1.1. Omnes Legal being the trading name of A.I. Charatsis - V.I. Stasinopoulou Law Firm (hereinafter referred to as “Omnes Legal”, or “Omnes”, or the “Law Firm”) is an incorporated partnership of Lawyers regulated by the Greek Presidential Decree No. 81/2005 and Law 4194/2013, as currently in force, having its registered address at 7, Alexandrou Noutsou Str., 117 44 Athens, Greece, duly registered with the Athens Bar Association, and provides legal advice and assistance to its clients.
1.2. This GDPR Policy (hereinafter referred to as the “Policy”) sets out Omnes commitment to ensuring that any personal data, including special category personal data, which Omnes processes, is carried out in strict compliance with Data Protection Legislation. Omnes processes the personal data of both EU and non-EU citizens, while we are fully committed to ensuring that all the personal data that we process is done in accordance with Data Protection Legislation. Omnes ensures that best data protection practices are imbedded in the culture of our staff and our organisation.
1.3. All references to “our”, “us”, or “we”, herein are deemed to refer to Omnes.
2.1. This Policy applies to all personal data processed by Omnes in relation to its business activities (primarily clients, suppliers, employees, third-party independent contractors and all other involved parties) and is part of Omnes approach to compliance with Data Protection Legislation.
2.2. This Policy is explaining how Omnes uses the personal data collected by time to time from the use of our website and/or through other means such as our portal, software hardware, email and/or any other form of collection.
3.1. The following information explain the way in which we process your personal information when you contact us or use any of our services.
3.2. The information is categorised. You may therefore easily choose among categories of data processing and see the relevant information.
4. What data do we collect
4.1. If or when you provide information to us about any person other than yourself, you must ensure that they have been made aware of how their personal data will be used, and that they have given their consent for you to disclose it to us and for you to allow us to use it.
4.2. We collect the following data:
- Personal identification information such as name, employer, title, and/or position;
- Contact information including a physical address, email address and/or phone numbers;
- Financial information including credit/debit card numbers, bank account information and other invoicing and payment related information;
- Identification and background information provided by you or collected as part of our business acceptance processes (e.g., “Know Your Client – KYC” procedures);
- Profile information and technical information such as: (a) your IP address from your visits to our website and/or (b) browser information, device type and settings, time zone settings, operating system and platform etc. and/or (c) in relation to electronic communications or as a result of the request for the provision of any service to you and/or (d) information about your preferences in receiving newsletters, your communication preferences and information about how you use our website(s), including the services you viewed or searched for, page response times, download errors, length of visits and page interaction information (for more information please refer to our Cookies Policy).
- Information provided to us in the context of our employment relationship with you and/or of our collaboration with you as independent contractor, freelancer and/or free agent, and/or any other relationship related to the provision of independent services.
- Any other personal information provided to us by or on behalf of our clients and/or generated by us in the course or providing services to them, which may include special category data.
- Any information relating to you, you may provide us with, or we collect when you contact or interact with us.
- Any information provided to us from others in the context of providing legal services.
5. How do we collect your data
5.1. The personal data that we collect is any information that is, directly or indirectly, relating to an identified or identifiable individual.
5.2. This information is gathered through various channels directly or indirectly, such as:
- When we provide services to you, for example when you request the provision of any legal service from us (e.g., contacting via e-mail or phone, visiting our website, subscription to our newsletter, signing-up, signing-in and/or logging-in to our website, client portal, software and/or hardware);
- When you submit to us employment or collaboration applications with you as independent contractor, freelancer and/or free agent via e-mail, our website and/or through our independent contractor portal, namely the Omnes Pool (hereinafter referred to as the “Omnes Pool”);
- When you have asked us for information;
- When your data is included in, legal advice we are asked to provide to that third party;
- When you make any request or provide any information relevant to your request;
- When you represent a natural or legal person;
- When you voluntary provide personal information to us, for example for the completion of a survey;
- From other companies, organisations and/or authorities (e.g., in the exercise of our duties your data is communicated to us by regulators or law enforcement bodies);
- When your information is contained in documents submitted to us by other controllers or processors in the context of the provision of our services or otherwise;
- When monitoring our Website, client portal, case management hardware and/or software;
- We may also collect personal information that are publicly available (such as business registries, land registries, social media etc.)
