Privacy policy - MPW Rechtsanwälte - Wiener Kanzlei für Strafrecht

In the following privacy policy, you will be informed about the most important aspects of data processing:

1. Personal Data, Usage, and Data Security
Personal data is collected, processed, and used by MPW Rechtsanwälte GesbR only with your consent or mandate/order for the purposes agreed upon with you, or when there is another legal basis in accordance with the General Data Protection Regulation (GDPR); this is done in compliance with the data protection regulations (GDPR and the Data Protection Act (DSG) in its current version). The data provided will not be used for purposes other than those covered by the mandate contract, your consent, or another provision in line with the GDPR. The only exception to this is the use for statistical purposes, provided the data is anonymized.

Personal data includes all information that contains details about personal or factual circumstances, such as name, address, email address, telephone number, date of birth, age, gender, social security number, video recordings, photos, voice recordings of persons, as well as biometric data such as fingerprints. Also sensitive data, such as health data or data related to a criminal case, may also be included.

Only personal data necessary for the execution and handling of legal services or that you have voluntarily provided will be collected.

The protection of your personal data is ensured through appropriate organizational and technical measures. These measures particularly concern protection against unauthorized, unlawful, or accidental access, processing, loss, use, and manipulation. Despite efforts to maintain a consistently high standard of care, it cannot be ruled out that information you provide to us over the internet may be viewed and used by others. Please note that no liability of any kind can be assumed for the disclosure of information due to errors in data transmission not caused by us and/or unauthorized access by third parties (e.g., hacking of email accounts or telephones, interception of faxes, etc.).

2. Right to Information and Deletion
In compliance with the attorney’s duty of confidentiality, you as a client or generally as a data subject have the right to information about your stored personal data, including its origin and recipients, as well as the purpose of data processing, at any time. Furthermore, you have the right to correct, transfer data, object, restrict processing, block, or delete incorrect or unlawfully processed data at any time. If there are changes, your personal data will gladly be adapted upon corresponding notification. Additionally, you have the right to revoke your consent to the use of your personal data at any time. Requests for information, deletion, correction, objection, and/or data transfer, in the latter case provided it does not cause disproportionate effort, can be addressed to the address mentioned in section 7.

If you believe that the processing of your personal data by us violates applicable data protection law or your data protection rights have been violated in another way, you have the possibility to lodge a complaint with the competent supervisory authority. In Austria, the competent authority is the Data Protection Authority.

3. Data Transfer to Third Parties
To fulfill your order, it may be necessary to forward your data to third parties (e.g., opposing parties, substitutes, insurance companies, service providers, courts, or authorities, etc.). Your data will only be forwarded based on data protection regulations (particularly to fulfill your order or based on your prior consent).

Furthermore, factual and case-related information from you will be regularly obtained from third parties as part of legal representation and support. Some of the aforementioned recipients of your personal data are located outside your country or process your personal data there. The level of data protection in other countries may not correspond to that of Austria. However, your personal data will only be transferred to countries for which the EU Commission has decided that they have an adequate level of data protection, or we will take measures to ensure that all recipients have an adequate level of data protection, which we achieve by concluding standard contractual clauses (2010/87/EC and/or 2004/915/EC).

4. Notification of Data Breaches
We strive to ensure that data breaches are detected early and, if necessary, reported to you and/or the competent supervisory authority without delay, including the respective data categories affected.

5. Data Retention
We will not retain data longer than necessary to fulfill our contractual or legal obligations and to defend against potential liability claims.

6. Cookies and Server-Log-Files
Our website uses “cookies” to make our offering more user-friendly, effective, and secure. A “cookie” is a small text file that we send to the cookie file of the browser on your computer’s hard drive via our web server. This allows us to recognize you as a user when a connection is established between our web server and your browser. Cookies help to determine the frequency of use and the number of users. The content of the cookies used is limited to an identification number that does not allow for personal identification. The main purpose of a cookie is to recognize visitors to a website. Our website uses two types of cookies:

(a) Session Cookies: Temporary cookies that remain in the cookie file of your browser until you leave this website and are automatically deleted thereafter.

(b) Persistent Cookies: For better user-friendliness, cookies remain on your device and allow us to recognize your browser upon your next visit.

