Privacy Policy
Last updated: 04 May 2026
1. Who We Are
This Privacy Policy is issued by Bahas Gramatidis & Partners LLP (the “firm”, “bahas gramatidis”, “we”, “us”, “our”), an incorporated partnership of lawyers registered with the Athens Bar Association under Registration No. 80032, with registered office at 26 Filellinon Street, Athens, 105 58, Greece. The firm operates in accordance with Presidential Decree 81/2005 and Law 4194/2013 (Greek Code of Lawyers), as currently in force.
Bahas Gramatidis & Partners LLP is the Data Controller of the personal data described in this Policy, within the meaning of Regulation (EU) 2016/679 (the “GDPR”) and applicable Greek data protection legislation, as currently in force.
For any questions about this Policy or to exercise your rights, please contact us at privacy@bahagram.com.
2. Scope of This Policy
This Privacy Policy governs the personal data we collect and process in connection with this website. It applies to website visitors, to individuals who contact us through the website or subscribe to our communications, and to prospective candidates who submit a job application, whether through our online form, by email, or through other communication channels.
It does not govern the personal data we collect and process in the course of providing legal services to our clients. At the commencement of an engagement, clients and their representatives receive either a separate privacy notice or a specific data processing clause within our engagement letter. If you are or become a client of bahas gramatidis and have questions about how we process your personal data in that context, please contact us at privacy@bahagram.com.
We may update this Policy from time to time. Material changes will be notified by posting the revised version on this page with an updated date. We encourage you to review this page periodically.
3. What Personal Data We Process and for What Purposes
3.1 When you browse this website
When you visit this website, certain technical information is automatically collected by our server and through cookies. This includes your IP address, browser type, device type, operating system, the time, date and duration of your visit, and the referring URL. The legal basis for processing this data is our legitimate interest in maintaining the security and proper functioning of the website. For the collection of usage statistics through Google Analytics, we rely on your consent, provided through our cookie banner. For further details, please refer to our Cookie Policy.
3.2 When you contact us
If you submit an enquiry through the contact form on this website, or contact us directly by email, we will collect your name, contact details, and the contents of your communication. We process this information in order to respond to your enquiry and, where applicable, to carry out the initial steps that may precede a formal engagement. The legal basis for this processing is our legitimate interest in properly handling enquiries submitted to the firm. We retain this data for as long as necessary to address your enquiry and, where the enquiry leads to an engagement, in accordance with our client engagement terms.
Making contact through this website or by email does not of itself create a lawyer-client relationship or impose any obligation of confidentiality on the firm in respect of that communication. We refer you to our Terms of Use for further detail.
3.3 When you subscribe to our newsletter or legal updates
If you subscribe to our newsletter, client alerts, or legal updates through the subscription form on this website, we will collect your name, professional role, email address, and any areas of law or sectors you indicate as being of interest. This information is used to send you the communications you have requested, such as newsletters, event invitations, and updates, and to manage your subscription preferences. The legal basis for processing this data is your consent, provided through the opt-in mechanism on the subscription form. You may withdraw your consent at any time, either by clicking the “unsubscribe” link included in any communication we send you, or by emailing us at privacy@bahagram.com. In that case, we will remove your personal data from our database and will no longer send you newsletters or similar communications.
3.4 When you apply for a position
If you submit a job application through the application form on this website, we will collect the personal data contained in your application and CV, including your name, contact details, educational background, professional history, and any other information you choose to provide. We process this data on the basis of our legitimate interest in properly evaluating your application and, where the application leads to an offer, to take the steps necessary to formalise an employment or training arrangement.
If you are not selected for the specific role but your profile meets the firm’s standards, we will retain your CV for a period of one (1) year so that we may consider you for future opportunities. At the end of that period, your data will be securely destroyed. You may ask us to delete your CV at any time by emailing privacy@bahagram.com.
4. Who We Share Your Personal Data With
We may disclose your personal data with our trusted service providers, such as IT providers and other professional agencies , who act on behalf and under the instructions of our law firm and are bound to comply with all necessary technical and organizational measures for the protection of your personal data.
