Privacy Notice

DATA PROTECTION INFORMATION
of GEISTWERT™
=
Kletzer Messner Mosing Schnider Schultes Rechtsanwälte OG

1. General

1.1 We, GEISTWERT™ = Kletzer Messner Mosing Schnider Schultes Rechtsanwälte OG, Linke Wienzeile 4/2/3, 1060 Vienna, Commercial Registry No. 418193s at the Commercial Court of Vienna Wien, Tel +43 1 585 03 03-0, Fax +43 1 585 03 03-99 and e-mail office@geistwert.at (from hereinafter “we” or “GEISTWERT“) take your personal data very seriously and are vigilant with regard to its protection.

1.2 This data protection information shall inform you of the purposes for which and how we collect and process your personal data, when you

(i) visit our website (see item 2.),

(ii) subscribe to our e-mail newsletter (see item 3.),

(iii) are interested in our services (from hereinafter “Interested Party“, see item 4.),

(iv) are already one of our clients (from hereinafter “Client“, see item 5.),

(v) give us, in your function as a Client’s representative, your consent to mention the Client as a reference on our website or to name the Client as a reference and yourself as a so-called “referee” for an attorneys-ranking (see items 5.4 and 5.5)

(vi) are one of our suppliers or other business partner (see item 6.),

(vii) apply for a job with us (see item 7.),

(viii) are an addressee of one of our Client’s claims, respectively an opposing party of our Client in a proceeding, or when you are an intervener or are otherwise involved on the same side as our Client, e.g. as our Client’s joint litigant (see item 8.) or

(ix) visit our Facebook-page at https://www.facebook.com/geistwert/.

1.3 How we process your personal data depends on which category of persons listed above you belong to. The relevant details in this regard can be found in the respective points of this data protection information below.

 

2. Data Processing of our Website Visitors

2.1 Our website is hosted on a server operated by WPEngine, Inc., 504 Lavaca Street, Suite 1000, Austin 78701 Texas, USA, on our behalf. This host provider is Privacy-Shield certified. You may inspect this certification along with its status by clicking on this link.

2.2 We process certain data of visitors of our website www.geistwert.at in order to ensure its security and operation as well as to improve our website which safeguards our legitimate interests (Article 6 (1) lit f) GDPR).

2.3 For these purposes, the following data are collected and saved on our website: anonymised, shortened IP-address, country, date, time and length of the website access including the individual sites visited along with your respective times entered and exited, browser type and operating system.

2.4 This data does not enable personal identification of our website visitors.

2.5 Incidentally, you may completely eliminate the use of cookies – if you would like to do so, please consult your browser manual, which you often can access through the buttons “Help“ in the menu of your browser. If you do so, you may use our website without restrictions.

2.5 In order to be able to fulfil the abovementioned purposes, we work together with service providers (so-called “Processors“), who process your personal data on our behalf and for our purposes – but not for their own purposes. These processors are as follows:

Processor

Home State

Basis for sharing data in Non-EU-Countries

WPEngine, Inc.: Website-Hosting

USA

Privacy-Shield (Certification along with your status available under this link)

Mr. Jürgen Giefing, BSc: Website maintenance

Austria

Not applicable as in EU

 

3. Data Processing of our E-mail Newsletter Subscribers

3.1 If you have agreed to receive our e-mail newsletter, we process the personal contact data you have made known to us, such as your name and surname as well as your e-mail address and newsletter language choice in order to send your newsletter personally addressed to you, and in the cases concerned we also process the additional information that the newsletter could not be delivered to you (e.g. because your e-mail address no longer exists).

If you do not provide us with the relevant personal information we can unfortunately not send you the newsletter.

In this case, we base ourselves on your consent to receive the e-mail newsletter (Article 6 (1) lit a) GDPR in connection with § 107 (2) of the Austrian Telecommunications Act (Telekommunikationsgesetz, from hereinafter “TKG“), which you may withdraw at any time by either clicking the unsubscribe link contained in every newsletter or by sending an email to office@geistwert.at, whereby your withdrawal has no effects upon the legality of our data processing in this regard up until the receipt of your withdrawal (Article 7 (3) GDPR).

3.2 If you have not given your consent to receive our newsletter, but you are already one of our clients and have not made use of the possibility of declining the receipt of our e-mail newsletter, we also process your name and surname as well as your e-mail address and newsletter language in order to send you our e-mail newsletter personally addressed to you, and in the cases concerned we also process the additional information that the newsletter could not be delivered to you (e.g. because your e-mail address no longer exists and/or your e-mail address appears on the “RTR-Robinson list).

In this case we base ourselves on our legitimate interests (Article 6 (1) lit f GDPR in connection with recital 47 GDPR and § 107 GDPR and § 107 (3) TKG). In this case, you may also unsubscribe from our newsletter at any time, by either clicking the unsubscribe link contained in every e-mail newsletter or sending us and e-mail at office@geistwert.at from which your relevant request is evident. In order to enable our administration to run smoothly, we ask you kindly to use the subject heading “GEISTWERT-Newsletter-Unsubscribe” for such e-mails. Your cancellation shall have no effect on the client relationship between you and GEISTWERT or on the legality of data processing in this regard until our receipt of your withdrawal of consent (Article 7 (3) GDPR).

3.3 In order to be able to fulfil the abovementioned purposes, we work together with service providers (so-called “Processors“), who process your personal data on our behalf and for our purposes – but not for their own purposes. These processors are as follows:

Processor

Home State

Basis for sharing data in Non-EU-Countries

The Rocket Science Group LLC, also known as “Mailchimp”: e-mail-newsletter-mail order service

USA

Privacy Shield (Certification along with your status available under link)

 

4. Data Processing of Interested Parties

4.1 If you send us a request either via telephone, per mail, e-mail or fax, we process the contact data you have made available to us, such as your academic title, your name and surname, your e-mail address, your position at the requesting company, your address respectively the address of the requesting company, in order to answer your request in order to take steps at your request prior to entering into a contract (Article 6 (1) lit b) DSGVO).

If you do not provide us with the relevant personal information we can unfortunately not send you the newsletter.

4.2 In order to be able to fulfil the abovementioned purposes, we work together with service providers (so-called “Processors“), who process your personal data on our behalf and for our purposes – but not for their own purposes. These processors are as follows:

Processor

Home State

Basis for sharing data in Non-EU-Countries

Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052: Microsoft Outlook 365 e-mail-Service

USA

Privacy-Shield (Certification along with your status available under link)

RMC system-solution GmbH: IT-Support and IT-maintenance

Austria

Not applicable, as in EU

 

4.3 In order to be able to fulfil the abovementioned purposes, we also transmit your personal data to the following controllers who process the data for their own purposes:

Insofar as necessary to answer your request: Cooperation partners, namely law firms, tax-, audit-, consulting-, and/or PR-consulting companies

Austria or other EU country

Not applicable as in EU

Insofar as necessary to answer your request: Cooperation partners, namely law firms, tax-, audit-, consulting-, and/or PR-consulting companies

Worldwide, depending on the subject of your request

Adequacy assessment pursuant to article 45 (3) GDPR or
Possibly existing Privacy Shield in case of transfer to the USA or
Necessity of carrying out pre-contractual measures pursuant to article 49 (1) lit b) GDPR or
Necessary for the conclusion or performance of a contract concluded in your interest between us and another natural or legal person pursuant to article 49 (1) lit c GDPR;

 

5. Data Processing of our Clients

5.1 If you have given us a mandate (a “Mandate“), we process your personal data, such as your academic title, your name and surname, your e-mail address, your position at the mandating company, your address respectively the address of the company that is our client as well as your respectively the company’s account and payment information (such as, e.g., name and BIC/SWIFT of the paying bank, the IBAN of the account from which the invoices shall be paid), in order to carry out pre-contractual measures (e.g. payment of an advance on invoice or costs) or in order to fulfil our contractual obligations from the client relationship (Article 6 (1) lit b GDPR) as well as to fulfil our legal and professional obligations (Article 6 (1) lit c GDPR).

If you do not provide us with the relevant personal information we can unfortunately not send you the newsletter.

5.2 In order to be able to fulfil the abovementioned purposes, we work together with service providers (so-called “Processors“), who process your personal data on our behalf and for our purposes – but not for their own purposes. These processors are as follows:

Processor

Home State

Basis for sharing data in Non-EU-Countries

ADVOKAT Unternehmensberatung Greiter & Greiter GmbH: Provider and remote maintenance of our file management software

Austria

Not applicable as in EU

Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052: Microsoft Office 365 Email-Service

USA

Privacy-Shield (Certification along with your status available under this link)

RMC system-solution GmbH: EDV-Support and EDV-(remote)maintenance as well as operator of our secure data exchange and storage platform safespace.geistwert.at

Austria

Not applicable as EU

Herr Jürgen Giefing, BSc: Website Maintenance

Austria

Not applicable as EU

Mag. Konrad Keki Steuerberatungs GmbH: Tax advice and Accounting

Austria

Not applicable as EU

 

5.3 In order to be able to fulfil the abovementioned purposes, we also transfer your personal data to the following data controllers, who process the data for their own purposes:

Controller

Home State

Basis for sharing data in Non-EU-Countries

Vienna Bar Association: Fulfilment of our legal and professional obligations

Austria

Not applicable as EU

Insofar as necessary to fulfil our mandate: competent courts, competent Trademark- and Patent Offices, competent authorities and expert witnesses appointed by a court or by an authority

Austria or other EU country (in particular the EUIPO in Spain)

Not applicable as EU

Insofar as necessary to fulfil our mandate: World Intellectual Property Organization (WIPO)

Switzerland

Adequacy decision pursuant to Article 45 (3) GDPR

Insofar as necessary to fufil our mandate: Opponent of claim respectively Opposing Party, Interveners, other clients such as e.g. joined parties,

Worldwide depending on their seat

Necessary in order to fulfil mandate (Art 49 (1) lit b or c GDPR)

Bankhaus Krentschker & Co. AG: The bank with which we have our business and escrow accounts

Austria

Not applicable as EU

Insofar as necessary to fulfil our mandate: Cooperation partners, namely law firms, tax-, audit-, consulting-, and/or PR-consulting companies

Austria or other EU country

Not applicable as EU

Insofar as necessary to fulfil our mandate: Cooperation partners, namely law firms, tax-, audit-, consulting-, and/or PR-consulting companies

Worldwide, depending on the subject of your request

Adequacy decision pursuant to Article 45 (3) GDPR or
Possibly existing Privacy Shield in case of transfer to the USA or
Necessity of carrying out pre-contractual measures pursuant to article 49 (1) lit b) GDPR or
Necessary for the conclusion or performance of a contract concluded in your interest between us and another natural or legal person pursuant to article 49 (1) lit c GDPR

 

5.4 If you give us your consent to name the client as a reference, we at most process the name of the client on our website, www.geistwert.at for the purposes of self-promotion of GEISTWERT, whereby we base this on your corresponding consent (Article 6 (1) lit a GDPR), which you may withdraw at any time by sending us a relevant e-mail to office@geistwert.at, whereby your withdrawal shall have no effects on the legality of our data processing up until the point of our receipt of your withdrawal (Article 7 (3) GDPR). In order to fulfil this purpose, we work together with service providers (so-called “Processors”), who process your personal data on our behalf and for our purposes – but not for their own purposes. These processors are as follows:

Processor

Home State

Basis for sharing data in Non-EU-Countries

WPEngine, Inc.: Website-Hosting

USA

Privacy-Shield (Certification along with your status available under the following link)

Mr. Jürgen Giefing, BSc: Website maintenance

Austria

Not applicable as in EU

 

5.5 If you grant us your corresponding consent to name the client as a reference and additionally your consent for the corresponding reference naming vis-à-vis a ranking of lawyers (e.g. Chambers & Partners, The Legal 500, WTR 1000, IAM 1000 or JUVE), we also process the name of the client for the purposes of self-promotion of GEISTWERT and transfer this data to the corresponding Ranking provider, whereby we in turn base ourselves on your corresponding consent (Article 6 (1) lit a) GDPR), which you may withdraw at any time by sending us a relevant e-mail to office@geistwert.at, whereby your withdrawal shall have no effects on the legality of our data processing up until the point of our receipt of your withdrawal (Article 7 (3) GDPR).

