1. Personal data
In the course of our legal activities, Schneeweiss Weixelbaum Rechtsanwälte GmbH (hereinafter referred to as "we", "us" or "our"), as the responsible party within the meaning of Art 4 no. 7 of the EU General Data Protection Regulation (Datenschutzgrundverordnung) 2016/679 (hereinafter referred to as "GDPR"), processes personal data of you or of your employees and/or bodies (hereinafter collectively also referred to as "you", or "your").
Personal data within the meaning of the GDPR are all data that contain individual information about personal or factual circumstances, e.g. name, address, email address, telephone number, date of birth, age, gender, social security number, video recordings, photos, voice recordings of persons as well as biometric data such as fingerprints. Sensitive data, such as health data or data related to criminal proceedings, may also be included.
In general, we may not be able to fully perform our contractual obligations or even enter into a contract with you if the data is not provided or not provided in full.
2. Use of the data
Within our firm, partners, attorneys and/or employees will have access to your data as necessary for them to perform their or our contractual and/or legal duties or to protect our legitimate interests. Our employees who process your personal data are obligated to maintain attorney-client confidentiality pursuant to Section 9 of the Austrian Bar Code (Rechtsanwaltsordnung) ("RAO").
We process your data for the following purposes and on the basis of the legal grounds below:
We process the data of our contractual partners (clients, suppliers, etc.) for the purposes of contract performance - i.e. for the provision of our legal or otherwise contractually agreed services. These processing operations are carried out on the legal basis of Art 6 para. 1 lit b GDPR (contract performance).
Fulfillment of legal obligations:
Furthermore, we process personal data in order to fulfill our legal obligations (e.g. retention periods of the Federal Fiscal Code ["BAO"] and the RAO, prevention of money laundering). These processing operations are carried out on the legal basis of Art 6 para. 1 lit c GDPR (legal obligation).
In addition, we process your data in the context of our administration and management (e.g. accounting, file management, customer database). These processing operations are carried out on the basis of our legitimate interest in proper and efficient management and in managing and optimizing the selection of our contractual partners and thus on the legal basis of Art 6 para. 1 lit f GDPR.
Client management and marketing:
Finally, we process personal data of current, former and potential clients and their employees for the purposes of client management and marketing. This processing is carried out on the basis of our legitimate interest in maintaining and cultivating existing and former client contacts as well as the acquisition of new mandates and thus on the legal basis of Art 6 para. 1 lit f GDPR.
3. Transmission of data to third parties
In order to fulfill your order, it may be necessary to pass on your data to the following recipients:
- Opponents and their legal representation
- Courts and authorities
- Insurance companies (in particular liability or legal expenses insurance)
- Notaries, tax advisors and/or auditors
- Bar association
- Banks (in particular in the case of trusteeships)
Your data will be forwarded exclusively on the basis of the GDPR, in particular to fulfil your mandate or on the basis of your prior consent.
It is possible that some of the above-mentioned recipients of your personal data are located outside of your country or that these recipients process your personal data there.
Furthermore, we inform you that in the course of our legal representation and support, factual and case-related information is also regularly obtained from you by third parties.
Contract Data Processors:
In order to fulfil your mandate, it may also be necessary to transfer your data to our service providers. We sometimes use service providers, so-called order processors, for data processing (especially for technical processing). They are obliged to maintain confidentiality, are carefully selected by us and are bound by our instructions.
We currently use the following processors in particular:
- ADVOKAT Unternehmensberatung Greiter & Greiter GmbH, Andreas-Hofer-Straße 39B, 6020 Innsbruck (lawyer software, IT maintenance)
- Business Data Solutions GmbH, Fischauer Gasse 150, 2700 Wiener Neustadt (IT service provider, server hosting)
We do not transfer data outside Austria or outside the EEA.
4. Data security
Your personal data is protected by appropriate organizational and technical precautions. These precautions relate in particular to protection against unauthorized, illegal or even accidental access, processing, loss, use and manipulation.
Notwithstanding our efforts to maintain an appropriately high level of due diligence at all times, it cannot be ruled out that information you disclose to us via the Internet may be viewed and used by other persons.
