E+H Rechtsanwälte GmbH (hereinafter “we,“ “us,” or “E+H“) attaches great importance to protecting your personal data (hereinafter “data“). We comply with the applicable data protection laws, in particular the EU General Data Protection Regulation (hereinafter “GDPR“) and the Austrian Data Protection Act (hereinafter “DPA“). We take appropriate technical and organisational measures to ensure a level of security appropriate to the risk of personal data processed. These measures are designed to ensure the confidentiality, integrity, and availability of your data.
With regard to the processing of your data, we would like to inform you about the following:
1. Contact details
The data collected from you will be processed by E+H as the data controller. E+H’s contact details are as follows:
Vienna Twin Tower
Rond-Point Schuman 6
2. Purposes of the processing, legal basis
We only process data necessary for offering and providing our legal services, or data you have voluntarily made available to us. You are not obliged to provide your data.
We process your data only for the following purposes, and on the following legal bases provided for in the GDPR:
- Processing in the context of our legal services: We process your data in order to be able to (a) identify you as an existing or potential client or business partner, (b) provide legal advice and representation, and (c) fulfill our obligations of professional due diligence, in particular avoiding participation in money laundering and financing terrorism in the context of financial or real estate transactions concerning:
- the purchase or sale of real estate or businesses;
- the management of money, securities, or other assets, the opening or management of bank, savings, or securities accounts; or
- the establishment, operation, or management of trusts, companies, foundations, or similar structures, including the procurement of funds necessary for the establishment, operation, or management of companies. This processing takes place in order to initiate or fulfill a contract, or to fulfill another legal obligation E+H is subject to. The provision of your data is necessary in order to provide our legal advice and representation. If you do not wish to provide your data, we cannot offer you these services.
- Use of the website: When you use the website eh.at (hereinafter “website“), we only collect the data that your browser transmits to our server. This includes your IP address, browser and language settings, operating system, referrer URL, your internet service provider, and date/time (access data; “log files”). The collection of this access data is technically necessary in order for you to use our website, and so we can guarantee network and data security and optimize the website. If you do not wish to provide your data, it is not possible to use our website. The legal basis for this processing is our overriding legitimate interest in the purposes just described.
- Newsletter: In addition to client-related communication, from time to time we also send newsletters by e-mail with general legal information, information about our legal services, and our events. This is provided on a voluntary basis, free of charge, and without any liability for completeness and correctness. Our newsletter may be addressed to:
- existing or potential clients or business partners. In this case, the newsletter may be sent to you on the basis of our legitimate interest in informing you about current legal developments, our legal services, and our events.
- other interested parties who have expressly consented thereto. In this case, the newsletter will be sent on the basis of this consent.
The provision of your data is necessary to receive our newsletter. If you do not wish to provide your data, we cannot send you any newsletters.
We will only use your data otherwise if there is another legal basis under the GDPR; compliance with data protection and civil law provisions will be ensured.
Generally, we will collect the data directly from you. As part of our legal advice and representation, data may also be obtained from third parties in individual cases (such as publicly accessible directories, or by exercising the right to inspect files before courts and authorities).
Under no circumstances any automated decision-making, including profiling, takes place.
3. Recipients and categories of recipients
Your data will be transferred for the above-mentioned purposes in particular to the following recipients and categories of recipients:
- Third parties: Within the scope of our legal activities, it may also be necessary to transfer your data to third parties (e.g. opponents, substitutes, notaries, insurance companies, service providers, bar association, etc.), courts or authorities (including tax offices). Your data will only be transferred pursuant to the GDPR, in particular in order to provide services you have requested, based on your prior consent, or based on statutory provisions.
- Processors: Your data will also be processed by carefully selected processors on our behalf. These are in particular marketing providers, IT service providers (in particular computer centres and IT maintenance services), and providers of (legal) software (in particular “Advokat”). If our processors process client data, we have also contractually obligated them to maintain confidentiality and to provide information in the event of a search by the authorities. All processors process your data exclusively on our behalf, and in accordance with our instructions.
We use the following categories of processors to process client data:
Software as a Service provider
Communication, data storage
Data archiving/data disposal
IT service provider
Data processing, data storage, accounting
We also use the following order processors:
Sending out newsletter, social media posts
Some of the recipients of your data mentioned above are located or process your data outside the European Union (in “third countries”).
However, we only transfer your data to recipients (i) in countries that have an adequate level of data protection, decided by the EU Commission via an adequacy decision or (ii) who have otherwise committed themselves to an adequate level of data protection (in particular by executing standard data protection clauses as defined in Implementing Decision (EU) 2021/914). If you would like more information, or a copy of any of these legal sources, please contact us via the above contact details, in particular at firstname.lastname@example.org.
4. Data security
Notwithstanding our efforts to ensure the highest possible level of data protection, it is possible that information you disclose to us via the internet may be viewed and used by other persons.
Please note that we therefore cannot accept any liability for the disclosure of information due to errors in data transmission, and/or unauthorized access by third parties for which we are not responsible (such as in the case of unauthorized access to email accounts or telephone tapping).
5. Duration of data storage
We only store your data for as long as necessary to fulfil the purposes described above, or as otherwise necessary to fulfil our contractual or legal obligations. The data is stored as long as the processing so requires and as long as the applicable law prescribes (i.e. for the duration of statutory storage obligations) or permits (i.e. until the expiration of limitation periods of potential legal claims or as long as a legitimate interest exists).
6. Your rights as a data subject
As a data subject, you have the right at any time to:
- request access to the data we process about you, or rectify data that is wrong,
- data portability,
- restriction of processing, and
- erasure (“right to be forgotten”).
These rights may be limited by the obligation of professional secrecy for lawyers.
If we process your data based on our legitimate interest, you have the right to object at any time for reasons arising from your particular situation. This applies especially to data processing for direct marketing.
You also have the right to withdraw your consent to the processing of your data, effective from that point on, if the processing is based on your consent.
To exercise your rights, please contact us via the above contact details, in particular at email@example.com.
We ask you to inform us accordingly if your personal data changes.
If you suspect that your data is being processed in violation of the applicable data protection laws, or that your data protection rights have been violated, you can lodge a complaint with the supervisory authority (in Austria: the Data Protection Authority).