Information on data processing in accordance with Art. 13 and 14 of the General Data Protection Regulation (GDPR).
The following information provides an overview of the processing of your personal data by us and of the claims and rights which you are entitled to data protection law in accordance with the General Data Protection Regulation. Which data is processed and how it is used, depends largely on the agreed services, applications and legal bases.
Responsible according to the General Data Protection Regulation: BMA Brandstätter Rechtsanwälte GmbH, Wallnerstraße 3, 1010 Vienna, Austria. Tel: +43 1 535 16 30, Fax: +43 1 535 16 30 40, E-Mail: firstname.lastname@example.org, website: https://www.bma-law.com/
If you have any questions or need information on data protection, please do not hesitate to contact us via regular letter mail at the above-mentioned address with addition – data protection – or via E-Mail.
1. Which data are processed and what source this data comes from?
The following personal data (Art. 4 Nr. 1 GDPR) are processed: Data that we receive from our clients in the context of the business relationship and data that you may have provided in the contact form and in the subscription form for the newsletter. For the website itself, the specific privacy notes are given under the following Link. Additionally, we process, to the extent necessary for the provision of our services, data that we have permissibly received from publicly accessible sources (e.g. land register, company register, register of associations, register of residents, edict files, media) and from credit agencies, debtor registers (e.g. KSV 1870 Holding AG, Alpenländischer Kreditorenverband, SCHUFA Holding AG).
Personal data includes the client`s personal details (name, address, contact data, birthday and place of birth, gender, nationality, etc.) and identification data (e.g. identity card data). Additionally this may include data from the fulfilment of our contractual obligations (e.g. bank details, credit card data), information about your financial status (e.g. creditworthiness data, etc.), register data, image and sound data (e.g. the data may also include information from your electronic transaction with BMA Brandstätter Rechtsanwälte GmbH (e.g. cookies and apps etc.), processing results generated by BMA Brandstäter Rechtanwälte GmbH itself, data for compliance with legal and regulatory requirements and another data comparable to the above categories.
2. The data will be processed for which purposes and on which legal basis?
We process personal data in accordance with data protection regulations:
a.For the fulfilment of contractual obligations (Art. 6 sec. 1 b GDPR):
The processing of personal data (Art. 4 No. 2 GDPR) takes place for the provision of legal services, in particular for the execution of the mandates given and the execution of the orders as well as all activities necessary with the operation and administration of a law firm. The purposes of data processing are primarily based on the specific mandate and may include, among other things, consultation, representation before courts, administrative and financial authorities, drafting of contracts, analysis of needs as well as the execution of transactions, e.g. by way of a trusteeship.
b,For the fulfilment of legal obligations (Art. 6 sec. 1 c GDPR):
The processing of personal data may be necessary for the purpose of fulfilling various legal obligations (e.g. pursuant to the Commercial Code, Federal Fiscal Code, Lawyers´ Act, Anti Money Laundering Provisions, Banking Act and so on) as well as on bar rules which BMA Brandstätter Rechtsanwälte GmbH is subject to. Examples of such cases are:
– matters of legal aid
– reports to the Money Laundering Reporting Office in certain suspicious cases (§ 8a ff Lawyers´ Act)
c.Within your consent (Art. 6 sec. 1 a GDPR):
If you have given us your consent to process personal data for specific purposes, such processing is legal on the basis of your consent. A given consent can be revoked at any time. This also applies to the revocation of declarations of consent given before the General Data Protection Regulation will apply, that means before 25. Mai 2018. The revocation of the consent does not affect the legality of the data processing till the revocation.
d. Within the reconciliation of interests (Art. 6 sec. 1 f GDPR):
If necessary, we process your data beyond the actual performance of the contract to protect our legitimate interests or legitimate interest of third parties. Examples:
– within the legal prosecution and enforcement,
– to answer your inquiries,
– consultations of and data exchange with credit agencies and your bank holding your account to determine creditworthiness and default risks;
– measures for business management and further development of processes, services and products (e.g. websites);
– measures to protect employees and clients and property of BMA Brandstätter Rechtsanwälte GmbH;
– measures to prevent and combat fraud (Fraud Transaction Monitoring);
e.Within marketing activities (Art. 6 sec. 1 a and f GDPR)
We also process your data to promote our own products in order to send you newsletters, expert literature, Christmas mail and information about legal developments, to invite you to events, to make this website available to you and to further improve and develop the website, to create usage statistics; to detect, prevent and investigate attacks on our website. We link and analyze the data relevant for our marketing purposes or service offers. Our legitimate concern is to offer products tailored to the needs of existing or potential clients. You are entitled to object to the processing of your personal data for direct marketing purposes.
3.Who receives your data?
