We, the CPA Auditors, are committed to protect and to respect your privacy. Please read the present Privacy Policy, in which you will find important information on how we collect and process your Personal Information we collect from you.

Our Website

Our website is https://cpaauditors.gr

Information and consent

This Privacy Policy describes how we collect, use, process and transmit your Personal Data (hereinafter you will be referred as the “User”).

By reading this Privacy Policy, the “User” is fully informed of the above.

The “User” must carefully read this Privacy Policy, drafted with simplicity and clarity, to achieve understanding, to decide freely and voluntarily submits his/her Personal Data to our Company for the stated purpose.


When in this Policy refers to “we”, “us”, “Controller”, it refers to CPA Auditors.

Data Controller/Processor

For the purposes of the provisions of the General Data Protection Regulation (GDPR) , we are the “Controller”/”Processor”. Our contact details are:



Mitropoleos 64,

10563, Athens, Greece



Personal information we collect and reasons why we collect it

We collect the following data (per case):


 When you register on our Website to add youself to the list of recipients for newsletter ·      Your Email

A basic condition for your registration in the list of recipients is your acceptance of the terms of use and this privacy policy

When using the contact form of our Website ·      Your name

·      Your email

·      your phone number

·      The service you are interested in

·      Your message

A basic condition for your registration in the list of recipients is your acceptance of the terms of use and this privacy policy

For the provision of our services to you To provide our services to our customers, we may request Personal Data from either our customers or employees, customers and suppliers of our customers. This Personal Data is provided to us either voluntarily or collected by us from third party sources at the request of our customers. This Data may be:

·      Basic information such as name, position information, job details

·      Contact info

·      Financial data

·      Other information that may be required

We collect this Data for:

·      The provision of our services

·      For marketing reasons

·      For accounting purposes

·      For tax purposes

·      For compliance with legal and regulatory requirements

·      For the protection of our legal rights and the rights of our customers


For Consulting services, we may ask:

·      Contact details (name, address, contact numbers and email)

·      Suppliers’ Data which may include personal information of the customer employees or suppliers (eg name, contact details, date of birth, citizenship, identity numbers, employment contracts, etc.)

·      Financial and salary data, retirement data and bank account numbers

·      Health information for people taking certain drugs or medical treatments

·      Other Personal Data on a case by case basis


For Tax services we may ask:

·      Personal Data of the client, its dependent members (eg address and contact details, tax details, demographics, etc.)

·      Various documents such as files of tax returns, requests and results of audits by Authorities, etc.

·      Various official and personal documents such as birth certificates, marriage licenses, diplomas, identity and passport details, etc.)

·      Bank account numbers and transactions

·      Passwords on public platforms

·      Working status data

·      Asset data

·      Other Personal Data on a case by case basis


For the control of transactions, we process transaction information, for the control of transparency, money laundering, etc. regarding the fulfillment of our auditing contractual obligations. Our audits may include the following:

·      Proof of fulfilment of Contracts

·      Conflicts of interest

·      Authentication

·      Properties

·      Money laundering

·      Political, legal, journalistic, brokerage etc. connections to provide favorable conditions and / or decisions in violation of Fairness, Proportionality and Transparency Principles

·      As part of these tests, you may be need to process sensitive Personal Data (for example, evidence of politically explosion, information on criminal convictions, where required for the laws against money laundering).

We collect this Data for:

·      The provision of our services with special attention to the Principle of Transparency

·      For reasons of compliance with Legal and Regulatory requirements

·      To preserve our legal rights and the rights of our customers

·      To ensure full compliance with the Legislation of Independence

Collection of third-party data that may be collected to provide our services In order to provide our services to our customers, we may collect Personal Data of individuals (eg employees, suppliers, etc.) with whom we do not have a direct (contractual) relationship. This Data may be:

·      Full name

·      Sex

·      Age

·      Marital status

·      Nationality

·      Contact info

·      Salary status

·      Income info

·      Investment info

·      Tax status

·      Other employment data

For some services, we may also process sensitive Personal Data such as:

·      Details of dependent members

·      Trade union action

·      Political Action

·      Medical Data

·      Participations in charitable organizations

Such Personal Data may be collected and processed only where necessary in relation to the provision of our services, such as determining the correct tax income our clients and claim correct deduction tax in relation to these payments.

