Privacy Statement according to Article 13 and 14 GDP

Thank you for your interest and visiting our website http://www.kwr.at. We may inform you about our areas of expertise and invite you to learn more about our law firm and our team.

We take this opportunity to assure you that we process your data, which we collect when you access our website and when you subscribe to our newsletter in accordance with the EU General Data Protection Regulation ("GDPR") and the Austrian Data Protection Act (Datenschutzgesetz, "DSG") and that we implemened state-of-the-art technical and organisational measures to ensure the protection of your data at any time.

Thus, we may inform you by this privacy statement about the most important aspects of the processing of data regarding visits of our website, our marketing activities and suscribing to newsletter as well as our events. If you have any questions regarding the use of your data, please contact us at dataprotection@kwr.at.

We may point out that we use cookies on our website www.kwr.at, which are small text files that are transmitted to your terminal or mobile device and may be able to track your surfing behaviour. For further information, you may visit our Cookie Policy.

I. Controller  

KWR Karasek Wietrzyk Rechtsanwälte GmbH

Fleischmarkt 1/3. Stock
1010 Vienna
Austria

T +43 1 24500
Email: dataprotection@kwr.at
(hereinafter "we", ”us“ or "KWR")  

II. General information

Personal data is all data that contain information about personal or factual circumstances, for example name, address, e-mail address, telephone number, etc. but also information with indirect personal reference such as your IP address.

We process your personal data when you access our website, for marketing purposes, regarding our event management and the distribution of our newsletter, in order to be able to provide you with invitations to our events and information as well as legal services and consulting.

III. Processing activities

We may inform you in detail about the scope and purpose of the data processing and about the transfer of your data to third parties.

 

1. Accessing our website

Personal data is processed when you access our website.

a) Scope of the processing activity

When you access our website we automatically collect and store information in so-called server log files, which your browser automatically transmits to us. These are:

  • browser type

  • browser version

  • used OS

  • referrer URL

  • host name of the accessing computer

  • date and time of the server request

  • your IP addres´s

b) Purpose of the processing activity

We process this data for the purposes of logging system usage, authorisation process and evaluation of server log files for problem analysis. If you do not provide us with your data, an access to our website might not be possible.

c) Legal basis of the processing activity

The processing of the aforementioned data is in our legitimate interest as the operator of the website in accordance with Article 6 (1) (f) GDPR. The individual data sets are not merged, however we reserve the right to check the data in case we become aware of concrete indications of illegal use and in particular malicious attacks.

d) Recipients of data

For the operation of our website including hosting, to ensure the security of our IT systems we engage the following service providers who might have access to your personal data in the course of their activities:

  • Typoheads GmbH

Pohlgasse 28/22 
1120 Vienna
Austria
T: +43 1 904 20 97
E: hello@typoheads.at 

 

  • KONZEPT IT GmbH

Kirchenplatz 6/8/1
1230 Vienna
T: +43 1 2266990
E: info@konzept.at   

The aforementioned service providers are contractually obliged to protect your personal data at all times, implement appropriate technical and organisational measures with regard to the security of the data and to refrain from processsing your data for their own purposes or to forward it to third parties.

Furthermore, we reserve the right to forward the data we collected for this purpose to the competent authorities and courts, if we have justified suspicion. This is based on our legitimate interest in due legal action in accordance with Article 6 (1) (f) GDPR. 

The data collected for this purpose is not transferred to recipients in third countries.

e) Storage period

The data collected for this purpose is automatically stored for a period of 31 days. If we have reasonable suspicion of abusive behaviour and forward the data to the relevant public authorities, this data is stored on a separate data carrier and deleted after the legal action has been completed.

f) Further processing of the data

The data processed for this purpose is not further processed for any other purpose.

g) Automated decision-making

The data processed in the course of visiting our website is neither processed for automated decision-making nor do we carry out any "profiling". 

2. Social Media Buttons

When visiting our website you might also be redirected to the pages we operate on social media platforms by clicking on the embedded buttons. This automatically calls up our so-called "fan page" or our company profile. By clicking the respective button, a connection is activated and the button establishes a connection to the server of the respective network without any further action. Your data, in particular data from the server log files, will be transmitted to the respective social media platform. This may involve the transfer of your data to third countries, where the data protection standards established in Europe do not apply and therefore the security and protection of your data might not be guaranteed all the time. 