You can set your browser to inform you about the setting of cookies and allow cookies only on a case-by-case basis, exclude the acceptance of cookies for specific cases or generally, and activate the automatic deletion of cookies when closing the browser. When cookies are disabled, the functionality of this website may be restricted.

To optimize our website in terms of system performance, usability, and the provision of useful information about our services, the provider of the website automatically collects and stores information in so-called server log files that your browser automatically transmits. This includes your Internet Protocol address (IP address), browser and language settings, operating system, referrer URL, your Internet Service Provider, and date/time. This data is not merged with personal data sources. We reserve the right to check this data retrospectively if specific indications of unlawful use become known.

7. Our social media appearances

This privacy policy applies to the following social media presence:
https://www.facebook.com/profile.php?id=61574631480187
https://www.linkedin.com/company/mpw-rechtsanwälte/

Data processing through social networks
We maintain publicly available profiles in social networks. The individual social networks we use can be found below.

Social networks such as Facebook, X etc. can generally analyze your user behavior comprehensively if you visit their website or a website with integrated social media content (e.g., like buttons or banner ads). When you visit our social media pages, numerous data protection-relevant processing operations are triggered.

In detail:
If you are logged in to your social media account and visit our social media page, the operator of the social media portal can assign this visit to your user account. Under certain circumstances, your personal data may also be recorded if you are not logged in or do not have an account with the respective social media portal. In this case, this data is collected, for example, via cookies stored on your device or by recording your IP address.

Using the data collected in this way, the operators of the social media portals can create user profiles in which their preferences and interests are stored. This way you can see interest-based advertising inside and outside of your social media presence. If you have an account with the social network, interest-based advertising can be displayed on any device you are logged in to or have logged in to.

Please also note that we cannot retrace all processing operations on the social media portals. Depending on the provider, additional processing operations may therefore be carried out by the operators of the social media portals. Details can be found in the terms of use and privacy policy of the respective social media portals.

Legal basis
Our social media appearances should ensure the widest possible presence on the Internet. This is a legitimate interest within the meaning of Art. 6 (1) lit. f GDPR. The analysis processes initiated by the social networks may be based on divergent legal bases to be specified by the operators of the social networks (e.g., consent within the meaning of Art. 6 (1) (a) GDPR).

Responsibility and assertion of rights
If you visit one of our social media sites (e.g., Facebook), we, together with the operator of the social media platform, are responsible for the data processing operations triggered during this visit. You can in principle protect your rights (information, correction, deletion, limitation of processing, data portability and complaint) vis-à-vis us as well as vis-à-vis the operator of the respective social media portal (e.g., Facebook).
Please note that despite the shared responsibility with the social media portal operators, we do not have full influence on the data processing operations of the social media portals. Our options are determined by the company policy of the respective provider.

Storage time
The data collected directly from us via the social media presence will be deleted from our systems as soon as you ask us to delete it, you revoke your consent to the storage or the purpose for the data storage lapses. Stored cookies remain on your device until you delete them. Mandatory statutory provisions – in particular, retention periods – remain unaffected.
We have no control over the storage duration of your data that are stored by the social network operators for their own purposes. For details, please contact the social network operators directly (e.g., in their privacy policy, see below).

Your rights
You have the right to receive information about the origin, recipient and purpose of your stored personal data at any time and free of charge. You also have the right to object, the right to data portability and the right to file a complaint with the responsible regulatory agency. Furthermore, you can request the correction, blocking, deletion and, under certain circumstances, the restriction of the processing of your personal data.

Individual social networks

Facebook
We have a profile on Facebook. The provider of this service is Meta Platforms Ireland Limited, Merrion Road, Dublin 4, D04 X2K5, Ireland (hereinafter Meta). According to Meta’s statement the collected data will also be transferred to the USA and to other third-party countries.
We have signed an agreement with Meta on shared responsibility for the processing of data (Controller Addendum). This agreement determines which data processing operations we or Meta are responsible for when you visit our Facebook Fanpage. This agreement can be viewed at the following link: https://www.facebook.com/legal/terms/page_controller_addendum.

