PRIVACY NOTICE ON THE PROCESSING OF PERSONAL DATA
LAST UPDATED: 21 April 2026
This Privacy Notice explains, pursuant to Article 13 of the General Data Protection Regulation (EU) 2016/679 ("GDPR"), how Moser § Törö Rechtsanwälte ("Moser § Törö" or "we") processes personal data.
GENERAL PROVISIONS
This Privacy Notice provides clear, transparent and easily understandable information on how Moser § Törö collects, uses, stores and protects personal data in compliance with the GDPR and the applicable national data protection laws. The terms and definitions used in this Privacy Notice have the meaning ascribed to them in the GDPR, including, in particular, the terms "controller", "data subject", "personal data", "processing", "recipient" and all other terms defined in the GDPR and used in this Privacy Notice.
CONTROLLER
The controller responsible for the processing of personal data is:
Moser § Törö Rechtsanwälte
Elisabethstraße 26
1010 Vienna
Austria
[email protected]
No data protection officer has been appointed pursuant to Article 37 GDPR.
CATEGORIES OF DATA PROCESSED, PURPOSES AND LEGAL BASES
Depending on how you interact with us, we may process the following categories of personal data:
Data provided directly by you
Contact data
For the purpose of contacting you, booking a meeting and responding to enquiries, we process your first and last name, email address, telephone number, message content and any other information provided by you in your enquiry. Processing is carried out on the basis of our legitimate interests pursuant to Article 6(1)(f) GDPR (providing low-threshold electronic contact and communication options) and, where applicable, for the performance of a contract or for pre-contractual measures pursuant to Article 6(1)(b) GDPR.
Master data
For the purpose of documenting our clients and invoicing our services, we process first and last name, email address, telephone number, company details, date of birth, place or birth, nationality, residential address or registered office, billing address, copy of an identification document, PEP-status, role within the mandate relationship, information on legal expenses insurance, bank details, information on the reference source and consent to be used as a reference. This processing is primarily based on the legal basis of contract performance pursuant to Article 6(1)(b) GDPR. It also serves the fulfilment of our statutory and professional obligations in connection with the prevention of money laundering and terrorist financing pursuant to Article 6(1)(c) GDPR.
Information in the client master data sheet that is not mandatory and may be provided by you voluntarily is processed on the legal basis of consent pursuant to Article 6(1)(a) GDPR. This includes, in particular, information on the reference source and consent to be used as a reference.
We will use your contact details to occasionally send you newsletters, information about our services and invitations to events organised by our law firm on the basis of our legitimate interests pursuant to Article 6(1)(f) GDPR. You have the right to object to the processing of your data for direct marketing purposes at any time without stating reasons by sending a letter to us or an email to [email protected]. We will process your data for this purpose until you object, but in any case no longer than three years after termination of the contractual relationship.
Data provided in the context of the mandate relationship
For the performance and handling of our legal services, we process all data that you provide to us in the context of the mandate relationship. This may also include special categories of personal data within the meaning of Article 9 GDPR.
This processing is carried out for the performance of our contractual obligations pursuant to Article 6(1)(b) GDPR and – where special categories of personal data are concerned – on the basis of your explicit consent pursuant to Article 9(2)(a) GDPR.
Automatically collected data
Data of visitors to our website
For the purpose of improving our information offering, the following data is collected, stored and analysed when you visit our website: IP address, browser and device details, operating system, language settings; visited pages, date and time of access, traffic sources and other interactions with the website. This processing is carried out to safeguard our legitimate interests pursuant to Article 6(1)(f) GDPR, namely to ensure the operation, security and optimisation of our website.
Cookies and similar technologies
Our website uses cookies that are required for the operation of the website, as well as, if you choose to allow them, analytics and/or marketing cookies. Cookies that are strictly necessary for the proper functioning of the website are processed on the basis of our legitimate interests pursuant to Article 6(1)(f) GDPR.
Functional, analytics and/or marketing cookies are processed only with your explicit consent via the cookie banner displayed when you first visit the website. Your preferences can be changed at any time in your browser settings.
Other data
Data of potential opposing parties
We also process personal data relating to you if you are an opposing party of our clients, a party otherwise involved, or a source of information in matters we handle for our clients. We usually receive this data from our clients or their business partners, from the internet or other publicly available sources, or from other third parties acting as sources of information. Separate, specific information on data processing will not be provided even if we directly contact you in your capacity as an opposing party, an involved party or a source of information, as we are exempt from the information obligation pursuant to Article 14(5) GDPR.
