Data protection

1. Controller

ATTYS 05 Rechtsanwälte GmbH, Lange Gasse 50/10, 1080 Vienna, is controller of the personal data collected on the website www.attys.law. For questions regarding the processing of your personal data by ATTYS 05 Rechtsanwälte GmbH please contact +43 1 388996910 or office@attys.law.

2. Website visitors

We process the following data that we may collect from you depending on your use of our website: First name, last name, company affiliation, (private or business) email address, (private or business) address, (private or business) telephone number, any other data you provide to us when you contact us via the Meetergo appointment booking tool on our website or write an email, your IP address, date and time of access to our website, directory protection user, logs, referrer, website accessed, amount of data transferred, status code, user agent, host name accessed.

We process this data for the following purposes:

• Meetergo/e-mail: We are delighted when you contact us via our Meetergo booking tool on attys.law or via e-mail. If you contact us via our Meetergo or by e-mail, the data you provide will be processed for the purpose of establishing contact, processing your inquiry, concluding a client relationship and/or providing the services you have requested. If a client relationship is concluded, you will be separately informed about the processing of your personal data within the scope of the mandate.

The processing of your personal data in the context of contacting us via Meetergo or by e-mail is based on the performance of (pre-)contractual measures in accordance with Art. 6 para. 1 lit. b GDPR.

The data will be processed for the duration of the initiation of the client relationship. If the client relationship is concluded, your personal data will be stored for a period of 30 years even after the end of the client relationship due to the applicable statutory provisions and retention obligations (§ 1489 of the Austrian Civil Code).

In order to achieve the above-mentioned purposes, it may be necessary to disclose your data to third party recipients such as email-, website-, software- and cloud-providers or IT-service-providers through transfer, distribution or any other form of providing. We only transfer your data to the extent necessary to fulfill the purpose; this data will not be passed on to any other third parties for their own purposes without your consent.

If you book an appointment via our Meetergo booking tool, your data will be transferred to the provider of our booking tool, meetergo GmbH, Hauptstraße 44, 40789 Monheim am Rhein, GERMANY. The transferred data includes your IP address, a referrer URL and the time of access. This data can be used to determine who has made an appointment request. We process this data on the basis of a legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR so that appointment requests can be processed effectively. In addition, the data provided is transferred to the following recipients:

• E-mail provider.
• Webiste visitors: When you visit our website, we process your personal data to optimize our website and to detect, prevent and investigate attacks on our website. We also statistically evaluate access to our website in order to improve the website and make it more user-friendly, to find and rectify errors more quickly and to manage server capacities. As a law firm, we have a legitimate interest in the functionality and security of our website and in preventing misuse of our website. It is also not technically possible to use the website without providing your IP address.

The processing of your personal data in the context of your visit to our website is therefore based on our legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR.

The data is processed for a period of five months.

As part of the processing of your personal data, your data may be transferred to the following recipients:

• E-mail-provider
• Cloud service provider (fulfills the requirements of RAK and ISO 27001 certified)

If you choose not to provide the personal information we request, we may not be able to provide you with the information or services you have requested or otherwise fulfill the purpose for which we have requested the personal information.

3. Clients

As a client, you can rest confident that your personal data will be handled safely and in accordance with the applicable data protection regulations. Our law firm is also obliged under § 9 RAO to treat all personal data as confidential and to process it only in the context of the legal mandate. This includes all your personal data that is required in the course of consultation and representation in order to process your legal concerns effectively. If you are our client, you have already received detailed information on the processing of your personal data in the phase prior to the conclusion of the contract.

4. Opposing parties, witnesses and other parties involved in our clients’ matters

If you are an opposing party to one of our clients or are involved in proceedings that we are handling (e.g. as a witness or person providing information), we process your data on the basis of our legitimate interest. The contract concluded with our client and the fulfillment of the same constitute the legitimate interest in processing this data. We would have to inform you in accordance with Art. 14 GDPR which categories of your personal data we process. However, as lawyers, we are subject to a professional duty of confidentiality pursuant to § 9 RAO and are therefore exempt from this obligation pursuant to Art 14 (5) lit d GDPR.

5. Suppliers and contractors

If you are a supplier or contractor of our law firm, we have received your data as part of this relationship and process it for the purposes of initiating and executing contracts. We also process your data to fulfill our legal obligations (tax and tort law).

We store your personal data in any case for the duration of the contractual relationship, in addition at least 7 years to fulfill tax retention obligations and up to 30 years to secure warranty and tort claims.

If you do not wish to provide your personal data, we cannot guarantee that we will be able to work with you.

As part of the processing of your personal data, your data may be transferred to the following recipients:

• Insurance companies
• Courts and authorities
• Banks
• E-Mail-providers
• Cloud service provider (fulfills the requirements of RAK and ISO 27001 certified)

6. Cookies

A cookie is a file that is sent together with the pages of an Internet address and can be stored by the web browser on the PC or another device. The information stored can be sent to our servers or the servers of relevant third-party providers during subsequent visits. Cookies may only be set without consent if they are technically necessary. Only cookies that directly serve the function of the website itself or the service offered via the website are technically necessary. Currently, only technically necessary cookies are set on our website.

7. Your rights

You have the right to information, rectification, deletion, restriction of processing, data portability, objection and revocation. You can exercise these rights by sending us an e-mail. If we process your data on the basis of your consent, you have the right to withdraw this consent at any time.

If you believe that the processing of your data violates data protection law or your data protection rights have been violated in any other way, you can complain to the supervisory authority. In Austria, this is the Data Protection Authority. The address of the Austrian Data Protection Authority is: Österreichische Datenschutzbehörde, Barichgasse 40-42, 1030 Vienna, phone: +43 1 52 152-0, e-mail: dsb@dsb.gv.at.