Insofar as the corresponding Ranking provider does not have its seat within the EU, we base our transfer either on an adequacy decision pursuant to Article 45 (3) GDPR or on a possible existing Privacy-Shield in case of transfer to the USA or on your consent to transfer the name of the client to the corresponding concrete country outside of the EU.

5.6 In case you have given us your consent to be named personally as a so-called “Referee” vis-à-vis one or more of the abovementioned Ranking-providers, we process your personal contact data, such as your academic title, your name and surname, your email address respectively the address of your company that is our client for the purposes of self-promotion of GEISTWERT and transfer these contact data to the respective Ranking provider(s), e.g. to Chambers & Partners, The Legal 500, WTR 1000, IAM 1000 or JUVE, so that the respective Ranking provider may contact you for enabling you to evaluate our services vis-à-vis the respective Ranking provider, whereby we in turn base this on your corresponding consent (Article 6 (1) lit a GDPR), which you may withdraw at any time by sending us a relevant e-mail to office@geistwert.at, whereby your withdrawal shall have no effects on the legality of our data processing up until the point of our receipt of your withdrawal (Article 7 (3) GDPR).

Insofar as the corresponding Ranking provider does not have its seat within the EU, we base our transfer either on an adequacy decision pursuant to Article 45 (3) GDPR or on a possible existing Privacy-Shield in case of transfer to the USA or on your consent to transfer the name of the client to the corresponding concrete country outside of the EU.

 

6. Data Processing of our Suppliers and other Business Partners (excluding Clients)

6.1 If you supply us with goods and/or services, or are otherwise our business partner (but not one of our Clients), we process your personal data, such as your academic title, your name and surname, your e-mail address, your position with the relevant company, your address respectively the address of the company that is our supplier/business partner, as well as the company’s account and payment information (such as, e.g., name and BIC/SWIFT of the paying bank, the IBAN of the account to which the invoices shall be paid by us) in order to carry out pre-contractual measures (e.g. payment of a deposit on our part) or in order to fulfil our contractual obligations (Article 6 (1) lit b GDPR) as well as to fulfil our legal obligations (Article 6 (1) lit c GDPR).

If you do not provide us with the relevant personal data, we cannot enter into a contractual relationship with you.

6.2 In order to be able to fulfil the abovementioned purposes, we work together with service providers (so-called “Processors“), who process your personal data on our behalf and for our purposes – but not for their own purposes. These processors are as follows:

Processor

Home State

Basis for Sharing Data in Non-EU countries

ADVOKAT Unternehmensberatung Greiter & Greiter GmbH: Provider and Maintenance of our firm’s administrative software

Austria

Not applicable as in EU

Mag. Konrad Keki Steuerberatungs GmbH: Tax Advice and Accounting

Austria

Not applicable as in EU

Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052: Microsoft Outlook 365 Email-Service

USA

Privacy-Shield (Certification along with your status available under the following link)

 

6.3 In order to be able to fulfil the abovementioned purposes, we also transfer your personal data to the following data controllers, who process the data for their own purposes:

Finanzamt 3/6/7/11/15 Schwechat: Fulfilment of our legal/tax obligations

Austria

Not applicable as in EU

Bankhaus Krentschker & Co. AG: The bank with which we have our business and escrow accounts

Austria

Not applicable as in EU

 

7. Data Processing of our Applicants

7.1 If you apply for a position as an employee at GEISTWERT (e.g. trainee lawyer or lawyer), we process the personal data which you provide us with in your CV, such as your academic title, your name and surname, your email address, your address as well as your career history in order to carry out pre-contractual measures, such as e.g. to initiate an employment or substitution agreement (Article 6 (1) b GDPR).

