Clients' Data Protection Policy

Our firm collects, stores and processes personal data of our clients and their employees and representatives, such as name, contact details, job position and any other data deemed necessary in order to provide our services to you and to comply with legal obligations. We may also use personal data for sending our newsletters and updates, provided that the recipients have registered for receiving such emails or they do not object to such use.

The security of personal data is of utmost importance for us. We are committed to maintain the highest technical and organisational measures to protect the integrity, confidentiality and availability of personal data and to keep them secure against unauthorised access, misuse, disclosure, unlawful destruction or loss.

In principle, the legal bases for the processing of our clients’ and their employees’ and representatives’ personal data is the provision of our services and our compliance with legal obligations. Also, in some exceptional cases, we may use this personal data for the establishment, exercise or defence of legal claims or for the protection of an overriding legal interest of our firm relating to our business interests. When using personal data for marketing activities, the legal basis of the processing is the recipients’ consent or our clientele relationship.

We do not disclose personal data to any third party. By way of exception, we disclose personal data of our clients, their employees and representatives to competent public authorities and courts for the fulfilment of our legal obligations and for the exercise and defence of our rights, as well as to our trusted service providers and business partners (such as IT service providers, logistic providers, translation services providers, our affiliated accounting company “ZEYA Accounting S.A.”, other lawyers, etc.), but only to the extent necessary for the provision of their services to us and to our clients. All the above are processing personal data exclusively on behalf and under our firm’s written instructions and have no right to further use such data for their own benefit. In case that we need to transfer the personal data to service providers and business partners which are located outside the European Union and the European Economic Area, we will do so in full compliance with the data protection legislation and on the basis of an adequacy decision issued by the European Commission or other sufficient safeguards, including more importantly the execution of model clauses with the entities receiving the personal data, which ensure an appropriate level of protection of your personal data, or on the basis of our clients’ instructions and consent.

Our firm physically or electronically keeps – or stores with a third party – at its sole discretion – the personal data of its clients, employees and representatives for a maximum period of twenty (20) years as from the end of our cooperation, unless otherwise agreed with our clients. As regards any personal data retained by us for sending our newsletters and updates, we will store the personal data of the recipients until they withdraw their consent or following the termination of our relationship.

Pursuant to the General Data Protection Regulation and the applicable data protection laws, individuals have the right to request access to their personal data and to request rectification, erasure, restriction or objection to their processing. Individuals also have the right, under certain conditions, to request from us to receive their personal data in a structured, commonly used and machine readable format and to ask us to transmit them to another company suggested by them. You also have the right to withdraw your consent at any time either by selecting the unsubscribe link provided at the end of every marketing material you receive from us or sending a relevant request to the contact details provided below.

To exercise the aforementioned rights or for relevant questions in relation to the processing of personal data conducted by our firm and for withdrawing their consent from receiving our newsletters and updates, our clients are requested to send us a letter at Zepos & Yannopoulos, 280 Kifissias Ave., 152 32 Halandri, Athens-Greece, to the attention of the Head of Systems & Quality Department, or an email at data.protection@zeya.com. Our clients also have the right to lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr).