Privaty Notice
DATA PROTECTION INFORMATION OF
GEISTWERT™
=
GEISTWERT Kletzer Messner Mosing Schnider Schultes Rechtsanwälte OG
1. General
1.1 We, GEISTWERT Kletzer Messner Mosing Schnider Schultes Rechtsanwälte OG, Linke Wienzeile 4/2/3, 1060 Vienna, Commercial Registry No. 418193s at the Commercial Court of Vienna Wien, Tel +43 1 585 03 03-0, Fax +43 1 585 03 03-99 and e-mail office@geistwert.at (from hereinafter “we” or “GEISTWERT“) take the protection of your personal data very seriously andinform you of our processing activities. The nouns used in this Data Protection Information are gender neutral. Possible masculine forms are exclusively used for easier readability.
1.2 This data protection information informs you for which purposes, on which legal bases, for how long and with which processors (“Recipients”) we process your (personal) data and which rights you (may) have as a concerned individual , when you
(i) visit our website – NO processing of personal data (see item 2.),
(ii) subscribe to our e-mail newsletter (see item 3.),
(iii) are interested in our services (from hereinafter “Interested Party“, see item 4.),
(iv) are already one of our clients (from hereinafter “Client“, see item 5.),
(v) give us, in your function as a Client’s representative, your consent to mention the Client as a reference on our website or to name the Client as a reference and yourself as a so-called “referee” for an attorneys-ranking (see items 5.4 and 5.5)
(vi) are one of our suppliers or other business partner (see item 6.),
(vii) apply for a job with us (see item 7.),
(viii) are an addressee of one of our Client’s claims, respectively an opposing party of our Client in a proceeding, or when you are an intervener or are otherwise involved on the same side as our Client, e.g. as our Client’s joint litigant (see item 8.) or
(ix) visit our Facebook-page at https://www.facebook.com/geistwert/.
1.3 How we process your personal data depends on which category of persons listed above you belong to. The relevant details in this regard can be found in the respective points of this data protection information below.
2. (No) Data Processing of our Website Visitors
2.1 We do not process personal data of visitors of our website www.geistwert.at.
3. Data Processing of our E-mail Newsletter Subscribers
3.1 If you have given your consent to receive our e-mail newsletter, we process the personal contact data you have made known to us, such as your name and surname as well as your e-mail address and newsletter language choice in order to send your newsletter personally addressed to you, and in the cases concerned we also process the additional information which newsletters were transmitted to you and which you have clicked onto, respectively that the newsletter could not be delivered to you (e.g. because your e-mail address no longer exists).
If you do not provide us with the relevant personal information we unfortunately cannot send you the newsletter.
In this case, we base ourselves on your consent to receive the e-mail newsletter (Article 6 (1) lit a) GDPR in connection with § 174 (3) of the Austrian Telecommunications Act (Telekommunikationsgesetz, from hereinafter “TKG“), which you may withdraw at any time by either clicking the unsubscribe link contained in every newsletter or by sending an email to office@geistwert.at, whereby your withdrawal has no effects upon the legality of our data processing in this regard up until the receipt of your withdrawal (Article 7 (3) GDPR).
We process your data in relation to you until you withdraw your consent.
3.2 If you are already one of our clients and have not made use of the possibility of declining the receipt of our e-mail newsletter, we also process your name and surname as well as your e-mail address and newsletter language in order to send you our e-mail newsletter personally addressed to you, and in the cases concerned we also process the additional information which newsletters were transmitted to you and which you have clicked onto, respectively that the newsletter could not be delivered to you (e.g. because your e-mail address no longer exists and/or your e-mail address appears on the “RTR-Robinson list).
In this case we base ourselves on our legitimate interests (Article 6 (1) lit f GDPR in connection with recital 47 GDPR and in connection with § 107 GDPR and § 174 (4) TKG). In this case, you may also unsubscribe from our newsletter at any time, by either clicking the unsubscribe link contained in every e-mail newsletter or sending us and e-mail at office@geistwert.at from which your relevant request is evident. In order to enable our administration to run smoothly, we ask you kindly to use the subject heading “GEISTWERT-Newsletter-Unsubscribe” for such e-mails. Your cancellation shall have no effect on the client relationship between you and GEISTWERT or on the legality of data processing in this regard until our receipt of your objection (Article 21 GDPR).