If you do not provide us with the relevant personal data, we cannot handle your application.

7.2 If you have given us your consent that we may keep your application on file, we process the abovementioned data for the purposes of our records. In this case, we base this on your consent to be kept on file (Article 6 (1) lit a GDPR), which you may withdraw at any time by sending us a relevant e-mail to office@geistwert.at, whereby your withdrawal shall have no effects on the legality of our data processing up until the point of our receipt of your withdrawal (Article 7 (3) GDPR). In order to fulfil this purpose, we work together with service providers (so-called “Processors”), who process your personal data on our behalf and for our purposes – but not for their own purposes. These processors are as follows:

7.2 In order to fulfil the purposes named in Points 7.1 and 7.2 we work together with service providers (so-called “Processors”), who process your personal data on our behalf and for our purposes – but not for their own purposes. These processors are as follows:

Processor

Home State

Basis for Sharing Data in Non-EU countries

ADVOKAT Unternehmensberatung Greiter & Greiter GmbH: Provider and remote maintenance of our firm’s administrative software

Austria

Not applicable as in EU

Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052: Microsoft Outlook 365 Email-Service

USA

Privacy-Shield (Certification along with your status available under this link))

 

8. Data Processing of Addressees of our Client’s claims, Opposing Parties of our Client in a proceeding, Intervener on our Client’s side and other Parties involved on the same side as our Client, e.g. as our Client’s joint litigant

8.1 If you are an addressee of our Client’s claims, an opposing party of our Client in a proceeding, an Intervener on our Client’s side or if you are otherwise involved on the same side as our Client, e.g. as our Client’s joint litigant, we process your personal data, such as your academic title, your name and surname, your e-mail address, your position at the company acting in such a role, and your address respectively the address of the company acting in such a role in order to fulfil our legal and professional obligations (Article 6 (1) lit c GDPR) as well as in order to safeguard our legitimate interests in duly fulfilling our mandate (Article 6 (1) lit f) GDPR).

8.2 We have received your respective data either from our Client or from a court, a Trademark. and Patent Office, an authority or from a expert witness appointed by a court or an authority or from a public source such as from a company register, a trademark and/or patent register or from a land register.

8.3 In order to be able to fulfil the abovementioned purposes, we work together with service providers (so-called “Processors“), who process your personal data on our behalf and for our purposes – but not for their own purposes. These processors are as follows:

Processor

Home State

Basis for sharing data in Non-EU-Countries

ADVOKAT Unternehmensberatung Greiter & Greiter GmbH: Provider and remote maintenance of our file management software

Austria

Not applicable as in EU

Microsoft Corporation, One Microsoft Way, Redmond, Washington 98052: Microsoft Office 365 Email-Service

USA

Privacy-Shield (Certification along with your status available under this link)

RMC system-solution GmbH: EDV-Support and EDV-(remote)maintenance as well as operator of our secure data exchange and storage platform safespace.geistwert.at

Austria

Not applicable as EU

 

8.4 In order to be able to fulfil the abovementioned purposes, we also transfer your personal data to the following data controllers, who process the data for their own purposes:

Controller

Home State

Basis for sharing data in Non-EU-Countries

Our client: for safeguarding our legitimate interests in the due fulfillment of our mandate

Worldwide, depending on their seat

Adequacy decision pursuant to Article 45 (3) GDPR or
Possibly existing Privacy Shield in case of transfer to the USA or
the transfer is necessary for the establishment, exercise or defence of legal claims (Article 49 para 1 lit e) GDPR)

Insofar as necessary to fulfil our mandate: competent courts, competent Trademark- and Patent Offices, competent authorities and expert witnesses appointed by a court or by an authority

Austria or other EU country (in particular the EUIPO in Spain)

Not applicable as EU

Insofar as necessary to fufil our mandate: further opponents of claim respectively Opposing Parties, further Interveners on our Client’s side or further joint litigants

Worldwide depending on their seat

Necessary in order to fulfil mandate (Art 49 (1) lit b or c GDPR)

