(according to Article 13 and 14 General Data Protection Regulation)
This data privacy statement applies to the processing of personal data (hereinafter also briefly referred to as “data”) by Minihold Rechtsanwälte GmbH and addresses clients, business partners and prospects, as well as any visitor to the www.minihold.com website.
1. Controller – contact details
The following party is the controller within the meaning of the General Data Protection Regulation (GDPR):
Minihold Rechtsanwälte GmbH
|FN (Companies’ Register no):||336828 k, HG Wien (Vienna Commercial Court)|
|Telefon:||+43 1 522 72 00|
|Fax:||+43 1 522 72 00-10|
(hereinafter “we” or “us”).
2. Purposes of data processing, lawful basis for data processing
If you provide us with a mandate, we will collect your personal data that are required for the execution and performance of our legal services or that you provide to us voluntarily; including the following as a minimum:
- E-mail address
- Telephone number
- Information that is required to provide you with legal advice and/or to represent you within the scope of the mandate
- Proof of identity
These data will be collected:
- to enable us to identify you as our client and to comply with professional regulations and legal provisions to avoid money laundering and the financing of terrorism (verification of the identity of new clients);
- to enable us to provide legal advice to you and to represent you in accordance with the mandate granted;
- to exchange correspondence with you;
- for the settlement of our services (statutory submission of invoices).
Processing of the data shall take place upon your request and is required to perform the mandate and to meet the obligations arising from the contract of mandate and/or to comply with statutory obligations (performance of a contract according to Art 6 (1) (b) GDPR; compliance with a legal obligation acc. to Art 6 (1) (c) GDPR). If you fail to provide us with the above-mentioned data, we may not be able to provide our consultancy and representation services (any longer) and/or would otherwise violate legal obligations.
Moreover, we process personal data arising within the scope of the mandate assumed, that are required, or that we need, to properly carry out and invoice our legal consultancy and representation services. We may not only collect such data from you, but also from other admissible and publicly accessible sources (e.g. official Companies’ Register or Land Register). As regards data that relate to you as our client, data processing will be effected in compliance with legal obligations and/or our contractual obligations towards you (Art 6 (1) (c) GDPR; Art 6 (1) (b) GDPR).
Data processed within the scope of a mandate may also concern third parties (e.g. opposing party or adversary). In that case, we shall collect the data that is provided to us by the third parties themselves, but we may also receive or collect such data from our client or any other admissible and publicly accessible sources (e.g. official Companies’ Register or Land Register). In that case, our processing of the data is based on our legitimate interest in performing the contract with our client (Art 6 (1) (f) GDPR); our processing of the data is not opposed by any overriding legitimate interest in the confidentiality of the data, provided we require such data for the adequate legal consultancy/representation of our client.
2.2 Visit to our website www.minihold.com
When you call up our website www.minihold.com, the browser used on your terminal will automatically send certain information to our website server. This information will temporarily be logged in a so-called log file. In the process, the following data may be recorded:
- IP address of the requesting computer
- Date and time of access
- Name and URL of the file called up
- Website from which access takes place (referrer URL)
- Browser and operating system (if applicable) of your computer.
The above-mentioned data will exclusively be processed for the purpose of guaranteeing a smooth connection to the website and to ensure system security and stability.
Said data is required for technical reasons and will neither be analysed nor used for any other purposes by us. Processing is based on our legitimate interest in operating a website (Art 6 (1) (f) GDPR).
2.3 Use of our contact form
You may contact us using our contact form on our website. When using our contact form, you are asked to provide to us your name and a valid email-address; these data are required for us to answer your enquiry or to contact you following your request. You may provide further information via the form on a purely voluntary basis.
Processing of the data, you have provided and sent to us via our contact form, is required for establishing contact and performing of pre-contractual measures at your request (Art 6 (1) (b) GDPR). The data collected via our contact form will be processed solely for the purpose of and will only be retained for as long as necessary to deal(ing) with your enquiry. The data will be deleted, unless you decide to provide us with a mandate (section 2.1).
2.4 Accounting and procurement
Within the scope of our accounting and procurement activities, we collect and process your data to the extent required for the proper management of the business relationship; the following as a minimum:
- E-Mail address
- Telephone number
- Data relating to the business relationship (including contractual documents) and object of the supply or service
- Terms of service, delivery and payment (including bank details for transfers)
- VAT registration number
This data processing is based on contract performance acc. to Art 6 (1) (b) GDPR and/or is effected for the purpose of performing legal obligations (Art 6 (1) (c) GDPR, e.g. obligations under tax law). We will also process personal data that arise in the course of doing business and which are required for the purpose of contract performance (performance of a contract acc. to Art 6 (1) (b) GDPR) or that we are obliged to process and store due to legal provisions (Art 6 (1) (c) GDPR). If you fail to provide us with data that we require for that purpose, we may not be able to provide our services (any more) and/or would otherwise violate legal obligations.
If you send us a job application, we will process and use the data received from you solely for assessing whether your profile matches an advertised vacancy or whether we can offer you a job that suits your profile. In addition, we will process your data for the purposes of further implementation and management of the application process and for the initiation of any employment relationship.
This data processing is based on the performance of a contract or on pre-contractual measures (Art 6 (1) (b) GDPR).
2.6 Other purposes of data processing | Automated decision-making
We shall not use the data for any other than the above-stated purposes, unless you have given your consent or unless we are obliged to do so under applicable law, or unless we have a legitimate interest in processing the data, which is not opposed by any overriding interest in confidentiality (for instance, in case of processing for the purpose of establishing, exercising or defending our own legal claims).
