Privacy policy

This privacy policy was last updated in September 2023.

1. Introduction

We process your data exclusively on the basis of the current legal provisions, in particular,  the Austrian Data Protection Act (‘DSG’), the European General Data Protection Regulation (‘GDPR’) as well as the Austrian Telecommunications Act (‘TKG’). This policy, together with our terms and conditions of this website and all other documents to which this policy relates, shall inform you of the personal data we collect from you or which you provide us through this website and how we process your personal data. Personal data means any information relating to an identified or identifiable natural person. Please read the following information carefully in order to understand our views and practices regarding your personal data and their treatment.

1.1 Who is responsible for processing your personal data

Peters Ortner Partners Rechtsanwälte GmbH, Am Hof 13/19-21, 1010 Vienna, Austria, and, if applicable, jointly together with an independent attorney-at-law providing you with the corresponding legal services.

1.2 Personal data

Personal data (‘data’) means any information in connection with personal or factual circumstances relating to an identifiable natural person. This includes but is not limited to their name, address, email address, telephone number, date of birth, age, gender, social security number, video recordings, photographs, voice recordings, and biometric data. 

2. Processing of personal data

We process your personal data only if and to the extent as you have given your consent or it is necessary to fulfill contractual obligations, to fulfill legal obligations or to protect our legitimate interests (Article 6 para 1 lit a, b, c and f GDPR). If your personal data was not directly provided by you, it may have been obtained from various sources. These sources include our clients, business partners, service providers, or collaboration partners, for whom you serve as a representative or employee. Additionally, we may have received your data through invitations to our events from third parties. In certain cases, we collect data from publicly available sources, including but not limited to company websites, participant lists of events, or industry registers.

We process your personal data, in particular, for the following purposes:

  • Performance of our legal and other contractually agreed services in the course of our business relationship based on the data, which you have provided to us or which we received from third parties. Please note that we may not be able to enter into a business relationship with you if you do not, or not sufficiently, provide us with the required data (Article 6 para 1 lit b GDPR).
  • To ensure compliance with both national and European regulations and legislation, we may need to process your personal data. This becomes particularly pertinent when considering the acceptance of specific mandates, as we are bound by our legal obligations in preventing money laundering and countering terrorism financing. In this regard, we are mandated to retain (copies of) the documentary evidence provided for identification purposes for a minimum of five years (with a maximum of ten years) following the termination of the mandate (Article 6 para 1 lit c GDPR).
  • The processing of data pertaining to current, former, and potential clients, as well as their employees (such as names, addresses, email addresses, company details, and roles), is primarily undertaken to nurture these relationships and furnish you with current and pertinent legal and business-related information. This information may include newsletters and client alerts (Article 6 para 1 lit f GDPR).
  • To facilitate efficient and accurate coordination, organization, and management of our business operations and associated internal administrative functions (Article 6 para 1 lit f GDPR).

Furthermore, we process your personal data in reliance on other legal basis in accordance with the GDPR and in compliance with data protection, civil law and any other applicable provisions.

3. Website and events

3.1 Our events

Our events, workshops, and lectures serve as valuable platforms for staying updated on various legal developments, fostering connections with industry peers, and affording you the opportunity to meet us in person. For sending invitations, we will exclusively use your contact details. In our legitimate interest, we will also process your name, company, and position to enhance our contact management. If you've signed up for an event, we will send you invitations based on your consent, which you can withdraw at any time. Maintaining connections with our former lawyers and colleagues is of utmost importance to us. For these invitations as well, we rely on your consent, which can be revoked at any time. If you are currently or were previously a client, it is within our legitimate interest to extend event invitations to you. Should you prefer not to receive further invitations, you can inform us at any time (Article 6 para 1 lit a GDPR).

3.2 Our website

You may use our website and access its public content generally without having to disclose your personal data. We only record information provided by your internet provider, including but not limited to your IP address and the duration and time of your visit. This information is saved during the time of your visit and analyzed solely for statistical purposes under strict protection of anonymity. We also collect your personal data, if you disclose such data voluntarily or explicitly when you visit our website in connection with using the services offered on the website. We only use this information for the specific purpose of the individual service and in compliance with applicable laws (Article 6 para 1 lit a and f GDPR). For details also see our cookie policy.

3.3 Logfiles

The provider of our website automatically collects and stores information in so-called server log files, which your browser automatically transmits. These are:

  • Browser type and browser version
  • operating system used
  • Referrer URL
  • Host name of the accessing computer
  • Time of server request
  • IP address

We must process these log files to guarantee the functionality, stability, and security of our website. Additionally, we may utilize this data for forensic investigations in the event of a security incident or to compile user statistics. For statistical purposes, we exclusively employ an anonymized version of your IP address (Article 6 para 1 lit f GDPR). 

4. Applicants

We process the data provided by you (such as name, address, email address, certificates, motivation letters, and other information) for the purpose of completing the application process and registering you in the social security system when we hire you (Article 6 para 1 lit a, b and c GDPR). Please be aware that if you do not provide us with the necessary data, we cannot process your application.

