This Data Protection Policy is because we really care about your privacy!
It explains how we collect and use your personal data. Please read it carefully.
Please note "Personal data" in this Data Protection Policy has the same meaning as in the EU General Data Protection Regulation 2016/679/EU (GDPR). Personal data is any type of data from which someone else would be able to identify you as an individual.
Who we are
E.G. Arghyrakis & Co. is a law firm specialised in maritime law and shipping related matters. In this capacity we can collect, process and store personal data on behalf of our clients, our employees, our suppliers/business associates and those who expressed their interest in our seminars, events and publications.
We will only keep your personal data for as long as necessary to fulfil the purposes for which we collected and continue to process it, and to satisfy any legal, accounting or reporting requirements.
How we collect your personal data
If you have received correspondence from us, we may have procured your data in one of the following ways:
How we process personal data
- You have requested information from E.G. Arghyrakis & Co. on a previous occasion.
- We have provided our legal service to you or we have worked together in the past.
- We have previously met face-to-face at an event and your business card or contact details were handed to us willingly.
- You or a third party has expressly shared your contact details with us for the purpose of receiving information now and/or in the future.
- By accessing public resources, e.g. Companies House.
- We have received your personal data from a third party with your consent, e.g. consultants and other professionals we may engage in relation to your matter or your employer or your professional body.
- We also automatically receive and record information on our server logs from your browser including your IP address, cookie information and the pages on our Website you visited.
Under the GDPR, we can only use your personal data if we have a proper reason for doing so, e.g.:
- Consent – you have given clear consent for processing personal data for a specific purpose.
- Contract – the processing is necessary for a contract with you or because you have asked for specific steps to be taken before entering into a contract.
- Legal Obligation – the processing is necessary in order to comply with the law.
- Legitimate Interests – the processing is necessary for legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual's personal data which overrides those legitimate interests1.
E.G. Arghyrakis & Co. will only use your personal data in the following ways:
- We process data for business and marketing purposes belonging to clients, former clients, prospective clients and target organisations we would like to do business with, regarding our law firm and related services.
- We process supplier data and business associate data in order to carry out our activities.
- We process employee and prospective employee data in order to recruit, employ, pay and retain/develop our workforce.
- We process business contact enquiries to fulfil requests for certain services and information.
- We process business contact data to carry out our obligations arising from any contracts we enter into with you.
- We process business contact data to comply with our legal and regulatory obligations, e.g. conducting checks to identify our clients and verify their identity; screening for financial and other sanctions or embargoes; gathering and providing information required by or relating to audits, enquiries or investigations by regulatory bodies and also relating to the audit of our accounts; other processing necessary to comply with health and safety regulation or rules issued by our professional regulator.
- We process business contact data to process payment from you.
- We process business contact data to request feedback from you on the services we provide.
- We process business contact data to notify you of changes of our Terms of Business.
- We process employee personal information to comply with the law.
Data Storage and Security
Information may be held at our offices and those of our third party agencies, service providers, representatives and agents.
Some of these third parties may be based outside the European Economic Area (EEA).
We are committed to making sure that your personal information is kept secure. In order to prevent unauthorised access or disclosure and to protect against loss we use up-to-date industry procedures to keep personally identifiable information as safe and secure as possible.
Transferring your personal data out of the EEA
To deliver services to you, it is sometimes necessary for us to share your personal data outside the EEA (e.g. with your and our service providers located outside the EEA; if you are based outside the EEA; where there is an international dimension to the matter in which we are advising you).
These transfers are subject to special rules under European and UK data protection law.
Non-EEA countries may not have the same data protection laws as the United Kingdom and EEA. We will, however, ensure the transfer complies with data protection law and all personal data will be secure. Our practice is to use standard data protection contract clauses which have been approved by the European Commission. To obtain a copy of these clauses, please visit this web page.
How Long Do We Keep Hold of Your Personal Data?
Do We Share or Disclose Your Personal Information?
- We hold clients' contract data, correspondence and contact details on our system through the period of our contract and up to 6 years after a file is closed as per Terms of Business. We keep our clients' personal data under the legal basis of GDPR of 'legitimate interests'.
- For prospective clients and entities we wish to do business with, we hold contact details for marketing purposes and, after obtaining their consent, we guarantee that we will update and keep this data accurate indefinitely, unless the data subject asks for it to be obfuscated or removed in line with their rights under GDPR.
- We hold employee and perspective employee data on our HR system. We hold this data for the purposes of recruitment and employment. We hold the data of successful candidates as long as their employment contract lasts and for 6 years following their departure.
- We hold the personal data of suppliers and business associates for as long as their contract with us to supply goods and services lasts. We may hold onto their details afterwards indefinitely in case we ever want to purchase products or services from them again in the future, including correspondence relating to the levels of product quality and service quality we had received from them.
E.G. Arghyrakis will not sell or rent your personal information to anyone. All the personal information we hold about you will be processed by our staff in the UK. We will send personal information about you to associated firms or other companies or people only when:
Your Rights Under GDPR
- we have your consent to share the information.
- we need to send the information to companies who work on behalf of E.G. Arghyrakis & Co to provide a product or service to you (unless we tell you differently, these companies do not have any right to use the personal information we provide to them beyond what is necessary to assist us).
- we respond to subpoenas, court orders or legal process.
Please find below the description of your rights under GDPR. If you would like to exercise any of them you should send your Subject Access Request to firstname.lastname@example.org. Please ensure that you provide as much detail as possible about the personal information you wish to see/change etc. and provide necessary proof of identification to enable us to deal with your request promptly.
You also have the right to complain to the applicable data protection Supervisory Authority, but please contact us first so that we can address your concerns. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113.
- The right of access
You have a right to access your personal information at any time if you wish to see what personal information we hold about you and how we are using it so you can be satisfied it is being processed lawfully. You can ask for copies of this information and we will usually provide it free of charge and within one month of the date we receive your request (unless there are exceptional circumstances when we may then charge a reasonable fee to cover administrative charges or advise you that we require longer to deal with your request).
- The right to rectification
The GDPR includes a right for individuals to have inaccurate personal data rectified, or completed if incomplete. If you believe the personal data we hold about you is incorrect, please let us know on email@example.com, and we will respond to the request within one month.
- The right to erasure
If you make a request for deletion, in certain circumstances we will remove any data we hold about you from our system. We will process your request within one month.
- The right to restrict processing
You may request the restriction or suppression of your personal data in certain circumstances. Requests for restricting processing will be dealt with within one month of receiving the request.
- The right to data portability
You may ask to receive your personal data in a structured, commonly used and machine readable format, e.g. as CSV files. However, we are not required to adopt or maintain processing systems that are technically compatible with other organisations. The data itself must be provided free of charge, however as a processor we have the right to charge for our time spent making the data available.
- The right to object
You have the right to object to your personal data being used for direct marketing (including profiling); or in certain other situations you may object to our continued processing of your personal data, e.g. processing carried out for the purpose of our legitimate interests.
- Rights in relation to automated decision making and profiling
You have the tight not to be subject to a decision based solely on automated processing (including profiling). However, we do not carry out automated decision making or profiling.
For further information about GDPR, our duties and your rights, please visit the ICO website www.ico.org.uk