Data Protection Declaration
The purpose of this data protection declaration is to inform you how we, L&M Political Risk and Strategy Advisory GmbH, process the personal data you provide to us and what precautions we take to protect your personal data, as well as what rights and options you have to access your data and protect your privacy.
In addition, this data protection declaration contains information regarding which personal data we collect from you, to which extent we process this data and to which third parties we may necessarily pass on your data. With regard to the terms used, such as "processing" or "controller", we refer to the definitions in Art 4 of the General Data Protection Regulation ("GDPR").
Who is responsible for data processing and whom can you contact?
Person responsible for data processing
L&M Political Risk and Strategy Advisory GmbH
Himmelpfortgasse 17/14
A-1010 Vienna
Managing directors with power of representation: Dr. Johannes Leitner, Dr. Hannes Meissner
Shareholders: Dr. Johannes Leitner, Dr. Hannes Meissner
Imprint: www.lm-prisk.com
Contact:
Email: info@lm-prisk.com
Tel: + 436767829134
On which legal basis is the data processing based and for what purpose are the data processed?
The processing is carried out on the basis of your consent within the meaning of Art 6 para 1 lit a DSGVO. Should you have given us your consent to process your personal data, the data processing will only take place in accordance with the purposes and to the extent according to the given consent.
Any consent given may be revoked at any time with effect for the future (e.g. you may object to the processing of your personal data for receiving our newsletter should you no longer agree to such data processing).
The processing of personal data is carried out for the fulfilment of contractual obligations (Art 6 para 1 lit b DSGVO), i.e. in the context of providing legal services in order to fulfil our contract with you and carrying out any given mandates as well as all activities required for the operation and administration of our company L&M Political Risk and Strategy Advisory GmbH.
The data processing is carried out for the fulfilment of legal obligations (Art. 6 para. 1 lit c DSGVO). To the extend as required, the personal data will be processed for the purpose of fulfilling various legal or professional obligations which apply to us.
Furthermore, your data may be processed, only to the extent necessary, to protect the legitimate interests of the controller (Art 6 para 1 lit f DSGVO): In the context of balancing interests in our favour or in favour of a third party, data may be processed beyond the actual performance of the contract to protect the legitimate interests of us or third parties. We process your data only within the necessary boundaries for the assertion, exercising or defence of legal claims provided that there is no reason to assume that you have an overriding legitimate interest in not having your data processed.
Who receives your personal data?
The protection and confidentiality of your personal data is important to us. Therefore, we will only disclose your personal information to the extent described below or in accordance with an additional notice given at time of collection. Moreover, we will not sell or otherwise disclose any personal information collected from you to any third parties.
Your personal data will only be transferred to third parties with your consent or in the event that this becomes necessary for the fulfilment of the contract with you (e.g. you instruct us to contact a claimant on your behalf).
We share personal data to a limited extent with processors who perform services for us, such as data centre services. The processors may only use or disclose this data to the extent strictly necessary to perform services for us or to comply with legal requirements. These processors are contractually bound by us to ensure the confidentiality and security of the personal data they process on our behalf.
In addition, we may disclose personal information to the limited extent necessary, only (i) in the event that we are required to do so by law or judicial order, (ii) in the event that we believe the disclosure is necessary to prevent harm or financial loss, or (iii) in connection with an investigation of suspected or actual fraudulent or illegal activity, or (iv) to assert, exercise or defend legal claims based on our legitimate interest.
Will the data be transferred to any party based in a third country or to an international organisation?
In the event that we process personal data into a third country (i.e. outside the European Union (EU) or the European Economic Area (EEA)), or should this be the case when we do so in the context of using third-party services or disclosing or transferring personal data to third parties, we will only transfer personal data upon fulfilment of our (pre-)contractual obligations, on the basis of your consent, based on a legal obligation or on the basis of our legitimate interests.
How long is personal data stored and processed?
Für die Dauer der gesamten Geschäftsbeziehung (von der Anbahnung über die Abwicklung bis hin zur Beendigung eines Vertrags) sowie darüber hinaus gemäß den gesetzlichen Aufbewahrungs- und Dokumentationspflichten. Diese ergeben sich ua beispielsweise aus:
For the duration of the entire contractual relationship (from the initiation to the processing to the termination of a contract) as well as beyond in accordance with the statutory retention and documentation obligations. Such documentation obligations result from, for example:
the Austrian Companies Code (UGB);
the Federal Tax Code (BAO);
the Code of Conduct for Lawyers (RAO).