You can customize your advertising settings independently in your user account. Click on the following link and log in: https://www.facebook.com/settings?tab=ads.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here:
https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.
Details can be found in the Facebook privacy policy: https://www.facebook.com/about/privacy/.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/4452

LinkedIn
We have a LinkedIn profile. The provider is the LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. LinkedIn uses advertising cookies.

If you want to disable LinkedIn advertising cookies, please use the following link:
https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here:
https://www.linkedin.com/legal/l/dpa and https://www.linkedin.com/legal/l/eu-sccs.

For details on how they handle your personal information, please refer to LinkedIn’s privacy policy:
https://www.linkedin.com/legal/privacy-policy.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5448

8. Analysis tools and tools provided by third parties
There is a possibility that your browsing patterns will be statistically analyzed when your visit this website. Such analyses are performed primarily with what we refer to as analysis programs.

Google Tag Manager
We use the Google Tag Manager. The provider is Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. The Google Tag Manager is a tool that allows us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store cookies, and does not carry out any independent analyses. It only manages and runs the tools integrated via it. However, the Google Tag Manager does collect your IP address, which may also be transferred to Google’s parent company in the United States.

The Google Tag Manager is used on the basis of Art. 6(1)(f) GDPR. The website operator has a legitimate interest in the quick and uncomplicated integration and administration of various tools on his website. If appropriate consent has been obtained, the processing is carried out exclusively on the basis of Art. 6(1)(a) GDPR and § 25 (1) TDDDG, insofar the consent includes the storage of cookies or the access to information in the user’s end device (e.g., device fingerprinting) within the meaning of the TDDDG. This consent can be revoked at any time.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.

Google Analytics
This website uses functions of the web analysis service Google Analytics. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Analytics enables the website operator to analyze the behavior patterns of website visitors. To that end, the website operator receives a variety of user data, such as pages accessed, time spent on the page, the utilized operating system and the user’s origin. This data is summarized in a user-ID and assigned to the respective end device of the website visitor. Furthermore, Google Analytics allows us to record your mouse and scroll movements and clicks, among other things. Google Analytics uses various modeling approaches to augment the collected data sets and uses machine learning technologies in data analysis.

Google Analytics uses technologies that make the recognition of the user for the purpose of analyzing the user behavior patterns (e.g., cookies or device fingerprinting). The website use information recorded by Google is, as a rule transferred to a Google server in the United States, where it is stored. The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. You may revoke your consent at any time. Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here:
https://privacy.google.com/businesses/controllerterms/mccs/.

The company is certified in accordance with the “EU-US Data Privacy Framework” (DPF). The DPF is an agreement between the European Union and the US, which is intended to ensure compliance with European data protection standards for data processing in the US. Every company certified under the DPF is obliged to comply with these data protection standards. For more information, please contact the provider under the following link: https://www.dataprivacyframework.gov/participant/5780.

IP Anonymisierung
Google Analytics IP anonymization is active. As a result, your IP address will be abbreviated by Google within the member states of the European Union or in other states that have ratified the Convention on the European Economic Area prior to its transmission to the United States. The full IP address will be transmitted to one of Google’s servers in the United States and abbreviated there only in exceptional cases.
On behalf of the operator of this website, Google shall use this information to analyze your use of this website to generate reports on website activities and to render other services to the operator of this website that are related to the use of the website and the Internet. The IP address transmitted in conjunction with Google Analytics from your browser shall not be merged with other data in Google’s possession.

Browser Plugin
You can prevent the recording and processing of your data by Google by downloading and installing the browser plugin available under the following link: https://tools.google.com/dlpage/gaoptout?hl=de.
For more information about the handling of user data by Google Analytics, please consult Google’s Data Privacy Declaration at:
https://support.google.com/analytics/answer/6004245?hl=de.

Google Ads
The website operator uses Google Ads. Google Ads is an online promotional program of Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. Google Ads enables us to display ads in the Google search engine or on third-party websites, if the user enters certain search terms into Google (keyword targeting). It is also possible to place targeted ads based on the user data Google has in its possession (e.g., location data and interests; target group targeting). As the website operator, we can analyze these data quantitatively, for instance by analyzing which search terms resulted in the display of our ads and how many ads led to respective clicks.

The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. You may revoke your consent at any time. Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://policies.google.com/privacy/frameworks und https://business.safety.google/controllerterms/.

