I. CONTACT DATA
The Data Controller within the meaning of the General Data Protection Regulation (GDPR) is:
m.a.c
m.a.c – m.art.communication
Mag.iur. Martina Tranninger LL.M.
Buchenweg 6 | 9490 Vaduz | Liechtenstein
Mobile: +423 787 84 84
E-Mail: office@m-a-c.li
II. INFORMATION: Data processing within the context of the client relationship
1. Scope of the processing of personal data
It should essentially be noted that the mediation is a voluntary process and that therefore the processing of data is based on data that has been voluntarily provided. Only the personal data that is actually required to perform and carry out the services or that you have made available to us voluntarily for your order is collected.
2. Purpose of the data processing
Your personal data is processed for the following purposes:
- Activities in conjunction with mediation on the basis of a mandate under private law or in conjunction with the Civil Law Mediation Act (Zivilrechts-Mediations-Gesetz – “ZMG”) and, if applicable, also on the basis of the Persons and Companies Act (Personen- und Gesellschaftsrecht – “PGR”), in particular:
- Client administration and exercise of the mediation process
- Possible auditor function (auditing, review)
- Fulfilment of statutory accounting obligations
- Correspondence
- Fulfilment of statutory obligations, in particular:
- Civil law Mediation Act (“ZMG”), Persons and Companies Act (“PGR”), tax laws (“SteG”), tax treaties
3. Data categories
In my data directories, the following data categories pursuant to Art. 4 No. 1 GDPR are processed to fulfil my activities to the extent of the purposes listed under Fig. 2:
Client and address data:
Name, company name, date of birth, private and/or business address, nationality, occupation, telephone number, e-mail address
Means of identification:
IDs, inter alia passport or ID copies, utility bills, tax numbers, death certificates; authentication data, inter alia signature samples, depending upon the particular requirement
Due diligence documents:
Profile of the business relationship/clarification of the order with information about the professional and personal background, depending on relevance, clarifications pursuant to the Due Diligence Act (“SPG”) (insofar as this is deemed necessary and compulsory).
Client information:
inter alia company documents, bank records, correspondence, SPG documents (depending on the statutory requirements), resolutions, legal agreements, negotiation minutes
Accountancy data:
Transaction and accounting information, invoices
Correspondence:
Mediation orders, preparation of quotes, miscellaneous correspondence
Legal entity data (if necessary for the mediation):
Articles, bylaws, certificates, client contracts, signatory authorisations, on a case-by-case basis, if necessary
4. Legal principles
The data specified under Fig. 3 is processed
- on the basis of the contractual relationship with my clients (Art. 6 Para. 1 Letter b GDPR),
- to fulfil a legal obligation (Art. 6 Para. 1 Letter c GDPR),
- in the performance of a task in the public interest or in the exercise of official powers (Art. 6 Para. 1 Letter e GDPR),
- or to safeguard legitimate interests of the responsible party or third parties (Art. 6 Para. 1 Letter f GDPR).
Processing activities based on a legitimate interest may in particular constitute:
- Processing for internal administrative purposes
- Evaluations
- Defence against unjustified claims
5. Recipients of personal data
Personal data of all clients shall be processed by me exclusively for the fulfilment of my contractual and legal or, if applicable, supervisory obligations for the purposes stated in Fig. 2.
For this purpose, the following parties may receive personal data:
- external service providers and agencies (only if necessary or requested, depending on the development and wishes on the part of the clients):
- banks
- auditors
- contractual cooperation partners (client-specific, if relevant)
If legal or supervisory obligations must be fulfilled, the following bodies in particular may receive personal data:
- official agencies and public bodies (e.g. supervisory authorities, courts)
- third country authorities or international organisations
6. Forwarding to third country authorities or international organisations
If data is to be transferred to another country, then this shall be done only with the consent of the client or if there is a legal obligation. Should this occur, data will be protected and transferred in accordance with the statutory provisions.
A transfer of data outside the European Economic Area shall be performed with the following guarantees:
- the country to which personal data is sent provides an adequate level of protection for personal data, according to the European Commission;
- the recipient has signed a contract based on “model contractual clauses” endorsed by the European Commission, which obliges it to protect personal data;
- if the recipient is located in the USA, it is a certified member of the EU-US Privacy Shield.