To participate in meetings, conferences either live or through electronic platforms We collect and process Personal Data of participants in conferences, meetings, events of educational (and not only) type. Therefore, various electronic applications that provide high privacy protection may be used (you can always see their Privacy Policy). This Data may be:

·      Full name

·      Email

·      Contact info

·      Work position

·      Other information that may be required on a case-by-case basis

Our Company is allowed to receive photographic material and / or video from areas of events and conferences that we organize for Marketing purposes. Images and voices of bystanders may be recorded, and the material may be published on our Website.

The above data may be collected for:

·      Preventing access by unauthorized persons

·      Securing information

Data of our suppliers and / or subcontractors We may process Personal Data from our suppliers and / or subcontractors to obtain various services from them if and when required. This Data may be:

·      Full name

·      Employer details

·      Contact info

·      Information required for payments

In addition, we may use their Data to check if we have a conflict of interest or if there are various legal restrictions (bribery, corruption, etc.)

The above data may be collected for:

·      The good execution of a Contract

·      Our legal interest to manage a possible conflict of interest, etc.

·      The right to recover money in cases of poor performance of work and / or breach of contractual obligations

Social Network Connections On our Website you will find buttons that lead to various social networks. We have no control and no effect on any Personal Data collected by providers of social media-based buttons input to, nor have any access to any login credentials to them. You can refer to the respective Privacy Policies of these networks for information, using the following links:

·      Facebook

·      Instagram

·      Twitter

·      Google

For the expression of your interest to work in our Company In order for us to assess your knowledge and experience background, we may ask the following:

·      Curriculum vitae

·      Identification documents

·      Academic documents

·      Evidence of working experience

You may also be asked for additional information during your possible interview by executives of our Company, in which interview you will be asked for your explicit consent to keep your CV, in our files for possible future filling of a job positions by you in our Company.

The above Data may be obtained from:

·      Directly from you

·      From a third party that manages / promotes your CV

·      From human resource management offices available for recruitment

·      From online sources such as Linkedin

·      Through add platforms


Legal basis for processing

Data processing of our Company:

  • is carried out under the contractual obligations between us and the full observance of the Legislation that guides our activities
  • Is based on your consent (when required)
  • Is based on the legal obligations or to secure our legal interest and, in any case, does not affect your rights.

Data transmission

Recipients of the Data are the employees of our Company, who have committed to confidentiality, our partners, our suppliers, who process your Data as Executors of the Processing on our behalf and in accordance with our guidance.

In addition, we may share or disclose your Data when you expressly request it or when required by law.

The Data Processors (carrying out tasks on our behalf) are contractually bound to secrecy, not to transmit Data to any third parties without our permission, to take appropriate security measures to comply with the legal framework for the protection of personal data and in accordance with GDPR.

Data retention

Our company keeps your data only for the period of time needed for the purpose for which it was collected, or you can ask from us to delete them (earlier), with the exception of cases in which Laws or signed agreements indicate otherwise.

Some Data are kept for longer period than expected for us to preserve our rights and exercise possible claims. The processing in these cases will be needed for as long as the expiration of the claims is required, the irrevocable solution of legal or administrative proceedings that we can exercise or the completion of an out-of-court dispute resolution process between us. In addition, we mention the need to investigate circumstantial security breach.

Will process your Personal Data, in accordance with the applicable regulations and, adopting the technique and measures organizational nature required to ensure the safety of your Data and avoid alteration, loss, unauthorised treatment or access to illegal information, given the potential of this technology, the nature of stored data and the risks that arise. The measures we use are:

  • Disk encryption
  • Firewalls on desktops, laptops, tablets and mobile phones
  • Antivirus and anti-malware software
  • Powerful physical, environmental, network and perimeter controls
  • Monitoring and detection systems

Finally, our Website is in HTTPS format and uses an SSL certificate for maximum security.

