Skip menu

Data protection information

in accordance with Art. 12 ff GDPR

1. Introduction, applicability

1.1. This data protection information applies to the processing of personal data within the company

DKFE Rechtsanwälte GmbH
FN 477512z
Stelzhamerstraße 2/26, 4020 Linz
office@dkfe.law

(hereinafter referred to as "DKFE").

1.2. The protection of personal data and compliance with the relevant data protection regulations – currently Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data, on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – "GDPR") and the Data Protection Act in its currently valid version ("DSG") as well as the legal acts enacted on the basis thereof – are of the highest priority at DKFE. In accordance with Articles 12 and 13 of the GDPR, this data protection information provides an overview of which personal data DKFE processes in its company, for what purposes and how DKFE ensures the protection of this data.

1.3. This data protection information can be accessed electronically, printed, downloaded and stored on a storage medium on the website https://www.dkfe.law ("website").

1.4. The terms used in this data protection information are understood in accordance with the definitions in Article 4 of the GDPR.

2. Controller, data protection officer

2.1. The controller within the meaning of Art. 4(7) GDPR is DKFE (see point 1.1. for contact details).

2.2. As the requirements of Art. 37(1) GDPR are not met, in particular as the core activity of DKFE does not consist in carrying out data processing operations which, by virtue of their nature, scope and/or purposes, require extensive regular and systematic monitoring of data subjects, no data protection officer has been appointed at DKFE.

3. Processing of personal data in general

3.1. DKFE processes (see Art. 4(2) GDPR) personal data of natural persons ("data subjects") only in compliance with the principles laid down in Art. 5 et seq. GDPR and only if at least one condition of lawfulness within the meaning of Art. 6 GDPR is met. DKFE also processes special categories of personal data within the meaning of Art. 9(1) GDPR, but only if at least one of the cases listed in paragraph 2 of this article applies. The purpose and basis of processing are regulated by category in point 4.t.

3.2. If necessary, i.e. if no other condition of lawfulness listed in Article 6 GDPR or Article 9(2) GDPR applies (or as an additional precaution), DKFE will obtain the consent of the data subjects. If data subjects voluntarily disclose data not requested by DKFE (e.g. in submitted CVs or other documents), this data will not be "collected" by DKFE and the data subject thereby gives their express consent to the processing of this data by DKFE.

3.3. Data relating to data subjects will be treated confidentially in accordance with the legal professional privilege pursuant to Section 9 of the Lawyers' Code of Conduct (Rechtsanwaltsordnung). DKFE will only disclose, transfer or pass on data to the extent that this is permitted by applicable law or necessary for the fulfilment of DKRA's legal tasks and obligations (in particular for the fulfilment of a contractual relationship). The categories of recipients to whom DKFE passes on data are – apart from the recipients listed in point 4 – in particular:

  • DKFE's processors in accordance with Art. 28 GDPR (e.g. operators of data processing programmes, payroll accountants)
  • Administrative authorities and other public institutions and companies (such as bar associations, public prosecutors' offices, tax offices, social security institutions, health and pension funds, AMS, apprenticeship offices and vocational schools, Statistics Austria) as well as courts (including arbitration tribunals)
  • Banks and insurance companies (including liability and legal expenses insurers)
  • Chartered accountants, auditors and tax advisors
  • Contractual and business partners (e.g. transport companies, suppliers)
  • Other lawyers (e.g. opposing legal representatives or substitutes)
  • [for employees] Training and further education providers, interest groups

in Austria and abroad. Within DKFE, the organisational units and employees receive the data they need to fulfil their duties

3.4. However, DKFE does not transfer data to recipients in non-EU member states or to international organisations unless the EU Commission has decided that these states or organisations have an adequate level of data protection or an adequate level of data protection can be ensured through measures.

3.5. No automated decision-making ("profiling") takes place at DKFE or on DKFE's digital services.

4. Collection of data from data subjects and processing thereof

4.1. Collection and processing of technical data when accessing digital services

When accessing DKFE's digital services, DKFE automatically collects and processes necessary (technical) data (access data and data through the use of cookies) from data subjects for the operation, security and optimisation of these services on the basis of DKFE's legitimate interests in accordance with Art. 6 (1) (f) GDPR and, where necessary, on the basis of consent in accordance with Art. 6 (1) (a) GDPR (see points 7 and 8).

4.2. Collection and processing of data when contacting DKFE

When contacting DKFE, data from contacting persons or potential clients is processed on the basis of Art. 6 (1) (b) GDPR (implementation of pre-contractual measures) for the purpose of sending targeted offers and processing enquiries. The following categories of data are processed: access data, master data (such as first and last name, gender, academic degree, business name, date of birth), contact details (such as address, email address, telephone number), VAT number, insurance, invoice and bank/account/payment details, and, if necessary, correspondence/communication/content data. In order to respond to any enquiries and follow-up questions, the relevant data will be stored for a maximum period of one (1) year and then deleted, provided that no legal advice is given and no contractual relationship is established.

