Data Transfer and Privacy Policy

This Data Transfer and Privacy Policy (the "Policy") outlines our general practices and procedures implementing appropriate standards in relation to (i) the types of personal data the law offices receive from the EU and/or Greece (ii) how that personal data is used; and (iii) the options available to a specific individual in the EU or Greece (also referred to as the “data subject”) in relation to the Firm’s use of, and their ability to correct or request deletion of, the personal data relating to them.

Scope: This Policy applies to all "personal data" that our law office receive from the EU and/or Greece that pertains to, a specific individual in the EU or Greece, can be linked to that individual, and is recorded in any form.

Notice: If any of the cooperating law office obtain personal data directly from individuals in the EU and/or Greece, we will inform those individuals about (i) why we are collecting and using their personal data; (ii) the types of third parties to whom we may disclose that personal data; (iii) each individual’s rights regarding their data; and (iv) how an individual may contact us. We will provide notice of the foregoing in clear and conspicuous language when individuals are first asked to provide personal data to us, or as soon as practicable thereafter, and in any event before we use or disclose the information for a purpose other than that for which it was originally collected. Consent for personal data to be collected, used, and/or disclosed in certain ways may be required in order for an individual to obtain or use the our services. Alternatively, we process personal data as may be necessary for the offices legitimate interests in managing its business, delivering legal services to clients and for the fulfilment of its contractual obligations.

Choice:  We collect (ourselves or via our employees) and process, store, and use the personal data our clients provide, as provided for in the European Union's GDPR-General Data Protection Regulation (2016/679) and the Greek law 4624/2019 for legal and tax purposes only. All our actions will be in accordance with the obligations set forth in the legal framework. Your personal data will not be made available to and transmitted to third parties except from legal and/ or tax authorities.

Onward Transfer: We will use commercially reasonable efforts to obtain assurances from third parties to whom they transfer data that they will safeguard personal data consistent with this Policy. If we discover that an agent is using or disclosing personal data in a manner contrary to this Policy, we will take commercially reasonable steps to prevent or stop the use or disclosure.

Security: We will take commercially reasonable precautions to protect personal data in its possession from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.

Data Integrity: We will use personal data only in ways that are compatible with the purposes for which we collected the data or in a manner that the data subject or client subsequently authorized. To the extent necessary, we will take commercially reasonable steps to ensure that personal data is relevant to its intended use, accurate, complete, and current.

Access: Upon request, we will provide individuals with information about the personal data that it holds about them in our role as data controller. If an individual becomes aware that information the offices maintain about that individual is inaccurate, or if an individual would like to update, review or erase his or her information, the individual may contact the office at info@zafiropoulos.com. The individual may need to provide sufficient identifying information to allow us to confirm the individual’s identity.

Enforcement: We will periodically audit our relevant privacy practices to confirm that the offices are adhering to this Policy. Any partner or employee who we determine is violating or has violated this Policy may be subject to disciplinary action up to and including termination.

Dispute Resolution: We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal data by reference to the European General Data Protection Regulation Principles and this Policy. For unresolved complaints related to the EU, we will cooperate with the European National Supervisory Authorities.

Dispute Resolution - Client Data: Any questions or concerns regarding the use or disclosure of client-related personal data should be directed to the Office at info@zafiropoulos.com. We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal data by reference to the GDPR and this Policy.

Limitations of the GDPR and this Policy: Zafeiropoulos Law Firm adherence to the GDPR and this Policy will be limited as permitted by the GDPR: (i) to the extent necessary to meet national security, public interest, or law enforcement requirements, (ii) by statute, government regulation, or case law that creates conflicting obligations or authorizations, provided that, in exercising any such authorization, the Firm’s non-adherence is limited to the extent necessary to meet the overriding legitimate interests the Firm furthers, or (iii) if the effect of the EU Regulation on Data Protection (the "GDPR"), EU Member State law, is to allow exceptions or derogations, provided the Offices apply such exceptions or derogations in comparable contexts. Further, because we are a  law office providing legal advice, adherence to certain of the GDPR (including Notice, Choice and Access), is limited with respect to personal data that each law office processes and uses in certain respects, including, but not limited to, the establishment of a legal claim or defense or the representation of a client's interests and rights in an acquisition, merger, joint venture or other transaction. Personal data may also be subject to ethical duties of confidentiality or privilege.