Data Privacy Statement

1) Processing of your personal data

For fulfilling our consultancy contract we process personal data you provide us with voluntarily and/or personal data we obtain with your consent (e.g. name, address, contact, phone number, e-mail address, appointments, meeting notes, photos) on the basis of statutory provisions set forth by GDPR.

If you provide us with special categories of personal data in the course of our consultancy agreement, we may also process special categories of personal data. These may include sensitive data concerning your current state of health and/or diagnoses, illnesses and/or medication, as well as confidential data concerning your private and intimate life, your religious, political or ideological beliefs and/or your professional life. These categories of data are not stored electronically.

Our web pages do not use cookies. To optimize loading times we use Google Font, JQuery and bootstrap files from external sources. Data privacy statements of these providers can be found at und

2) Controller

The chairwoman / the chairman

3) Purposes of data processing and legal basis

In the context of fulfilling a consultancy contract, we process your personal data (including electronic documents produced automatically and/or archived documents such as meeting notes and correspondence) in this matter for the purposes of processing and transferring it to clients and other participants/contributors to the consultation.

We process your personal data on the basis of Art 6 para 1 subparas b, c, f GDPR. If we process special categories of personal data, we do so solely for the purposes of consultancy and provision of psychosocial support. Processing of special categories of data is based on Art 9 para 2 subpara h GDPR.

4) Recipient(s) of personal data

We do not transfer personal data to third parties, except for the purpose of fulfilling statutory and tax obligations (e.g. to tax consultants or tax authorities). We do not transfer special categories of data.

5) Period of storage

We store your data for a maximum of ten years after termination of the consultancy contract before we erase it.

6) Necessity of data provision

You are not obliged to provide personal data to us. However, providing personal data (name and address) is necessary if you wish to conclude a contract with the controller. You are not obliged to provide us with special categories of personal data.

7) E-mail communication

All personal data communicated via e-mail is used to reply via e-mail and in accordance with the purpose(s) named in the subject. If e-mail communication is part of an ongoing business relationship (contract or exchange of information based on voluntary consent e.g. a newsletter), data is being processed in accordance with fulfilling the respective purpose. In case of voluntary consent, erasure of personal data is conducted immediately after revocation of consent. Personal data transferred in fulfilment of statutory or contractual obligations is erased six months after expiry of the statutory storage period. In general, we do not transfer personal data, except when required to do so by law.

8) Photograph notice

We take photographs at our events for internet publication on our website in order to document our activities. Our legitimate interest in taking photographs at our events and publishing them (Art 6 para 1 subpara f GDPR, §§ 12, 13 DSG [= Austrian Data Protection Law]) is the presentation of activities organized by forum wirtschaftsmediation, aiming to increase its popularity and to further promote the method of commercial mediation in Austria.

9) Right of access by the data subject

You have the right to obtain confirmation as to whether personal data concerning you is being processed; and, where that is the case, you have the right of access to the personal data and the following information:

              the purposes of the processing

              the categories of personal data concerned

              the recipients or categories of recipient to whom the personal data have been or will be


where possible, the envisaged period for which the personal data will be stored, or, if not

possible, the criteria used to determine that period

existence of the right to request rectification or erasure

existence of the right to lodge a complaint with a supervisory authority


In case you exercise your right of access, the controller will provide you with a copy of the personal data undergoing processing.

10) Right of rectification

You have the right to request the correction of incorrect personal data. Taking into account the purposes of the process, you have the right to request the completion of incomplete personal data.

11) Right to erasure

You have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay and the controller shall have the obligation to erase personal data without undue delay where one of the following grounds applies:

  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • You object (Art. 21 para. 1 or para. 2 DSGVO) to the processing and in the case of an objection pursuant to Art. 21 para. 1 DSGVO there are no overriding legitimate reasons for the processing
  • the personal data were processed unlawfully
  • the personal data have to be erased for compliance with a legal obligation in Union or Member State law to which the controller is subject;

12) Right to restriction of processing

You have the right to obtain from the controller restriction of processing where one of the following applies:

  • the accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data;
  • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • the controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defence of legal claims;
  • the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject.

13) Notification obligation regarding rectification or erasure or restriction

The controller shall communicate any rectification or erasure of personal data or restriction of processing to each recipient to whom the personal data have been disclosed, unless this proves impossible or involves disproportionate effort. The person responsible will inform you of these recipients if that’s what you request.

14) Right to data portability

You have the right to receive the personal data concerning him or her, which he or she has provided to a controller, in a structured, commonly used and machine-readable format and have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where:

  • the processing is based on a contract and
  • the processing is carried out by automated means.

15) Right to object

You have the right to object at any time, for reasons arising from your particular situation, to the processing of personal data concerning you that is carried out on the basis of Art 6 GDPR. The controller will no longer process the personal data unless he/she can demonstrate compelling reasons for processing which are worthy of protection and which outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims. If personal data are processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing. If you object to processing for the purposes of direct marketing, your personal data may no longer be processed for those purposes.

16) Right of appeal to a supervisory authority

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State in which you are domiciled, your place of work or the place where the alleged infringement is committed, if you consider that the processing of personal data relating to you is in breach of the DSGVO or of Section 1 or Article 2. 1 main section DSG 2018. In Austria the competent data protection authority is the Data Protection Authority (Barichgasse 40-42, 1030 Vienna, Tel: +43 1 52152-0, Email: dsb(at)dsb.gv(dot)at).