This website is operated by Niederhuber & Partner Rechtsanwälte GmbH, Reisnerstraße 53, 1030 Wien (hereinafter “NHP”, “we”, “us” or “our”). It is of particular concern to us to protect your personal data adequately. The following statement describes how we – as a data controller according to the General Data Protection Regulation (hereinafter “GDPR“) – use the personal data of our clients as well as personal data obtained in connection with this website. This is to inform you about the type, scope and purpose of data collection/data use and your rights in this regard. Our professional duty of confidentiality obliges us to maintain the highest level of confidentiality.
I. Data controller
Niederhuber & Partner Rechtsanwälte GmbH, Reisnerstraße 53, 1030 Wien, is the data controller for the collection and usage of your personal data and the personal data of your representatives or employees. In this regard, we follow the legal provisions of the GDPR and the Austrian Data Protection Act.
If you have any questions regarding the privacy policy and the processing of your personal data, please do not hesitate to contact us:
Address:
Niederhuber & Partner Rechtsanwälte GmbH
Reisnerstraße 53
1030 Wien
+43 1 513 21 24-0
datenschutz@nhp.eu
II. Personal data
Personal data means any information relating to an identified or identifiable natural person, be it of personal or factual nature, which may consist of but is not limited to name, address, email address, telephone number, date of birth, age, gender, social security number, video recordings, photographs, voice recordings as well as biometric data (e.g. fingerprints). Personal data may include “sensitive data”, e.g. data concerning health or data relating to criminal convictions and offences. This latter category of data is subject to special safeguards (see below III.1).
III. Data processing in the context of client relations
1. Personal data processed by us
If you contact us via email, telephone or fax, the personal data submitted to us (name, email address, phone number, address, date of birth, company address, fax number, professional position, link to specific files, company register data, lawyers’ codes) will be processed in order to respond to your inquiry.
Possibly, we are processing “sensitive data” according to Art. 9 para. 1 GDPR (such as health data), or according to Art. 10 GDPR (data in relation with criminal convictions and offences). Stricter requirements apply to the processing of this data.
1.1 Data collected from third parties
Furthermore, we inform you, that within our function as lawyers we regularly obtain data concerning the case at issue from third parties. Should this be the case, we will inform you in a timely manner about who is collecting the data, who is the responsible data protection officer, the purpose of processing, the category of personal data and the recipients of the data (Art. 14 GDPR).
2. The purpose of and legal basis for the data processing
We do not process the data made available to us for purposes other than those covered by the contract with you, by your consent or otherwise by a provision in accordance with the GDPR.
2.1 Fulfilment of a contract
When you contact us, we will process your data in order to handle your request on the legal basis of fulfilling (pre-) contractual obligations (Art. 6 para. 1 (b) GDPR).
2.2 Compliance with a legal obligation
The processing of your personal data can also be based on the fulfilment of a legal obligation we have as controller (Art. 6 para. 1 (c) GDPR)., for example to comply with the provisions of the Austrian Federal Tax Code (“Bundesabgabenordnung”) or the Austrian Lawyers Code (“Rechtsanwaltsordnung”).
2.3 The purpose of legitimate interests
For the purposes of our legitimate interests, your personal data is also processed within the framework of our client management and marketing, for instance for accounting, calculations or internal databases (Art. 6 para. 1 (f) GDPR).. These processing will not interfere in a manner that is incompatible with your interests, fundamental free-doms or fundamental rights.
In particular, we will also use your data to send you our newsletter (NHP News Alert) by e-mail (see point IV.3 below) and, possibly, to send you greeting cards or invitations to events in our office by mail or e-mail. You have the right to object to this processing of your data for the purpose of direct mail at any time without giving reasons (see contact details above). The processing of your personal data for the purpose of direct mail is not necessary for the processing of our contractual relationship.
3. Transfer of data to third parties
In order to process inquiries of our clients, it may be necessary to transfer personal da-ta to third parties. This transfer is limited to the extent necessary in relation to the purposes for which they are processed and only if there is a valid legal basis for the transfer. If necessary, your data will be transferred to the following categories of persons:
• opposing parties and their legal representation
• lawyers cooperating with us
• insurance companies
• courts
• public authorities
• technical experts
• tax consultants
• accountants
• banks
• bar association
• service providers
The transfer of your data only occurs in accordance with the GDPR, especially to fulfil the mandate or because of a prior consent.