We process your data in relation to you until three years have lapsed since our client-attorney-relationship was terminated (legitimate interests), respectively until we receive your objection.
3.3 In order to be able to fulfil the abovementioned purposes, we work together with service providers (so-called “Processors“), who process your personal data on our behalf and for our purposes – but not for their own purposes. These Processors are as follows:
| Processor | Home State | Basis for sharing data in Non-EEA-Countries |
| CleverReach GmbH & Co. KG | Germany | Not applicable, as in the EEA |
4. Data Processing of Interested Parties
4.1 If you send us a request either via telephone, per mail, e-mail or fax, we process the contact data you have made available to us, such as your academic title, your name and surname, your e-mail address, your position at the requesting company, your address respectively the address of the requesting company and the response data generated by us, in order to answer your request in order to take steps at your request prior to entering into a contract (Article 6 (1) lit b) DSGVO).
If you do not provide us with the relevant personal information we can unfortunately not send you the newsletter.
We process your data in relation to you until three years have lapsed since our client-attorney-relationship was terminated (legitimate interests due to possible damage claims).
4.2 In order to be able to fulfil the abovementioned purposes, we work together with service providers (so-called “Processors“), who process your personal data on our behalf and for our purposes – but not for their own purposes. These processors are as follows:
| Processor | Home State | Basis for sharing data in Non-EEA-Countries |
| RMC system-solution GmbH: IT-Support and IT-maintenance | Austria | Not applicable, as in the EEA |
4.3 In order to be able to fulfil the abovementioned purposes, we also transmit your personal data to the following controllers who process the data for their own purposes:
| Insofar as necessary to answer your request: Cooperation partners, namely law firms, tax-, audit-, consulting-, and/or PR-consulting companies | Austria or other EEA country | Not applicable as in the EEA |
| Insofar as necessary to answer your request: Cooperation partners, namely law firms, tax-, audit-, consulting-, and/or PR-consulting companies | Worldwide, depending on the subject of your request | Adequacy assessment pursuant to article 45 (3) GDPR or EU Standard Contractual Clauses or necessity of carrying out pre-contractual measures pursuant to article 49 (1) lit b) GDPR or Necessary for the conclusion or performance of a contract concluded in your interest between us and another natural or legal person pursuant to article 49 (1) lit c GDPR; |
5. Data Processing of our Clients
5.1 If you have given us a mandate (a “Mandate“; also when you use the GEISTWERT GDPR-Tool at https://dsgvo.geistwert.at/), we process your personal data, such as your academic title, your name and surname, your e-mail address, your position at the mandating company, your address respectively the address of the company that is our client as well as your respectively the company’s account and payment information (such as, e.g., name and BIC/SWIFT of the paying bank, the IBAN of the account from which the invoices shall be paid) and the data that we generate for fulfilling the contract (we process – however at least not systematically – data that were not collected at the concerned individual, respectively data generated by us (see Article 14 GDPR and/or Article 22 GDPR)), in order to carry out pre-contractual measures (e.g. payment of an advance on invoice or costs) or in order to fulfil our contractual obligations from the client relationship (Article 6 (1) lit b GDPR) as well as to fulfil our legal and professional obligations (Article 6 (1) lit c GDPR).
If you do not provide us with the relevant personal information, we unfortunately cannot enter a client-attorney-relationship with you.
We process your data in relation to you until seven years have lapsed since our client-attorney-relationship was terminated (retention obligations under business-, tax- and professional ethics laws).