SSL certificates serve the following 2 processes:

  • Secure data transfer between a web server and a browser.
  • Certification and identification, helping the user to verify the identity of the website with which he corresponds with.

Once the process that activates the SSL security certificate (eg the completion of a contact form) begins, then a series of checks / actions are performed which aim to ensure the secure connection between the website and the user.

The web browser checks the SSL Certificate to determine if it is valid and to verify the identity of the website.

The web server then communicates with the web browser enables data encryption in specific bits (usually 128bit or 256bit).

The web server and the browser exchange unique encryption codes to use in the decryption that takes place when the data exchange is complete.

The data exchange process starts, the SSL Secure Data Transfer icon appears next to the webpage address bar, and data transfer is now secure.

Data disclosure

We will only disclose the Data if:

  • We must comply with the applicable law
  • To respond to requests from Authorities, for reasons of security or enforcement of the Law
  • Protect any legitimate interests that may be harmed by malicious users


We do not process data concerning children under 16 years of age. If you are under 16, do not provide your Data to us, even if prompted. If you believe that you accidentally provided your Personal Data to us, ask your parents or your legal guardian to notify us and we will delete your Data immediately.

Links that lead to third parties

Our Website may provide links to third party Websites. These Websites may collect and use your Personal Data in a different manner to us. We do not endorse or accept any liability for these Websites’ collection practices as well as their privacy policies. In case you wish to enquire about their privacy policies, please contact their operators.

Your Rights in Relation to Your Personal Data

Our Company makes sure that all subject rights are met. These Rights are:

  • The Right of Access. You have the right to know what data is being or has been collected about you and how these data are being processed
  • The Right to Data Portability. You have the right to transfer Personal Data from one electronic processing system to and into another electronic processing system (even between organizations)
  • The Right to Erasure (where there is no longer any legitimate basis for processing it). When a Data Controller is relying on your consent as their legal basis to process your Personal Data, you have the right to withdraw consent and ask for your Personal Data to be deleted
  • The Right to Correction. You have the right to make changes to inaccurate Personal Data
  • The Right in the scope of Consent (if that is the legal ground for processing). Being the subject, you must be informed in clear and plain language. If the Data Controller is relying on your consent to process your Personal Data, you may object to elements of processing or withdraw your consent altogether
  • In the circumstances provided for in applicable law: The Right to Restrict Processing and Object to Processing your Personal Data.

If you wish to exercise any of the rights set out above, or if you have any complaints about the processing of your personal information, please contact info@cpaauditors.gr

When do we respond to your requests?

We will respond to your requests as soon as possible, and in any case within one month of receiving your request. However, if your request is complicated, or large number of requests are pending, we will notify you if we need to receive an extension of one more month within which we will respond to you.

User Responsibility

The user:

  • Guarantees that they are of legal age, fully capable, and that the information furnished to us is true, accurate, complete and up to date. For these purposes, the User is responsible for the truthfulness of all the data communicated and will keep the information updated, so that said data reflects their actual situation;
  • Will be responsible for false or inaccurate information provided through the Website and for damages, whether direct or indirect, that this may cause to us or third parties.

Treatment of Covid-19

Our Company carries out all the Health Protocols against Covid -19, within our offices and during the visit of our executives to the premises of our customers. We keep a record of visits to our offices (name, date of visit and contact details of visitors), so that it is possible to achieve traceability, in cases in case this is required by the competent Health Authorities.

Changes to this Policy

We reserve the right to revise the present Privacy Policy in cases of:

  • We are expanding our services
  • We are called to comply with a newer Institutional / Regulatory Framework

Any changes will be posted on this page and (when appropriate) notified to you by email.

This Policy was last updated on 15 April 2021.