5. International Transfers
As a general principle, we store and process personal data within the European Economic Area (EEA). Where we transfer your personal data to service providers located outside the EEA, we ensure that such transfers are subject to appropriate safeguards under Chapter V of the GDPR, including:
• Adequacy decisions of the European Commission (Article 45 GDPR);
• Standard Contractual Clauses approved by the European Commission (Article 46 GDPR); and
• the EU–US Data Privacy Framework, where applicable.
6. Legal Professional Privilege and Confidentiality
In addition to the protections afforded by data protection law, Bahas Gramatidis & Partners LLP is subject to strict professional confidentiality obligations under the Greek Code of Lawyers and the rules of the Athens Bar Association. All lawyers of the firm are bound by legal professional privilege in respect of information entrusted to them by clients, and this obligation extends to the firm’s employees and collaborators.
These professional obligations operate alongside and independently of the firm’s obligations as a data controller under the GDPR, and provide an additional layer of protection for information shared with the firm in a professional context.
7. How We Protect Your Personal Data
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, alteration, or disclosure. These measures include access controls, encryption of data in transit, and regular review of our information security practices.
Personal data is accessible only by those members of the firm and its service providers who require access for the purposes described in this Policy, all of whom are subject to confidentiality obligations.
In the event of a personal data breach that poses a risk to the rights and freedoms of individuals, we will notify the Hellenic Data Protection Authority without undue delay and, where required, will notify the affected individuals directly.
Whilst we take all reasonable steps to protect personal data transmitted to us electronically, no method of internet transmission is entirely secure. You transmit data to us via the internet at your own risk.
8. Your Rights
Under the GDPR and applicable Greek data protection legislation, you have the following rights in relation to your personal data. To exercise any of these rights, please contact us at privacy@bahagram.com. We will respond within one month of receipt, which may be extended by a further two months where the request is complex or where we receive multiple requests simultaneously. We will notify you of any such extension.
| Right | What it means in practice |
| Access (Art. 15) | You may request confirmation of whether we process your personal data and, if so, a copy of that data together with information about how it is processed. Before disclosing any personal data to you, we may request verification of your identity. |
| Rectification (Art. 16) | You may request that we correct any inaccurate or incomplete personal data we hold about you. |
| Erasure (Art. 17) | You may request that we delete your personal data where it is no longer necessary for the purpose for which it was collected, where consent has been withdrawn, or where there is no other lawful basis for continued processing. This right is subject to our legal and regulatory retention obligations. |
| Restriction (Art. 18) | You may request that we restrict processing of your personal data in certain circumstances, for example where you contest its accuracy or have objected to processing pending verification. |
| Portability (Art. 20) | Where processing is based on consent or a contract and is carried out by automated means, you may request that we provide your personal data in a structured, commonly used, and machine-readable format. |
| Object (Art. 21) | You may object at any time to processing based on legitimate interests, including for direct marketing and business development communications. Where you object to direct marketing, we will cease processing for that purpose immediately. |
| Withdraw consent | Where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before the withdrawal. |
We will not charge a fee for responding to requests unless they are manifestly unfounded or excessive, in which case we reserve the right to charge a reasonable fee or decline to respond. We may need to verify your identity before acting on a request.
9. Right to Lodge a Complaint
If you consider that our processing of your personal data infringes the GDPR or applicable data protection law, you have the right to lodge a complaint with the competent supervisory authority. In Greece, the competent authority is:
Hellenic Data Protection Authority (HDPA)
1–3 Kifissias Avenue, 115 23 Athens, Greece
T: +30 210 647 5600 · F: +30 210 647 5628 · contact@dpa.gr
www.dpa.gr
We would welcome the opportunity to address any concern before you approach the HDPA. Please contact us first at privacy@bahagram.com and we will do our best to resolve the matter promptly.
10. Cookies
This website uses cookies. For full information about the cookies in use, the purposes for which they are deployed, and how to manage your preferences, please refer to our Cookie Policy, which forms part of our suite of legal notices published on this website.
11. Contact
For any questions about this Policy, to exercise your rights, or to raise a concern about our use of your personal data:
Bahas Gramatidis & Partners LLP
26 Filellinon Street, Athens, 105 58, Greece
privacy@bahagram.com
© Bahas Gramatidis & Partners LLP. All rights reserved.