In addition, the statutory limitation periods must be taken into account for the storage period, which may be up to 30 years in certain cases (the general limitation period is 30 years), e.g. according to the General Civil Code (ABGB).
What rights and choices do you have?
a) Right of information (Art 15 DSGVO)
You have the right to request confirmation from us as to whether we are processing personal data relating to you. Should we process personal data relating to you, you as the data subject have the right to obtain from us, at any time, information about the personal data we hold about you and a copy of the personal data we process relating to you. In this context, as a data subject, you have the right to obtain information regarding the following:
the purposes of the data-processing;
the categories of personal data that are processed;
the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular in the case of recipients in third countries or international organisations;
if possible, the planned duration for which the personal data will be stored or, if this is not possible, the criteria for determining this duration;
The existence of a right to rectify or erase the personal data concerning you or to have the processing restricted by the controller or to object to such processing;
the existence of any right of appeal before a supervisory authority;
all available information about the origin of the data, if the personal data was not collected directly from you;
to the extent applicable, the existence of any automated decision-making, including profiling, pursuant to Article 22(1) and (4) of the GDPR and, at least in such cases, meaningful information about the logic involved and the scope and intended effects of such processing for the data subject.
Where personal data about you has been transferred to a third country or to an international organization, you also have the right to be informed of the appropriate safety measures in relation to such transfer.
b) Right of rectification (Art 16 DSGVO)
You have the right to request the rectification of inaccurate personal data related to you. You also have the right to request that incomplete personal data should be completed, including by means of a supplementary declaration, taking into account the purposes of the processing.
c) Right to erasure (Art 17 DSGVO)
You have the right to request the erasure of your personal data without delay from the controller, in the event that one of the following reasons applies and to the extent that further processing is not necessary
the personal data is no longer needed for any purposes for which it has been collected;
You have withdrawn your consent on which the processing was based and there is no other legal basis or overriding legitimate interest for the processing;
the personal data has been unlawful processed;
the erasure of the personal data is necessary for compliance with a legal obligation under Union or the laws of any Member State to which the controller is subject to;
the personal data has been collected in relation to services of any information society as offered pursuant to Art 8(1) of the DSGVO.
d) Right to request restriction of processing (Art 18 DSGVO)
You have the right to request to restrict the data processing in case one of the following conditions is fulfilled:
the accuracy of the personal data has been contested by you (the restriction is imposed for a period enabling the controller to verify the accuracy of the personal data);
the processing of your personal data was unlawful, you object to the erasure of your personal data and request the restriction of the use of your personal data instead;
the controller no longer needs your personal data for the purposes of the processing, but you need it to assert, exercise or defend legal claims;
You have objected to the processing of your personal data and it is not yet clear whether the legitimate grounds of the controller outweigh yours.
e) Right to data assignment (Art 20 DSGVO)
You have the right to obtain the personal data concerning you that you have provided to us in a structured, commonly used and machine-readable format. You also have the right to request that this data be transferred directly from us to another controller – named by you – provided that this is technically feasible and that no rights and freedoms of other persons are affected as a result. The prerequisite for data portability is always that the processing is based on your consent or is necessary for the fulfilment of a (pre-) contractual relationship and the processing is carried out with the help of automated procedures. The right to data portability does not apply to processing necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
f) Right to object (Art 7 (3) DSGVO)
You have the right to withdraw your consent to the processing of your personal data at any time.
In the event that you have objected to the data processing, we will no longer process your personal data unless we are able to demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
We may use your personal data for direct marketing purposes. You have the right to object to processing for the purpose of such advertising at any time. This also applies to profiling, insofar as it is connected with such direct advertising. After the objection has been made, we will no longer process your personal data for the purpose of direct advertising.
You have the right to object, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out by us for scientific or historical research purposes or for statistical purposes pursuant to Article 89(1) DSGVO, unless such processing is necessary for the performance of a task carried out in the public interest.
Should you wish to exercise one or more of the above rights, you may contact office@mp-attorneys.com at any time.
Which supervisory authority may you address to for your complaints?
According to Art 77 DSGVO, you have the right to file a complaint with the competent supervisory authority. In Austria, this is the data protection authority.
Are you obliged to provide us with your personal data?