Please note that we therefore accept no liability for the disclosure of information due to errors in data transmission not caused by us and/or unauthorized access by third parties (e.g. hacking attack on e-mail account or telephone, interception of faxes).
Disclosure of Data Breaches:
We strive to ensure that data breaches are identified at an early stage and, if necessary, reported to you or the relevant supervisory authority without delay, including the respective categories of data affected.
5. Data retention
We will not retain data longer than is necessary to fulfill our contractual or legal obligations and to defend against any liability claims. I.e. we keep your data until the contractual relationship is fulfilled or terminated. In addition, we are subject to a variety of storage obligations, according to which data must also be stored beyond the end of the contractual relationship, such as due to storage periods under tax law (BAO) or professional law (RAO).
Furthermore, we may retain your data as long as legal claims can be asserted in connection with your contract. In the event of pending official or judicial proceedings, your data will be retained in any case until the end of the respective proceedings.
In addition, we retain your data beyond the contractual relationship as part of our customer database and for client management purposes. We will delete your data if you object to such data processing or if there has been no business contact with you for two years.
6. Cookies, server log files
Our website uses "cookies" to make our services more user-friendly, effective and secure.
A "cookie" is a small text file that we transfer via our web server to the cookie file of the browser on the hard drive of your computer. This enables our website to recognize you as a user when a connection is established between our web server and your browser. Cookies help us to determine the frequency of use and the number of users of our web pages. The content of the cookies we use is limited to an identification number that no longer allows any personal reference to the user. The main purpose of a cookie is to recognize visitors to the website.
Two types of cookies are used on this website:
Session cookies: these are temporary cookies that remain in the cookie file of your browser until you leave our website and are automatically deleted at the end of your visit.
Persistent cookies: for a better user experience, cookies remain stored on your terminal device and allow us to recognize your browser the next time you visit.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, as well as activate the automatic deletion of cookies when closing the browser. If you disable cookies, the functionality of this website may be limited.
Server log files:
In order to optimize our website in terms of system performance, user-friendliness and provision of useful information about our services, the website provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. This includes your Internet Protocol address (IP address), browser and language setting, operating system, referrer URL, your Internet service provider and date/time.
We do not merge this data with personal data sources. We reserve the right to check this data retrospectively if we become aware of specific indications of unlawful use.
7. Information and deletion
The GDPR grants you as a data subject certain rights, to which we hereby draw your attention. These rights complement each other, so that you can, for example, only request either the correction or completion of your data or its deletion.
Withdrawal of consent:
If we process your personal data based on your consent, you are entitled to revoke your consent at any time. However, this does not affect the lawfulness of the processing carried out up to the time of the revocation.
Right to information:
You can request information on the origin, categories, storage period, recipients, the purpose of the data we process about you and the nature of its processing.
Right to rectification and erasure:
If we process data about you that is inaccurate or incomplete, you may request that it be corrected or completed. You may further request the deletion of unlawfully processed data.
Right to restriction of processing:
If it is unclear whether the data processed about you are inaccurate, incomplete or processed unlawfully, you may request the restriction of the processing of your data until the final clarification of this issue.
Right to object:
Even if the data relating to your person is correct and complete and is processed by us lawfully, you may object to the processing of this data. However, this will only be the case in special situations to be justified by you.
Right to data portability:
You may receive the data processed by us concerning your person, which we have received from you ourselves, in a machine-readable format determined by us or instruct us to transfer this data directly to a third party chosen by you, provided that this recipient enables us to do so from a technical point of view and that the transfer of the data is not prevented by unjustifiable expense or by legal or other obligations of secrecy or confidentiality considerations on our part or on the part of third parties.
Right of complaint:
Furthermore, you are entitled to lodge a complaint with the data protection authority if you believe that the processing of personal data concerning you violates the GDPR.
8. Person responsible for the processing of your data
The protection of your data is important to us. We can be reached at the contact details below for your questions or revocation.
Schneeweiss Weixelbaum Rechtsanwälte GmbH
Address: Augasse 9 (reception 1st floor), 1090 Vienna, Austria