4.3. Collection and processing of data in the course of contractual relationships

During the execution of contracts, the following data is collected from the data subjects (in particular clients of DKFE) and processed on the basis of Art. 6 (1) (b) GDPR for the purpose of fulfilling and executing a contract with the data subject: Master data (such as first and last name, gender, academic degree, business name, date of birth), contact details (such as address, email address, telephone number), VAT number, insurance, invoice and bank/account/payment details, as well as correspondence/communication/content data.

4.4. Collection and processing of data for the purpose of processing the employment relationship

Within the framework of the employment relationship, DKFE collects the following data from employees in particular and processes it on the basis of Art. 6 (1) (b) GDPR for the purpose of fulfilling and processing the employment contract and on the basis of Art. 6 (1) (c) GDPR for the fulfilment of obligations under labour law – in particular for salary and remuneration accounting and for compliance with recording, information and reporting obligations: Master data (such as gender, academic degree, first and last name, date of birth), contact details (such as address, email address, telephone number), school education, professional experience and qualifications (including training, further education and continuing professional development), bank and account details, insurance details (including co-insured persons), working hours (including breaks, holidays and overtime), correspondence/communication/content data and, if necessary (e.g. when travelling in company vehicles), location and position data.

For the purpose of establishing contact with (potential) contractual partners, such as (potential) customers or suppliers in particular, professional contact details of employees are also published on the DKFE website on the basis of the company's overriding legitimate interests – in particular in the rapid and smooth running of business – in accordance with Art. 6(1)(f) GDPR.

4.5. Collection and processing of special categories of personal data

Within the scope and for the purpose of exercising and fulfilling its legal activities and its obligations under labour law as an employer, DKFE also processes special categories of personal data within the meaning of Art. 9 (1) GDPR, in particular of clients and employees, such as health data (e.g. social security numbers, medical histories, sick notes), data in connection with criminal proceedings, religious beliefs and information contained in CVs or other voluntarily submitted documents, on the basis of Art. 9(2)(b), (h) and (i) GDPR and, if necessary, (additionally) on the basis of consent in accordance with Art. 9(2)(a) GDPR.

4.6. Processing of data for direct marketing purposes

If DKFE receives the email address of data subjects (such as clients in particular) in connection with the provision of a service, it is entitled, on the basis of its legitimate interest pursuant to Art. 6(1)(f) GDPR, to send direct marketing by email in the form of information (e.g. legal news) and mailings for its own or similar products (including services). Data subjects have the right to object at any time (in particular when emails are sent) to the processing of data concerning them for the purpose of such advertising (see point 11.8.).

5. Collection of data not collected from the data subjects

DKFE also processes data that is not collected from the data subjects, in particular data that is disclosed to DKFE for the purpose of fulfilling its legal tasks and obligations (e.g. for the purpose of drafting or executing contracts or enforcing claims) or that is collected from third parties (such as, in particular, the entities listed in point 3.3. ), automatically collected technical access data in accordance with point 7. and data collected by necessary cookies in accordance with point 8., as well as publicly available data or data collected through queries from public registers (such as the land register, commercial register, central register of residents and enforcement register).

6. Duration of data processing, retention and storage period

6.1. DKFE does not process and store data permanently, but only in accordance with the periods prescribed by the applicable legal provisions, and in any case only for as long as is necessary for the purposes for which the data was collected (e.g. for the duration of the fulfilment of contractual and post-contractual obligations), as long as this is necessary for legal reasons (in particular tax and professional law; including conflict of laws) and as long as this is necessary to defend against liability claims. DKFE stores data in a form that allows the identification of the data subjects only for as long as is necessary for the purposes for which it is processed.

6.2. If data is processed solely on the basis of consent, this data will be deleted immediately and will no longer be processed as a result of the data subject's withdrawal of consent in accordance with Art. 7(3) GDPR. The same applies in the event of a legitimate objection pursuant to Art. 21 GDPR if data is processed solely on the basis of a legitimate interest pursuant to Art. 6(1)(f) GDPR.

7. Collection of access data when accessing digital services

7.1. When accessing its digital services (such as, in particular, the website and/or apps), DKFE automatically collects and processes technical data about each access that is considered personal data or could be used to identify the data subjects or personal data and that is stored in so-called server log files ("access data"). This includes the IP address, unique device identification, type and version of the operating system and browser, file name and path, type of transmission protocol, date and time of access, bytes transferred, referrer URL (previously visited page) and the requesting provider.

7.2. However, DKFE does not process this access data for the purpose of identifying individuals or determining other personal data, but exclusively for the purpose of operating, designing, adapting, improving, maintaining, optimising and further developing the digital services it operates (including functions, modules and features), as well as for error detection and correction, maintaining system security and maintaining system security. adaptation, improvement, maintenance, optimisation and further development of the digital services it operates (including functions, modules and features), as well as for error detection and correction, to maintain system security and for the purpose of internal statistical evaluation, without drawing any conclusions about the persons concerned. No profiling takes place in this regard.