5.3. We need to collect personal information in order to provide the requested services. If you do not provide the information requested, we may not be able to provide our legal services to you. If you disclose to us any personal information relating to other people or to our service providers in connection with the services, you represent that you have the authority to do so and to permit us to use the information in accordance with the Policy.
6. How do we use your data (purpose of processing)
6.1 We use your personal information mainly for reasons such as:
- To conduct business and provide to you with the information, advice or legal services you have requested;
- For the performance of contractual obligations and/or their preparation;
- To administer and monitor our relationship (e.g., business acceptance, conflict checks, accounting, auditing purposes, confirm legal representation of our counter parties);
- To respond to your inquiries and fulfil requests (e.g., when you send us queries, clarification requests, complaints, etc.);
- For internal and/or external customer administration, case management and business purposes;
- To respond to requests relevant to the processing of your personal data;
- To fulfil our business legal and regulatory requirements (e.g., exercise or defend legal rights, protect the security of our communications and other systems and to prevent and detect security threats, frauds or other criminal or malicious activities);
- To process employment and/or collaboration applications with you as independent contractor, freelancer and/or free agent.
- To accomplish business purposes (e.g., for data analysis to improve our legal services, for efficient case management purposes when providing our legal services to clients, for audits, for fraud and monitoring purposes, to meet legal and regulatory obligations etc.);
- To provide access to the features of our Website (e.g., the Omnes Pool), and/or to provide access to client portal, case management hardware and/or software and monitor their use, fulfil registration requests, send/receive newsletters, publications, legal updates or other material from us (if you have provided the relevant consent), provide you information about our services or news about Omnes etc.;
- When participating in anonymous aggregated statistics, or when collecting feedback on our services and practice and/or when we participate in legal directories and other publications and/or in order to measure our performance and to improve and promote our services.
6.2. We request that you do not provide and do not disclose to us any Special Categories personal data, unless it is absolutely necessary.
6.3. The services are not directed to individuals under the age of eighteen (18), and we do not knowingly collect personal information from individuals under the age of eighteen (18). We may process personal information of minors, provided that consent is given or authorised by the holder of parental responsibility over the minor or it is required in the context of offering a service to our clients or receiving a service from one of our providers.
7. Use of personal data (lawful basis)
7.1. Further to the aforementioned, we use your personal information in the following ways:
(a) Based on our contractual relationship:
- to provide to you with the information or services you have requested;
- to respond to your inquiries and fulfil requests (e.g., when you send us queries, clarification requests, complaints etc.);
- to communicate with you via e-mail, phone and/or through client portal, case management hardware and/or software;
- in order to register you as clients, to provide and administer legal services either physically and/or remotely via email, phone, client portal, case management hardware and/or software, and/or to process invoicing, payments and other monetary transactions;
- to conduct business and provide legal advice and services to you, either independently and/or through our well-established network of independent contractors;
- to administer and monitor our business relationship;
- process employment and/or collaboration applications with you as independent contractor, freelancer and/or free agent;
- for internal and/or external customer administration and business purposes.
(b) Based on our legal obligations:
- to respond to requests relevant to the processing of your personal data;
- to exercise or defend legal rights, protect the security of our communications and other systems and to prevent and detect security threats, frauds or other criminal or malicious activities;
- for fulfilling our business legal and regulatory requirements
(c) Based on our legitimate interest:
- for accomplishing business purposes;
- for ensuring efficient case management via client portal, software and/or hardware, during all phases of our legal services to our clients;
- for data analysis to improve our legal services;
- for audits;
- for fraud and monitoring purposes;
- to meet legal and regulatory obligations etc.
(d) Based on your consent:
- to provide access to specific features of our Website (e.g., the Omnes Pool);
- to provide access to the client portal, case management software and/or hardware;
- to fulfil registration requests;
- to provide newsletters, publications, legal updates or other material from us;
- to provide you information about our services or news about Omnes etc.
