Privacy Statement
Last updated: 15/09/2023
1. Introduction
Here at startuplawyer.gr (hereinafter referred to as "startuplawyer.gr", "we", "us" or "our") we respect the protection of your privacy and the personal data that you share with us or that we otherwise collect when we communicate with you or provide our services to you. For this purpose and in the context of transparency imposed by applicable law, we have posted this Privacy Statement (hereinafter the "Statement"), in which you will find all the necessary information about your personal data we collect, the way we collect and process them, the processing purposes, the measures we take to protect them, as well as your rights in relation to your personal data.
For the purposes of this Statement, personal data means any information by the use of which a natural person can be identified, directly or indirectly, including, but not limited to, name, home address, email address, telephone number, as well as any other information relating to that person that falls under the definition of "personal data", in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 ("GDPR") and Law 4624/2019, as in force.
For the purposes of this Statement, personal data means any information by the use of which a natural person can be identified, directly or indirectly, including, but not limited to, name, home address, email address, telephone number, as well as any other information relating to that person that falls under the definition of "personal data", in accordance with the provisions of the General Data Protection Regulation (EU) 2016/679 ("GDPR") and Law 4624/2019, as in force.
2. Data Controller
The controller of your personal data, according to the relevant definition of GDPR, is startuplawyer.gr – Thodoris Zervas’ Law Office, Chalandri. You can contact us at any time for any issue related to the processing of your personal data by sending an email to: info@startuplawyer.gr.
3. Data subjects
The personal information we collect and process concerns, primarily, the following categories of data subjects:
- visitors of the website who contact us through it;
- our clients, including former and potential future ones;
- third natural persons who may be involved in any way in a case we handle;
- natural persons – partners of our office, such as bailiffs, notaries, lawyers etc.
- visitors of the website who contact us through it;
- our clients, including former and potential future ones;
- third natural persons who may be involved in any way in a case we handle;
- natural persons – partners of our office, such as bailiffs, notaries, lawyers etc.
4. Types of personal data
The personal data that we process or may process, depending on the case and the data subject category, may include, among others:
- Name
- Home and/or work address
- E-mail
- Phone number
- Identification data (e.g. ID number, Tax ID number, etc.)
- Information about professional status and position
- Banking/financial transaction data
- Any other personal data contained in a case that we handle or that we need to collect and process in order to provide our services
- Name
- Home and/or work address
- Phone number
- Identification data (e.g. ID number, Tax ID number, etc.)
- Information about professional status and position
- Banking/financial transaction data
- Any other personal data contained in a case that we handle or that we need to collect and process in order to provide our services
5. How we collect your data
As a rule, you provide us with your personal data yourself, either to discuss the undertaking of your case, or during the provision of our services to you. In this context, we will ask you for all the information necessary in order for us to be able to carry out your mandate professionally and completely. Also, if you contact us for a question or inquiry, you may already disclose some of your personal information in your message, which we may store for future use.
In addition, to the extent required, we collect information from publicly accessible sources. For example, we may access the Trade Registry in order to collect data relating to the representation of a company, or we may collect published data relating to specific individuals, including via the use of search engines, if this is deemed necessary in the context of a mandate from one of our clients.
Finally, personal data of third natural persons may be disclosed to us by our clients, such as data relating to their customers, partners or employees. If you are a client and you disclose such data to us, you undertake and guarantee that the collection of such data has been done in a lawful manner and that their transmission to us is done in the context of the mandate you provide us for the provision of our services and includes the minimum data required to fulfill the above purpose.
In addition, to the extent required, we collect information from publicly accessible sources. For example, we may access the Trade Registry in order to collect data relating to the representation of a company, or we may collect published data relating to specific individuals, including via the use of search engines, if this is deemed necessary in the context of a mandate from one of our clients.
Finally, personal data of third natural persons may be disclosed to us by our clients, such as data relating to their customers, partners or employees. If you are a client and you disclose such data to us, you undertake and guarantee that the collection of such data has been done in a lawful manner and that their transmission to us is done in the context of the mandate you provide us for the provision of our services and includes the minimum data required to fulfill the above purpose.