Within BMA Brandstätter Rechtsanwälte GmbH your data receive those employees who require your data to fulfil the contractual, legal and professional obligations and legitimate interests. Moreover, upon our commission, contract processors (especially IT- and back office service providers, bookkeeping etc.) receive your data as far as this data is required to fulfil their respective services. All contractual processors are contractually obliged to treat your data confidential and to process it only within scope of the provision of services.
The contractual data processors are responsible in detail for purposes of
Public authorities and institutions (e.g. tax authorities, criminal prosecution authorities, etc.) may be recipients of your personal data in the event of a legal or professional obligation. With regard to data being passed on to other third parties, we would like to point out that BMA Brandstätter Rechtsanwälte GmbH as a law firm is obliged in accordance with § 9 sec. 2 and 3 Lawyers´ Act to maintain confidential all client-related information and facts entrusted or made accessible to us on the basis of the business relationship. Therefore, we may forward your personal data only, if you have released us in advanced in writing and expressly from our confidentiality obligation or we are obliged or authorized to do so by virtue of law or on the basis of bar rules or on the basis of justified interests. In this connection the recipients of personal data may be the Bar Association, courts, authorities, credit and financial institutions or similar institutions to which we transmit the data to in order to conduct the business relationship with you.
4.Is there any data transfer to states outside the EU (so-called third countries)?
The data shall be transmitted to institutions in third countries,
5.How long your data will be stored?
We process your personal data, if necessary, for the duration of the entire business relationship (from the initiation, processing to the termination of the mandate) as well as in addition in accordance to the statutory obligations to store and document data which result among others from the Commercial Code (UGB) and the Federal Fiscal Code (BAO).
Moreover, with regard to the storage period the statutory limitation periods have to be observed, according to the General Civil Code (ABGB) they can amount up to 30 years, in exceptional cases 40 years, however, at least 3 years.
If you only visit our website without actively entering data, then your data will only be stored for three months. If you register on our website to receive the newsletter and/or fill in the contact form, your data will in any case be stored for as long as your registration exists and thereafter for only as long as legal obligations require it.
6.What data protection rights do you have?
You can request information about your data stored, a correction of the data stored, the deletion and the completion of your data stored, the restriction of data processing as well as the transfer of your data stored in accordance with the conditions of data protection law. The persons concerned may exercise all rights by sending an e-mail to email@example.com or by sending a notice by regular letter mail. The persons concerned must identify themselves and contribute to identification to ensure that the answer is actually addressed to the person concerned. Furthermore, you are entitled to appeal to the Austrian data protection authority, a supervisory authority, if you are of the opinion that the processing of your personal data is not lawful (www.dsb.gv.at).
7.Are you obliged to provide data?
Within the business relationship you are obliged to provide the personal data required for the establishment and implementation of the business relationship and which we are legally obliged to collect. If you do not provide us with this information, we will not accept the mandate, we will be as a rule obliged to decline to conclude the contract or to execute the mandate or no longer be able to execute an existing contract and consequently to terminate it. However, you are not obliged to give your consent to the data processing which is not relevant for the performance of the contract or which is not required by law and/or regulation.
8.Is there any automated decision making including profiling?
We do not use automated decision making according to Art. 22 of the General Data Protection Regulation to GDPR to effectuate a decision on the establishment and implementation of the business relationship that has legal effect on the person concerned or significantly impairs it in a similar manner.
9.Adjustment of this information
If required, we will make adjustments to this information for data processing. The latest version of this information is available on our website anytime.
10.Information about data processing according to sec. 8a seqq Lawyers’ Act (RAO)
BMA Brandstätter Rechtsanwälte GmbH is obliged according to sec. 8a seqq Lawyers´ Act within the scope of its duty of care to prevent money laundering and terrorist financing, to obtain and store certain documents and information from persons when establishing a business relationship. According to sec. 8a seqq Lawyers´ Act, the law firm has to identify and verify the identity of clients, beneficial owners of clients or any trustees of the client, to assess the purpose pursued by the client and the type of business relationship sought by the client, obtain and check information on the origin of the provided funds, and continuously monitor the business relationship and the transactions carried out in the course of a mandate. In particular, the law firm shall keep copies of the documents and information received that are necessary for the fulfilment of the duties of care described and the transaction documents and records which are necessary for the identification of transactions. The Lawyers´ Act grants the law firm and its attorneys the legal authorization within the meaning of the Data Protection Act to use the above-mentioned client data within the scope of exercising due diligence in order to prevent money laundering and terrorist financing, which the law firm is legally obliged to and which serves the public interest. The data processing within the scope of the described duties of care is based on a legal obligation of the law firm. Any objection by the client against such data processing may therefore not be observed by the law firm.
Last update on 26.04.2018