Insofar as necessary to fulfil our mandate: Cooperation partners, namely law firms, tax-, audit-, consulting-, and/or PR-consulting companies

Austria or other EU country

Not applicable as EU

Insofar as necessary to fulfil our mandate: Cooperation partners, namely law firms, tax-, audit-, consulting-, and/or PR-consulting companies

Worldwide, depending on the subject of your request

Adequacy decision pursuant to Article 45 (3) GDPR or
Possibly existing Privacy Shield in case of transfer to the USA or
the transfer is necessary for the establishment, exercise or defence of legal claims (Article 49 para 1 lit e) GDPR)

Bankhaus Krentschker & Co. AG: The bank with which we have our escrow accounts in case we receive monies from you such as awarded costs or dunning costs

Austria

Not applicable as EU

 

9. Our Facebook-Page

9.1 For marketing purposes (information about our services and legal news, presenting our firm, etc.), GEISTWERT operates the Facebook-page https://www.facebook.com/geistwert/. The operation of this Facebook-page as well as the possible processing of personal data occurring on our behalf in connection with your visit (please see the next paragraph) of that Facebook-page is in our legitimate (marketing-)interests (Article 6 para 1 lit f GDPR).

9.2 Facebook-Insights: Facebook processes data for providing us, as the operator of or Facebook-page, with statistical data for our utilisation. This is done via the “Facebook Insights” functionality. This Facebook Insights functionality, however, only provides us with anonymous data and we are not in position to disable that functionality. Through the activation of various filters, this function enables us to define criteria according to which the statistical information is generated (e.g. the amount of “Likes” in certain periods of time; the reach of our postings; information on how many times a video has been watched; activities on the site, age, gender, country of origin, relationship status, professional status of the persons visiting our Facebook-page; etc.). For further details on the Facebook Insights functionality, please refer to https://de-de.facebook.com/business/a/page/page-insights. We use the Facebook Insights functionality as follows: We review the Facebook Insights online on/within Facebook. We do not use the export-functionality provided therein and we do not produce hardcopies or other duplicates. You will find all information that we put onto our Facebook-page on our website www.geistwert.at as well (with regard to our website, please see item 2. “Data Processing of our Website Visitors”).

9.3 Processing by Facebook: When you visit Facebook-pages (including ours), Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, D2 Dublin, Ireland, respectively Facebook Inc., 1601 Willow Road, Menlo Park, California 94025, USA) places cookies onto your device (desktop computer, laptop, mobile phone, tablet, etc.) without us being involved; these cookies remain active for a period of two years, unless you delete them earlier. Pursuant to Facebook’s Cookie Policy, the use of these cookies is inter alia required for providing Facebook’s products as well as for protecting and improving Facebook’s products. As far as we can tell, Facebook collects the following data through Facebook’s cookie-use: your IP-address, irrespectively of whether you are registered with or logged into Facebook. Furthermore, provided, however, that you are registered with and logged into Facebook: your user-profile and your user-behaviour. For further information on Facebook’s cookie use and on your possible means for dealing with placed cookies, please see https://www.facebook.com/policies/cookies.

9.4 Apart from the data processing within the Facebook Insights functionality (see above), GEISTWERT has no influence on any processing of personal data carried out by Facebook. Facebook, e.g., uses your personal data for advertising and analysis purposes. Further information of Facebook’s processing of your personal data are available at https://www.facebook.com/about/privacy/ and https://www.facebook.com/full_data_use_policy. Information on a possible right to object to certain data processing activities are available at https://www.facebook.com/settings?tab=ads.

9.5 We explicitly point out that Facebook’s data processing activities may also be carried out in Non-EU-countries, whereas the users’ personal data is only transmitted to countries which are either covered by an adequacy decision rendered by the European Commission under Article 45 GDPR or where adequate guarantees under Article 46 GDPR are in place. Facebook’s certification under US-EU Privacy Shield warrants that Facebook Inc. adheres to the European level of data protection. Facebook’s Privacy Shield status is accessible at https://www.privacyshield.gov/participant?id=a2zt0000000GnywAAC&status=Active.