Automated decision-making, especially profiling, will not take place.
2.7 Lawyer’s secrecy obligation
Our work is based on high professional and ethical standards; one of the foremost professional obligations of lawyers is a comprehensive secrecy obligation. This includes in particular the maintenance of the confidentiality of all matters relating to lawsuits and clients that are taken care of by our law firm. This obligation applies apart from and in addition to our confidentiality obligations under data protection law.
3. Storage period
Your personal data will only be stored in our systems for the period that is required to perform the contractual relationship or to carry out any pre-contractual measures (e.g. answering your request, taking care of any other of your affairs that you ask us to handle for you), or which is justified by our legitimate interest, or until any consent required from you for storage of the data was revoked by you.
Moreover, we shall only store any data if and to the extent that storage is provided for under the law (in which case the data will be deleted upon expiry of the statutory storage periods) or until expiry of statutory or contractual guarantee, warranty, limitation periods or periods for claiming damages, or until resolution of any legal disputes that the data are required for as evidence.
4. Forwarding of data
Your personal data shall not be transmitted to third parties for any other than the purposes stated below.
We shall only pass on your personal data to third parties if this is required to perform the mandate granted by you and if it is legally permissible (Art 6 (1) (b) GDPR) or, if this is not the case, if such forwarding is warranted under a legal obligation acc. to Art 6 (1) (c) GDPR, if you have explicitly consented to such forwarding acc. to Art 6 (1) (a) GDPR, or if forwarding the data is required to establish, exercise or defend our own legal claims, acc. to Art 6 (1) (f) GDPR, and if there is no reason to assume that you have any overriding interest in the non-forwarding of your data that is worthy of protection.
We use external service providers for the purpose of operating and maintaining our website as well as the software applied in our law firm (IT service providers, hosting providers), who may obtain access to personal data during the performance of their services. Accordingly, we have made sure by concluding agreements with processors that the latter will comply with applicable data protection law.
5. Cookies, analysing tools
A cookie called “privacy_embeds” is set on our website when you click on “OK” in our information bar “We value your privacy: Thus, we intentionally do not use any tracking or analysis tools on our website”. This cookie has the sole technical-functional purpose of ensuring that the information bar is not displayed again when you access different subpages of our website or leave our website and access it again within a month. For this purpose, this cookie is stored for one month.
Apart from that, we do not use any cookies nor any analysing and tracking tools on our website.
6. Your rights under the GDPR
Under the GDPR, you have the following rights:
Right of access to personal data: You have the right to request confirmation from us as to whether personal data relating to you are being processed; if this is the case, you have a right of access to these personal data.
Right to rectification: If your personal data that we process are incomplete or inaccurate, you may demand – at any time – that we rectify or supplement them.
Right to deletion: Under the prerequisites of Art 17 GDPR, you have the right to demand that we delete your personal data, especially if you think that the data are no longer required for the purposes that they were collected or processed for; that we process such data unlawfully; or that the lawful basis for processing such data has ceased to exist. Please note, however, that there may be reasons that are opposed to immediate deletion, for instance if we are obliged under the law to retain certain data.
Right to restriction of processing: You are entitled to demand that we restrict the processing of your data in the following instances:
- if you contest the correctness of the data, for a period of time that allows us to verify the correctness of the data;
- if processing the data is unlawful, but you are opposed to deletion and demand limitation of data use instead;
- if we no longer need the data for the intended purpose, but you still need them to establish or defend any claims, or
- if you have entered an objection against the processing of the data.
Right to data portability: You are entitled to demand that we make your data available to you in a structured, current and machine-readable format, if
- we process such data based on your previous consent or based on a legitimate interest, or if processing is required to perform the contract existing between us, and
- if the processing of your data is carried out by automated means.
Right to object: In cases where we rely on our legitimate interest for data processing, you may object to such data processing at any time, if reasons exist that derive from your special situation. But please bear in mind that we are entitled to continue processing the data in spite of your objection if we are able to provide evidence of compelling reasons for processing that are worthy of protection and override your interests, rights and freedoms, or if processing serves to establish, exercise or defend any legal claims.
Right of revocation: If we process any data on the basis of a consent given by you, you are entitled to revoke that consent at any time with effect for the future.
To exercise any of these rights, please use any of the contact options stated in Item 1.
7. Right to lodge a complaint
If you are of the opinion that we violate Austrian or European data protection law in processing your data, we kindly ask you to get in touch with us in order to clarify any questions. Obviously, you are also entitled to lodge a complaint with the supervisory authority (in Austria: the Data Protection Authority).
8. Data security
Within the scope of the website visit, we use the SSL protocol (Secure Socket Layer). The depiction of the key or lock symbol in a closed state in the status bar of your browser indicates whether individual pages of our internet presence are transmitted in encrypted form.
Moreover, we have taken appropriate technical and organisational safety precautions to protect your data against accidental or intentional manipulations, partial or complete loss, destruction or against unauthorised access by third parties. Our security measures are continuously improved in line with technological developments.
9. Up-to-dateness of and amendments to the data privacy statement
This data privacy statement is currently valid (version: December 2019).
Due to the continuous enhancement of our website or due to a change of legal or official requirements, amendments or supplements to this data privacy statement may become necessary. The respective valid version of the data privacy statement is available for download and printout on the website www.minihold.com at any time.