5.2 In order to be able to fulfil the abovementioned purposes, we work together with service providers (so-called “Processors“), who process your personal data on our behalf and for our purposes – but not for their own purposes. These processors are as follows:
| Processor | Home State | Basis for sharing data in Non-EEA-Countries |
| ADVOKAT Unternehmensberatung Greiter & Greiter GmbH: Provider and remote maintenance of our file management software | Austria | Not applicable as in the EEA |
| RMC system-solution GmbH: EDV-Support and EDV-(remote)maintenance as well as operator of our secure data exchange and storage platform safespace.geistwert.at | Austria | Not applicable as in the EEA |
| Herr Jürgen Giefing, BSc: Website Maintenance | Austria | Not applicable as in the EEA |
| Mag. Konrad Keki Steuerberatungs GmbH: Tax advice and Accounting | Austria | Not applicable as in the EEA |
5.3 In order to be able to fulfil the abovementioned purposes, we also transfer your personal data to the following data controllers, who process the data for their own purposes:
| Controller | Home State | Basis for sharing data in Non-EEA-Countries |
| Vienna Bar Association: Fulfilment of our legal and professional obligations | Austria | Not applicable as in the EEA |
| Insofar as necessary to fulfil our mandate: competent courts, competent Trademark- and Patent Offices, competent authorities and expert witnesses appointed by a court or by an authority | Austria or other EEA country (in particular the EUIPO in Spain) | Not applicable as in the EEA |
| Insofar as necessary to fulfil our mandate: World Intellectual Property Organization (WIPO) | Switzerland | Adequacy decision pursuant to Article 45 (3) GDPR |
| Insofar as necessary to fufil our mandate: Opponent of claim respectively Opposing Party, Interveners, other clients such as e.g. joined parties, | Worldwide depending on their seat | Necessary in order to fulfil mandate (Art 49 (1) lit b or c GDPR) |
| Bankhaus Krentschker & Co. AG: The bank with which we have our business and escrow accounts | Austria | Not applicable as in the EEA |
| Insofar as necessary to fulfil our mandate: Cooperation partners, namely law firms, tax-, audit-, consulting-, and/or PR-consulting companies | Austria or other EU country | Not applicable as in the EEA |
| Insofar as necessary to fulfil our mandate: Cooperation partners, namely law firms, tax-, audit-, consulting-, and/or PR-consulting companies | Worldwide, depending on the subject of your request | Adequacy decision pursuant to Article 45 (3) GDPR or EU Standard Contractual Clauses or Necessity of carrying out pre-contractual measures pursuant to article 49 (1) lit b) GDPR or Necessary for the conclusion or performance of a contract concluded in your interest between us and another natural or legal person pursuant to article 49 (1) lit c) GDPR |
5.4 If you give us your consent to name the client as a reference, we at most process the name of the client on our website, www.geistwert.at for the purposes of self-promotion of GEISTWERT, whereby we base this on your corresponding consent (Article 6 (1) lit a GDPR), which you may withdraw at any time by sending us a relevant e-mail to office@geistwert.at, whereby your withdrawal shall have no effects on the legality of our data processing up until the point of our receipt of your withdrawal (Article 7 (3) GDPR). In order to fulfil this purpose, we work together with service providers (so-called “Processors”), who process your personal data on our behalf and for our purposes – but not for their own purposes. These processors are as follows:
| Processor | Home State | Basis for sharing data in Non-EEA-Countries |
| Mr. Jürgen Giefing, BSc: Website maintenance | Austria | Not applicable as in the EEA |
5.5 If you grant us your corresponding consent to name the client as a reference and additionally your consent for the corresponding reference naming vis-à-vis a ranking of lawyers (e.g. Chambers & Partners, The Legal 500, WTR 1000, IAM 1000 or JUVE), we also process the name of the client for the purposes of self-promotion of GEISTWERT and transfer this data to the corresponding Ranking provider, whereby we in turn base ourselves on your corresponding consent (Article 6 (1) lit a) GDPR), which you may withdraw at any time by sending us a relevant e-mail to office@geistwert.at, whereby your withdrawal shall have no effects on the legality of our data processing up until the point of our receipt of your withdrawal (Article 7 (3) GDPR).
Insofar as the corresponding Ranking provider does not have its seat within the EU, we base our transfer either on an adequacy decision pursuant to Article 45 (3) GDPR or on your consent to transfer the name of the client to the corresponding concrete country outside of the EU.
5.6 In case you have given us your consent to be named personally as a so-called “Referee” vis-à-vis one or more of the abovementioned Ranking-providers, we process your personal contact data, such as your academic title, your name and surname, your email address respectively the address of your company that is our client for the purposes of self-promotion of GEISTWERT and transfer these contact data to the respective Ranking provider(s), e.g. to Chambers & Partners, The Legal 500, WTR 1000, IAM 1000 or JUVE, so that the respective Ranking provider may contact you for enabling you to evaluate our services vis-à-vis the respective Ranking provider, whereby we in turn base this on your corresponding consent (Article 6 (1) lit a GDPR), which you may withdraw at any time by sending us a relevant e-mail to office@geistwert.at, whereby your withdrawal shall have no effects on the legality of our data processing up until the point of our receipt of your withdrawal (Article 7 (3) GDPR).
