Data protection

Information on the processing of your personal data in accordance with Art 13 GDPR

1. General information

Thank you for visiting our website. The protection of your personal data is important to us. We strictly adhere to the legal provisions of the EU General Data Protection Regulation, the Austrian Data Protection Act and other applicable legal provisions for the protection, lawful handling and confidentiality of personal data. In the following, we would like to inform you about the processing of your data in connection with your visit to and use of the website.

2. Data controller within the meaning of the GDPR/contact data

Dr. Elias Schönborn

Stoß im Himmel 3/11b
1010 Vienna
Austria

Tel. +43 1 305 30 81
E-Mail: office@es-law.at

3. Purposes of data processing and legal bases

Website visits in general:

When you visit our website, we collect and store access data in log files (so-called log files or access logs) in order to ensure the permanent functionality and accessibility of the website. We process the following data and information in this context:
• IP address
• Date and time of access
• Websites from which you reach our site (referrer URL)
• Operating system
• Name of the Internet service provider
• Product and version information of the browser used
• Amount of data transferred, loading time

The legal basis for data processing is our legitimate interest pursuant to Art. 6 (1) (f) GDPR. This lies in ensuring the functionality, security and accessibility of the website for all site visitors and, if necessary, in the establishment, defense and assertion of legal claims.

You have the right to object to this data processing (data subject’s right to object to data processing in the legitimate interest pursuant to Art 21 (1) GDPR). In this case, we will only process your data if we have compelling legitimate grounds for further processing.

It is not possible to draw any direct conclusions about your identity from this information. The data will be automatically deleted once the aforementioned purposes have been achieved.

We do not use cookies or corresponding technologies on our website. Your personal data is therefore not processed in this way (e.g. no data is passed on to third parties for analysis and tracking purposes).

Contact form:
We provide a contact form on our website for easy contact with us. To use this form, please provide us with the information requested so that we can process or respond to your enquiry.

We process your personal data on the legal basis of legitimate interest in accordance with Art. 6 para. 1 lit. f GDPR (provision of low-threshold electronic contact and communication options) and, if applicable, contract fulfilment in accordance with Art. 6 para. 1 lit. b GDPR (contract, pre-contractual relationship). The data or information provided via the contact form will be used by us exclusively for the purpose of answering your enquiry or contacting you. As an alternative to using the contact form, you can contact us via the email address provided, by phone or by post.

You have the right to object to data processing on the basis of legitimate interest (data subject’s right to object pursuant to Art. 21 (1) GDPR). In this case, we will only process your data if we have compelling legitimate grounds for further processing.

meetergo

We have integrated meetergo on this website. The provider is meetergo GmbH, Hansaring 61, 50670 Cologne (hereinafter referred to as meetergo). meetergo provides an online appointment booking tool. If you make an appointment with us online, the data you enter for this purpose will be stored on meetergo’s servers in Germany. In addition, meetergo temporarily records your IP address, your referrer URL, the time of access and can determine that you have made an enquiry with us; this data is used exclusively for the technical provision of the service and is then automatically deleted again. The use of meetergo is based on Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in making appointments as easy as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR or Art. 9 para. 1 lit. a; the consent can be revoked at any time.

4. Automated decision-making and profiling

We do not use profiling measures or automated decision-making.

5. Data transfer and recipients

As a rule, we only pass on your data collected on the basis of the use of our website to the extent that this is absolutely necessary to fulfil the stated purposes (operation and maintenance of the website via external service providers, data transfer to e-mail providers in the processing of communication). However, we may also be legally or officially obliged to pass on data to third parties (e.g. passing on data to law enforcement authorities).

For all data transfers, we ensure that only the absolutely necessary information is transferred and fulfil the data protection requirements for data transfer (e.g. strict obligation to follow instructions for processors via Art. 28 contracts, obligation to secrecy and confidentiality, obligation to fully comply with an adequate level of protection in the processing of personal data).

6. Storage period of the data

Your data will only be stored for as long as is technically and organisationally necessary to achieve the stated purposes and to fulfil our legal obligations. We store log file data for a period of 6 months. We may also retain your personal data for certain periods of time on the legal basis of legitimate interest. When determining the periods, we take care not to infringe your rights and freedoms. If the data retention is no longer necessary, we will delete your data immediately.

7. Rights of data subjects / your rights to protect your personal data

You have a number of rights in relation to your personal data processed by us. You can assert all these rights free of charge and informally (by e-mail, telephone or post), if necessary after providing proof of your identity, using the contact details provided. Your rights in detail:

Right to information: You can request information about the data we process informally at any time. In this case, we will inform you in writing of the data we have stored about you, the purposes for which we use it, the categories of recipients to whom we pass it on and how long we intend to store it. We will comply with your request for information without delay, but within one month at the latest.

Right to erasure: You have the right to informally request the erasure of your data processed by us at any time. We will comply with this request if your data is no longer required for the purpose for which it was collected, if you revoke any existing consent, in the event of unlawful data processing or if deletion is necessary to fulfil a legal obligation.

Right to rectification: If we mistakenly process incorrect or incomplete data about you, we will of course rectify it. An informal request addressed to us is sufficient for this purpose.

Right to restriction of processing: If it is not possible to erase your data or if you do not wish your data to be erased, but you do not consent to its use beyond the storage of the data, we are obliged to restrict the further processing of your personal data at your request.

Right to data portability: Upon your informal request, we will provide you with the data we have stored about you, which we have received on the basis of a contract or your consent, free of charge in a standard file format. You can use this data for your own purposes and pass it on to future contractual partners. If you wish and if it is technically feasible, we will also transfer your data directly to an addressee named by you. In this case, we will inform you after the transfer has taken place. We will fulfil your request immediately, but within one month at the latest.

Right to revoke consents granted: You can withdraw your consent to data processing at any time with effect for the future, in which case we will stop processing your data. The legality of the data processing carried out up to this point in time is not affected by the withdrawal of consent.

Right to object: If we process your data on the basis of our legitimate interest, you have the right under the General Data Protection Regulation to object to the further processing of your data. If you exercise this right, we will no longer process your data for the purpose to which you have objected – unless there are legitimate grounds on our part for further processing that outweigh your interests, rights and freedoms, or the processing serves the assertion, exercise or defense of legal claims.

8. Right to lodge a complaint

The EU General Data Protection Regulation and the Austrian Data Protection Act guarantee you the above-mentioned rights in the area of data protection. If you believe that one of these rights has been violated by us, you have the option of lodging a complaint with a data protection supervisory authority. The supervisory authority in Austria is the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna. 

9. Data security

We take all necessary and appropriate technical and organisational security measures to protect your personal data from loss and misuse. Your data is stored in a secure, state-of-the-art operating environment.
Access to our website is secured via HTTPS. This means that communication between your end device and our servers is encrypted.

10. Other

We expressly reserve the right to make future changes or adjustments to the privacy policy. If you have any questions or suggestions, please contact us using the contact details provided.

Status of the privacy policy: 10/2023