PERSONAL PROTECTION POLICYN DATA
Application Statement
The implementation of the General Data Protection Regulation (G.K.P.D.) is a priority for the Law Firm of Magriplis – Chalakatevakis & Associates.
Details of the Controller
-
NAME: Magripli Law Firm – Chalakatevakis & Associates.
-
HEADQUARTERS: 77 Akadimias, Athens 106 78
-
VAT number: 998715468
-
AMDSA: 10513
-
PHONE: 210 3650240 - 258
-
EMAIL: info@mxlaw.gr
The Law Firm of Magriplis – Chalakatevakis & Associates accepts as personal data: any information that concerns natural persons, as an identified or identifiable living person. For example, this information includes their name, home address, social security number, Internet Protocol (IP) code, health and insurance information, employment status, and more.
Special category data, such as data relating to health, racial or ethnic origin, trade union activity and others, receive special protection.
The rules apply when the collection, use and storage of individuals' data is done digitally or in paper form through a structured filing system.
This policy is in accordance with the EU General Data Protection Regulation. (G.K.P.D.), the existing national legislation for the protection of personal data, as well as opinions / decisions issued by the Personal Data Protection Authority.
Definitions
-
"Personal Data": any information relating to an identified or identifiable natural person ("data subject"); an identifiable natural person is one whose identity can be ascertained, directly or indirectly, in particular by reference to an identifier such as name, identity number, location data, online identifier or one or more factors that characterize the physical, physiological, genetic, psychological, economic, cultural or social identity of that natural person;
-
"Processing": any operation or series of operations carried out with or without the use of automated means, on personal data or sets of personal data, such as collection, registration, organization, structuring, storage, adaptation or alteration, retrieval, retrieval of information, use, disclosure by transmission, dissemination or any other form of disposal, association or combination, restriction, deletion or destruction;
-
"Restriction of Processing": the marking of stored personal data with the aim of limiting their processing in the future,
-
"Archive System": any structured set of personal data that is accessible based on specific criteria, whether this set is centralized or decentralized or distributed on a functional or geographical basis,
-
"Controller": the natural or legal person, public authority, agency or other entity that, alone or jointly with others, determines the purposes and manner of processing personal data; when the purposes and manner of such processing are determined by Union law or the law of a Member State, the controller or the specific criteria for his appointment may be provided for by Union law or the law of a Member State;
-
"Processor": the natural or legal person, public authority, agency or other entity that processes personal data on behalf of the controller,
-
"Recipient": the natural or legal person, public authority, agency or other body to which the personal data is disclosed, whether it is a third party or not. However, public authorities that may receive personal data in the context of a specific investigation in accordance with Union or Member State law are not considered as recipients; the processing of such data by said public authorities is carried out in accordance with the applicable data protection rules depending on the purposes of the processing,
-
"Third party": any natural or legal person, public authority, agency or body, with the exception of the data subject, the controller, the processor and the persons who, under the direct supervision of the controller or the processor , are authorized to process personal data,
-
"Consent" of the data subject: any indication of will, free, specific, explicit and fully informed, by which the data subject manifests that he agrees, by statement or by a clear positive action, to be the subject of processing of the personal data that it concerns
-
"Personal Data Breach": the breach of security resulting in the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access of personal data transmitted, stored or otherwise processed;
-
"Special Category Data": personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership, as well as the processing of genetic data, biometric data for the purpose of unambiguous identification of a person, data relating to health or data relating to a natural person's sexual life or sexual orientation.
Categories of Personal Data Collected
The Law Firm of Magriplis – Chalakatevakis & Associates, in the context of its activities and normal operation, may collect personal data of both its clients or associates, as well as its employees as well as its associates in general, as well as other natural persons with which it trades in the context of its operation.
Depending on the form and purpose of processing, the Law Firm of Magripli – Chalakatevakis & Associates may collect and process personal data, such as indicatively the following:
CATEGORIES OF SUBJECTS
DATA CATEGORIES
Customers
Customer data, if they are natural persons or the legal representatives of legal entities. These may include:
-
Identity and demographic information (e.g. first name, last name, etc.),
-
Insurance details (e.g. AMKA or AVPA and other Social Security Institution Register details if required),
-
Contact details (e.g. registered office address, telephone, email, etc.),
-
Scheduling meetings.
-
Special category data (e.g. medical case-by-case data)
-
Financial data (e.g. account balances - bank accounts, tax statements, bank debts, etc.)