Insofar as the corresponding Ranking provider does not have its seat within the EU, we base our transfer either on an adequacy decision pursuant to Article 45 (3) GDPR or on your consent to transfer the name of the client to the corresponding concrete country outside of the EU.
We process your data in relation to you until three years after we received your withdrawal of consent (legitimate interests due to possible damage claims).
6. Data Processing of our Suppliers and other Business Partners (excluding Clients)
6.1 If you supply us with goods and/or services, or are otherwise our business partner (but not one of our Clients), we process your personal data, such as your academic title, your name and surname, your e-mail address, your position with the relevant company, your address respectively the address of the company that is our supplier/business partner, as well as the company’s account and payment information (such as, e.g., name and BIC/SWIFT of the paying bank, the IBAN of the account to which the invoices shall be paid by us) and the data that we generate for fulfilling the contract (we process – however at least not systematically – data that were not collected at the concerned individual, respectively data generated by us (see Article 14 GDPR and/or Article 22 GDPR)) in order to carry out pre-contractual measures (e.g. payment of a deposit on our part) or in order to fulfil our contractual obligations (Article 6 (1) lit b GDPR) as well as to fulfil our legal obligations (Article 6 (1) lit c GDPR).
If you do not provide us with the relevant personal data, we cannot enter into a contractual relationship with you.
We process your data in relation to you until seven years have lapsed since our contract was terminated (retention obligations under business- and tax laws).
6.2 In order to be able to fulfil the abovementioned purposes, we work together with service providers (so-called “Processors“), who process your personal data on our behalf and for our purposes – but not for their own purposes. These processors are as follows:
| Processor | Home State | Basis for Sharing Data in Non-EEA countries |
| ADVOKAT Unternehmensberatung Greiter & Greiter GmbH: Provider and Maintenance of our firm’s administrative software | Austria | Not applicable as in the EEA |
| Mag. Konrad Keki Steuerberatungs GmbH: Tax Advice and Accounting | Austria | Not applicable as in the EEA |
6.3 In order to be able to fulfil the abovementioned purposes, we also transfer your personal data to the following data controllers, who process the data for their own purposes:
| Steiermärkische Bank und Sparkasse AG: The bank with which we have our business and escrow accounts | Austria | Not applicable as in the EEA |
7. Data Processing of our Applicants
7.1 If you apply for a position as an employee at GEISTWERT (e.g. trainee lawyer or lawyer), we process the personal data which you provide us with in your CV, such as your academic title, your name and surname, your email address, your address as well as your career history in order to carry out pre-contractual measures, such as e.g. to initiate an employment or substitution agreement (Article 6 (1) b GDPR).
If you do not provide us with the relevant personal data, we cannot handle your application.
We process your data in relation to you until seven months have lapsed since the application process was terminated, respectively your application was declined (legitimate interests due to possible damage claims on the basis of non-discrimination laws).
7.2 If you have given us your consent that we may keep your application on file, we process the abovementioned data for the purposes of our records. In this case, we base this on your consent to be kept on file (Article 6 (1) lit a GDPR), which you may withdraw at any time by sending us a relevant e-mail to office@geistwert.at, whereby your withdrawal shall have no effects on the legality of our data processing up until the point of our receipt of your withdrawal (Article 7 (3) GDPR). In order to fulfil this purpose, we work together with service providers (so-called “Processors”), who process your personal data on our behalf and for our purposes – but not for their own purposes. These processors are as follows:
7.2 In order to fulfil the purposes named in Points 7.1 and 7.2 we work together with service providers (so-called “Processors”), who process your personal data on our behalf and for our purposes – but not for their own purposes. These processors are as follows:
| Processor | Home State | Basis for Sharing Data in Non-EEA countries |
| ADVOKAT Unternehmensberatung Greiter & Greiter GmbH: Provider and remote maintenance of our firm’s administrative software | Austria | Not applicable as in the EEA |
8. Data Processing of Addressees of our Client’s claims, Opposing Parties of our Client in a proceeding, Intervener on our Client’s side and other Parties involved on the same side as our Client, e.g. as our Client’s joint litigant
8.1 If you are an addressee of our Client’s claims, an opposing party of our Client in a proceeding, an Intervener on our Client’s side or if you are otherwise involved on the same side as our Client, e.g. as our Client’s joint litigant, we process your personal data, such as your academic title, your name and surname, your e-mail address, your position at the company acting in such a role, and your address respectively the address of the company acting in such a role in order to fulfil our legal and professional obligations (Article 6 (1) lit c GDPR) as well as in order to safeguard our legitimate interests in duly fulfilling our mandate (Article 6 (1) lit f) GDPR).