To enable us to enter into a business relationship with you, we require various personal data. In some cases, we are legally obliged to collect this data. Should you refuse to provide us with your personal data which are necessary for the conclusion and fulfilment of the contract, we unfortunately may not enter into a contractual relationship with you. We may have to terminate existing contractual relationships.
You are not obliged to give your consent to the processing of personal data relating to you which is not relevant to the performance of the contract or is not required by law and/or regulation.
To what extent is any automated decision-making applicable?
We do not use any fully automated decision-making for the establishment and implementation of the business relationship. Should we use these procedures in any individual case, we will inform you of this separately to the extend required by law.
Will personal data be processed for purposes other than those for which the personal data was collected?
In principle, we only process data for the purposes for which it was collected. In exceptional cases, however, we may process personal data that we have collected for a specific purpose for another purpose. In this case, we will inform you before the intended processing about the purpose, the duration for which your personal data will be stored, the exercise of data subject rights, the possibility of revoking consent, the existence of the right of appeal to the data protection authority, whether the provision of the data was legally or contractually necessary and what the consequences of not providing it would be, and whether automated decision-making or profiling exists.
What types of personal data are being processed?
Among other things, we process the following personal data:
- Inventory data (e.g., names, addresses);
- Contact data (e.g., e-mail, telephone numbers);
- Content data (e.g., text entries, photographs, videos);
- Bank details (e.g. IBAN, BIC);
- Documentation data (e.g. fee notes, file notes).
We would like to point out that we only process personal data insofar as this is necessary. In any individual cases, we may also process less data than described above.
Do you have any cooperation with processors and/or third parties?
In the event that in the course of our processing, we disclose personal data to any other persons and companies (processors or third parties), transmit it to them or otherwise grant them access to the data, such measures will be only carried out to the extend and in accordance with a legal basis.
When will your personal data be deleted?
Unless expressly stated in this data protection declaration, the personal data processed by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. In the event that personal data are not deleted because they are required for other and legally permissible purposes, their processing will be restricted. This means that the data will be blocked and may not be processed for other purposes. This applies, for example, to personal data that must be retained for reasons of company or tax law.
According to the legal requirements storage is required for example:
- 5 years pursuant to 12 para 2 and 3 RAO (storage of files and receipts)
- 7 years according to § 132 Abs 1 BAO (accounting records, vouchers/invoices, accounts, business papers, list of income and expenditure, etc.)
Hosting services:
The hosting services used by us serve the following means: Provision of the web space and technical maintenance services that we use for the purpose of operating this online offer.
In doing so, however, we or our hosting provider do not process any personal data.
Newsletter
We may send newsletters, e-mails and other electronic notifications for advertising purposes and to announce news (hereinafter "newsletter") only with your consent, which is given in the course of the registration for the newsletter or by providing such consent stated in the engagement agreement.
You may unsubscribe from our newsletter at any time, i.e. revoke your consent. You may unsubscribe by sending an email to info@lm-prisk.com. Please note that we will continue to process your personal data in order to be able to prove that you have previously given your consent to receive newsletters. The processing of this data will be limited to the purpose of
Contact
If you contact us (e.g. by e-mail or telephone), your details will be processed in order to handle the contact request and its processing.
We delete the contact enquiries and your personal data provided to us in the process, provided that the storage of this data is no longer necessary.
How is my data being protected?
We take the protection of your personal data very seriously and implement appropriate technical and organizational measures to protect you against unauthorized or unlawful processing of your personal data and against accidental loss, destruction or damage to it.
Personal data of children
We do not knowingly collect any personal information relating to children under the age of 14, unless it is explicitly required to fulfill a specific mandate instructed by their legal guardians. Should we become aware that we have inadvertently collected personal information about children under the age of 14, we will take steps to delete that information as soon as possible, unless we are required by law to retain it.
How do I find out about changes of this data protection declaration?
We are committed to upholding the principles of privacy and data protection. Therefore, we regularly review our data protection declaration. The aim is to ensure that it is error-free, prominently displayed on our website, contains adequate information about your rights and our processing activities, and is implemented in accordance with applicable law and therefore compliant with data protection law. In order to reflect current circumstances, we will update this data protection declaration as necessary. Should we make any material changes to this data protection declaration, we will notify you by posting a notice on our website and provide you with the updated version of the data protection declaration.
Data protection on our website
Our website does not use any cookies or tracking technologies. Personal data of any visitors of our website will not be collected by us or third parties.