6. Purposes of processing
Depending on the category of data subjects to which you belong, we will use your personal information for the following indicative purposes:
- to communicate with you regarding the undertaking or progress of your case;
- to verify your identity;
- to handle your case or a case in which you are involved as a third party;
- to represent you before courts and authorities;
- to manage and process your payments;
- for archiving purposes and for the general organization of our law office;
- to send you promotional communications regarding our services
(newsletters), if you have given us your consent to do so;
- to protect our rights and assets or those of third parties;
- to comply with our legal obligations, such as tax obligations.
- to communicate with you regarding the undertaking or progress of your case;
- to verify your identity;
- to handle your case or a case in which you are involved as a third party;
- to represent you before courts and authorities;
- to manage and process your payments;
- for archiving purposes and for the general organization of our law office;
- to send you promotional communications regarding our services
(newsletters), if you have given us your consent to do so;
- to protect our rights and assets or those of third parties;
- to comply with our legal obligations, such as tax obligations.
7. Legal bases for processing
Any processing of your personal data, as described above, will be based on one of the following legal bases for processing (Article 6 GDPR):
- processing is necessary for the performance of a contract concluded or to be concluded between us, or
- processing is necessary to comply with a legal obligation of ours, or
- processing is necessary for the purposes and in pursuit of our legitimate interests, or
- you have consented to the processing of your personal data for one or more specific purposes.
- processing is necessary for the performance of a contract concluded or to be concluded between us, or
- processing is necessary to comply with a legal obligation of ours, or
- processing is necessary for the purposes and in pursuit of our legitimate interests, or
- you have consented to the processing of your personal data for one or more specific purposes.
8. Disclosure to third parties
We may share your personal information with any of our employees, officers or representatives, as necessary for the purposes stated in this Statement. Under no circumstances do we sell to third parties or otherwise exploit the personal data you provide to us for our own benefit. However, we may need to share some of your personal data with third parties, such as:
- hosting and management service providers of our website;
- e-mail service providers;
- cloud storage service providers;
- marketing and advertising service providers;
- accountants and financial advisors;
- professionals of our network, such as lawyers, notaries, translators, etc.;
- tax, police, prosecutorial and other public authorities and services.
In such cases, where third party recipients act either as processors on our behalf, as joint controllers, or as independent controllers, we ensure, to the extent possible and within the limits of our responsibility as controller, that they will keep as confidential any of your personal data that we disclose to them, they will take appropriate security measures, they will not further disclose this data and they will generally comply with the legal framework for the protection of personal data. Under no circumstances do we assume responsibility for any unlawful use or processing of your personal data by the above parties which exceeds our limits of liability, as defined in applicable law.
- hosting and management service providers of our website;
- e-mail service providers;
- cloud storage service providers;
- marketing and advertising service providers;
- accountants and financial advisors;
- professionals of our network, such as lawyers, notaries, translators, etc.;
- tax, police, prosecutorial and other public authorities and services.
In such cases, where third party recipients act either as processors on our behalf, as joint controllers, or as independent controllers, we ensure, to the extent possible and within the limits of our responsibility as controller, that they will keep as confidential any of your personal data that we disclose to them, they will take appropriate security measures, they will not further disclose this data and they will generally comply with the legal framework for the protection of personal data. Under no circumstances do we assume responsibility for any unlawful use or processing of your personal data by the above parties which exceeds our limits of liability, as defined in applicable law.
9. International transfers
As a rule, we do not disclose your personal data to third parties established in countries that do not have equivalent data protection legislation to that applicable in the European Economic Area (EEA), where the GDPR applies. However, in case such a data transfer needs to take place, such as in case of use of the services of a provider based outside the EEA, we will take every possible measure, in accordance with the relevant legislation and the decisions of the European Commission, to ensure that your data is transmitted and protected in an appropriate manner.
10. Retention period
We will store and retain your personal data for as long as necessary to fulfill the purpose for which we have collected and processed such data, unless you request their deletion earlier.
We may, however, retain some of your personal data for a longer period of time, if this is deemed necessary in order for us to pursue any of our legal claims, or if this is required by applicable law (e.g. tax law). In such a case, we may not be able to satisfy your deletion request.
We may, however, retain some of your personal data for a longer period of time, if this is deemed necessary in order for us to pursue any of our legal claims, or if this is required by applicable law (e.g. tax law). In such a case, we may not be able to satisfy your deletion request.