We would like to draw your attention to the fact that we have no direct control over the scope and content of the data that is transmitted to the operator of the respective social media platform after clicking on the corresponding button or any cookies that are set by these operators. Cookies are small text files that are transmitted from the respective operator of the social media platform to your terminal or mobile device via your browser and are set there, for example stored. The information collected by these set cookies is retrieved during subsequent visits of the respective social media platforms and therefore makes it possible to recognise your terminal or mobile device. The information stored in these cookies is received, recorded and processed by the operators of the social media platforms with direct personal reference.

If you do not wish your data to be transferred, please avoid clicking on these buttons. We use buttons to forward to the following operators of social media platforms:

  • Facebook, operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland;
  • LinkedIn, operated by LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Ireland;
  • Instagram operated by Meta Platforms, Menlo Park California, USA.

For further information on the type, scope and purpose of the collected data, we may refer you to the privacy statements of the respective operator. These can be accessed for Facebook by visiting https://www.facebook.com/about/privacy and for LinkedIn by visiting https://www.linkedin.com/legal/privacy-policy.

3. Fan page and company profile

In order to increase our online presence and thus facilitate communication and interaction with visitors of our website and our social media presence, we operate a fan page on the social media platform Facebook, operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland. Furthermore, we present our company through a company profile on the social media platform LinkedIn, operated by LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA.

  • Facebook

The operation of the fan page and in particular the use of "Facebook Insight" causes in the joint processing of data in accordance with Article 26 GDPR by us and by Facebook Ireland Ltd for the purpose of improving our marketing and the evaluations thereof by Facebook Ireland Ltd. Furthermore, the setting of so-called "Third Party Cookies" enables Facebook to provide us with statistics, which allows us to control and improve the marketing of our activities. Cookies are small text files that are transmitted by Facebook Ireland Ltd via your browser to your terminal or mobile device and set there, for example stored, whether you are a registered user or not. The information collected by these cookies set by Facebook Ireland Ltd is retrieved during subsequent visits to the social media platform and therefore makes it possible to recognise your terminal or mobile device. The information stored in the cookies is received, recorded and processed by the operator of the social media platform with direct personal reference. The cookies set by Facebook Ireland Ltd are stored for up to two years after being set or updated, but can be deleted at any time. Furthermore, you can prevent the placement of cookies by setting your browser accordingly. Further information about the transmission of your data by Facebook, including to third countries, can be found in the privacy policy by visiting https://www.facebook.com/privacy/explanation,  information about the cookies can be found in the cookie policy by visiting https://www.facebook.com/policies/cookies/.

Please note that despite a joint responsibility, we have no influence on the means by which the data is collected, made available and processed; we only receive the evaluation anonymized and therefore cannot forward any personal data to third parties. 

We receive the following information after a statistical evaluation by Facebook Ireland Limited:

  • Information about individuals:
    Individuals who have subscribed to our Facebook page: Gender, age, place of residence and language;
    Reach of posts: Individuals for whom our post was placed within the last 4 weeks;
    Social Interactions of individuals: Individuals, who have "liked", tagged, commented or shared our posts or made other social interactions within the last 4 weeks.
  • Information about subscribers:
    Total number of subscribers to our Facebook page, number of new subscribers, demographic information of subscribers by origin (country, city, town), gender, age and language.
  • Information about visitors:
    Page and tab views: Information on how often each tab and each button (e.g. website button, phone number button, "plan route" button) of our fan page was displayed or clicked;
    Visitor behaviour: Information on whether the visitor hovers over the fan page name or profile picture to preview page content, as well as information on whether the fan page visitor is logged in on a computer or mobile device;
    External referrals: Information about how often people linked to our fan page from a website outside of Facebook.
  • Information about contributions:
    Online behaviour of visitors: Information of when the people who "like" our page are on Facebook;
    Post types: Information about the success of each post type based on average reach and interaction;
    Most popular posts from pages we keep an eye on: Showing interactions to posts from pages we keep an eye on.
  • Interactions with our videos:
    Video views: information on how often a video we shared was viewed for more than 3 or 30 seconds;
    Top videos: information about the most viewed videos on our fan page for at least three seconds.
  • Reach:
    Post reach: number of individuals our post was delivered to, broken down by paid and organic reach;
    Positive interactions: "likes", comments, shared content and recommendations;
    negative interactions: hidden posts, reported as spam, "no longer likes";
    Number of fan page subscribers, total reach: number of individuals who have been shown an action from our page.

For more information about the evaluation of your data, please contact https://de-de.facebook.com/legal/terms/information_about_page_insights_data.