 

10. Storage Duration

10.1 We generally store your personal data only for as long as it is necessary for the fulfilment of the respective purpose for which your personal data was collected.

10.2 For tax purposes, we store contract documents as well as related documents and communication, which concern our contractual relationships with suppliers/business partners (but not our clients) for a period of seven years (§ 132 of the Austrian Federal Fiscal Code (Bundesabgabenordnung, “BAO“).

10.3 Pursuant to the statutory Attorneys’ Code, we are obligated to store the files from our client relationship for five years after the end of the mandate (§ 12 of the Austrian Attorneys’ Code, “RAO“, last sentence). For the assertion or defence of legal claims as well as in light of § 1489 of the Austrian Civil Code (Allgemeines Bürgerliches Gesetzbuch, “ABGB“) in particular cases we store these files for up to thirty years after the end of the mandate.

10.4 If you have subscribed to our e-mail newsletter, we store your personal data in this regard until we receive your withdrawal of consent (see Point 3.1 above) or the cancellation of the

10.5 If you have applied for a position with us, but we have not entered into a contractual relationship, we delete your personal data six months after we have received your application, unless you have consented to your application being kept on file. If we conclude an employment or substitution agreement with you, our employee data protection applies. We shall communicate this information to you upon your recruitment, and you may also ask about it during the application proceedings.

 

11. Your Rights as a “Data Subject“ under Data Protection Laws

11.1 As a person concerned under data protection laws (from hereinafter “Data Subject“) we would like to inform you of the following rights you have:

Right to Information, Details in Article 15 GDPR: Every data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data (copy of the personal data which are the subject of the processing) and the following information: (a) the purposes of the processing; (b) the categories of personal data concerned; (c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; (d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; (e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; (f) the right to lodge a complaint with a supervisory authority; (g) where the personal data are not collected from the data subject, any available information as to their source;(h) the existence of automated decision-making, including profiling. The controller shall provide a copy of the personal data undergoing processing. For all further copies which the data subject requests, the controller may request a reasonable fee on the basis of administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form;

Right to Rectification and Erasure, Details in Article 16 GDPR: The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies: (a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (b) the data subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing; (c) the data subject objects to the processing (see below); (d) the personal data have been unlawfully processed; (e) the personal data have to be erased for compliance with a legal obligation in the EU or member state law to which the controller is subject;(f) the personal data have been collected in relation to the offer of information society services (consent of a child).The right to erasure does not apply to the extent that processing is necessary for compliance with a legal obligation of the controller, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, and/or for the establishment, exercise or defence of legal claims.

Right to Restriction of Processing, Details in Article 18 GDPR: The data subject has the right to obtain from the controller restriction of processing where one of the following applies: (a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; (b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; (c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or (d) the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject. Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. A data subject who has obtained restriction of processing shall be informed by the controller before the restriction of processing is lifted.

Right to Data Portability, Details in Article 20 GDPR: Insofar as the processing is based on consent or a contract and the processing is carried out by automated means, the data subject has the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.

Right to Object, Details in Article 21 GDPR: The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or the purposes of the legitimate interests pursued by the controller or by a third party. The controller shall then no longer process the personal data, except where he prove compelling legitimate grounds for the processing, which override the interests or fundamental rights and freedoms of the data subject, or the processing serves the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. If the data subject objects to the processing for the purposes of direct marketing, the personal data shall no longer be processed for this purpose.

Right to File a Complaint with a Supervisory Authority: Every data subject has the right to file a complaint with a supervisory authority without prejudice to other administrative or judicial legal remedies, in particular in the member state of their residence, their workplace or the place the alleged offense occurred, if the data subject is of the view that the processing of personal data concerning him or her breaches these legal provisions. The contact information of the Austrian Data Protection Authority can be found here: https://www.dsb.gv.at/.

11.2 We are available for any further questions regarding data protection at GEISTWERT at the contact information stated in Point 1.1, above.

***