7.2. Please also see above Section under the title “How we use your data”.
8. Storage and retention of personal data
8.1. Omnes does securely store the personal data on our secure servers within the European Union (EU).
8.2. Your personal information is retained for the applicable period of time, depending on the purpose(s) for which they have been obtained and according to the applicable legislation. For the determination of the retention period certain criteria are being followed, such as: (a) if there is an ongoing relationship between us or (b) a legal obligation to which we are subject or (c) any retention period required by the law or (d) provision of consent etc.
8.3. Omnes shall retain the personal data, if there are any pending or upcoming dispute before the court or any other legal proceedings, until these proceedings are finally concluded, regardless of when and how.
8.4. The personal information shall not be kept in a form which permits identification of data subjects for longer than is necessary for the purposes for which the personal data are processed. Personal data may be stored for longer periods as long as the personal data will be processed solely for archiving purposes following the requirements of the law
9. Disclosure and Transfer of personal data
9.1. As a principle, the personal data that we collect shall not be transferred to and/or stored at third countries outside the European Economic Union (“EEA”).
9.2. However, in certain cases, for example due to legal obligations (such as requests from authorities) and/or in order to efficiently perform our legal services through hardware and/or software, and/or in order to handle your requests, your personal data shall be transferred to third countries. In such cases all the legislative requirements will be followed to ensure the security of your personal information.
9.3. We may disclose your personal data to:
(a) third parties, including service providers that we retain in the course of the legal services we provide, such as foreign legal advisors, for obtaining foreign legal advice, translators, court bailiffs, couriers, mediators, financial & technical experts, and other necessary servicers;
(b) courts, law enforcement and other public authorities, government officials or attorneys or other parties, where it is reasonably necessary for the establishment, exercise or defense of a legal claim, or for the provision of our legal services, or for the purposes of alternative dispute resolution process or upon request;
(c) third parties who provide services to us, such as information technology (IT) services, hardware, software and cloud services, services of carrying out research and analysis. However, it should be noted that these third parties are not allowed to use this information or to share it for any purpose whatsoever other than to provide services to us;
(d) third parties when participating in aggregated statistics about your use of our Website, portal, hardware and software;
(e) third parties for the purposes of collecting feedback on our services and practice, when we participate in legal directories and other publications or in order to measure our performance and to improve and promote our services.
9.4. Your data may also be communicated to the processors with which Omnes cooperates to support its systems or to provide its services. The processors may not further process your personal data, unless we have explicitly instructed them to do so, nor to transfer your personal data to third parties.
10. Data subject rights
10.1. Omnes has processes in place to ensure that it can facilitate any request made by an individual to exercise their rights under data protection law. All staff have received training and are aware of the rights of data subjects. Staff can identify such a request and know who to send it to.
10.2. All requests will be responded without undue delay and within one (1) month of receipt to the extent possible, following the verification of the requestor (if required). Omnes will notify in writing on the satisfaction or the reasons that prevent the satisfaction of a request within the deadline. The deadline, following a relevant notice, may be extended by two (2) more months in case Omnes receives a large number of requests simultaneously or due to the complexity of the request. The requested information will be provided at no cost, unless the requests from a data subject are manifestly unfounded, excessive or repetitive. In such case we may charge with a reasonable fee or refuse to act on the request.
11. Subject access: The right to request information about how personal data is being processed, including whether personal data is being processed and the right to be allowed access to that data and to be provided with a copy of that data along with the right to obtain the following information:
- the purpose of the processing;
- the categories of personal data;
- the recipients to whom data have been disclosed or which will be disclosed;
- the retention period;
- the right to lodge a complaint with the Hellenic Data Protection Authority;
- the source of the information if not collected directly from the subject; and
- the existence of any automated decision making.
12. Rectification: The right to allow a data subject to rectify inaccurate personal data concerning them.
13. Erasure: The right to have data erased and to have confirmation of erasure, but only where:
- the data is no longer necessary in relation to the purpose for which it was collected; or;
- where consent is withdrawn; or
- where there is no legal basis for the processing; or
- there is a legal obligation to delete data.
14. Restriction of processing: The right to ask for certain processing to be restricted in the following circumstances:
- if the accuracy of the personal data is being contested; or
- if our processing is unlawful, but the data subject does not want it erased; or
- if the data is no longer needed for the purpose of the processing, but it is required by the data subject for the establishment, exercise or defense of legal claims; or
- if the data subject has objected to the processing, pending verification of that objection.
