Data protection

1. Responsibility

The controller within the meaning of the General Data Protection Regulation and other national data protection laws of the member states as well as other data protection regulations is ATTYS 05 Rechtsanwälte GmbH, Lange Gasse 50/10, 1080 Vienna (“we”).

If you have any questions about the processing of your data by ATTYS 05 Rechtsanwälte GmbH, please contact us via +43 1 38899690 or office@attys.law.

2. General Information on Data Processing

We process the personal data of our users/visitors to our events (the “user” or “you”) only to the extent necessary to provide a functional website and our content and services and to hold an event. The processing of personal data of our users only takes place regularly with the consent of the user. An exception applies in cases where prior consent cannot be obtained for factual reasons and the processing of the data is permitted by law.

3. Legal Basis of the Processing of Personal Data

Insofar as we obtain the consent of the data subject for the processing of personal data, Art. 6 para. 1 lit. a EU General Data Protection Regulation (GDPR) serves as the legal basis.

When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 para. 1 lit. b GDPR serves as the legal basis. This also applies to processing operations that are necessary to carry out pre-contractual measures.

Insofar as the processing of personal data is necessary to fulfill a legal obligation to which our company is subject, Art. 6 para. 1 lit. c GDPR serves as the legal basis.

In the event that vital interests of the data subject or another natural person require the processing of personal data, Art. 6 para. 1 lit. d GDPR serves as the legal basis.

If the processing is necessary to safeguard a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 para. 1 lit. f GDPR serves as the legal basis for the processing.

4. Erasure of Data and Storage Duration

The personal data of the data subject will be erased or blocked as soon as the purpose of storage no longer applies. Data may also be stored if this has been provided for by the European or national legislator in EU regulations, laws or other provisions to which the controller is subject. The data will also be blocked or deleted if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or fulfillment of a contract.

5. Provision of our Website
5.1 Description and Scope of Data Processing

Every time our website, available over www.attys.law, is accessed, our system automatically collects data and information from the computer system of the accessing computer.

The following data is collected: your IP address, date and time of access to our website, directory protection user, logs, referrer, website accessed, amount of data transferred, status code, user agent, host name accessed.

5.2 Legal Basis of Data Processing

The legal basis for the temporary storage of data is Art. 6 para. 1 lit. f GDPR.

5.3 Purposes of Data Processing and Duration of Storage

When you visit our website, we process your personal data to optimize our website and to detect, prevent and investigate attacks on our website. We also statistically evaluate access to our website in order to improve the website and make it more user-friendly, to find and rectify errors more quickly and to manage server capacities. As a law firm, we have a legitimate interest in the functionality and security of our website and in preventing misuse of our website.

The temporary storage of the IP address by the system is necessary to enable the website to be delivered to the user’s computer. For this purpose, the user’s IP address must remain stored for the duration of the session.

These purposes also constitute our legitimate interest in data processing in accordance with Art. 6 para. 1 lit. f GDPR.

The data is processed and stored for a period of five months.

As part of the processing of your personal data, your data may be transmitted to the following recipients Email service provider, cloud service provider (complies with RAK requirements and ISO 27001 certified). The collection of data for the provision of the website and the storage of the data is absolutely necessary for the operation of the website. Consequently, the user has no option to object.

6. Meetergo and E-mail Contact
6.1 Description and Scope of Data Processing

Our website offers the option of contacting us by email and booking an appointment via Meetergo. If a user makes use of this option, the data entered in the input mask/email will be transmitted to us and stored.

Depending on the information provided by the user, this data may include: your IP address, a referrer URL and the time of access, first name, surname, company affiliation, (private or business) email address, (private or business) address, (private or business) telephone number, all other data that you provide to us when you contact us via the Meetergo appointment booking tool on our website or send us an email,

It may be necessary for us to disclose your data to third party recipients such as email, website, software and cloud providers or IT service providers by transmission, dissemination or any other form of provision. We only transfer your data to the extent necessary to fulfill the purpose.

If you book an appointment via our Meetergo booking tool, your data will be transmitted to the provider of our booking tool, meetergo GmbH, Hauptstr. 44, 40789 Monheim am Rhein, GERMANY. The transmitted data includes your IP address, a referrer URL and the time of access. This data can be used to determine who has made an appointment request. In addition, the data provided is transmitted to the following recipients: Email service provider.

6.2 Legal Basis of Data Processing

The legal basis for the processing of the data is Art. 6 para. 1 lit. a GDPR if the user has given consent.

The legal basis for the processing of data transmitted in the course of booking an appointment through Meetergo or sending an e-mail is Art. 6 para. 1 lit. f GDPR. If the e-mail contact is aimed at the conclusion of a contract, the additional legal basis for the processing is Art. 6 para. 1 lit. b GDPR.

6.3 Duration of Storage

If you contact us via Meetergo or by email, the data you provide will be processed to establish contact, process your inquiry, conclude a client relationship and/or provide the services you have requested. The data will be processed for the duration of the initiation of the client relationship.  If a client relationship is concluded, you will be informed separately about the processing of your personal data within the scope of the mandate. Your personal data will then be stored for a period of 30 years even after termination of the client relationship on the basis of the applicable statutory provisions and retention obligations (Section 1489 of the Austrian Civil Code).

