Privacy Policy

The following information explain the way in which we process your personal information when you contact us or use any of our services.

The information is categorised. You may therefore easily choose among categories of data processing and see the relevant information.

What data do we collect

  • Personal identification information such as name, employer, title, or position.
  • Contact information including a physical address, email address or phone numbers.
  • Financial information including credit/debit card numbers, bank account information, and other invoicing and payment related information.
  • Identification and background information provided by you or collected as part of our business acceptance processes.
  • Information provided to us in the context of our employment relationship with you (e.g., if you are a potential applicant) or another relationship related to the provision of services.
  • Any other personal information provided to us by or on behalf of our clients or generated by us in the course or providing services to them, which may include special category data.
  • Any information relating to you, you may provide us with, or we collect when you contact or interact with us.
  • Any information provided to us from others in the context of providing legal services.

If or when you provide information to us about any person other than yourself, you must ensure that they have been made aware of how their personal data will be used, and that they have given their consent for you to disclose it to us and for you to allow us to use it.

How do we collect your data

The personal data that we collect is any information that is, directly or indirectly, relating to an identified or identifiable individual.

This information is gathered through various channels directly or indirectly, such as: 

  • When we provide any services to you – for example when you request any services from us (e.g., contacting via e-mail or telephone, visiting our website, subscription to our newsletter, job application etc.).
  • When you have asked us for information.
  • When your data is included in, legal advice we are asked to provide to that third party. 
  • When you make any request or provide any information relevant to your request.
  • When you represent a natural or legal person.
  • When you voluntary provide personal information to us – for example for the completion of a survey.
  • From other companies, organisations and / or authorities (e.g. in the exercise of our duties your data is communicated to us by regulators or law enforcement bodies). 
  • When your information is contained in documents submitted to us by other controllers or processors in the context of the provision of our services or otherwise.
  • When monitoring our Website.
  • We may also collect personal information that are publicly available (such as business registries, social media etc.).

We need to collect personal information in order to provide the requested services (legal or not). If you do not provide the information requested, we may not be able to provide the services. If you disclose any personal information relating to other people to us or to our service providers in connection with the services, you represent that you have the authority to do so and to permit us to use the information in accordance with this Privacy Policy.

How do we use your data (purpose of processing)

We use your personal information mainly for reasons such as:

  • To provide to you with the information or services you have requested.
  • For the performance of contractual obligations or their preparation. 
  • To conduct business and provide legal advice and services.
  • To administer and monitor our relationship (e.g. business acceptance, conflict checks, accounting, auditing purposes, confirm legal representation of our counter parties).
  • To respond to your inquiries and fulfil requests (e.g. when you send us questions, complaints, etc.).
  • For internal and / or external customer administration and business purposes.
  • To respond to requests relevant to the processing of your personal data.
  • To fulfil our business legal and regulatory requirements (e.g. exercise or defend legal rights, protect the security of our communications and other systems and to prevent and detect security threats, frauds or other criminal or malicious activities).
  • To process employment applications and for recruitment purposes.
  • To accomplish business purposes (e.g. for data analysis to improve our services, for audits, for fraud and monitoring purposes, to meet legal and regulatory obligations etc.).
  • When participating in anonymous aggregated statistics, or when collecting feedback on our services and practice, or when we participate in legal directories and other publications or in order to measure our performance and to improve and promote our services.

We request that you do not provide and do not disclose to us any Special Categories personal data, unless it is absolutely necessary.

The services are not directed to individuals under the age of eighteen (18), and we do not knowingly collect personal information from individuals under 18. We may process personal information of minors, provided that consent is given or authorised by the holder of parental responsibility over the minor or it is required in the context of offering a service to our clients or receiving a service from one of our providers.

Storage and retention of personal data

IS-BUSINESS.ORG securely stores the personal data on our secure servers within the European Union (EU).

Your personal information is retained for the applicable period of time, depending on the purpose(s) for which they have been obtained and according to the applicable legislation. For the determination of the retention period certain criteria are being followed, such as: (a) if there is an ongoing relationship between us or (b) a legal obligation to which we are subject or (c) any retention period required by the law or (d) provision of consent etc.

IS-BUSINESS.ORG shall retain the personal data, if there are any pending or upcoming dispute before the court or any other legal proceedings, until these proceedings are finally concluded, regardless of how.

The personal information shall not be kept in a form which permits identification of data subjects for longer than is necessary for the purposes for which the personal data are processed. Personal data may be stored for longer periods as long as the personal data will be processed solely for archiving purposes following the requirements of the law.

Disclosure and Transfer of personal data

As a principle, the personal data that we collect shall not be transferred to and / or stored at third countries outside the European Economic Union (“EEA”). 

However, in certain cases -for example due to legal obligations (such as requests from authorities), or in order to perform a Service, or in order to handle your request- your personal data shall be transferred to third countries. In such cases all the legislative requirements will be followed to ensure the security of your personal information.

