General information
We take the protection of your personal data very seriously. Data protection and information security lie at the heart of our activities. In the following, we, Law & Strategy Kernbichler Mollnhuber Rechtsanwälte FlexCo, provide information about how we process your personal data and what rights you have in this regard.
Controller and contact details
For the purposes of the General Data Protection Regulation (GDPR), the controller is Law & Strategy Kernbichler Mollnhuber Rechtsanwälte FlexCo.
Our contact details are as follows:
Law & Strategy Kernbichler Mollnhuber Rechtsanwälte FlexCo
(FN 628469 w, Commercial Court of Vienna)
Strauchgasse 3/DG, 1010 Vienna
office@lawandstrategy.com
+43 1 267 7070
If you have any questions about data protection, please email us at office@lawandstrategy.com.
Personal data
Personal data refers to any information relating to an identified or identifiable natural person. Examples include names, addresses, dates of birth, contact details, IP addresses, ID or social security numbers, and bank details.
We usually collect personal data directly from you. In some cases, however, we also obtain personal data from other sources such as public registers or files.
Processing purposes and legal basis
We process your personal data with your consent (Art 6(1)(a) GDPR) and/or for one or more of the following purposes:
- Initiation or fulfillment of contractual relationships
We process your personal data in order to fulfill our pre-contractual obligations (Art 6(1)(b) GDPR), particularly those arising from client relationships, contracts with suppliers, business partners or applicants.
- Compliance with legal obligations
We process your personal data in order to fulfill our other legal obligations (Art 6(1)(c) GDPR), such as fulfilling our professional duty of care, particularly with regard to preventing money laundering and terrorist financing, and our obligation to keep records.
- Protection of legitimate interests
We process your personal data in order to protect our legitimate interests (Art 6(1)(f) GDPR), which include the assertion, exercise or defense of legal claims, sending newsletters and marketing purposes.
Standardized access logs are stored when you visit our website for security monitoring, error analysis and performance optimization. These logs include IP addresses, timestamps, details of the pages and resources accessed, HTTP response codes, and information about the browser and device used (user agent strings). Server logs are stored securely and retained for 14 days before being automatically deleted. They are not shared with third parties unless required by law or necessary to protect the security of our systems.
Failure to provide the personal data requested may result in our inability to establish or continue a client or business relationship with you.
No automated decision-making or profiling takes place.
Recipients or categories of recipients
We will only transfer your personal data to the following recipients or categories of recipients in accordance with our professional duty of confidentiality and to the extent necessary for the above-mentioned purposes:
- Third parties (e.g., courts and authorities, the bar association, independent lawyers and law firms with whom we work, tax advisors and auditors, banks and insurance companies, service providers, as well as counterparties and their representatives)
- Processors (in particular providers of cloud, AI, legal tech, software, hosting, IT services, telecommunications, and/or marketing services)
Some of the recipients of your personal data are located outside the EEA. If the EU has not deemed such third countries to have an adequate level of data protection, we will ensure that your personal data is transferred only on the basis of standard contractual clauses, or otherwise in accordance with Articles 46, 47 or 49 of the GDPR.
If you would like further information on this subject, or a copy of the legal provisions cited, please contact us at office@lawandstrategy.com.
Data storage duration
We only keep your personal data for as long as is necessary for the purposes outlined above. This storage period is determined by various factors, including statutory retention and limitation periods. For tax purposes, we generally store data for ten years. We are required to retain client-related data for at least five years after the end of the client relationship. In individual cases, such as for the assertion, exercise or defense of legal claims, we store files for up to 30 years after the end of the client relationship.
Data security and integrity
Using any communication services, especially via the internet, involves security risks. Despite our extensive, state-of-the-art security measures, interference by third parties (e.g., hacking of email accounts or interception of emails) and transmission of viruses and other malware cannot be completely ruled out. In particular, liability is excluded – to the extent permitted by law – in the event of unauthorized access by third parties or transmission errors beyond our control.
Your rights
As a data subject, you have the right to obtain information about the personal data we are processing, as well as the right to request rectification, data portability, restriction of processing or erasure of your personal data. These rights are complementary, meaning you can request either the rectification or erasure of your personal data.
If we process your personal data based on legitimate interests, you have the right to object at any time for reasons relating to your particular situation.
You can object to us processing your personal data for direct marketing purposes at any time without giving a reason.
You have the right to withdraw your consent for us to process your personal data at any time with effect for the future.
Your rights as a data subject are defined by the relevant statutory provisions, particularly Articles 15 to 21 of the GDPR, as well as by our professional duty of confidentiality.
Please notify us immediately if any of your personal details change.
If you wish to exercise your rights or believe that your data is not being processed in accordance with the law, please contact us at office@lawandstrategy.com. If you believe that your data protection rights have been violated, you can also lodge a complaint with the competent supervisory authority. In Austria, this is the Data Protection Authority (Datenschutzbehörde, https://data-protection-authority.gv.at).