  • LinkedIn

Again personal data is processed in joint responsibility by us and LinkedIn Corporation in accordance with Article 26 GDPR for the purpose of improving our marketing and the statistical evaluations thereof by LinkedIn Corporation, whether you are a registered user or not. The cookies set by LinkedIn Corporation are stored for up to two years after being set or updated, but can be deleted at any time. In addition, you can prevent the placement of cookies by setting your browser accordingly. Further information about the transmission of your data by LinkedIn Corporation including to third countries can be found in the privacy policy by visiting https://www.linkedin.com/legal/privacy-policy?_l=de_DE, information about the cookies can be found in the cookie policy by visiting https://www.linkedin.com/legal/privacy-policy?_l=de_DE and https://www.linkedin.com/help/linkedin/answer/1897/cache-speicher-und-cookies-loschen?lang=de.

Please note that despite joint responsibility we have no influence on the means by which the data is collected, made available and processed; we only receive the evaluation anonymized and therefore cannot forward any personal data to third parties. 

We receive the following information after statistical evaluation by LinkedIn Corporation:

  • Information about individuals:
    Followers: information on place and country of access, career level, industry, company size, field of activity;
    Individuals reached: individuals for whom our post was placed in the last 28 days;
    Interacting individuals: individuals who have "liked", commented, shared or otherwise interacted with our posts in the last 28 days.
  • Information about followers:
    Total number of followers, number of new followers in the last 28 days.
  • Information about visits:
    Information on how often each post was clicked on, information on which device the followers use to access the profile, percentage comparison with accesses from the previous day.
  • Information about posts:
    Followers' online behaviour: average reach and interaction broken down by paid and organic reach.

4. Google Maps

We offer you the possibility to calculate and display your individual route to our location with Google Maps.  By clicking on the "directions" link, you will be redirected to Google Maps. By clicking on this link, a connection is activated and a connection to the servers of Google is established without any further action. Your data, in particular data from the server log files, is transmitted to Google. This may involve the transfer of your data to third countries, where the data protection standards established in Europe do not apply and therefore the security and protection of your data might not be guaranteed all the time. 

Please mind that we have no control over the scope and content of the data that is transmitted to Google after clicking on the link or over any cookies that are set by Google. Cookies are small text files that are transmitted by Google via your browser to your terminal or mobile device and are set there. The information collected by these cookies is retrieved during subsequent visits to Google Maps that allowes to recognise your terminal or mobile device. The information stored in the cookies is received, recorded and processed by Google with direct personal reference.

If you do not wish your data to be transferred, please avoid clicking on the link.

For further information on the type, extent and purpose of the data collected, we may refer you to the privacy statements of Google Maps. These can be accessed by visting https://policies.google.com/privacy?hl=de.

5. Marketing for own purposes and newsletter distribution

We process your personal data within the scope of our marketing activities and in the context of sending our newsletter.

a) Scope of the processing activity

For advertising our law firm, including sending invitations and newsletters, we process the following data:

I) Surname, first name, if applicable name of the company/institution, salutation, title, gender, company/institution affiliation (current and historical), department and function in the company and/or institution, email address provided, date and time of contact by KWR with the recipients (history), logs of correspondence (e.g. email bounces), marketing identifiers (categorisation, affiliation to client and interested party group), details of activities of the data subject on the marketing activity, empty box for comments. 

ii) E-mail address, information on the current status of declarations of consent and, if applicable, revocations, information on activities of the data subject on the newsletter dispatch, date and time of dispatch of a newsletter, empty box for comments.

b) Purpose of the processing activity

The purpose of this IT based processing activity is to be able to organise our marketing activities properly and efficiently. Thus, the aim is to inform our clients and interested parties about our achievements and our range of services and to invite them to our events that take place as part of our marketing activities. The aim of sending out the newsletter is to provide clients and interested parties with information on new decisions, important legal innovations or legal ammendments.

If you do not wish us to process your personal data for the purpose of carrying out marketing activities, we unfortunately unable to send you invitations to our events.

If you do not wish to provide your data or do not wish to provide it anymore in connection with the distribution of our newsletter, we will unfortunately not be able to send you a newsletter.

You find a notice about your right to object to our marketing activities or withdraw your consent at any time enclosed with each of our mailings.

c) Legal basis of the processing activity

We process the personal data mentioned in (i) on the basis of our legitimate interest pursuant to Article 6 (1) (f) GDPR, namely to advertise our law firm and thus our legal services and activities to prospective and existing clients and interested parties and to carry out further marketing activities on the basis of Article 6 (1) (f) GDPR.