8.2 Information under Article 14 GDPR (data sources): We may have received your respective data either from our Client or from a court, a Trademark. and Patent Office, an authority or from a expert witness appointed by a court or an authority or from a public source such as from a company register, a trademark and/or patent register or from a land register.
8.3 We process your data in relation to you as long as necessary for fulfilling the mandate. But no longer than seven years after the mandate was terminated (retention obligations under business-, tax- and professional ethics laws).
8.4 In order to be able to fulfil the abovementioned purposes, we work together with service providers (so-called “Processors“), who process your personal data on our behalf and for our purposes – but not for their own purposes. These processors are as follows:
| Processor | Home State | Basis for sharing data in Non-EEA-Countries |
| ADVOKAT Unternehmensberatung Greiter & Greiter GmbH: Provider and remote maintenance of our file management software | Austria | Not applicable as in the EEA |
| RMC system-solution GmbH: EDV-Support and EDV-(remote)maintenance as well as operator of our secure data exchange and storage platform safespace.geistwert.at | Austria | Not applicable as in the EEA |
8.4 In order to be able to fulfil the abovementioned purposes, we also transfer your personal data to the following data controllers, who process the data for their own purposes:
| Controller | Home State | Basis for sharing data in Non-EEA-Countries |
| Our client: for safeguarding our legitimate interests in the due fulfillment of our mandate | Worldwide, depending on their seat | Adequacy decision pursuant to Article 45 (3) GDPR or EU Standard Contractual Clauses or the transfer is necessary for the establishment, exercise or defence of legal claims (Article 49 para 1 lit e) GDPR) |
| Insofar as necessary to fulfil our mandate: competent courts, competent Trademark- and Patent Offices, competent authorities and expert witnesses appointed by a court or by an authority | Austria or other EU country (in particular the EUIPO in Spain) | Not applicable as in the EEA |
| Insofar as necessary to fufil our mandate: further opponents of claim respectively Opposing Parties, further Interveners on our Client’s side or further joint litigants | Worldwide depending on their seat | Adequacy decision pursuant to Article 45 (3) GDPR or EU Standard Contractual Clauses or Necessary for raising, exercising or defending against legal claims (Art 49 (1) lit e) GDPR) |
| Insofar as necessary to fulfil our mandate: Cooperation partners, namely law firms, tax-, audit-, consulting-, and/or PR-consulting companies | Austria or other EU country | Not applicable as in the EEA |
| Insofar as necessary to fulfil our mandate: Cooperation partners, namely law firms, tax-, audit-, consulting-, and/or PR-consulting companies | Worldwide, depending on the subject of your request | Adequacy decision pursuant to Article 45 (3) GDPR or EU Standard Contractual Clauses or the transfer is necessary for raising, exercising or defending against legal claims (Article 49 para 1 lit e) GDPR) |
| Steiermärkische Bank und Sparkasse AG: The bank with which we have our escrow accounts in case we receive monies from you such as awarded costs or dunning costs | Austria | Not applicable as in the EEA |
9. Our Facebook-Page
9.1 For marketing purposes (information about our services and legal news, presenting our firm, etc.), GEISTWERT operates the Facebook-page https://www.facebook.com/geistwert/. The operation of this Facebook-page as well as the possible processing of personal data occurring on our behalf in connection with your visit (please see the next paragraph) of that Facebook-page is in our legitimate (marketing-)interests (Article 6 para 1 lit f GDPR). The functionality “Insight” (see next sub-item) is mandatorily connected to the operation our (and any other business’) Facebook-fan-page, whereas Facebook processes (further) data upon your visit of our Facebook-fan-page, irrespectively of whether you are registered with or logged into Facebook.