Data obtained from sources other than the data subject
In individual cases, we may also obtain data from other sources. These sources include publicly accessible information retrieved from the internet or collected in the context of our legal due diligence obligations to prevent money laundering and terrorist financing (e.g. commercial, insolvency and land registry, registers of beneficial owners, databases on politically exposed persons, register of associations, trade information system). The data obtained from third-party sources and stored in our systems is limited to contact details (email address, telephone number, postal address), information on whether you qualify as a politically exposed person, your function within a company, your professional background and your affiliation with or responsibility for a specific company (usually your employer or companies affiliated with or otherwise connected to it), insofar as you have not disclosed such data to us in the course of communications. This processing is based on our legitimate interest pursuant to Article 6(1)(f) GDPR in having a complete data set necessary for the handling of the mandate or business relationship.
DATA RETENTION
We store personal data only for as long as it is necessary for the purposes for which it was collected.
For tax law reasons, we generally retain contracts and other documents as well as related correspondence from our contractual relationships for a period of ten years.
Pursuant to statutory obligations under the Austrian Attorneys’ Act, we are required to retain files from mandates and documentation relating to our due diligence obligations for the prevention of money laundering and terrorist financing for five years after termination of the mandate; in individual cases, for example for the assertion or defence of legal claims, such files are retained for up to 30 years after termination of the mandate.
Where applicable, we may also retain your personal data on the basis of our legitimate interests for certain periods. In determining these periods, we ensure that your rights and freedoms are not infringed. Once retention is no longer required, the data is deleted immediately.
Data processed on the basis of your consent is stored only for as long as such consent remains valid.
DATA TRANSFERS AND RECIPIENTS
As a rule, your personal data is processed by Moser § Törö Rechtsanwälte.
For the fulfilment of your mandate, it may also be necessary to transfer your data to third parties. Such recipients may include courts, authorities, opposing parties, substitute lawyers, insurers and service providers engaged by us and provided with data (e.g. website operation and maintenance by external service providers, transfer of data to email providers for communication, storage of data in legal practice software for documentation purposes).
Data transfers are carried out for the performance of a contract pursuant to Article 6(1)(b) GDPR and on the basis of our legitimate interest pursuant to Article 6(1)(f) GDPR in efficiently providing our services. In addition, we may be obliged by law or statute to transfer data to third parties (e.g. transfers to law enforcement authorities). In such cases, the transfer is based on Article 6(1)(c) GDPR.
For all data transfers, we ensure that only the strictly necessary data is transmitted and that all applicable data protection requirements are complied with (e.g. strict instructions for processors under Article 28 GDPR, confidentiality and secrecy obligations, obligation to maintain an adequate level of data protection).
We do not intend to transfer your personal data to recipients outside the European Economic Area. Should such a transfer exceptionally take place, it will be limited to the purposes set out in this Privacy Notice and carried out subject to appropriate safeguards as required by the GDPR (e.g. Standard Contractual Clauses approved by the European Commission) and, where applicable, additional security measures.
DATA SECURITY
The protection of your personal data is ensured through appropriate organisational and technical measures, in particular measures protecting against unauthorised, unlawful or accidental access, processing, loss, use or manipulation.
We endeavour to ensure that personal data breaches are detected at an early stage and, where required, reported without undue delay to you and/or the competent supervisory authority, indicating the categories of personal data concerned.
Despite our efforts to maintain a consistently high standard of due care, it cannot be excluded that information transmitted to us via the internet may be accessed and used by third parties.
Please therefore note that we do not assume any liability whatsoever for the disclosure of information due to transmission errors not caused by us and/or unauthorised access by third parties (e.g. hacking of email accounts or telephone systems, interception of fax communications).
DATA SUBJECT RIGHTS
You have the right at any time to request information on whether and which personal data relating to you is processed by us (see Article 15 GDPR for details), to request rectification or erasure of your data (Articles 16 and 17 GDPR), restriction of processing (Article 18 GDPR), to object to processing (Article 21 GDPR), as well as the right to data portability (Article 20 GDPR). Please inform us of any changes to your personal data.
Where we process your data on the basis of your consent, you have the right to withdraw such consent at any time by email to [email protected] or by post to Moser § Törö Rechtsanwälte, Elisabethstraße 26, 1010 Vienna, Austria. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal (Article 7(3) GDPR).
If, despite our obligation to process your data lawfully, your right to lawful processing should be violated, please contact us so that we can address your concerns. You also have the right to lodge a complaint with the competent supervisory authority. In Austria, the competent authority is the Austrian Data Protection Authority (Datenschutzbehörde), Barichgasse 40–42, 1030 Vienna.
If you have any further questions regarding the processing of your personal data, you may contact us at any time by email at [email protected] or by post at Moser § Törö Rechtsanwälte, Elisabethstraße 26, 1010 Vienna, Austria.