Privacy Policy
Klinger Rechtsanwalts GmbH (hereinafter referred to as "KPL", "we" or "us") is committed to protecting your personal data. Due to our professional confidentiality obligations, we are already bound to confidentiality and thus also to the protection of your data. Naturally, we comply with the applicable data protection laws, in particular the EU General Data Protection Regulation (hereinafter "GDPR") and the Austrian Data Protection Act (hereinafter "DSG"), and we implement appropriate technical and organizational measures to ensure an adequate level of protection, lawful processing, and confidentiality of your personal data. In this Privacy Policy, we inform you about how KPL processes your personal data and which rights you have as a data subject in this context.
Data Controller:
Klinger Rechtsanwalts GmbH
FN 658038 d (Commercial Court Vienna)
Universitätsring 12/21, 1010 Vienna
For all inquiries regarding this Privacy Policy, data processing, or generally related to data protection, please contact:
Email: office@kp-legal.at
Phone: +43 1 394 0088
1. Personal Data
KPL collects, processes, and uses your personal data only in connection with your mandate, for the purposes agreed with you, with your consent, or if another legal basis applies, in compliance with all data protection and civil law provisions.
Only personal data that is necessary for the performance and execution of our legal services or that you have voluntarily provided will be collected.
Personal data (hereinafter referred to as "Data") refers to all information that relates to personal or factual circumstances, such as name, address, email address, phone number, date of birth, gender, age, social security number, video recordings, photos, voice recordings, as well as biometric data such as fingerprints. Sensitive data, such as health data or data related to criminal proceedings, may also be included.
2. Purpose of Processing and Legal Basis
We process your Data to fulfill our contractual obligations within the framework of our mandate, to comply with legal obligations, and/or based on legitimate interests or your consent, always in accordance with the GDPR.
- For the fulfillment of contractual obligations pursuant to Art 6 Para 1 lit b GDPR:
We process your Data for the provision of our contractual and pre-contractual services, such as legal advice (eg representation in court and administrative procedures, corporate or real estate transactions, the operation or management of companies, foundations or similar structures, preparation of legal opinions).
- To comply with legal obligations pursuant to Art 6 Para 1 lit c GDPR and Art 9 Para 2 lit g GDPR:
We also process your Data to fulfill various legal obligations, such as anti-money laundering and terrorism financing prevention regulations, the Austrian Lawyers’ Act, and other rules for legal practice, as well as regulations related to proper accounting.
- For the protection of legitimate interests pursuant to Art 6 Para 1 lit f GDPR:
Furthermore, we process your Data based on our legitimate interests, unless your interests in confidentiality override those interests. Our legitimate interests include the optimization of our services, ensuring the security of our networks and IT systems, and the enforcement of our legal claims.
If your interests override the legitimate interests of KPL, you may object to the processing of your Data based on legitimate interests at any time, with effect for the future. For further information on your rights, please refer to section 6.
- Based on your consent pursuant to Art 6 Para 1 lit a GDPR:
For other purposes, we process your Data only with your explicit consent.
- Processing of so-called special categories of personal (ie sensitive) data pursuant to Art 9 GDPR:
If sensitive data (such as health data, or data related to criminal proceedings) is processed, this will only occur based on your explicit consent pursuant to Art 9 Para 2 lit a GDPR, or where another legal basis under Art 9 GDPR exists (for example, to fulfill legal obligations or to protect vital interests).
In general, KPL collects Data directly from you. In individual cases, Data may also be obtained from third parties in the context of our legal services (such as from publicly accessible registers, in particular the commercial register and land register, or while exercising the right to inspect files before courts and authorities).
3. Automated Decision-Making pursuant to Art 22 GDPR
KPL does not use automated decision-making, including profiling, as described in Art 22 GDPR.
4. Disclosure of Data to Third Parties
In order to fulfill your mandate, it may be necessary to share your Data with third parties. The transfer of your Data will only occur in accordance with the GDPR and will be limited to the following recipients:
- Third parties: Your Data may be disclosed to third parties such as opposing parties, courts, authorities, other professionals involved in the legal process (eg notaries, substitute attorneys), tax advisors, auditors, banks, insurance companies, and bar associations, provided that it is necessary to fulfill the mandate or with your prior consent.
- Data processors: Additionally, your Data may be transferred to carefully selected data processors, including IT service providers (data centers, maintenance services), software solution providers (eg Advokat), or accounting service providers. All data processors are contractually bound to confidentiality and process your Data solely within the scope of our instructions.
Some of the aforementioned recipients may be located outside the European Economic Area (EEA) or process your data there. The data protection standards in other countries may not correspond to those in Austria. However, we will only transfer your Data to countries that the European Commission has determined to offer an adequate level of data protection, or we will implement measures to ensure that all recipients have committed to adhere to an adequate level of protection (in particular by the conclusion of standard contractual clauses as referred to in Implementing Regulation (EU) 2021/914).
5. Data Retention
We will not store Data longer than necessary to fulfill our contractual or legal obligations, and only for as long as statutory retention periods apply, or as required for the assertion, exercise, or defense of legal claims. The specific duration of storage is determined by the applicable statutory retention periods and the circumstances of the contractual relationship and is limited to the necessary minimum.
6. Rights of the Data Subject
As a data subject, you have (possibly subject to our professional confidentiality obligations) the right to access your stored Data, its origin and recipients, the purpose of processing, as well as the right to rectification, data transfer, objection, restriction of processing, and the blocking or deletion of inaccurate or unlawfully processed Data. We will generally process your request within 30 days. Should this not be possible, we will promptly inform you of the reason for the delay.
If your Data changes, we request that you notify us accordingly.
You have the right to withdraw any consent given for the use of your Data at any time with effect for the future. Any requests for access, deletion, rectification, objection, and/or data transfer, where applicable, can be addressed to the contact details mentioned above.
If you believe that the processing of your Data by KPL violates applicable data protection law or your rights have been infringed in another way, you may file a complaint with the relevant supervisory authority. In Austria, this is the Data Protection Authority (Barichgasse 40-42, 1030 Vienna).
7. Data Security
We take appropriate organizational and technical precautions to protect your Data, including measures against unauthorized, unlawful, or accidental access, processing, loss, use, or manipulation.
However, despite our best efforts to ensure a consistently high level of diligence, we cannot exclude the possibility that information you provide over the internet may be viewed and used by others. Please note that we cannot accept liability for the disclosure of information due to transmission errors or unauthorized access by third parties (eg hacking attacks on email accounts or phones, interception of messages).
8. Notifications of Data Breaches
We make every effort to ensure that data breaches are detected early and, if necessary, reported to you or the relevant supervisory authority without undue delay, and in any case within 72 hours of becoming aware of the breach, including details of the affected data categories and the measures taken.
Status: 06/2025