9.2 Facebook-Insights: Data gathered from visitors of the GEISTWERT-Facebook-fan-page, that is data collected or generated by Facebook, whereas Facebook exclusively provides us with non-personal, statistic data of visitors of the GEISTWERT-Facebook-fan-page, namely
- GEISTWERT-Facebook-fan-page visitors:
- page and tab selections: information how often each tab and each button (e.g. website-, phone number-, routing-planner buttons) are shown, respectively clicked; information whether the visitor hovered over the fan-page’s name or profile picture, for getting a preview of the page’s contents;
- information whether the access was done via a computer or mobile device;
- external references: information on how often individuals reach the GEISTWERT Facebook-fan-page from a website outside of Facebook via a link
- GEISTWERT-Facebook-fan-page visitors who have “liked” the fan-page, additionally:
- origin (country, city, town);
- gender;
- age and
- language;
- total amount and amount of new “Likes”;
- amount of fan-page-subscribers;
- information on the times of the Facebook uses.
- Reached individuals: Individuals to which the GEISTWERT-Facebook-contributions have been presented within the last 28 days, including
- itemization according to paid reach and organic reach.
- Interacting individuals: Individuals who have “liked”, commented upon, shared or otherwise interacted with the GEISTWERT-Facebook-contributions within the last 28 days, including itemization of
- positive interactions: “Likes”, comments, shared contents and recommendations;
- negative interactions: concealed contributions, marked as spam, “does not “like” anymore”;
- information on how often possible videos on the GEISTWERT-Facebook-fan-page were watched for a duration longer than three/ 30 seconds (respectively more than 95% of the video).
We point out that, according to the case law concerning the data processing in connection with the GEISTWERT-Facebook-appearance, there is a “joint controllership” (Article 26 GDPR) of us with Facebook Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland (see the corresponding further data protection information at https://www.facebook.com/legal/terms/information_about_page_insights_data, and also see the information in the following paragraphs). We do not have any control over Facebook’s terms of use and Facebook’s privacy and cookie policies, respectively over the technical means employed by Facebook and Facebook’s processing activities.
- The processing is conducted on the basis of the performance of a contract (article 6 para 1 lit b) GDPR), namely the contract entered into (also for our benefit) between the visitor of the GEISTWERT-Facebook-fan-page and Facebook, respectively on the basis of the Facebook user’s consent (also for our benefit) (Article 6 para 1 lit a)), whereas we have no control over any withdrawal; in this respect, please also see below.
With regard to possible automated decision making processes including profiling under Article 22 paras 1 and 4 GDPR, please see Facebook’s corresponding information at https://www.facebook.com/privacy/explanation as well as Facebook’s cookie policy at https://www.facebook.com/policies/cookies/.
With regard tot he geographic dissemination of your personal data, please also see Facebook’s corresponding information at https://www.facebook.com/privacy/explanation as well as Facebook’s cookie policy at https://www.facebook.com/policies/cookies/.
With regard to the persons/entities (recipients in terms of the GDPR) who/which may have access to the concerned individuals’ data, please also see Facebook’s corresponding information at https://www.facebook.com/privacy/explanation as well as Facebook’s cookie policy at https://www.facebook.com/policies/cookies/.
With regard to motions for exercising your rights as a concerned person in connection with the GEISTWERT-Facebook-fan-page as well as in connection with the withdrawal of your possible consents vis-à-vis Facebook, we kindly ask you to contact Facebook directly, namely via the forms linked to at https://www.facebook.com/legal/terms/information_about_page_insights_data or via snail mail to Facebook
10. Addendum regarding the Storage Duration
10.1 See above storage durations regarding the individual data processing activities. We generally store your personal data only for as long as it is necessary for the fulfilment of the respective purpose for which your personal data was collected.
10.2 For tax purposes, we store contract documents as well as related documents and communication, which concern our contractual relationships with suppliers/business partners (but not our clients) for a period of seven years (§ 132 of the Austrian Federal Fiscal Code (Bundesabgabenordnung, “BAO“).
10.3 Pursuant to the statutory Attorneys’ Code, we are obligated to store the files from our client relationship for five years after the end of the mandate (§ 12 of the Austrian Attorneys’ Code, “RAO“, last sentence). For the assertion or defence of legal claims as well as in light of § 1489 of the Austrian Civil Code (Allgemeines Bürgerliches Gesetzbuch, “ABGB“) in particular cases we store these files for up to thirty years after the end of the mandate.
