Legal

Privacy Policy

How T&T Law Firm collects, uses and protects personal data.

Last updated: March 2026

This Privacy Policy describes how T&T Law Firm (“we”, “us”, “our”) collects, processes and protects personal data obtained through use of this website and through our professional relationships. We handle personal data in accordance with the EU General Data Protection Regulation (Regulation 2016/679, “GDPR”) and applicable Greek data protection legislation (Law 4624/2019).

1. Who We Are

T&T Law Firm is a legal advisory practice established in Greece. For the purposes of data protection law, T&T Law Firm is the data controller in respect of personal data processed through this website and in connection with our professional services.

If you have any questions regarding this policy or our data practices, please contact us at: mike@tntlawfirm.eu

2. Personal Data We Collect

We may collect and process the following categories of personal data:

  • Contact information: name, email address, telephone number and any other details you provide when contacting us directly.
  • Professional information: your organisation, role and the nature of your enquiry, where provided.
  • Usage data: technical information automatically collected when you visit this website, including IP address, browser type, pages visited and time of access, collected via standard server logs.
  • Communications: records of correspondence between you and the practice, where relevant to the maintenance of our professional relationship.

We do not collect special categories of personal data (as defined under the GDPR) through this website.

3. How We Use Personal Data

We process personal data for the following purposes and on the following lawful bases:

  • Responding to enquiries (Legitimate interests / Contract): to evaluate and respond to enquiries submitted to the practice, and to manage the pre-engagement and engagement process.
  • Providing legal services (Contract / Legal obligation): where an engagement is entered into, personal data is processed as necessary to provide the services requested and to comply with our professional and regulatory obligations.
  • Compliance and legal obligations (Legal obligation): to comply with applicable laws, including anti-money laundering obligations and professional regulatory requirements.
  • Website operation (Legitimate interests): to maintain the security and functionality of this website.

We do not use personal data for automated decision-making or profiling, and we do not sell personal data to third parties.

4. Data Sharing

We do not share personal data with third parties except in the following circumstances:

  • Where required by law or by our professional regulatory obligations;
  • With instructed external counsel, experts or service providers where necessary to conduct a matter on your behalf, subject to appropriate confidentiality arrangements;
  • With IT and website hosting service providers, who process data on our behalf under appropriate data processing agreements; or
  • Where you have consented to sharing.

We do not transfer personal data outside of the European Economic Area without ensuring appropriate safeguards are in place.

5. Data Retention

We retain personal data only for as long as is necessary for the purposes for which it was collected. In general:

  • Enquiry data where no engagement follows is retained for up to 12 months;
  • Data relating to completed engagements is retained in accordance with our professional obligations, typically for a period of five years following the conclusion of the matter; and
  • Website usage data is retained for a maximum of 12 months.

6. Your Rights

Under the GDPR, you have the following rights in respect of your personal data:

  • Right of access: to request a copy of the personal data we hold about you;
  • Right to rectification: to request correction of inaccurate or incomplete personal data;
  • Right to erasure: to request deletion of personal data in certain circumstances;
  • Right to restriction: to request that we restrict processing of your data in certain circumstances;
  • Right to data portability: to receive personal data you have provided in a structured, machine-readable format, where processing is based on consent or contract;
  • Right to object: to object to processing based on legitimate interests; and
  • Right to withdraw consent: where processing is based on consent, to withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at mike@tntlawfirm.eu. We will respond within one calendar month. If you are dissatisfied with our response, you have the right to lodge a complaint with the Hellenic Data Protection Authority (HDPA) at www.dpa.gr.

7. Cookies and Website Analytics

This website does not currently use third-party analytics cookies or tracking technologies beyond standard server-side access logs. If this changes, this policy will be updated and any required consent mechanisms will be implemented.

8. Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, loss or destruction. No data transmission over the internet can be guaranteed as fully secure.

9. Third-Party Links

This website may contain links to external websites. We are not responsible for the privacy practices of those websites.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Changes will be reflected in the “Last updated” date above.

11. Contact

All data protection enquiries should be directed to:

T&T Law Firm
Email: mike@tntlawfirm.eu
Established in Greece