4. Processors
The processors process the personal data on behalf of the controller. These processors are obliged to maintain confidentiality on the basis of a contract with us and are bound by our instructions. The following list contains our current processors:
- Lexunited – online information system GmbH, Börsenplatz 4, Mezzanin, 1010 Vienna: provision of data from public registers on the basis of initial data transferred
- Petra Klar, Mengergasse 14, 1020 Vienna: accounting, administration of receiving and of outgoing payments
- Wolfinger Service GmbH, Neuhofenstraße 19, 4521 Schiedlberg: data destruction
- XPERT Business Solutions GmbH (“jurXpert”), Technologiestraße 8, Europlaza D, 1120 Vienna: data transfer may be necessary for support operations (e.g. Web-ERV)
- XPERT Business Solutions GmbH (“medix”), Technologiestraße 8, 1120 Vienna: provision of data from public registers on the basis of initial data transferred.
5. Storage of your personal data
We will store your personal data for as long as is necessary to fulfil a contractual obligation with you as the data subject, to fulfil a legal obligation on our part, to assert, exercise or defend legal claims or, in the case of consent, until you revoke it – but for at least seven years. If proceedings are pending before a court or an authority, your data is stored until the ending of the proceedings.
IV. Data processing concerning our website and events
1. Data processing in terms of our website
1.1 Personal data processed by us
Within the framework of this website we collect and process your
• (anonymised) IP-address and IP-location
• websites visited previously and afterwards
• interactions with the website and the language selection
• search engines and keywords
• data concerning the type of browser, type of device, display resolution, internet service provider and operation system
• access data (log files) automated with cookies (see below IV.2).
1.2 Purpose of the data processing and legal basis
The processing of access data serves statistical evaluation. Log files ensure the functionality of the website. The aforementioned processing is based on our overriding le-gitimate interests (Art. 6 para. 1 (f) GDPR)..
1.3 Duration of processing
Data collected on this website will be deleted or anonymised after the user leaves the browsing session. In specific cases, a longer duration of processing log files may be necessary.
2. Usage of cookies
2.1 What are cookies?
Cookies are small text files, which your browser stores when visiting a website. By opening our website, the browser downloads cookies. When you visit our website again, the cookie – including the saved content – is sent either back to the website, which created it (first party cookies), or to another website (third party cookies). Cookies are used to adjust our website individually.
2.2 Google Analytics
This website uses Googly Analytics, a web analysis service from Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”). Google Analytics uses so-called “cookies”. The processing of the data serves our legitimate interests to generate a website access statistic in a cost efficient way (Art. 6 para. 1 (f) GDPR).
The information generated by the cookie concerning the usage of our website (includ-ing your anonymised IP-address and the URLs of the visited websites) are transferred to the servers of Google in the USA, where it is stored. We do not save any of your da-ta that is collected in connection with the use of Google Analytics.
This website uses the IP anonymization option offered by Google Analytics. Your IP address is therefore anonymised on the website and only then transmitted to Google. On our behalf, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to us. The processing of the anonymized IP-address by Google Analytics will not be linked to any other data by Google.
You may block the storage of cookies in the settings of your browser software. However, please note that if you do so, you may not be able to use the full functionality of this website. Furthermore, you can avoid the installation of Cookies by Google Analytics by downloading and installing a plug-in accessible on the website of Google. For more detailed information regarding Google and the data collected and processed by Google Analytics we refer to the data protection policy on Google's website.
2.3 Facebook fan page
We inform the users of our Facebook fan page that Facebook processes the personal data – with the help of cookies – for creating user statistics and providing other services. This is regardless of whether you are a registered Facebook user. If you are a registered Facebook user, you consent to the processing of your personal data by Face-book in accordance with the relevant terms of use as well as the data protection and cookie provisions of Facebook (Art. 6 para. 1 (a) GDPR).. We would like to point out that we have no influence on the terms of use as well as the data protection and cookie provisions of Facebook. If you are not a registered Facebook user, you consent to the processing and statistical evaluation of your personal data by Facebook and to the transmission of these anonymized statistics to us by visiting a subpage within our fan page (Art. 6 para. 1 (a) GDPR).. If you do not visit a subpage of our fan page, no personal data will be collected by cookies.
The cookies set by Facebook are stored for up to two years after the cookies have been set or updated. You can also block or delete cookies if they have already been saved on your computer. We have no access to the personal data stored in the cookies in and can therefore not transfer them to third parties. For further information on the data processing by Facebook, possible recipients or a possible transmission of your data to a third country and your rights as a data subject, please refer to Facebook’s data protec-tion statement: https://www.facebook.com/policy.php.