10.4 If you have subscribed to our e-mail newsletter, we store your personal data in this regard until we receive your withdrawal of consent (see Point 3.1 above) or the cancellation of the
10.5 If you have applied for a position with us, but we have not entered into a contractual relationship, we delete your personal data seven months after we have received your application, unless you have consented to your application being kept on file. If we conclude an employment or substitution agreement with you, our employee data protection applies. We shall communicate this information to you upon your recruitment, and you may also ask about it during the application proceedings.
11. Your Rights as a “Data Subject“ under Data Protection Laws
11.1 As a person concerned under data protection laws (from hereinafter “Data Subject“) we would like to inform you of the following rights you have:
Right to Information, Details in Article 15 GDPR: Every data subject has the right to obtain from the controller confirmation as to whether or not personal data concerning him or her are being processed, and, where that is the case, access to the personal data (copy of the personal data which are the subject of the processing) and the following information: (a) the purposes of the processing; (b) the categories of personal data concerned; (c) the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations; (d) where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period; (e) the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the data subject or to object to such processing; (f) the right to lodge a complaint with a supervisory authority; (g) where the personal data are not collected from the data subject, any available information as to their source;(h) the existence of automated decision-making, including profiling. The controller shall provide a copy of the personal data undergoing processing. For all further copies which the data subject requests, the controller may request a reasonable fee on the basis of administrative costs. Where the data subject makes the request by electronic means, and unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form;
Right to Rectification and Erasure, Details in Article 16 GDPR: The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement. The data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies: (a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed; (b) the data subject withdraws consent on which the processing is based, and where there is no other legal ground for the processing; (c) the data subject objects to the processing (see below); (d) the personal data have been unlawfully processed; (e) the personal data have to be erased for compliance with a legal obligation in the EU or member state law to which the controller is subject;(f) the personal data have been collected in relation to the offer of information society services (consent of a child).The right to erasure does not apply to the extent that processing is necessary for compliance with a legal obligation of the controller, or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller, and/or for the establishment, exercise or defence of legal claims.
Right to Restriction of Processing, Details in Article 18 GDPR: The data subject has the right to obtain from the controller restriction of processing where one of the following applies: (a) the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data; (b) the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead; (c) the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims; or (d) the data subject has objected to processing pending the verification whether the legitimate grounds of the controller override those of the data subject. Where processing has been restricted, such personal data shall, with the exception of storage, only be processed with the data subject’s consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest of the Union or of a Member State. A data subject who has obtained restriction of processing shall be informed by the controller before the restriction of processing is lifted.
Right to Data Portability, Details in Article 20 GDPR: Insofar as the processing is based on consent or a contract and the processing is carried out by automated means, the data subject has the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format. In exercising his or her right to data portability pursuant to paragraph 1, the data subject shall have the right to have the personal data transmitted directly from one controller to another, where technically feasible.
Right to Object, Details in Article 21 GDPR: The data subject shall have the right to object, on grounds relating to his or her particular situation, at any time to processing of personal data concerning him or her which is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller or the purposes of the legitimate interests pursued by the controller or by a third party. The controller shall then no longer process the personal data, except where he prove compelling legitimate grounds for the processing, which override the interests or fundamental rights and freedoms of the data subject, or the processing serves the establishment, exercise or defence of legal claims. Where personal data are processed for direct marketing purposes, the data subject shall have the right to object at any time to processing of personal data concerning him or her for such marketing. If the data subject objects to the processing for the purposes of direct marketing, the personal data shall no longer be processed for this purpose.
Right to File a Complaint with a Supervisory Authority: Every data subject has the right to file a complaint with a supervisory authority without prejudice to other administrative or judicial legal remedies, in particular in the member state of their residence, their workplace or the place the alleged offense occurred, if the data subject is of the view that the processing of personal data concerning him or her breaches these legal provisions. The contact information of the Austrian Data Protection Authority can be found here: https://www.dsb.gv.at/.
11.2 We are available for any further questions regarding data protection at GEISTWERT at the contact information stated in Point 1.1, above.
***