I shall be pleased to provide further information about the protection of personal data in the event of a transfer outside the European Economic Area upon request.
7. Origin of the data
The data is collected directly (e.g. during meetings or in the course of correspondence with clients; internal clarifications) and partly by third party service providers if there is a mandate. This in all cases with the consent of the client. Third-party service providers may be
- fiduciaries/banks/court and various providers in the event of an order to mediate and transfer of mandate
- auditors
8. Storage period
Personal data shall be processed and stored during the ongoing business relationship within the framework of the statutory provisions. After the business relationship is terminated, this data shall be stored for 10 years on the basis of statutory provisions (ZMG, PGR, SPG, ABGB). Longer storage of data is only carried out on the basis of legal or contractual storage obligations or for evidential purposes within the statute of limitations.
9. Automatic decision-making (Art. 22 GDPR)
No automated decision-making takes place with the personal data of clients. If such procedures are used in individual cases, I shall inform my clients to the extent provided for by law.
10. Necessity of the data (Art. 13 Para. 2 Letter e GDPR)
In order to be able to offer my services to my clients to the extent they require and in compliance with the legal obligations, it is essential for me to have the data listed under Fig. 3. In addition to any statutory reporting obligations to the competent supervisory authorities, failure to provide such information shall result in the non-establishment or termination of the business relationship.
III. INFORMATION: Data processing on the website
Scope of the processing of personal data
The processing of the personal data of my users is limited to the data that is required to provide a properly functioning website as well as the content and services. The processing of personal data of users is only carried out for the contractually agreed purposes in the context of mediation, counselling or coaching or if there is another legal basis (within the meaning of GDPR). Only personal data is collected that is actually required for the implementation and processing of my services.
1. Provision of the website and user data (access protocolling)
(Technical information is provided by the website operator)
- IP-Adresse
- Verzeichnisschutzbenutzer
- Datum und Uhrzeit
- aufgerufene Seiten
- Protokolle Statuscode
- Datenmenge
- Referer (Website, von der die Anforderung kommt)
- User Agent (Browser)
- aufgerufener Hostname
Legal principles
The aforementioned data shall be processed on the basis of Art. 6, Para. 1 Letter f GDPR.
2. Cookies
We use cookies on my website in order to make my services more user-friendly. Cookies are small computer files that your browser automatically creates and are saved on your device (laptop, tablet, smartphone etc.) when you visit my website. The cookies remain saved until you delete them. This enables my website to identify your browser the next time you visit.
If you do not want this to happen, you may use browser settings to inform you about the use of cookies, enabling you to permit this on a case-by-case basis. I wish to point out, however, that deactivation will mean you cannot use all of the functions of my website.
The legal basis for the use of data processed by cookies is Art. 6 Para. 1 p. 1 Letter f GDPR.
The cookies remain valid for 12 months, and are then deleted by your browser.
IV. DATA SECURITY
My browser uses the widespread SSL procedure within the context of the website visit. You can identify whether an individual section of my website is being transmitted in encrypted format by the key or closed padlock symbol in the address bar of your browser.
I also use appropriate technical and organisational security measures to protect your data from accidental or wilful manipulation, partial or complete loss, destruction or from being accessed by unauthorised third parties. Security measures are improved on an ongoing basis in accordance with technological developments.
V. YOUR RIGHTS
You have the right to demand information from us about the personal data we process relating to you.
In particular, you may demand information about the purposes of the processing, the categories of the personal data that is being processed, the categories of the recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restricted processing or objection, data portability, the origin of your data, insofar as this was not gathered here, as well as the existence of an automated decision-making procedure including profiling. You also have the right to revoke any possible consent to use your personal data at any time.
If you are of the opinion that the processing of your personal data through the use of my service is in conflict with the applicable data protection regulations, please contact me directly and point this out to me so that I can make improvements and adjustments. Furthermore, of course, you also have the option of complaining to the Data Protection Authority.