8. Collection of data when accessing digital services through cookies

8.1. Cookies are files that are stored locally in the cache of the data subject's internet browser when digital services are accessed and which serve in particular to offer additional functions, to make the digital service more user-friendly, effective and secure by recognising the accessing internet browser and storing temporary files, and – if web analysis tools are used – to enable an (anonymised) analysis of usage.

8.2. Cookies that are absolutely necessary for the functioning of digital services are used on the basis of DKFE's legitimate interests pursuant to Art. 6 (1) lit. f) GDPR in operation, security and optimisation. Any other cookies are only processed on the basis of consent in accordance with Art. 6 (1) (a) GDPR, which the data subjects can give by actively clicking a tick box after being asked. Data subjects may revoke their consent at any time by deactivating and/or deleting cookies in their internet browser settings and specifying how long they are stored and when they are deleted. The procedure for doing so depends on the internet browser used by the data subjects. However, not accepting and deactivating cookies may result in certain functions and/or content of the digital services not working or not working as expected.

8.3. Session cookies are stored temporarily for the duration of the person's access and deleted after the browser is closed; permanent cookies remain stored on the data subject's device until they are removed from their browser.

9. Data processing on behalf of DKFE

If data is processed on behalf of DKFE, it only works with processors within the meaning of Art. 4(8) GDPR who provide sufficient guarantees that appropriate technical and organisational measures are implemented in such a way that the processing is carried out in accordance with the existing legal provisions and the protection of the rights of individuals is ensured. To this end, DKFE concludes appropriate contracts with its processors that comply with the requirements of Art. 28 GDPR and observes Art. 44 ff GDPR in the case of processors based in third countries.

10. Security of data processing

DKFE takes appropriate and suitable technical and organisational measures to ensure the security of data and data processing, taking into account the criteria set out in Art. 32 GDPR, and ensures that the data is protected against unauthorised or unlawful processing and against loss, damage and alteration.

11. Rights of data subjects

11.1. DKFE protects the rights of data subjects in accordance with the applicable legal provisions, in particular their rights under the GDPR, the fundamental right to data protection under Section 1(1) of the DSG and the right to data secrecy under Section 6 of the DSG. Under the current legal situation, data subjects are entitled to the rights listed below (in abstract terms). Data subjects can assert their rights by sending a specific request – preferably in writing (e.g. letter or email) – to DKFE (see point 1.1 for contact details). If the legal provisions stipulate deadlines for processing the request, DKFE will comply with these.

11.2. Right to access and information

Under the conditions and in accordance with Articles 13 to 15 of the GDPR, data subjects have the right to access and information about the processing of their data by DKFE and about their rights.

11.3. Right to rectification and completion

Under the conditions and in accordance with Art. 16 GDPR, data subjects have the right to rectify inaccurate data and complete incomplete data concerning them.

11.4. Right to erasure

Under the conditions and in accordance with Art. 17 GDPR, data subjects have the right to request the immediate erasure of data concerning them.

11.5. Right to restriction of processing

Under the conditions and in accordance with Art. 18 GDPR, data subjects have the right to request the restriction of the processing of their data.

11.6. Right to data portability

Under the conditions and in accordance with Art. 20 GDPR, data subjects have the right to to receive data concerning them that they have provided to DKFE in a structured, commonly used and machine-readable format and to transmit this data to another controller or to request DKFE to transmit the data it processes directly to another controller, insofar as this is technically feasible and does not adversely affect the rights and freedoms of others.

11.7. Right to object

Under the conditions and in accordance with Art. 21 GDPR, data subjects have the right to object at any time, on grounds relating to their particular situation, to the processing of data concerning them which is carried out on the basis of Art. 6(1)(e) or (f) GDPR. In the event of a justified objection, DKFE will no longer process the data of these persons affected by the objection, unless DKFE can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data subjects, or the processing serves to assert, exercise or defend legal claims. In the event of an objection to processing for direct marketing purposes, the data subject's data will no longer be processed for these purposes.

11.8. Right not to be subject to an automated decision

Under the conditions and in accordance with Art. 22 GDPR, data subjects have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning them or similarly significantly affects them.

11.9. Right of withdrawal

In accordance with Art. 7(3) GDPR, data subjects have the right to withdraw their consent to the processing of data concerning them at any time, without affecting the lawfulness of the processing carried out on the basis of the consent until withdrawal.

11.10. Right to lodge a complaint

In accordance with Art. 77 GDPR in conjunction with § 24 DSG, data subjects have the right to lodge a complaint with the competent supervisory authority (data protection authority), without prejudice to any other administrative or judicial remedy.

11.11. Right to judicial remedy

Pursuant to Art. 79 GDPR in conjunction with § 27 DSG, data subjects have the right to an effective judicial remedy against a legally binding decision of the supervisory authority concerning them (right to appeal to the Federal Administrative Court), without prejudice to any other administrative or extrajudicial remedy.