You can object to the processing of your data at any time by giving reasons. For this purpose, please send us an e-mail to dataprotection@kwr.at.

If you object, we will cease any marketing activities in relation to you.

The data mentioned in (ii) is processed exclusively for the distribution of our newsletter. The processing is based on your consent according to Article 6 (1) (a) GDPR. When using the data for this purpose, we comply with the provisions of communications law as well, in particular § 107 Austrian Telecommunications Act 2003 (Telekommunikationsgesetz 2003, “TKG 2003”).

If you no longer wish to receive our newsletter, you can withdraw your consent at any time and without giving reasons to dataprotection@kwr.at.

Upon withdrawl we will delete your data from our system for the distribution of our newsletter.  

d) Recipient of the data

As part of our marketing activities and the distrubition of the newsletter, we engage the following service providers for efficient processing, who might have access to your personal data in the course of their activities:

  • eyepin GmbH

Billrothstraße 52
1190 Vienna
Austria
T: +431 961 7777-0
E: office@eyepin.com

  • KONZEPT IT GmbH

Kirchenplatz 6/8/1
1230 Vienna
T: +43 1 2266990
E: info@konzept.at   

The aforementioned service providers are contractually obliged to protect your personal data at all times, implement appropriate technical and organisational measures with regard to the security of the data and to refrain from processsing your data for their own purposes or to forward it to third parties

e) Storage period

We store the data mentioned under (i) for marketing purposes for up to three years from the time of your last contact with us, unless you object to the processing of your data beforehand.

The data required for sending the newsletter and mentioned under (ii) will be stored for as long as you have subscribed to the newsletter or until you revoke your consent.

f) Further processing of the data

The data mentioned under (i) is processed in the course of our organization of events. Data relating to the distribution of newsletters is not further processed in any other processing activities.

g) Automated decision-making

The data referred to in (i) and (ii) are not processed for automated decision-making, nor do we carry out any "profiling". 

6. Corporate communication

a) Scope of the processing activity

Occasionally, we may add short descriptions of the photographs we take at our events and publish them as a feature on our online presences for presentation purposes. The following data is processed as part of our corporate communication.

When you interact with us on our social media channels:

i) Surname, first name, title, gender, telephone and fax number and other information required for addressing purposes resulting from modern communication techniques, online identity of the respective social media platform (user name, photo, avatar, logo), published and non-published contributions to the social media presence (e.g.. comments, requests, ratings [e.g. "like"], photos, videos, etc.), public and non-public reactions to our posts (replies, comments, etc.), logging of requests and correspondence via social media channels, content and time of logging, other response behaviour to activities (positive reaction to posts).

If we publish photographs taken during our events with information about you on our news blog, social media presences and/or through press releases:

ii) Surname, first name, title, gender, information on professional status, information on the event (occasion of the event, place and date), your contribution to the event

b) Purpose of the processing activity

The purpose of this processing activity is to enable simple and uncomplicated correspondence through our online presences and to increase interest in our events through the press releases and shared articles as well as to portray you as a high-profile participant in our events.

c) Legal basis of the processing activity

We process the data mentioned under (i) within the scope of our legitimate interests pursuant to Article 6 (1) (f) GDPR in order to enable quick and easy correspondence and to provide an insight into our activities as one of Austria's leading corporate law firms.

If you do not want us to process your data, please do not interact with our posts.

 If you have already done so, you can object to the processing of your data at any time by giving reasons. For this purpose, please send us an e-mail to dataprotection@kwr.at .

If you object, we will - as far as technically possible - remove your personal data from our social media presence.

We process the data mentioned under (ii) on the basis of your consent pursuant to Article 6 (1) (a) GDPR, which we obtain prior to publication.

You can withdraw your consent at any time and without giving reasons. For this purpose, please send us an e-mail to dataprotection@kwr.at.

Upon your withdrawl, we will delete your personal data from our online presence.

 Furthermore, we process your data mentioned in (ii) in order to create press releases. This is done within the scope of our legitimate interest according to Article 6 (1) (f) GDPR. 

You can object to the processing of your data at any time by giving reasons. For this purpose, please send us an e-mail to dataprotection@kwr.at.

If your objection is successful, we will, as far as technically possible, remove your personal data.

d) Recipient of the data

We publish data contained in press releases in our news blog and transmit them on the basis of our legitimate interest pursuant to Article 6 (1) (f) GDPR to:

  • Editorial offices of national and international daily newspapers,
  • Editors of specialist media,
  • Editorial offices of national and international directories.

