Data protection

Graf & Pitkowitz Rechtsanwälte GmbH
Commercial register number  255087d
Stadiongasse 2, 1010 Vienna
dataprotection@gpp.at

1 General

1.1 Graf & Pitkowitz Rechtsanwälte GmbH (“GPP”) processes personal data (“personal data”) in accordance with the code of professional conduct for attorneys and the relevant data protection regulations.

1.2 This Data Privacy Notice is being provided to our clients, business partners and other business contacts (including contact persons). Section 9. of this Data Privacy Notice contains further information for visitors of the website www.gpp.at.

2 What is the purpose of this Data Privacy Notice?

2.1 This Data Privacy Notice serves the purpose of complying with the information obligations regulated in the General Data Protection Regulation (“GDPR”).

3 What categories of personal data are processed? Where do these personal data come from?

3.1 GPP processes the personal data provided to GPP as far as they are necessary for conducting legal services (including the necessary ancillary activities such as office management) or any other professional services. It may happen that, in the context of legal representation and support, necessary factual and case-related information concerning the client is obtained from third parties or from public sources (such as public registers).

4 To what purpose and on what legal basis are the personal data processed?

4.1 GPP processes the personal data for the purpose of performing due contractual services to the client, complying with other contractual obligations (e.g. resulting from procurement processes with GPP’s business partners), complying with the relevant legal obligations to which GPP is subject (esp. code of professional conduct for attorneys) and pursuing GPP’s legitimate interests  (e.g. direct marketing).

4.2 The legal bases for the above processing of personal data are the relevant data protection regulations, in particular Article 6(1) (in some cases Article 9(2) and Article 10) GDPR.

5 Will the personal data be disclosed to other recipients?

5.1 Personal data may, to the extent required by the above-mentioned purposes, be forwarded to other recipients, such as administrative and judicial authorities and GPP’s processors (such as translators).

5.2 Internally, personal data are only processed by authorized persons (lawyers, trainee lawyers and other employees) who are involved in the fulfillment of the above-mentioned purposes. All of these persons are obliged to professional secrecy in accordance with the code of professional conduct for attorneys or contractual obligations.

5.3 Personal data will generally not be transmitted to recipients outside the European Union or the European Economic Area, unless it is required for the fulfillment of the above-mentioned purposes.

6 How long will the personal data be stored?

6.1 GPP will only process the personal data for as long as necessary to pursue the above-mentioned purposes. However, due to professional and other statutory retention requirements, GPP must also store the personal data for a certain period of time even after these purposes have been achieved. Personal data required to be held harmless against any liability claims will be stored for as long as needed for this purpose.

7 Will the personal data be used for automated decision-making?

7.1 GPP does not use the personal data for automated decision-making.

8 What rights do the data subjects have with regard to processing of personal data?

8.1 In accordance with statutory provisions, data subjects have the right to access to and rectification or erasure of their personal data. Furthermore, in accordance with statutory provisions, they have the right to restriction of processing of personal data, to object to such processing and to data portability. Requests should be sent to the above e-mail address.

8.2 If data subjects consider that the processing of their personal data violates applicable data protection legislation, they may lodge a complaint with the Data Protection Authority.

8.3 If GPP has obtained the consent from the data subjects for certain processing operations, the data subjects may revoke this at any time. The revocation does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation. Inquiries should be sent to the above e-mail address.

9 Further information for visitors of www.gpp.at

9.1 What additional categories of personal data from website visitors are processed? Where do these personal data come from?

9.1.1 GPP processes the personal data actively transmitted by the website visitor (such as data entered into contact forms by the website visitor) and personal data that is automatically generated when the website is visited (such as the IP address, browser data, etc.).

9.2 For what purpose and on what legal basis are these personal data processed?

9.2.1 GPP processes these personal data for technical and functional management of the company’s website in terms of system performance, user-friendliness and content. As to the contact forms, GPP processes the personal data in order to contact the website visitor pursuant to his or her request (for example with regard to a job offer).

