Data Protection Declarations
February 2020
Preliminary remark: Please note that this is a translation of our Data Protection Declaration in German.
In case of deviations, the German version shall prevail.
Data protection is closely linked to protecting the trust you place in our company. That is why we only process those data about you that are necessary. We do this with due care, not least to protect you from possible misuse.
With these three data protection declarations (clients, business partners, website) we would like to give you an overview of the processing of your data and the rights you are entitled to under the provisions of the General Data Protection Regulation (hereinafter referred to as «GDPR») and the Liechtenstein Data Protection Act (hereinafter referred to as «DSG»):
1. Data Protection Declaration for Clients
1.1. Name and address of the controller and contact details of the data protection officer (DPO)
The controller within the meaning of the GDPR is BWBLEGAL, Pflugstrasse 20, 9490 Vaduz, Liechtenstein, office@bwb.legal, T +423 239 78 78.
You can reach our data protection officer at dsb@bwb.li or at our postal address with the addition «the data protection officer».
1.2. Collection and storage of personal data as well as type and purpose of its use; legal basis (including legitimate interest)
We only process the necessary data.
We collect the following information in particular:
- Personal data (e.g. name, first name, date of birth, private or business address, telephone number, e-mail address);
- address and contact data (e.g. address, e-mail address, landline / mobile phone number)
- information necessary for the assertion and defence of your rights under the mandate.
The collection of this data is carried out:
- in order to identify you as our client; in order to be able to provide you with appropriate legal advice and representation;
- for correspondence with you;
- for invoicing purposes;
- for processing or assertion of or defence against any (liability) claims that may exist.
Data is, in general, processed at your request and is required in accordance with Art. 6 Para. 1 lit. b GDPR for the purposes stated (fulfilment of a contract or for the implementation of precontractual measures) for the appropriate processing of the mandate and for the mutual fulfilment of obligations arising from the mandate relationship.
In addition, your data will also be processed for the fulfilment of legal obligations (Art. 6 para. 1 lit. c GDPR), in particular for compliance with legal and supervisory requirements (e.g. Lawyers Act, Due Diligence Act, Tax Acts).
In addition, your data will be processed to protect the legitimate interests of us or third parties (Art. 6 para. 1 lit. f GDPR) for specifically defined purposes, in particular to assert and enforce claims, to guarantee IT security and IT operations.
Your data may also be processed with your consent (Art. 6 para. 1 lit. a GDPR). You have the right to withdraw your consent at any time. This also applies to the withdrawal of declarations of consent that were given to us before the GDPR came into force. However, the withdrawal of consent does not affect the legality of the data processed up to the revocation.
We reserve the right to further process personal data collected for one of the above-mentioned purposes for other purposes as well, if this is compatible with the original purpose or if it is permitted or prescribed by law (e.g. possible reporting obligations).
1.3. Recipients or categories of recipients of personal data
Within our law firm, employees may only process your data if they need it to fulfil our contractual, legal and supervisory obligations and to protect legitimate interests.
Your personal data will only be disclosed to third parties if this is necessary for the processing of the client relationship. Third parties include adversaries and their representatives as well as courts and other authorities for the purpose of correspondence and for asserting and defending your rights. In addition, data may be disclosed to processors, for example in the area of IT services.
1.4. Transfer of personal data to third countries
If we transfer personal data to a third country, it will be protected and transferred in accordance with the legal provisions. Data transfer outside of the European Economic Area concerns Switzerland. On 26 July 2000, the European Commission decided that Switzerland provides adequate data protection.
1.5. Origin of the data
The data is, in general, collected directly and partially by third parties (service providers or other third parties).
1.6. Duration of storage of personal data
The personal data collected by us for the mandate are stored until the expiry of the statutory retention period for lawyers (after 10 years, calculated from the time when the representation has ceased) and are deleted thereafter, unless in accordance with Art. 6 para. 1 lit. c GDPR due to tax, corporate or supervisory storage and documentation obligations (in particular from PGR, SPG or SteG/MwStG), a longer storage appears necessary to us or you have given your consent to a longer period in accordance with Art. 6 para. 1 lit. a GDPR. Further processing may also take longer for reasons of preservation of evidence, for example during the period of the applicable statute of limitations.
1.7. Automated decision-making
There is no automated decision making with the personal data of customers. Should this be the case, we will inform you to the extent required by law.
1.8. Necessity of the data
We generally require the data listed in section 1.2. mandatorily in order to enter into or maintain a client relationship. If you do not wish to provide us with your data, we cannot enter into a client relationship with you.
1.9. Your data protection rights
As a client or generally as a person affected, you have the right of access to your personal data at any time, subject to the obligation of legal confidentiality. You also have the right to rectification, data portability, objection, restriction of processing or erasure of incorrect or inadmissibly processed data.
You have the right to withdraw your consent to the use of your personal data at any time. The assertion of your right to access, erasure, correction, objection and/or data portability can be sent to the address given in point 1.1 of this declaration.
If you are of the opinion that the processing of your personal data by us is in breach of the applicable data protection legislation or that your data protection rights have been breached in any other way, you have the opportunity to lodge a complaint with a supervisory authority, in particular in the EEA state of your place of residence, your place of work or the place of the suspected breach.