-
Site Communications
-
Other relevant information
Suppliers
Data of the company's suppliers if they are natural persons or the legal representatives/representatives of legal persons. These may include:
-
Identity and demographic information (e.g. first name, last name, etc.),
-
Contact details (e.g. registered office address, telephone, email, etc.),
-
Professional details
-
Contracts
-
Financial Information (Account Balances, Bank Accounts)
-
Other relevant information
Data of other Natural Persons
Data of other natural persons who visit infrastructures of the company or cooperate with it.
Employees (Active And Inactive) / Candidate Employees
Data of employees of the law firm under any employment relationship, as well as data of former and prospective employees, held for the purposes of operating their employment relationship with the law firm This may include:
-
Identity and demographic information (e.g. first name, last name, etc.),
-
Insurance details (e.g. AMKA and other Social Security Agency Registry details if required),
-
Contact information (e.g. postal address, telephone, email, etc.),
-
Biographical Notes,
-
Health data (e.g. medical certificates and opinions, etc.),
-
Financial details (e.g. bank accounts, etc.),
-
Details of family status (e.g. attestations and certificates, number and details of children, etc.)
Table 1. The categories of Subjects and their data
Purposes and Legal Basis of Processing
The Law Firm of Magriplis – Chalakatevakis & Associates may collect and process personal data of the natural persons mentioned in the above paragraph and who make use of its services for the following purposes with the corresponding legal bases of processing:_cc781905-5cde-3194- bb3b-136bad5cf58d_
PURPOSE OF PROCESSING
LEGAL BASIS
The collection and processing of the necessary data of employees and/or prospective employees and partners for the proper servicing of existing working relationships or collaboration relationships or the examination of possible future collaboration
-
Compliance with a legal obligation [art. 6 §1 c) G.K.P.D.] and/or
-
Processing in the context of a contract [art. 6 §1 para. b) G.K.P.D.] and/or
-
Execution of the obligations and the exercise of specific rights of the controller or the data subject in the field of labor law and social security and social protection law [art. 9 §2 c. b) G.K.P.D.] and/or
-
Necessary for the purposes of preventive or occupational medicine, assessment of the employee's ability to work [art. 9 §2 para. h) G.K.P.D.]
The provision of services
-
Processing in the context of a contract [art. 6 §1 c. b) G.K.P.D.] and/or
-
Compliance with a legal obligation [art. 6 §1 c) G.K.P.D.] and/or
-
Processing is necessary for the establishment, exercise or support of legal claims [art. 9 §2 para. f0 G.K.P.D.]
The collection and processing of image data using closed circuit cameras (CCTV)
-
Protection of persons and goods in accordance with Directive 1/2011 GDPR
-
Serving legal interests [art. 6 §1 para. f) G.K.P.D.]
For any other form of processing, the Law Firm of Magripli – Chalakatevakis & Associates requests a special written, free and after prior information consent of the subjects before the start of the processing, if required.
Table 2. The main purposes and legal bases of processing
The reference to more than one legal basis of processing does not mean that the Law Firm of Magriplis – Chalakatevakis & Associates is changing them (lawful basis swapping) undermining the rights of the data subjects, but that there are cases where more than one is applicable lawful bases of processing.
Finally, the Law Firm of Magriplis – Chalakatevakis & Associates does not use the consent of the data subjects as the main basis of processing (whether it is simple data or special categories), recognizing the inherent inequality that exists in its relationship with the respective data subjects and in accordance with the recommendations of the Working Group of No. 29 (now the European Data Protection Council). However, as an exception, for the few cases where an additional service is provided to the subjects (i.e. beyond the legally prescribed ones), consent is used in a limited way as a legal basis for processing and only then.
Transmission/Communication of data to third parties
The personal data collected may be shared or transmitted to third parties, as long as this is required for the fulfillment of obligations by law or is necessary for the fulfillment of our services provided, in compliance with the guarantees of the relevant legislation. We may outsource some of our services to individuals or legal entities. Only those personal data that are necessary for the fulfillment of the assigned services are transmitted to these persons and they are committed to our Company in terms of confidentiality and secure processing of personal data.
Rights of Natural Persons
The Law Firm of Magriplis – Chalakatevakis & Associates recognizes the rights of natural persons regarding the protection of their personal data. Thus natural persons have the right to:
-
They are informed about the processing of personal data.
-
They get access to the personal data concerning them.
-
Request the correction of incorrect, inaccurate or incomplete personal data.
-
They submit a request for the deletion of personal data when they are no longer necessary or if the processing is illegal. Since no. 6 par. 1 para. is applied as a legal basis for processing. c GDPR in most processing, the right to erasure is limited and will be determined on a case-by-case basis under the legal conditions. After all, according to recital 4 of the G.K.P.D., the right to the protection of personal data is not an absolute right; it must be assessed in relation to its function in society and weighed against other fundamental rights, according to with the principle of proportionality.