Google Conversion-Tracking
This website uses Google Conversion Tracking. The provider of this service is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland. With the assistance of Google Conversion Tracking, we are in a position to recognize whether the user has completed certain actions. For instance, we can analyze the how frequently which buttons on our website have been clicked and which products are reviewed or purchased with particular frequency. The purpose of this information is to compile conversion statistics. We learn how many users have clicked on our ads and which actions they have completed. We do not receive any information that would allow us to personally identify the users. Google as such uses cookies or comparable recognition technologies for identification purposes.

The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. You may revoke your consent at any time. For more information about Google Conversion Tracking, please review Google’s data protection policy at:: https://policies.google.com/privacy?hl=de.

Meta-Pixel (formerly Facebook Pixel)
To measure conversion rates, this website uses the visitor activity pixel of Meta. The provider of this service is Meta Platforms Ireland Limited, 4 Grand Canal Square, Dublin 2, Ireland. According to Meta’s statement the collected data will be transferred to the USA and other third-party countries too. This tool allows the tracking of page visitors after they have been linked to the website of the provider after clicking on a Meta ad. This makes it possible to analyze the effectiveness of Meta ads for statistical and market research purposes and to optimize future advertising campaigns.

For us as the operators of this website, the collected data is anonymous. We are not in a position to arrive at any conclusions as to the identity of users. However, Meta archives the information and processes it, so that it is possible to make a connection to the respective user profile on Facebook or Instagram and Meta is in a position to use the data for its own promotional purposes in compliance with the Meta Data Usage Policy (https://de-de.facebook.com/about/privacy/). This enables Meta to display ads on Facebook or Instagram and other advertising channels. We as the operator of this website have no control over the use of such data.

The use of these services occurs on the basis of your consent pursuant to Art. 6(1)(a) GDPR and § 25(1) TDDDG. You may revoke your consent at any time. Within the meta pixel, we are using the expanded alignment function. The expanded alignment allows us to transfer to Meta different types of data (e.g., place of residence, federal state, zip code, hashed email addresses, names, gender, date of birth or phone number) of our customers and prospects we collect through our website. Herewith, we can tailor the offers presented in our advertising campaigns on Facebook and Instagram to individuals interested in what we offer even more precisely. Moreover, this expanded alignment optimizes the allocation of website conversions and expands custom audiences.

Insofar as personal data is collected on our website with the help of the tool described here and forwarded to Meta, we and Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland are jointly responsible for this data processing (Art. 26 DSGVO). The joint responsibility is limited exclusively to the collection of the data and its forwarding to Meta. The processing by Meta that takes place after the onward transfer is not part of the joint responsibility. The obligations incumbent on us have been jointly set out in a joint processing agreement. The wording of the agreement can be found under: https://www.facebook.com/legal/controller_addendum.

According to this agreement, we are responsible for providing the privacy information when using the Meta tool and for the privacy-secure implementation of the tool on our website. Meta is responsible for the data security of Meta products. You can assert data subject rights (e.g., requests for information) regarding data processed by Facebook or Instagram directly with Meta. If you assert the data subject rights with us, we are obliged to forward them to Meta. Data transmission to the US is based on the Standard Contractual Clauses (SCC) of the European Commission. Details can be found here: https://www.facebook.com/legal/EU_data_transfer_addendum and https://de-de.facebook.com/help/566994660333381.

In Meta’s Data Privacy Policies, you will find additional information about the protection of your privacy at: https://de-de.facebook.com/about/privacy/. You also have the option to deactivate the remarketing function “Custom Audiences” in the ad settings section under https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. To do this, you first have to log into Facebook. If you do not have a Facebook or Instagram account, you can deactivate any user-based advertising by Meta on the website of the European Interactive Digital Advertising Alliance: http://www.youronlinechoices.com/de/praferenzmanagement/.

9. Kontaktdaten
If you contact us via email, your provided data will be stored for the purpose of processing the request and in case of follow-up questions. This data will not be passed on without your consent. You can reach us at any time for your questions or revocations under the contact details provided below.

MPW Rechtsanwälte GesbR
Lange Gasse 76/15, 1080 Wien

T: +43 1 3618869
office@mpw-rechtsanwaelte.com