2.4 Facebook Pixel
Facebook-Pixel analyses the behaviour of users on our website in order to optimise advertisements and to create targeted audiences. Pixel is an integrated code in our website, which allows Facebook to track the user behaviour, provided the user ac-cessed our website via Facebook-Ads. Facebook files your personal data (browser and operating system of the website user, IP-address, movement profile of the entire session – time of request) in the form of cookies and then deletes it subsequently. The date is anonymous for us and will only be used in the context of advertisements. As a registered Facebook user, the visit of our website is automatically assigned to your Fa-cebook profile. Facebook pixel helps to manage advertisements.. As a Facebook user, you can change the settings for advertisements under https://www.facebook.com/ads/preferences/?entry_product=ad_setting_screen. In case you are not a registered Facebook user, you can change the settings under https://www.youronlinechoices.com/de/praferenzmanagement/?tid=231600941326.
2.5 YouTube
When visiting our YouTube channels “3MinutenUmweltrecht” or “WillkommenUm-weltrecht”, YouTube files your personal data – amongst others with the help of cookies – for instance to create user statistics. For further information, please visit Google Privacy Policy.
2.6 Google-Pixel
Relating to our YouTube channels, we use Google-Pixel. Google-Pixel analyses the behaviour of the users and creates personal advertisements. (see above 2.4 Facebook-Pixel). If a user accesses our YouTube channels via Google, certain browser data (browser and operating system of the website user, IP-address, movement profile of the entire session – time of request) is saved in cookies. This is anonymous for us, but the information is used in the context of advertisements. However, in order for Google-Pixel to process the data, the acceptance by the user is required in advance.
2.7 Instagram
We inform users of our Instagram fan page that Instagram processes the personal data – amongst others with the help of cookies – for instance to create user statistics. For further information, please visit Instagram Data Policy.
2.8 LinkedIn
When visiting our LinkedIn profile, LinkedIn saves the personal data – amongst others with the help of cookies – for instance to create user statistics. For further information, please visit LinkedIn Privacy Policy.
2.9 LinkedIn Pixel
LinkedIn-Pixel analyses the behaviour of users on our website in order to optimise advertisements and to create targeted audiences. Pixel is an integrated code in our website, which allows LinkedIn to track the user behaviour. LinkedIn files your personal data (browser and operating system of the website user, IP-address, movement profile of the entire session – time of request) in the form of cookies and then deletes it subsequently. The date is anonymous for us and will only be used in the context of adver-tisements. As a registered LinkedIn user, the visit of our website is automatically assigned to your LinkedIn profile. LinkedIn pixel helps to manage advertisements. As a LinkedIn user, you can change the settings for advertisements under https://www.linkedin.com/help/linkedin/answer/92055/understanding-your-privacy-settings?lang=en. In case you are not a registered LinkedIn user, you can change the settings under https://www.youronlinechoices.com/de/praferenzmanagement/?tid=231600941326.
2.10 Twitter
When visiting our Twitter profile, Twitter saves the personal data – amongst others with the help of cookies – for instance to create user statistics. For further information, please visit Twitter Privacy Policy.
3. Newsletter
3.1 Purpose of the data processing and legal basis
Only when you have given your prior consent, we process your personal data (name, address, company, E-Mail address) in order to send you our newsletter, invitations, publications or new content on our social networks (e.g. “3 MinutenUmweltrecht”-videos). You can withdraw your consent at any time (via email to office@nhp.eu; datenschutz@nhp.eu).
If you subscribe to our newsletter, we process your personal data based on your consent (Art. 6 para. 1 (a) GDPR).or the exception for sending electronic mail to existing customers (§ 107 para. 3 TKG).
3.2 Transfer of data to third parties
The mailing of our newsletter, the evaluation, the management of e-mails and conception of analyses is carried out by the CleverReach. This platform stores, processes and transmits recipient data for the purpose of sending/evaluating our e-mail newsletter. The storage, use, processing and transmission of account and individual user data is carried out by NHP. In the reports provided by CleverReach, data of the opening and clicking recipients are displayed anonymously. The platform additionally prevents the collection and processing of complete IP addresses and cookies.
3.3 Duration of storage
If you unsubscribe from receiving our newsletter, this will be noted and your contact details will be deleted from the distribution list. Your data will be deleted from the CleverReach platform within one week.
4. Events
4.1 Purpose of data processing and legal basis
If you register to events hosted by NHP we will process the personal data (name, email address, employer). If it is necessary for the administration, we use the services of external pro-cessors (see below IV. 5).
In case of your registration to such events, we process your personal data based on your consent (Art. 6 para. 1 (a) GDPR).
