10, Merlin St

Athens P.C. 10671

210 3613269

Call Us

Thessaloniki

Patra

LinkedIn

Contact us
logo
Contact us
Great place to work certified
mobile logo
Great place to work certified
 

Integrated Policy on Quality, Information Security, Business Continuity, and Personal Data Protection

Charaktiniotis Law Firm

Charaktiniotis Law Firm provides high-level legal services with full commitment to quality, confidentiality, and compliance with the requirements of international standards ISO 9001:2015, ISO 27001:2022, ISO 27701:2019, as well as Regulation (EU) 2016/679 (GDPR).

The Management of Charaktiniotis Law Firm is committed to the full implementation and continuous improvement of the Integrated Management System, compliance with the regulatory and legal framework, and the ongoing protection of clients, employees, and partners.

Our vision is to become synonymous with the successful handling of even the most demanding legal cases, taking into account the needs and expectations of our clients and all interested parties.

Our core commitment is not only the qualitative management of our cases but also the safeguarding of the integrity, availability, and confidentiality of the information we process, including personal data.

Key Objectives:

  • To provide reliable services to clients
  • To ensure the continuous development of the firm through client base expansion and case portfolio growth
  • To deliver services successfully and within set timelines
  • To continuously improve the company’s image and reputation
  • To maintain the trust of clients, employees, and suppliers through ongoing evaluation
  • To minimize complaints and ensure high client satisfaction
  • To ensure employee satisfaction in training, career development, and workplace safety
  • To protect the information and personal data we manage
  • To comply with the European and Greek regulatory framework on operations, information security, and data protection
  • To improve our services through the consistent implementation of our Management System

To achieve these objectives, we have clearly defined roles and responsibilities, ensuring consistent service quality and maximum protection of information and personal data. All staff have been trained and sensitized on matters of quality, information security, and personal data protection.

 

Information and Personal Data Security Management

The Firm applies security measures across four key domains:

  • Organizational Security through appropriate assignment of roles, responsibilities, and controls at all levels
  • Technological Security via technical mechanisms protecting information and IT systems
  • Human Security with training, awareness, and confidentiality obligations for staff and partners
  • Physical Security via controlled access to office premises and IT infrastructure

This approach reflects the firm’s commitment to proactively addressing threats and protecting all forms of information — both physical and digital.

Management regularly assesses and manages risks, factoring in technological advancements and emerging threats. Risks are documented, assessed considering current safeguards, and reviewed annually or upon major changes. Targeted mitigation measures are adopted to reduce risks to an acceptable level.

To implement this Security Policy effectively, the Firm has developed supporting policies and procedures covering areas such as:

  • Access control and identity management
  • Confidentiality through technical and organizational safeguards
  • Encryption and secure communications
  • Secure data storage (local and cloud)
  • Incident recording and response
  • Teleworking and mobile device policies
  • Risk evaluation of third-party vendors and partners

An Information Security Officer has been appointed to oversee the application of security policies, risk assessments, and audit coordination. Information systems are used in accordance with the Acceptable Use Policy, which governs access, transmission, storage, and processing of information.

 

Continuous monitoring, evidence-based decisions, and integration of security into daily operations are key elements of the Firm’s culture. Compliance with security principles is monitored via internal audits and annual reviews, and adherence to the Policy is mandatory for all involved.

 

Personal Data Protection

Charaktiniotis Law Firm has implemented all necessary technical and organizational measures to ensure compliance with applicable Greek and European legislation, including the General Data Protection Regulation (EU 2016/679 – GDPR).

As Data Controller, the Firm enforces internal data protection policies ensuring:

  • Lawfulness and transparency of processing
  • Integrity, confidentiality, and availability of personal data
  • Minimization and proportionality in data processing

Processing is conducted in accordance with Articles 5 and 32 of the GDPR, with safeguards against unauthorized access, data breaches, loss, alteration, or unlawful destruction.

Access to data is limited strictly to authorized personnel based on operational necessity and governed by confidentiality obligations. A structured access control system is in place.

 

Data Protection Principles:

  • Confidentiality: Protection against unauthorized access/disclosure
  • Integrity: Prevention of alteration or destruction
  • Availability: Information access ensured when needed
  • Minimization: Only necessary data are collected/retained
  • Accuracy: Information is kept current and correct
  • Storage Limitation: Data retained only for as long as required

 

Data Subject Rights:

  • Right of access
  • Right to rectification
  • Right to erasure (right to be forgotten)
  • Right to restriction of processing
  • Right to object
  • Right to data portability
  • Right to lodge a complaint with the Hellenic Data Protection Authority (www.dpa.gr)

The Firm responds to such requests within one month, extendable in complex cases. Requesters are securely identified before processing their request. Transparent consent policies ensure that data subjects are informed and give consent freely where required.

 

Contact:

For any data protection queries or to exercise your rights, contact: dpo@charaktiniotis.gr

 

Management of Third Parties and Data Processors

In the context of its operations, the Firm may cooperate with third-party providers or subcontractors who access personal data solely for specific purposes.

The Firm ensures that every processor:

  • Is selected based on reliability, technical capacity, and GDPR/ISO 27001 compliance
  • Signs a Data Processing Agreement including all GDPR Article 28 requirements
  • Applies equivalent security and privacy measures
  • Undergoes regular audits by Firm Management, especially when accessing sensitive data

Further sub-processing is not permitted without prior written approval and under the same data protection conditions. Non-compliance is deemed a serious breach and grounds for contract termination.

 

Review and Continuous Improvement

The Firm ensures constant monitoring of service quality, information security, business continuity, and data protection through structured review processes and preventive measures. Risk assessments guide operational continuity planning during disruptions.

Adherence to this Policy is mandatory for all employees and partners.

 

COMMITMENT

This document constitutes the official statement of the Firm’s commitment to Quality, Information Security, and Personal Data Protection, endorsed by the Management.

 

REVIEW

This Policy is reviewed at least annually or when significant legal or technological changes occur. Updates are overseen by the Management System Officer. Continuous improvement is a strategic objective, and the Firm’s website remains updated accordingly.

Ioannis Charaktiniotis

Managing Partner

(signature)