MMRA undertakes to treat all personal data in compliance with the applicable data protection regulations, including the European General Data Protection Regulation (GDPR), the Austrian Data Protection Act (DSG), and the Austrian Telecommunications Act (TKG).
MMRA as a provider of legal services is subject to professional legal privilege and confidentiality obligations. MMRA may therefore be legally prohibited from providing detailed information about the data processed by MMRA on behalf of its clients.
MMRA may process various categories of personal data as required to meet the purposes of the processing of personal data by MMRA (names, birth dates, other identification data, residential or business addresses, contact details, financial information, bank details, company registration and tax identification numbers, information in relation to the matters that are the subject of the client-attorney relationship or other contractual relationships with MMRA).
Client-Attorney Relationship
MMRA will obtain and process certain personal data as part of the client-attorney relationship with its clients. These data will either be provided by the client or will be obtained through third parties or public databases.
MMRA processes personal data in the context of the client-attorney relationship for the following purposes (see Article 6(1) GDPR):
— For the performance of the legal and contractually agreed services provided under the client-attorney relationship or in preparation of the client-attorney relationship;
— In order to comply with legal obligations to which MMRA is subject;
— For the administration and management of MMRA’s business (including, e.g., accounting, client file administration, maintenance of a client database)
Use of this website
The website (www.mmra.at) processes certain data of the devices and browsers used to access its website:
— Information about the browser (type, version, certain settings);
— Operating systems and service providers used by the devices accessing the website;
— IP-address of the devices used to access the website.
The website (www.mmra.at) uses small text files (so called “cookies”) that are stored on the device used to access the website. The website uses only cookies that are essential for the access to the website in order to ensure the functionality and accessibility of the website. The use of these cookies is justified based on MMRA’s legitimate interest to provide access to its website (see Article 6(1)(f) GDPR).
Other
MMRA does not process personal data to take decisions solely based on automated processing (including e.g. profiling) (see Article 22 GDPR).
MMRA transfers personal data only subject to a valid legal basis and subject to MMRA’s duty of professional confidentiality. MMRA transfers personal data to the extent required for a legitimate purpose and subject to applicable legal obligations or subject to the consent of the person who has provided the personal data to MMRA.
To the extent personal data are transferred by MMRA to jurisdictions outside the European Economic Area (EEA), MMRA will transfer personal data only to jurisdictions for which the European Commission has determined that they provide for an adequate level of data protection or, alternatively, MMRA will take measures to ensure that all data recipients provide for an adequate level of data protection (e.g. through the conclusion of standard contractual clauses). As a general rule, MMRA will transfer data to jurisdictions outside the EEA only to the extent necessary for the performance of the client-attorney relationship and in all other cases only subject to the consent of the person whose personal data are transferred (see Article 49(1)(a) and (b) GDPR).
Recipients of personal data transferred by MMRA subject to these conditions may include, but are not limited to, other attorneys or law firms with whom MMRA collaborates, providers of services in connection with the prevention of money laundering, tax consultants and auditors, financial institutions such as banks or insurance companies, public authorities and courts, bar associations, or providers of various services to MMRA or its clients (e.g., courier services, travel agencies, hotels).
MMRA retains or processes personal data only for as long as the data are required for the purposes for which MMRA processes the data and to comply with MMRA’s contractual and/or legal obligations. Personal data will be stored and processed for the duration of the client-attorney or other contractual relationship and for the duration of applicable statutory retention periods and, if applicable, for as long as there are other legitimate interests to process the data (e.g. to exercise rights of defence against legal claims).
Persons whose personal data are processed by MMRA have the following rights based on the applicable legal statutory provisions:
— Right of access to data processed by MMRA to the extent there is no conflict with the professional duty of confidentiality to which MMRA is subject (Article 15 GDPR);
— Right to rectification of inaccurate personal data (Article 16 GDPR);
— Right to erasure (Article 17 GCPR);
— Right to restrict the processing of personal data (Article 18 GCPR);
— Right to withdraw the consent for the processing of personal data with effect for the future to the extent the processing of personal data is based on the consent of the data subject (Article 7 GDPR);
— Right to data portability (Article 20 GDPR);
— Right to object at any time to the processing of personal data when personal data are processed based on the data controller’s legitimate interest, unless MMRA can demonstrate compelling legitimate grounds for the processing of the data (Article 21 GCPR)
Persons whose personal data are processed by MMRA have the right to file a complaint with the Austrian data protection agency: Österreichische Datenschutzbehörde (DSB), Barichgasse 40-42, 1030 Vienna, Austria, www.dsb.gv.at.