5. Digital networks

In relation to the management of our digital networks, we may act as joint controllers in collaboration with the network’s respective operator, provided that the network operator is not the sole controller. It's important to note that we do not possess complete access to the data processing conducted by the network operator. As a result, we strongly advise reviewing our privacy policy in conjunction with the privacy policy of each specific network to gain a comprehensive understanding.

In overseeing the operation of our digital networks, we may, in accordance with our legitimate interests, engage in the following data processing activities (Article 6 para 1 lit f GDPR). We may collect your personal data, such as cookies, when you engage with our digital networks. Please be aware that certain data may also be collected even if you are not logged in. Additionally, we may gather interaction data, such as information derived from your interactions with us via our digital networks, including but not limited to posts, comments, personal messages, or contact forms. Furthermore, we may access publicly visible information, such as your name and profile picture, particularly when you make public comments on our page. To ensure your privacy, we recommend reviewing your profile settings to verify which data is publicly accessible and to modify what can be shared through the network. For detailed information, please consult the privacy policies of the respective network operator. Moreover, we receive anonymous statistical insights from the network operators regarding the usage and popularity of our digital networks. In pursuit of this purpose, we collect anonymous statistics as part of our legitimate interests and conduct demographic analyses (Article 6 para 1 lit f GDPR). The following information is processed:

  • Total number of followers.
  • Reach: the number of people who view a specific post and the number of interactions with a specific post. This enables us to evaluate which topics are of significant interest to our community.
  • Demographic data of users, including age, gender, place of residence, and language.
  • Ad performance: Details on how many individuals were reached by a post or paid advertisement and how many interacted with it.
6. Use of data

When entering into a business relationship with us, you may be required to disclose personal data and business or trade secrets belonging to yourself, your relatives, co-workers, or other third parties. In all such instances, it is assumed that you possess the appropriate authorization to share this information. We will only utilize your data and data from third parties, as nominated by you, to the extent necessary for the proper establishment and execution of our business relationship with you. Your data will not be processed for purposes beyond those encompassed by our engagement, your consent, or any provision in accordance with GDPR, except when used for statistical purposes, provided that the shared data has been anonymized.

7. Transfer of data to third parties

We will only transfer your data when there is a valid legal basis for the transfer, and such transfer does not violate our professional duty of confidentiality. Additionally, we will only transfer your data to the extent necessary for the specific purpose, as mandated by applicable laws, in cases of legitimate interest, or upon obtaining your consent. Your data may be shared, in particular, with the following recipients:

  • independent attorneys-at-law in cooperation with us
  • courts and authorities;
  • opponents and their legal representatives;
  • competent bar associations;
  • tax consultants and auditors;
  • banks and insurance companies; and
  • service providers, in particular, IT-service providers.

Our service providers will also process your data. These service providers will only process your data on our behalf, in accordance with our instructions and for the above-mentioned purposes. Certain recipients mentioned above process your data or are headquartered outside the European Economic Area (EEA), where data protection standards may differ from those in Austria. However, we are committed to upholding the data protection standards customary in Europe and the relevant data security measures. Consequently, we will only transfer your data to countries if the EU Commission has determined that they offer an adequate level of protection. Alternatively, we will implement measures to ensure that all recipients, including the conclusion of EU standard contractual clauses, meet the required level of protection. In specific cases, and following separate notification, your data may be transmitted based on your explicit consent (Article 49 para 1 lit a GDPR) or when such transmission is necessary for contractual performance (Article 49 para 1 lit b GDPR). For example, your personal data, such as your IP address, cookies, device and browsing data, may be transmitted to service providers in the USA with your explicit consent, such as when you accept cookies or activate embedded media content.

8. Storage of data

We will retain data only as long as this is required for the above-mentioned purposes, to comply with our contractual or legal obligations and to safeguard against any potential liability claims. Once your personal data is no longer required, we will either erase it or anonymize it to ensure that your identity can no longer be discerned. Different data categories may have varying retention periods, contingent upon the purpose of processing. Specific retention periods for the data you provide can often be deduced from various legal provisions, such as Article 12 para 2 of the Austrian Lawyer's Act, Article 132 of the Austrian Federal Fiscal Code, and Article 212 of the Austrian Corporate Code. Should you require more precise information about the specific storage duration of your data or the data you've furnished, we are more than willing to provide you with the necessary details upon request.

9. Notification of data incidents

Our goal is to promptly detect any data incidents and report them immediately to you and/or the relevant supervisory authority. These reports will comprehensively include the specific data categories affected.

10. Your rights

With regard to your data stored by us, you have the right to information, correction, deletion, restriction, data transferability, revocation and objection. If you are of the opinion that our processing of your data violates data protection law or your data protection claims are otherwise violated in any way, you can contact us at any time at office@paragon-advocacy.com or lodge a complaint with the data protection authority (Austrian data protection authority, Wickenburggasse 8, 1080 Vienna, phone: +43 1 521 52-25 69, email: dsb@dsb.gv.at).

11. Potential revision of privacy policy

We retain the right to periodically update this data privacy statement in response to legal or technical changes, as well as any modifications in our business activities. We are committed to making reasonable efforts to promptly notify you of these updates. You can find the date of the most recent update on the first page of this data privacy statement.