-
They object to the processing of personal data for reasons related to their particular situation, subject to Article 21 par. 6 GDPR.
-
They submit a request to limit the processing of personal data in specific cases.
-
To submit a complaint to the Personal Data Protection Authority (1-3 Kifisias Ave., 11523 Ampelokipi, tel. 210.647.5600, www.dpa.gr) or to the supervisory authority of the EU member state where they live or work or to the supervisory authority of place of the alleged violation.
Communication of Natural Persons
The above rights, as well as any right regarding personal data, are exercised following a written request submitted at any point that is accessible by the public, or through electronic communication, sending -136bad5cf58d_ at dpo@mxlaw.gr and is also examined by the Data Protection Officer, who has been appointed by the Company.
Processing principles
The Law Firm of Magriplis – Chalakatevakis & Associates accepts the basic principles governing the processing of personal data. Personal data (Article 5):
-
They are processed lawfully and legitimately in a transparent manner in relation to the data subject ("lawfulness, objectivity and transparency").
-
They are collected for specified, express and lawful purposes and are not further processed in a manner incompatible with those purposes; further processing for archiving purposes in the public interest or for scientific or historical research or statistical purposes is not considered incompatible with the original purposes in accordance with Article 89(1) ("purpose limitation").
-
They are appropriate, relevant and limited to what is necessary for the purposes for which they are processed ("data minimization").
-
It is accurate and, where necessary, updated; all reasonable steps must be taken to promptly delete or correct personal data that is inaccurate in relation to the purposes of the processing ("accuracy").
-
They are kept in a form that allows the identification of the data subjects only for the period necessary for the purposes of the processing of the personal data; the personal data may be stored for longer periods, as long as the personal data will be processed only for the purposes archiving in the public interest, for the purposes of scientific or historical research or for statistical purposes, in accordance with Article 89 paragraph 1 and as long as the appropriate technical and organizational measures required by this regulation are applied to safeguard the rights and freedoms of the data subject ( "restriction of storage period").
-
They are processed in a way that guarantees the appropriate security of personal data, including their protection against unauthorized or unlawful processing and accidental loss, destruction or damage, using appropriate technical or organizational measures ("integrity and confidentiality").
Archive of processing activities
The Law Firm of Magriplis – Chalakatevakis & Associates keeps a record of the processing activities for which it is responsible. That file includes all of the following information:
-
the name and contact details of the controller and, where applicable, the joint controller, the controller's representative and the data protection officer;
-
the purposes of the processing,
-
description of the categories of data subjects and categories of personal data,
-
the categories of recipients to whom the personal data is to be disclosed or has been disclosed, including recipients in third countries or international organizations,
-
where applicable, the transfers of personal data to a third country or international organization, including the identification of said third country or international organization and, in the case of transfers referred to in Article 49 paragraph 1 second subparagraph, the documentation of the appropriate guarantees,
-
where possible, the prescribed deletion deadlines for the various categories of data;
-
where possible, a general description of the technical and organizational security measures referred to in Article 32(1).
Protection of personal data
Taking into account the nature, scope, context and purposes of the processing, as well as the risks of varying probability of occurrence and severity for the rights and freedoms of natural persons, The Law Firm of Magriplis – Chalakatevakis & Associates implements appropriate technical and organizational measures in order to ensure and be able to prove that the processing is carried out in accordance with the G.K.P.D., adopting and applying a holistic personal data security policy.
When assessing the appropriate level of security by The Law Firm of Magripli – Chalakatevakis & Associates, the risks deriving from the processing, especially from accidental or illegal destruction, loss, alteration, unauthorized disclosure or access to personal data transmitted, are taken into account in particular. stored or otherwise processed.
In order to prevent a personal data breach, the Law Firm of Magripli – Chalakatevakis & Associates as data controller has adopted and applies a policy against attacks on the information systems it owns and manages, as well as a specific policy for managing any personal data breach incidents.
Staff training
The Law Firm of Magriplis – Chalakatevakis & Associates accepts that the protection of personal data requires the awareness of its human resources regarding the protection of personal data. In this direction, it accepts the adoption and application of the principle of the orientation of due education by exploiting the Fair Information Practices (FIP), which condense a set of standards that govern the collection and use of personal data and the treatment of privacy issues and accuracy. The Law Firm of Magriplis – Chalakatevakis & Associates seeks to make its human resources aware of basic concepts of personal data protection.
Amendment
This policy may need modification regarding the processing of personal data. In the event that the modification of the terms in question is of such a nature and extent that it is not covered by the above data processing terms, the Law Firm of Magriplis – Chalakatevakis & Associates will publish the new version of the policy.
(Date of issue: 3/5/2023)