5. Processors
The processors process the personal data on behalf of the controller (e.g. IT-services, marketing, etc.). These processors are committed to maintain confidentiality, they are bound by our instructions and do not follow any own purposes. As the controller, we take full responsibility that the processing is performed in accordance with the law and that our processors will respect your rights. Our processors are:
- into-IT GmbH, Himmelmutterweg 9/2a, 1170 Vienna: IT-support, hardware ad-ministration
- Roland Fasching, Sterngasse 19, 3390 Melk: hosting the website
- Kiwiblau KG, Sparkassenplatz 1/2/1, 3910 Zwettl: data analysis, advisory ser-vices, advertisement and marketing
o Sub-processor: Google Analytics: analysis of our website (see above IV. 2.2).
We guarantee that our processors meet appropriate technical and organisa-tional measures to ensure the processing in accordance to the law.
6. Transfer to processors in third counties
We would like to inform you that the cookies described above and integrated on our website or our profiles in social media establish a direct connection between your browser and the respective operator's servers. We have no knowledge of what kind of personal data is transmitted to the respective company and which they may process. If these companies are headquartered outside the EU, they may carry out their data pro-cessing activities there. In this context, we would like to inform you that the European Court of Justice has rejected that the USA has an adequate level of data protection but the transmission of data from EU countries to the USA may still be permitted on the basis of Standard Contractual Clauses (SCC). However, you can also edit your cookie settings and decide whether and which cookies you want to accept. For further information about the respective data processing and your rights in this context, please visit the website of the respective operator mentioned above.
V. Your rights
As the data subject, you are entitled to rights in accordance with the GDPR and the Austrian Data Protection Act. Your request for information, cancellation, rectification, objection and/or data transfer, in the latter case provided that this does not involve a disproportionate effort, may be addressed to the law firm given under point 1 of this Data Protection Policy. If you have any questions regarding the processing of your per-sonal data, please contact us under datenschutz@nhp.eu.
1. Right to access
You have the right to obtain confirmation as to whether or not personal data concerning your person is being processed by NHP (Art. 15 GDPR).
2. Right to rectification/completion
Furthermore you have the right to obtain the rectification of inaccurate data and the completion of incomplete data (Art. 16 GDPR).
3. Right to erasure
Moreover as a data subject, you have the right to erasure, if the legal requirements for this are met. This can for instance be the case when your data are no longer necessary in relation to the purposes for which they were collected, if you withdraw your consent on which the processing is based or when the processing is unlawful (Art. 17 GDPR).
4. Right to restriction of processing
The right to restriction of processing gives you the opportunity to restrain the processing of your personal data, if for example the accuracy of your data is disputed or when you request the restriction your unlawfully processed data instead of erasure (Art. 18 GDPR).
5. Right to data portability
Furthermore, you have the right to receive the ersonal data, which you have provided to us as the controller, in a structured, commonly used and machinereadable format and to transfer it to another controller, when the automated data processing is based on your consent or the performance of a contract (Art. 20 GDPR).
6. Right to object
You can object to the processing of your personal data for specific reasons, if it is based on a perception of a duty in the public concern or a duty within the practice of public authority or based on protection of the qualified perception of the person in charge or of a third person (Art. 21 GDPR).
7. Right to withdraw of your consent
You have the right to withdraw your consent for the usage of your personal data at any time (Art. 7 para. 3 GDPR).
If you are of the opinion that the processing of your personal data by us violates the applicable data protection law or that your data protection rights have been violated in another way, you have the possibility to complain to the competent supervisory au-thority (Art. 77 GDPR). In Austria, this is the Data Protection Authority (“Datenschutzbehörde”). Furthermore, you have the possibility to take legal proceedings before a domestic court in accordance with Art. 79 GDPR.
VI. Data security
The protection of your personal data is handled through the according organisational and technical provisions. Those provisions concern the protection from unauthorised, illegal or accidental access, processing, loss, usage and manipulation (Art. 23 GDPR).
Despite the efforts to fulfil a high standard of due diligence at all times, it cannot be excluded that information you have disclosed to us over the internet can be seen or used by other persons.
Please note that we therefore assume no liability whatsoever for the disclosure of information due to errors in data transmission not caused by us and / or unauthorized access by third parties (e.g. hack attack on email accounts or telephones, interception of faxes).
VII. Note of a data breach
We are committed to ensuring that data breaches are identified at an early stage and, where appropriate, reported immediately to you or the relevant supervisory authority, including the relevant categories of data involved.
VIII. Actualisation of the data protection policy
We update the data protection policy frequently, in order for you to have all substantial information about the data processing we undertake. Should you have concrete questions about your personal data, do not hesitate to contact us under datenschutz@nhp.eu.