We may disclose your personal data to: 

  1. third parties, including service providers that we retain in the course of the legal services we provide, such as foreign legal advisors, for obtaining foreign legal advice, translators, court bailiffs, couriers, mediators, financial & technical experts, and other necessary servicers, 
  2. courts, law enforcement and other public authorities, government officials or attorneys or other parties, where it is reasonably necessary for the establishment, exercise or defense of a legal claim, or for the provision of our legal services, or for the purposes of alternative dispute resolution process or upon request, 
  3. third parties who provide services to us, such as information technology services, services of carrying out research and analysis – however it should be noted that these third parties are not allowed to use this information or to share it for any purpose other than to provide services to us, 
  4. third parties when participating in aggregated statistics about your use of our Website, 
  5. third parties for the purposes of collecting feedback on our services and practice, when we participate in legal directories and other publications or in order to measure our performance and to improve and promote our services.

Your data may also be communicated to the processors with which IS-BUSINESS.ORG cooperates to support its systems or to provide its services. The processors may not further process your personal data unless we have explicitly instructed them to do so, nor to transfer your personal data to third parties.

Data Subject Rights

IS-BUSINESS.ORG has processes in place to ensure that it can facilitate any request made by an individual to exercise their rights under data protection law. All staff have received training and are aware of the rights of data subjects. Staff can identify such a request and know who to send it to. 

All requests will be responded without undue delay and within one (1) month of receipt to the extent possible – following the verification of the requestor (if required). IS-BUSINESS.ORG will notify in writing on the satisfaction or the reasons that prevent the satisfaction of a request within the deadline. The deadline, following a relevant notice, may be extended by two (2) more months if IS-BUSINESS.ORG receives a large number of requests simultaneously or due to the complexity of the request. The requested information will be provided at no cost, unless the requests from a data subject are manifestly unfounded, excessive or repetitive. In such case we may charge with a reasonable fee or refuse to act on the request.

Subject access: the right to request information about how personal data is being processed, including whether personal data is being processed and the right to be allowed access to that data and to be provided with a copy of that data along with the right to obtain the following information: 

  • the purpose of the processing;
  • the categories of personal data;
  • the recipients to whom data have been disclosed or which will be disclosed;
  • the retention period;
  • the right to lodge a complaint with the Hellenic Data Protection Authority;
  • the source of the information if not collected directly from the subject; and 
  • the existence of any automated decision making.

Rectification: the right to allow a data subject to rectify inaccurate personal data concerning them. 

Erasure: the right to have data erased and to have confirmation of erasure, but only where:

  • the data is no longer necessary in relation to the purpose for which it was collected, or
  • where consent is withdrawn, or
  • where there is no legal basis for the processing, or 
  • there is a legal obligation to delete data.

Restriction of processing: the right to ask for certain processing to be restricted in the following circumstances:   

  • if the accuracy of the personal data is being contested, or
  • if our processing is unlawful but the data subject does not want it erased, or
  • if the data is no longer needed for the purpose of the processing but it is required by the data subject for the establishment, exercise or defense of legal claims, or 
  • if the data subject has objected to the processing, pending verification of that objection. 

Data portability: the right to receive a copy of personal data which has been provided by the data subject and which is processed by automated means in a format which will allow the individual to transfer the data to another data controller. This would only apply if IS-BUSINESS.ORG was processing the data using consent or on the basis of a contract. 

Object to processing: the right to object to the processing of personal data relying on the legitimate interests processing condition unless IS-BUSINESS.ORG can demonstrate compelling legitimate grounds for the processing which override the interests of the data subject or for the establishment, exercise or defense of legal claims.

Special Categories of personal data

The Special Categories of data include the following personal data revealing:

  • racial or ethnic origin; 
  • political opinions;
  • religious or philosophical beliefs; 
  • trade union membership; 
  • the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person;
  • an individual’s health;
  • a natural person’s sex life or sexual orientation;
  • criminal convictions or offences. 

We request that you do not provide and do not disclose to us any Special Categories personal data, unless it is absolutely necessary.

Children’s data 

We do not provide services directly to minors, nor do we collect proactively their personal data. However, we are sometimes provided with children’s data for the provision of services. In so far as they relate to these cases, the present information applies just as much to minors as to adults. This policy is written in simple language, so that a person at least 15 years of age can understand its main points.

Privacy policy and other websites

IS-BUSINESS.ORG’s Website contains links to other websites. Our privacy policy applies only to our website. If you click a link to another website, please read their privacy policy.


IS-BUSINESS.ORG shall ensure that:

  1. Personal data is stored securely using modern software that is kept up to date. 
  2. Access to personal data shall be limited to personnel who need access and appropriate security is in place to avoid unauthorised sharing of information. 
  3. When personal data is deleted, this is done safely so that the data is irrecoverable. 
  4. Appropriate back-up and disaster recovery solutions are in place.

Contact information

If you want to contact us with questions, requests or additional information regarding your personal data protection, and / or regarding the exercise of your rights, you can contact us at To exercise any of the above rights, we advise you to ask copy of our “Data Subject Request Form” and submit it to us.

You can also contact us by post at the following address: 125 Kifissias Avenue, 115 24, Athens, Greece. Please make a note on the subject / envelope “To the attention of the Responsible Person for personal data”.

Monitoring and review

We keep this data protection policy under regular review to make sure it is up-to-date and accurate. 

This policy is in effect as of the date noted herein. We may change this Privacy Policy from time to time. Any changes we may make to our Privacy Policy in the future will be posted on this page. 




© 2022 IS BUSINESS All Rights Reserved