General information for our firm

This privacy policy aims to inform you about the way we process your personal data, according to article 13 of 2016/679 GDPR. Respecting your personal data and your privacy, we inform you that the protection of your personal data constitutes a constant commitment for us. This privacy policy informs you about how we protect your personal data as a client, a potential client, a visitor or user of our website, and it informs you about your rights and the way you are protected by the Greek and European legislation. Data controller is the lawyer Chris Papoutsis, as it is described below.

Name: Christos Papoutsis (Law Office)

Address: Thessaloniki, Fragkon 19 Str, PC 54625

Contact details: / tel. 2310517495

On this website, the terms “our office, our firm, we, us” refer to Chris Papoutsis & Associates Law Office.


General Definitions

Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

Sensitive personal data or special categories of personal data are data such as religious, ideological, political opinions or actions, information for health, gender, or biometric elements, the race and national origin, records or sanctions administrative or criminal nature.

Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

Data archive is every structured amount of personal data, which are accessible in a way that enables the recognition of the data’s subject.

Data controller is the legal or natural person who decides the purpose and means of personal data processing.

Data processor is the legal or natural person who processes personal data on behalf of the data controller.


Modification of privacy policy

This edition has been drafted in 15.1.2019 and is subject to future modifications, due to compliance procedure with GDPR. This edition substitutes all the previous publications or notifications by us.

This declaration replaces all the previous notifications which we potentially provided in the past, regarding our information practices. We reserve the right to change this policy and implement any change in collected information, as provided by law.

If there are essential changes in this policy or our practices regarding information will be modified in the future, we will notify you by publishing the changes on our website.

It is important for us, your collected by us personal data to be precise and valid. By this policy, we ask you to inform us about any change of your personal data during our professional cooperation.

Our firm can modify this Privacy Policy in order to be able to harmonize with the over time applying practices of personal data protection. Each time we change this Privacy Policy, we will modify the update date on the top of this Policy. We encourage you to occasionally read carefully this Policy, in order for you to be informed about the way our firm protects your data.


Processing location

Our base is in Greece, and therefore all kinds of processing take place in Greece.


Processing purposes and legal bases

Our firm processes personal data for professional and legal purposes, as it is a law firm providing legal services at a judicial and consulting level. In order to provide adequate legal services, our firm is de facto obliged to maintain the client’s personal data in the most secure way. For this reason, we maintain the data only as long as it is necessary, and only for the period of time which is provided by law. We maintain these data for the purpose of performance of the legal contract, which applies between lawyer and client. In the framework of this contract of legal mandate, it is also included, the safe storage of documents containing personal data, which takes place mostly through cloud storage by third well-known companies, which provide the strongest possible safety and compliance to the GDPR requirements. By this way, we are able to maintain the data safe, in order for  them to be available for judicial and out of court exercising of the client’s rights and claims, for the purpose of safe and integrated performance of legal mandate, between lawyer and client.

In our office we process your data for different purposes:

-In order to provide you legal services, according to our informal contract of mandate.

-In order to process the requested services and keep you informed about the progress of your request or your case.

-In order to invoice you for the use of our services or to integrate the payment of your financial obligations.

-In order to answer to your questions or concerns regarding the provision of our legal services.    

-In order to inform you about potential legislative progress of general interest in the framework of our constant cooperation.

-In order to maintain in a secure way your data, so that they are available during the draft of legal documents and for judicial or out of court exploitation in the framework of performance of the contract of mandate.

In the framework of these purposes we may collect data such as: name, identification data, date of birth, address, email address, telephone number, as also data included in the judicial decisions you provide us or legal documents. These data are being collected in many ways such as via phone, via email, verbally during the meeting.


Processing legal bases

Our firm collects and processes your personal data in the framework of performance of legal mandate contract. You can visit the section “your rights” of this Policy for more information.

Contract performance

Our firm processes personal data of its mandators, in order for he contract of legal mandate to be performed, and in the framework of which, the processing of personal ID and communication data of mandator is necessary. These data, indicatively the name, identification data, phone number, date of birth, email address, are being collected in order for the contract of mandate to be completely performed, in the framework of which the timely coordination with the mandator, as also the judicial or out of court exploitation, is necessary.  

Compliance with legal obligation

Regarding the collection of your personal data, our firm collects personal data when:

-You request a legal service, via phone, email or in person.