9.2.2 The legal basis for this is, in particular, the pursuing of GPP’s legitimate interests in the functionality and optimization of the website, the consent of the website visitor (e.g. to setting cooking that track personal data, see below) as well as the performance of pre-contractual measures (e.g. concerning a job offer).

9.3 Are the personal data transmitted to other recipients?

9.3.1 The personal data may, to the extent necessary for the above purposes, be forwarded to other recipients, e.g. to the analytics tools provider for the purpose of optimizing the website.

9.3.2 Internally, personal data are only processed by authorized persons who are involved in the fulfillment of the above-mentioned purposes. All of these subjects are obliged to professional secrecy.

9.3.3 On its website, GPP uses Google Analytics, a web analytics service provided by Google Inc. (“Google”) located in the United States. Google is certified under the EU-U.S. Privacy Shield framework.

9.4 Cookies

9.4.1 The Website uses “cookies” to make the offer more user-friendly, more effective and safer.

9.4.2 A cookie is a small text file that is transmitted via GPP’s web server to the cookie file of the browser on the website visitor’s device. This enables GPP’s website to recognize the website visitor as a user when a connection is established between GPP’s web server and the website visitor’s browser. Cookies help GPP to establish the frequency of use and the number of website users. The content of the cookies used by GPP is limited to an identification number which no longer allows any direct reference to the user.

9.4.3 Two types of cookies are used on this website:

9.4.4 Session Cookies: These are temporary cookies which are stored in the cookie file of the website visitor’s browser until the website visitor leaves the website and which are automatically deleted after the end of the visit.

9.4.5 Persistent cookies: These cookies are saved on the website visitor’s device and allow GPP to recognize the website visitor’s browser on his/her next visit in order to achieve better user-friendliness.

9.4.6 Website visitors may adjust their browser settings to (i) be informed about the placement of cookies and only allow cookies on a case-by-case basis, (ii) to refuse the cookies in certain cases or in general, and (iii) to automatically delete the cookies when closing the browser. The functionality of this website may be restricted as a result of deactivating cookies.

9.4.7 Cookies which are necessary either (i) to transmit a message in an electronic communications network or (ii) provide an expressly requested service may be used legally without the consent of the website visitor.

9.4.8 If the cookies are used for purposes other than these two purposes (for example, when cookies are used for analyzing the web-browsing behavior of the website visitor), GPP will obtain the consent from the website visitor. The website visitor may, but does not have to, give his or her consent to the use of such cookies; this happens on a voluntary basis. Website visitors may also revoke their consent at any times by changing their browser settings (to not allow cookies). However, please note that this may limit the functionality of the website and the website visitors may not be able to take full advantage of it.

9.5 Server-Log-Files

9.5.1 In order to optimize this website in terms of system performance, user-friendliness and providing useful information about the GPP services, the website prodvider automatically collects and stores information in so-called server log files, which are automatically transferred to GPP by the website visitor’s browser. This includes the Internet protocol address (IP address), browser and language settings, operating system, referrer URL, the Internet service provider and date/time.

9.5.2 This data will not be combined with personal data sources.

9.6 Google Analytics

9.6.1 On its website, GPP uses Google Analytics, a web analytics service provided by Google. Google is certified under the EU-U.S. Privacy Shield framework.

9.6.2 Goolge Analytics is used to analyze the use of GPP’s website by the website visitors. For this purpose, Google uses page views to capture customer data concerning the technical features and activities of website visitors. These customer data are evaluated by the processing software to create reports that may include, but are not limited to, length of stay, approximate geographical origin, origin of visitor traffic, exit pages, and usage procedures.

10 Changes to this Data Privacy Notice

10.1 GPP reserves the right to update this Data Privacy Notice if needed. The latest version of the Data Privacy Notice can be found on www.gpp.at.

Updated 25 May 2018

Print
Top