1. Personal Data
1.1 Schima Mayer Starlinger Rechtsanwälte GmbH, FN 499430 g, (sms.law) collects, processes, and utilises personal data solely in connection with a contractual relationship (such as a mandate), legitimate interest, or with explicit consent, and strictly for the purposes stated below. This is done in full compliance with the applicable civil law provisions and data protection regulations.
1.2 Only personal data that is necessary for the execution and fulfilment of our legal services or that you have voluntarily provided to us will be collected. Data is primarily collected from you. In individual cases, it may happen that we obtain data from other sources. These other sources include publicly accessible information obtained from the internet or registries, or other information collected in connection with our legal obligations. Furthermore, we would like to inform you that as part of our legal representation and assistance, factual and case-related information about you may be obtained from third parties.
1.3 Personal data includes all information that contains individual details about personal or factual circumstances, such as name, address, email address, telephone number, date of birth, age, gender, social security number, video recordings, photos, voice recordings of individuals, as well as biometric data such as fingerprints. It may also encompass sensitive data, such as health information or data related to a criminal proceeding.
2. Information and Deletion
2.1 As a client or affected party, you have the right, while observing the duty of attorney-client confidentiality, to request information about your stored personal data, including its origin and recipients, the purpose of data processing, as well as the right to correction, data portability, objection, restriction of processing, as well as blocking or deletion of incorrect or unlawfully processed data.
2.2 In the event of any changes to your personal data, we kindly request that you notify us accordingly.
2.3 You have the right to revoke your consent for the use of your personal data at any time. Your request for information, deletion, correction, objection and/or data transfer can be addressed to the address provided in section 10 of this statement.
2.4 If you believe that the processing of your personal data by us violates applicable data protection law or that your data protection rights have been infringed in any other way, you have the option to contact the competent supervisory authority. In Austria, the responsible authority for this purpose is the Data Protection Authority (Datenschutzbehörde).
3. Data Security
3.1 Your personal data is ensured through comprehensive organisational and technical measures. These measures particularly aim to prevent unauthorised, unlawful, or accidental access, processing, loss, use and manipulation of your data.
3.2 While we make diligent efforts to maintain a consistently high standard of due diligence, we cannot provide an absolute guarantee that the information you share with us over the internet will be entirely secure from unauthorised viewing or usage by others.
3.3 Please note that we cannot assume any liability for the disclosure of information due to data transmission errors or unauthorised access by third parties (such as hacking of email accounts or phones, interception of faxes) that are beyond our control.
3.4 Our commitment is to swiftly identify and report any potential data breaches to both you and the relevant supervisory authority. This includes providing details of the affected data categories, ensuring that timely action is taken to address the situation.
4. Use of Personal Data
The data you provide to us will not be utilised for any purposes other than those specified in the mandate agreement, your consent, or any other provision in compliance with the GDPR.
5. Transmission of Data to Third Parties
5.1 To fulfil your mandate, it may be necessary to disclose your data to third parties (such as opposing parties, substitutes, insurance companies), courts, or authorities. The disclosure of your data will only be carried out in accordance with the GDPR, particularly to fulfil your mandate or based on your prior consent.
5.2 In addition, we may disclose your data to contracted processors (especially IT service providers [external data centres, IT support], external accounting, and tax consulting) as necessary within our standard work processes (such as operating an email server, online communication tools [e.g., MS Teams, WebEx, and similar], exchanging digital documents) or when such data processing is required to fulfil the respective service in specific cases. All contracted processors have been carefully selected and implement appropriate technical and organisational measures to ensure that the processing of your data is carried out in compliance with professional and data protection obligations, thereby safeguarding your rights. If our contracted processors process mandate-related data, we have contractually obligated them to maintain confidentiality and, in the event of a search and seizure, to provide us with relevant information.
5.3 By default, we process mandate-related data only within the European Union. Some of the aforementioned recipients of your personal data may be located outside your country or process your personal data there. The level of data protection in other countries may not be equivalent to that of the United Kingdom. We only transfer your personal data to countries for which the European Commission has determined that they have an adequate level of data protection or if we can ensure that all recipients have an adequate level of data protection through appropriate measures. In particular, we utilise standard contractual clauses for this purpose.
6. Storage of Data
We will not retain data for a longer period than necessary to fulfil our contractual or legal obligations and to defend against any potential liability claims. For tax reasons, we generally store documents related to our contractual relationship for a period of ten years. Additionally, we are required to retain files and documentation related to mandates and due diligence obligations for the prevention of money laundering and terrorism financing for five years after the termination of the mandate, as mandated by the RAO (Rechtsanwaltsordnung). Data of applicants who are not hired will be deleted seven months after the completion of the application process unless we request their consent for further retention. For hired applicants, our internal privacy information for employees applies, which can be requested during the application process.
This website uses “cookies.” These are used to recognise and store temporary data of the website visitor. We exclusively utilise so-called “session cookies” to ensure the security of our website and for website analysis, each based on a legitimate interest. All information is automatically deleted after a specific period of time upon leaving the website. Tracking and advertising cookies are not used on our website.
8. Our Contact Details
The protection of your data is particularly important to us. You can contact us at any time for information requests or requests to amend or delete data using the contact details below:
SCHIMA | MAYER | STARLINGER
Rechtsanwälte GmbH /Attorneys at Law
A: Trabrennstraße 2B, A-1020 Wien
T: +43 1 383 60
F: +43 1 383 60 60