11. Security of your personal data
We implement appropriate technical and organizational measures to ensure the required level of security of your personal data against the risks that exist, such as accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access and any other form of unlawful processing. These measures include:
- the prevention of unauthorized physical access to your data;
- the implementation of appropriate technical security and encryption measures on the website with the use of SSL protocol (Secure Sockets Layer);
- the selection of processors of recognized value and professionalism and the contractual safeguarding of their obligations in relation to your personal data;
- our strict adherence to the confidentiality required by legal privilege;
- the periodic review of the measures and procedures followed.
You understand and accept, however, that the transmission of information over the internet is inherently insecure and, therefore, we cannot guarantee the security of your data moving over the internet. Under no circumstances do we accept responsibility and we disclaim, to the fullest extent permitted by law, any liability for damages caused by loss, misuse and unauthorized access, disclosure, alteration or destruction of your personal data that you disclose to us through the website or the internet in general and we recommend that you take all necessary precautions for their protection.
- the prevention of unauthorized physical access to your data;
- the implementation of appropriate technical security and encryption measures on the website with the use of SSL protocol (Secure Sockets Layer);
- the selection of processors of recognized value and professionalism and the contractual safeguarding of their obligations in relation to your personal data;
- our strict adherence to the confidentiality required by legal privilege;
- the periodic review of the measures and procedures followed.
You understand and accept, however, that the transmission of information over the internet is inherently insecure and, therefore, we cannot guarantee the security of your data moving over the internet. Under no circumstances do we accept responsibility and we disclaim, to the fullest extent permitted by law, any liability for damages caused by loss, misuse and unauthorized access, disclosure, alteration or destruction of your personal data that you disclose to us through the website or the internet in general and we recommend that you take all necessary precautions for their protection.
12. Cookies
We do not use cookies or other similar technologies to track or analyze your behavior during your interaction with our website. The only cookies used on the website are the absolutely necessary cookies, the use of which does not include any processing of your personal data.
13. Your rights
Depending on the purpose and legal basis of the processing, you may have all or some of the following rights regarding your personal data:
- the right to request access to your personal data;
- the right to correct any personal data that is inaccurate or incomplete;
- the right to request a copy of your personal data in electronic form so that you can transmit this data to third parties;
- the right to object to the processing of your personal data;
- the right to delete your personal data;
- the right to restrict the processing of your personal data, where it is not possible to delete them;
- the right to withdraw your consent at any time, where it has been given, and if there is no other legitimate reason for continuing the relevant processing.
To exercise any of the above rights or request further information about them, please contact us at: info@startuplawyer.gr. As a rule, your request will be satisfied within one (1) month of receipt, unless the satisfaction of your request poses specific difficulties, in which case we will inform you accordingly. If you believe that our processing of your personal data does not comply with the applicable laws, you have the right to lodge a complaint with the competent supervisory authority:
Hellenic Data Protection Authority
Kifisias 1-3, P.C. 115 23, Athens
Telephone: 210 6475600
www.dpa.gr
- the right to request access to your personal data;
- the right to correct any personal data that is inaccurate or incomplete;
- the right to request a copy of your personal data in electronic form so that you can transmit this data to third parties;
- the right to object to the processing of your personal data;
- the right to delete your personal data;
- the right to restrict the processing of your personal data, where it is not possible to delete them;
- the right to withdraw your consent at any time, where it has been given, and if there is no other legitimate reason for continuing the relevant processing.
To exercise any of the above rights or request further information about them, please contact us at: info@startuplawyer.gr. As a rule, your request will be satisfied within one (1) month of receipt, unless the satisfaction of your request poses specific difficulties, in which case we will inform you accordingly. If you believe that our processing of your personal data does not comply with the applicable laws, you have the right to lodge a complaint with the competent supervisory authority:
Hellenic Data Protection Authority
Kifisias 1-3, P.C. 115 23, Athens
Telephone: 210 6475600
www.dpa.gr
14. Severability
If any provision of this Statement is found to be illegal, invalid or unenforceable, that provision will be enforceable to the fullest extent permitted by applicable law, and the invalid portion of it will be deemed not to be part of this Statement. This characterization will not affect the validity and enforceability of the remaining provisions hereof.
15. Amendments
We reserve the right to revise this Statement at any time. For this reason, we invite you to periodically visit this page in order to stay up to date. The date on which this Statement was last revised is displayed at the top of this page.