • The name and contact details of the DPO.

Any changes to the Privacy Policy shall be published to the Company’s website. In case of essential changes the Company may elect to notify the affected users by email, setting out details. Your consent shall be duly sought whenever so required by law.

In the event you have any concerns or complaints in relation to this Policy, please do not hesitate to contact us:
Tel no +30 210 3673000
Email address: dpo@sioufaslaw.gr.
If you deem that the processing of your data by the Company violates the applicable legal framework, you may address the competent supervising Data Protection Authority (Tel no: +30 2106475600, email: contact@dpa.gr)

This Policy is established by Sioufas and Associates Law Firm, hereinafter referred to as the “Company’’. The Company commits to protect the personal data gathered in the course of users visiting our website and receiving other services. This Privacy Policy outlines the commitment of the Company to protect personal data and, in particular, the collection, use, transmission and retention thereof.

A standard form is available on the Company’s website for purposes of facilitating communication with everyone concerned. This form may be applied for any queries or requests and is automatically directed to the competent department or agent. To enable processing of such queries and requests, we may source and store your full name, email address, residence address, contact details and other information you may have communicated to us. Such data are applied strictly in order to adequately address your queries or requests and shall not be disclosed to parties other than those mentioned in this Policy or as required or permitted by law. In addition, the telephone numbers of the Company are made available to enable a direct communication, to the extent necessary. Users are offered the option to register to the Company’s newsletter by filling in their name and email address. In any event, should any user wish to withdraw their consent, they may deregister from the Company’s newsletter, the relevant option being available within the message received by the registered users. Deregistration entails deletion of the user’s email address from the Company’s systems. Whenever the website is used for recruitment purposes by the candidates, such subjects must take knowledge of the Privacy Notice for Recruitment. According to Regulation (EU) 2016/679, the lawful processing of personal data is subject to a legal ground being founded. In the cases envisaged above, the legal ground enabling us to process personal data is the granting of your explicit consent for such processing, by means of filing of the relevant form, should you agree with this Policy.

The Company may disclose by transmission personal data collected, only to the extent this is necessary for the management of lawful operations. Such transmissions shall be subject to appropriate protective measures (e.g. clauses of personal data disclosure to sub-contractors, to suppliers, et.c.). Further, we may transmit personal data subject to such processing being required to ensure compliance with a legal obligation imposed on us.

The Company is bound not to retain personal data beyond the period this is necessary, as well as to ensure that it shall securely delete same. More info as to retention and deletion may be found at the “Communication” option of the Menu.

This section sets out the rights arising from the Regulation (EU) 2016/679 and how the subjects of the personal data may exercise such rights. For more clarifications please refer at the “Communication” option of the Menu.

5.1. Right of Access

The Company deems that the personal data collected directly from the subjects are accurate and complete. Every individual may have access to their own personal data by using the Application for the Exercise of Rights by the Subjects.

5.2. Right to Rectification and Erasure

The subjects of personal data are entitled to demand the update, erasure or withdrawal of any information relating to same, which is retained, and any third party processing or using the data must comply with such request. An erasure request may not be rejected, unless it falls into the ambit of an exception. The right to erasure may be exercised by using the Application for the Exercise of Rights by the Subjects. The Company is obliged to erase the personal data if one of the following conditions is fulfilled:

  • The personal data are no more necessary for the purposes they were originally collected or processed for;
  • The lawful basis the Company relies on for holding the data consists in consent and the subject withdraws such consent;
  • The subject objects to processing of their personal data conducted in reliance on Controller legitimate interests and there is no overriding legitimate interest capable of framing processing;
  • The personal data have been unlawfully processed.

Upon receipt of a request for erasure of personal data and subject to authentication of the requestor’s identity and either of the above conditions being met, whereas no legal ground preventing processing exists, the Company must accommodate the request by deleting the relevant data in their entirety. The request must be filed with the Registry of Personal Data Subjects Requests. Should the Company be unable to erase the personal data, it must ensure that it:

  • is not in a position and will not attempt to rely on the personal data for purposes of justifying any decision in any way relating to or affecting the individual concerned;
  • shall not concede access to the personal data to any other party;
  • protectsthe personal data by means of an appropriate technical and organizational mechanism and commits to permanently delete the information upon becoming available.

5.3. Right to Restrict Processing

The data subjects are entitled to require the controller limit the processing of data by filing the Application for the Exercise of Rights by the Subjects.

5.4. Right to Object

The data subjects are vested with the right to object, on grounds relating to their particular situation, at any time, to processing of personal data concerning same, by filing the Application for the Exercise of Rights by the Subjects.

5.5. Right to Data Portability

The data subjects must be entitled to receive upon request a copy of their personal data provided, in a structured format, by filing the Application for the Exercise of Rights by the Subjects. Such applications must be processed within one (1) month, as they do not entail excessive hardship and do not jeopardize privacy. A data subject is further entitled to request that his/her data be immediately transferred to another system. Such request must be accommodated free of charge. In the event that the Company is not in a position to roll out all the necessary steps within one (1) month, the DPO must provide to the data subject within this specified period to the subject or the authorized agent thereof the following:

  • An acknowledgment of receipt of the request;
  • Any information sourced up to that date;
  • Details of any information or amendments requested and not supplied to the subject, the reason for dismissal and information on available remedies against such dismissal;
  • An estimated date for the provision or the remaining responses;
  • An estimation of the cost to be borne by the data subject ( e.g. if the request is excessive)
  • The name and contact details of the DPO.

Any changes to the Privacy Policy shall be published to the Company’s website. In case of essential changes the Company may elect to notify the affected users by email, setting out details. Your consent shall be duly sought whenever so required by law.

In the event you have any concerns or complaints in relation to this Policy, please do not hesitate to contact us: Tel no +30 210 3673000; email address: dpo@sioufaslaw.gr. If you deem that the processing of your data by the Company violates the applicable legal framework, you may address the competent supervising Data Protection Authority (Tel no: +30 2106475600, email: contact@dpa.gr)

Video Surveillance System (CCTV) Information Note

You can download the video surveillance system (CCTV) information note here.

Data Subjects Exercise Rights Request Application Form

You can download the application form to exercise your rights regarding the use of personal data here.