Otherwise, the data will be deleted as soon as it is no longer required to achieve the purpose for which it was collected. For the personal data from the input screen of the Meetergo booking tool and those sent by email, this is the case when the respective conversation with the user has ended. The conversation is deemed to have ended when it can be inferred from the circumstances that the matter in question has been conclusively clarified.

6.4 Objection and Removal Options

The user has the option to withdraw their consent to the processing of personal data at any time. If the user contacts us by booking an appointment through Meetergo or by email, they can object to the storage of their personal data at any time by sending us an email to office@attys.law. In such a case, the conversation cannot be continued. All personal data stored in the course of contacting us will be deleted in this case.

7. Attendance of our Events
7.1 Description and Scope of Data Processing

In the context of events organized by our law firm, we process personal data of the participating guests. This data typically includes name, contact details (such as e-mail address, telephone number and postal address) and, if applicable, other event details (e.g. information on company affiliation, catering preferences or special needs) and images of the guests. The data is collected either directly at the time of registration or via third parties (e.g. invitation lists).

In addition, photos and video recordings may be made during the event for documentation or advertising purposes in which you can be seen and recognized. If you notice that photos are being or have been taken of you and you do not wish this to happen, please contact the photographer proactively. The photographer will then delete the photos and not use them.

The photo and video recordings will be published on various channels and media. We plan to publish them on our website, Instagram and LinkedIn social media presences, third-party websites, e.g. online magazines, newsletters and emails, print media such as magazines or flyers.

7.2 Legal Basis of Data Processing

Personal data is processed on the basis of Art. 6 para. 1 lit. b GDPR, insofar as the data is required for the organization and implementation of the event, or on the basis of Art. 6 para. 1 lit. f GDPR, if there is a legitimate interest in documentation, marketing, reporting or follow-up. With the consent of the participant, we base the processing on Art. 6 para. 1 lit. a GDPR.

7.3 Purposes of Data Processing and Duration of Storage

Data processing serves the organization and implementation of the event, participant administration and, if necessary, the creation of event documentation or marketing materials.

The personal data will be deleted as soon as the purpose of the processing no longer applies, unless statutory retention periods require longer storage or consent for further use has been given.

If no single predetermined purpose is intended for individual photo and video recordings, we process the photo and video recordings for an indefinite period. In this case, deletion is not intended. We delete the photo and video recordings if there is a legal obligation to do so. Use on the internet and social media constitutes permanent use that is not limited to the act of publication.

We delete photographs and video recordings that are intended for one-off use (e.g. one-off print of an anniversary booklet) after they have been used and a transitional period has expired. The transitional period is based on the regular limitation period for claims arising from the use of the photos and is three years after the end of the year in which the use took place.

8. Clients

As a client, you can rest assured that your personal data will be treated securely and in accordance with the applicable data protection regulations. Our law firm is also obliged under Section 9 RAO to treat all personal data confidentially and to process it only within the scope of the legal mandate. This includes all your personal information that is required in the course of the consultation and representation in order to effectively process your legal concerns. If you are our client, you have already received detailed information on the processing of your personal data in the phase prior to the conclusion of the contract.

9. Opponents, Witnesses and other Parties involved in our Clients’ Matters

If you are an opponent of one of our clients or are involved in proceedings that we are handling (e.g. as a witness or person providing information), we process your data on the basis of our legitimate interest. The contract concluded with our client and the fulfillment of the same constitute the legitimate interest in processing this data. In principle, we would have to inform you which categories of your data we process in accordance with Art. 14 GDPR. However, as lawyers, we are subject to a professional duty of confidentiality pursuant to Section 9 RAO and are therefore exempt from this obligation pursuant to Art 14 (5) lit d GDPR. 

10. Suppliers and Contractors

If you are a supplier or contractor of our law firm, we have received your data in the context of this relationship and process it for the purpose of initiating and executing contracts. We also process your data to fulfill our legal obligations (tax and compensation law).

We store your personal data in any case for the duration of the contractual relationship, in addition at least 7 years to fulfill tax retention obligations and up to 30 years to secure warranty claims and claims for damages.

If you do not wish to provide us with your personal data, we cannot guarantee that we will be able to work with you.

As part of the processing of your personal data, your data may be transferred to the following recipients: Insurance companies, courts and authorities, banks, email service providers, cloud service providers (complies with RAK requirements and ISO 27001 certified).

11. Your Rights

You have the right to information, correction, deletion, restriction of processing, data portability, notification, revocation and objection. You can exercise these rights by sending us an email (office@attys.law). If we process your data on the basis of your consent, you have the right to withdraw this consent at any time.

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement if you consider that the processing of personal data relating to you infringes the GDPR.

The supervisory authority with which the complaint has been lodged shall inform the complainant of the status and outcome of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.

In Austria, this is the data protection authority. The address is: Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, telephone: +43 1 52 152-0, e-mail: dsb@dsb.gv.at.