If we publish the data mentioned in (ii) on our social media sites with your consent in accordance with Article 6 (1) (a) GDPR and Article 49 (1) (a) GDPR, we transmit the data to Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland and LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA. This results in a transfer to a third country whose level of protection does not correspond to the European standard.

Furthermore, we engage our IT service provider for the efficient handling of corporate communications. Under certain circumstances, they may have access to your personal data as part of their service activities: 

  • KONZEPT IT GmbH

Kirchenplatz 6/8/1
1230 Vienna
T: +43 1 2266990
E: info@konzept.at   

e) Storage period

Your direct messages sent to us are stored for a period of 2 years after the last time you have contact us or until your objection unless there are legally compelling reasons for storing them or until your consent has been withdrawn. We have no influence on the storage period of your further interactions, such as comments and likes in particular. If you therefore wish to have this data deleted, we kindly ask you to remove this interaction via your account. If you need assistance with this, please contact us at dataprotection@kwr.at.

f) Further processing of the data

There is no further processing of the data.

g) Automated decision-making

The aforementioned data will not be processed for automated decision-making nor do we carry out so-called "profiling". 

iV. Your rights

As data subject of our data processing you have the following rights. For the enforcement of your rights - with the exception of the right to complain – contact us to dataprotection@kwr.at.

If we have instructed our cooperation partners with the search for appropriate candidates and thus act in joint responsibility with them, you can enforce your rights not only against us but also against these cooperation partners.

a) Right of access

You have the right to request information at any time and in any form  about the data related to you that is processed by us as controller - together with further information such as the purpose of processing and the recipients, information about the origin of the data and information about automated decision-making including the logic involved. Furthermore, you have the right to request information on whether your personal data is transferred to a third country or to an international organisation, including the right to be informed about the appropriate safeguards in accordance with Article 46 GDPR.

b) Right to rectification and right to restriction of processing

You may request that inaccurate or incomplete data is rectified or completed.  You also have the right to request a restriction on the processing of data that may only be processed with your consent or for the assertion, exercise or defense of legal claims or for the protection of the rights of another natural or legal person or for reasons of important public interest, for example if the accuracy of the data is disputed. 

c) Right to dataportability

You may request that a copy of the data, if it has been made available to KWR, is sent to you or, if this is technically feasible, to a third party that can be determined, in a structured, common and machine-readable format.

d) Right to erasure

You may request the erasure  of your personal data in certain circumstances, for example if it is not processed in accordance with the data protection provisions.

e) Right to object

You have the right to object to the processing of your personal data at any time by giving reasons. In this case we will no longer process the personal data relating to you unless we can argue compelling legitimate grounds for the processing which override your interests, or the processing serves the purpose of enforcing, exercising or defending of legal claims.

f) Right to withdraw your declaration of consent

You have the right to withdraw your  consent under data protection law at any time and without giving reasons by sending an e-mail to dataprotection@kwr.at. The withdrawal of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the withdrawal. We will delete your data unless legal provisions require us to store it.

g) Right to complain

If you are of the opinion that the processing of your data violates your right to confidentiality or your data protection rights have been violated in any other way, you can file a complaint to the competent supervisory authority. In Austria, the competent authority is the

Austrian Data Protection Authority (Österreichische Datenschutzbehörde), Barichgasse 40-42, 1030 Vienna, Austria.

You have the possibility to file a suit at the competent regional court (Landesgericht) pursuant to § 29 (2) Austrian Data Protection Act (Datenschutzgesetz, “DSG”) and any other legal remedies.

The English translation of this privacy statement is provided for your convenience only. Thus, the German version of this privacy statement shall prevail and be exclusively effective.

(As of November 2021)

How to reach us

KWR Karasek Wietrzyk Rechtsanwälte GmbH, Fleischmarkt 1/ 3rd floor, 1010 Vienna
T +43 1 24500-0, Mail: dataprotection@kwr.at

Privacy settings

Your previously selected data protection settings can be
be adjusted by clicking on "Configure".

 

This website uses cookies

For offering you the best experience possible we use various types of cookies. Please select the types of cookies you would like to allow and then click on "Agree". By clicking on „Agree to all“, you agree to the use of all cookies. You can withdraw your consent at any time by changing your browser settings, with future effect. For more information about the cookies we use click here: cookie policy. Further information about data protection can be found here: data protection.

Imprint

Operational and
functional cookies
Statistic cookies


Further information