-It provides services to you.

-You ask for information about a service, or you contact us for submitting questions or complaints.

-We request data regarding each case, in the framework of which personal data may be included, in order for the provision of legal services to be enabled, in a judicial or out of court level.



Our website operates just and only with the necessary cookies, which are needed technically for the use and visit of it.



The personal data in the framework of secure performance of contract are notified to the well-known companies having the secure cloud storage of data as their professional purpose. All of the safe storage of data companies maintain an exclusive or parallel base in European Union and are compliant with the requirements of GDPR. Also, the data of invoicing of legal services are notified to the tax authorities.


International transfers to third countries

There are no transfers to third countries out of the European Union, as we don’ t have such purposes. Exceptionally, it is simply defined that some of the cloud companies, which store data in the most secure way and under the provision of GDPR, may have a base not only in the European Union, but also in USA, under the provision of Privacy Shield. In any case, they are subject to the legislation GDPR.         


Data storage period of time

The personal data, are being collected only for the period of time that is necessary. Our firm implements a strict policy of data maintenance and revision, in order for them not to be maintained beyond the necessary period of time, in accordance with the directives of  the Bar Associations. Our firm also stores the basic personal data, needed for accounting and tax consulting purposes, for the specific period of time, as provided by law, namely for 10 years at least.


Subject’s rights

As a subject of processed personal data you maintain the following rights:

-The right to access your personal data, and if they are being processed by us, as a data controller, also to the purposes of processing, the categories of data, the receivers or the categories of the receivers (article 15 GDPR).

-The right to rectify inaccurate data, as also to complete incomplete data (article 16 GDPR).

-The right to erase your personal data, without prejudice to the obligations and the legal rights of our firm for their maintenance, according to the respective legislation (article 17 GDPR).

-The right to restriction of data processing, if their accuracy is being challenged, or the processing is unlawful, or the purpose of processing has been concluded, provided that there is not a legal reason for maintaining them (article 18 GDPR).

-The right to data portability to another data controller, provided that the processing is based on your consent and is being carried out by automated means. The fulfillment of this right takes place without prejudice to the legal rights and obligations or our firm for maintaining the data and the fulfilment of a duty to public interest (article 20 GDPR).

-The right to object for reasons as to your special condition in case your personal data are being processed for the fulfillment of a duty, exercised for the public interest or for the purposes of legal interests pursued by our firm or a third party (article 21 GDPR).



You will not have to pay any fee or tax in order to have access to your data (or to exercise any other rights of yours). Nevertheless, we maintain the right to charge a reasonable fee if your request is obviously unfounded, repeated or abusive. Otherwise, we maintain the right to deny to comply with your request in these cases.


Withdrawal of consent

If there is going to be exceptionally a category of processing, based potentially on consent, in this theoretical case, you can withdraw your consent any time, if the processing of personal data is based on your consent. Nevertheless, this is an action which will not affect the lawful processing taken place before your withdrawal. If you withdraw your consent, maybe we will not be able to provide specific services to you. In this case, we will inform you accordingly at the time of your withdrawal.


Obligation for data providing

As it is well understood, the performance of legal mandate contract would be impossible, without taking measures for maintaining the data, such as using cloud services, as also, without the collection of personal data the mandator’s judicial exercise and claims in a judicial and out of court level would be impossible, and additionally there would be reasonable concern regarding the loss of data. The provision of data by you, needed for collection as provided by accounting and tax legislation, constitutes a legal obligation, while in case of not providing the tax data, the tax legislation would be violated respectively, and this would have as a result the danger of state sanctions.


Targeted advertising

Our legal firm does not deal with targeted advertising to specific people, neither is processing data for the purpose of profiling.


Submitting a complaint

Every request of yours, concerning your personal data and the exercise of your rights has to be submitted written and to be sent either to, or to be handed over to our office. A special form for the exercise of your right to access to your data, is available in our office. A denial by our office or an unjustified delay as to the satisfaction of your requests, provides you the right to resort to the Data Protection Authority, as the competent supervising authority for the implementation of GDPR. In any case, you maintain the right to submit a complaint to the competent supervising authority, if you consider that the processing of your personal data is being conducted in breach of the applying legislation. You can find respective information on the website In case of any kind of question or concern, you can firstly address to us, using our contact data, in order to enable us to manage the questions before involving the above-mentioned authority.