15. Data portability: The right to receive a copy of personal data which have been provided by the data subject and which is processed by automated means in a format which will allow the individual to transfer the data to another data controller. This would only apply if Omnes was processing the data using consent or on the basis of a contract.
16. Object to processing: The right to object to the processing of personal data relying on the legitimate interests processing condition, unless Omnes can demonstrate compelling legitimate grounds for the processing which override the interests of the data subject or for the establishment, exercise or defense of legal claims.
17. Right to report to Supervisory Authority: Should you be not satisfied from the provision of our response following the exercise of your rights in regard to your personal data or if you remain dissatisfied with the way we process your personal data, you have the right to report to the Hellenic Data Protection Authority (“HDPA”) at the following:
Hellenic Data Protection Authority Offices: 1-3 Kifissias, 115 23 Athens, Greece
Call Centre: +30-210 6475600 | Fax: +30-210 6475628
Omnes will facilitate any request from a data subject who wishes to exercise their rights under data protection law as appropriate, always communicating in a concise, transparent, intelligible and easily accessible form and without undue delay.
18. Special Categories of personal data
18.1. The Special Categories of data include the following personal data revealing:
- racial or ethnic origin;
- political opinions;
- religious or philosophical beliefs;
- trade union membership;
- the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person;
- an individual’s health;
- a natural person’s sex life or sexual orientation; and
- criminal convictions or offences.
18.2. Omnes processes special category data of clients and third parties as necessary in order to provide legal services for the establishment, exercise or defense of legal claims, provided that the conditions set out in Article 9 of GDPR are met.
18.3. We request that you do not provide and do not disclose to us any Special Categories personal data, unless it is absolutely necessary.
19. Children’s data
19.1. We do not provide services directly to minors, nor do we collect proactively their personal data. However, we are sometimes provided with children’s data for the provision of services.
19.2. In so far, as they relate to these cases, the present information applies just as much to minors as to adults. This Policy is written in simple language, so that a person at least fifteen (15) years of age can understand its main points.
20. Cookies/Log files
20.1. During your visit to our Website, certain data are automatically collected from our server and recorded in log files. Please refer to our Cookies Policy for more information on the type of data collected.
20.2. The purpose of storing this information is to check the security of the information and services of our Website, to ensure the possibility of investigating any online attacks and incidents and to support any relevant legal claims.
20.3. The legal basis for the above processing is Article 6 (1) (f) of the GDPR, which allows us to process data when it is necessary for the purposes of the legitimate interests pursued by Omnes.
20.4. The logs shall be kept for a period of twelve (12) months and may be notified to the processing company for the purpose of managing the Website and to the competent authorities, if necessary, to investigate any online attack and incident. The information investigated or used in the context of legal claims shall be kept for the period required for those purposes.
21. GDPR Policy and other websites
Omnes Website may contain links to other third-party websites. Our GDPR Policy applies only to our website. If you click a link to another website, please read their privacy policies.
Omnes are continuously ensuring that:
(a) Personal data is stored securely using modern software that is kept up to date;
(b) Access to personal data shall be limited to personnel who need access and appropriate security is in place to avoid unauthorised sharing of information;
(c) When personal data is deleted, this is done safely so that the data is irrecoverable;
(d) Appropriate back-up and disaster recovery solutions are in place.
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data, Omnes shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the Hellenic Data Protection Authority and/or the data subjects, as required by the Data Protection Legislation
24. Contact information
24.1. If you want to contact us with queries, requests or additional information regarding your personal data protection and/or regarding the exercise of your rights, you can contact us at email@example.com. To exercise any of the above rights, we advise you to ask copy of our “Data Subject Request Form” and submit it to us.
24.2. You can also contact us by post at the following address: 7, Alexandrou Noutsou Str., 117 44 Athens, Greece. Please make a note on the subject/envelope “To the attention of the Responsible Person for personal data”.
25. Monitoring and review
25.1. We keep this Policy under regular review to make sure it is up-to-date and accurate.
25.2. We may change this GDPR Policy from time to time. Any changes we may make to our GDPR Policy in the future will be posted on this page.