1.10. Applicable version
This privacy policy is currently valid and has the status of March 2020.
It may become necessary to amend this data protection declaration due to the further development of our website and offers on it or due to organisational adjustments within the law firm or due to changed legal or official requirements. The current data protection declaration can be called up and printed out at any time on our website.
2. Data protection declaration for business partners
The protection of personal data of our contact persons at suppliers and business partners is important to us. For this reason, we attach great importance to the legal to the protection of relevant personal data.
2.1. Name and address of the controller and contact details of the data protection officer (DPO)
See above, 1.1.
2.2. Collection and storage of personal data as well as type and purpose of its use; legal basis (including legitimate interest)
We work together with other companies, e.g. with suppliers, with cooperation partners and with service providers (e.g. IT service providers). We process personal data about the contact persons in these companies for the purpose of contract initiation and processing, planning, accounting and other purposes related to the contract.
We process personal data for the following purposes:
- Communication with business partners for services and projects, e.g. to process inquiries from the business partner;
- planning, implementation and administration of the (pre-)contractual business relationship with the business partner, e.g. to process services;
- collection of payments for accounting, settlement and receivables collection purposes;
- maintaining our services;
- compliance with legal requirements (e.g. tax and corporate law retention obligations), and
- settlement of legal disputes, enforcement of existing contracts and for assertion, exercise and defence of legal claims.
We process the following categories of personal data for the purposes mentioned above:
- Contact information, such as first and last name, business address, business phone number and business email address;
- Payment data, such as information required for the processing of payment transactions or order prevention;
- other information, the processing of which is necessary within the framework of a project or the handling of a contractual relationship or which is provided voluntarily by our contact persons;
- Information obtained from publicly available sources, information databases or collected by credit agencies.
The processing of this data serves primarily to initiate, maintain and process our contracts for goods and services. The processing of personal data is necessary to achieve the above-mentioned purposes and may also be in our legitimate interest as it enables us to use and sell services. Customer care is also in our legitimate interest.
According to Art. 6 Para. 1 lit. b GDPR, data processing is necessary for the purposes mentioned (fulfilment of a contract or for the implementation of pre-contractual measures) for the appropriate processing of our order and for the mutual fulfilment of obligations arising from the customer relationship.
In addition, the data is also processed for the fulfilment of legal obligations (Art. 6 para. 1 lit. c GDPR), in particular for compliance with legal and supervisory requirements (e.g. requirements e.g. of tax and company law obligations to retain data).
We reserve the right to further process personal data collected for one of the above-mentioned purposes for the other purposes as well, if this is compatible with the original purpose or if it is permitted or prescribed by law (e.g. possible reporting obligations).
2.3. Recipients or categories of recipients of personal data
For compatibility reasons, it may also be necessary to disclose data. External service providers and agencies may receive personal data for this purpose. This includes:
- External accounting
- Auditors
- IT service provider
- other cooperation partners
- Public interest entities at home and abroad
2.4. Transfer of personal data to third countries
See above, 1.4.
2.5. Origin of the data
The data is usually collected directly and in part by third parties (especially in the case of recommendations to potential business partners).
2.6. Duration of storage of personal data
The personal data will be processed and stored during the upright business relationship within the legal requirements. After termination of the business relationship, these data will be stored as provided by law (PGR, ABGB). A longer storage period may result from our legitimate interest or in case of a given consent.
2.7. Automated decision-making
See above, 1.7.
2.8. Necessity of the data
We generally require the data listed under point 2.2. mandatorily in order to enter into or maintain a business relationship.
2.9. Your data protection rights
See above, 1.9.
2.10. Applicable version
See above, 1.10.
3. Data protection declaration for the use of our website
3.1. Name and address of the controller and contact details of the data protection officer (DPO)
See above, 1.1.
3.2. Provision of the website
Whenever you visit our website, our system automatically collects data and information from the computer system of the calling computer.
The following data is collected:
- information about the browser type and the version used
- operating system of the user
- Internet Service Provider of the user
- IP address of the user
- date and time of access
- website of origin
The last three types of data are only stored for an overview, so that it is not possible to assign IP addresses to the originating website or the time. It is only possible to determine from which Internet pages and at what time most accesses occur.
There is no personal evaluation and no disclosure to third parties.
We store this information within the framework of the legal regulations. Data is processed for reasons of data security to ensure the stability and operational safety of our system. The legal basis is Art. 6 para. 1 lit. f GDPR.
3.3. Cookies
We do not use cookies on our website.
3.4. File downloads
We do not require you to provide any personal information in order to download files from our website.
3.5. Tools: Use of Openstreetmap
We use a map section from OpenStreetMap (https://www.openstreetmap.de) on our website to show you how to get to us.
OpenStreetMap is an open source mapping tool. In order for the map to be displayed, your IP address is forwarded to OpenStreetMap. You can find out how OpenStreetMap stores your data on the OpenStreetMap data protection page: https://wiki.openstreetmap.org/wiki/Legal_FAQ
Legal basis for the use of the aforementioned tool on Art. 6 para. 1 lit. f GDPR: the data processing is carried out to improve the user-friendliness of our website.
3.6. Applicable version
See above, 1.10.