accessibilityalertarrow-downarrow-leftarrow-rightarrow-upchevron-downchevron-leftchevron-rightchevron-upclosedigital-transformationdiversitydownloaddrivedropboxeventsexitexpandfacebookguideinstagramjob-pontingslanguage-selectorlanguagelinkedinlocationmailmenuminuspencilphonephotoplayplussearchsharesoundshottransactionstwitteruploadwebinarwp-searchwt-arrowyoutube

Privacy Policy

(Last amended on 14 September 2023)

1.    General

We would like to explain by whom your personal data is processed and for which purposes as well as your corresponding rights and obligations.

1.1    Who is responsible for the processing of your personal data?

Wolf Theiss Rechtsanwälte GmbH & Co KG, Schubertring 6, A-1010 Vienna (“Wolf Theiss”, “WE”) and, if applicable, jointly together with the independent attorney-at-law providing you with the corresponding legal services.

1.2    Who can assist, if you have any further questions?

Please contact us on data.protection@wolftheiss.com if you have any questions in connection with this policy.

1.3    Which laws apply to the processing?

All relevant laws in the respective applicable version in particular, the Austrian Data Protection Act (“DSG”), the European General Data Protection Regulation (“GDPR”) as well as the Austrian Telecommunications Act (“TKG”).

As part of certain processing activities, specific provisions of the respective laws may require or permit the processing of personal data (e.g. the retention obligations in tax law). Within the scope of our legal services, we are also obliged to maintain professional secrecy obligations. Therefore, in some cases, we are legally prohibited from providing exact information about the data we process.

1.4    What are personal data?

Personal data (“Data”) means any information in connection with personal or factual circumstances relating to an identifiable natural person, such as name, address, e-mail address, telephone number, date of birth, age, gender, social security number, video recordings, photos, voice recordings of persons as well as biometric data (e.g. fingerprints).

2.    Processing in connection with our Client-Attorney Relationship

We process your Data for the following purposes based on the respective legal basis referred to below:

2.1    Performance of our contractual obligations

Performance of our legal and other contractually agreed services in the course of our business relationship (e.g. any function as client or supplier) based on the Data, which you have provided to us or which we received from third parties: Art 6 para 1 lit b GDPR.

Please note that we may not be able to accept you as our client if you do not, or not sufficiently, provide us with the required Data.

2.2    Compliance with law

Processing in order to comply with applicable law (e.g. storage of Data in compliance with statutory retention periods pursuant to the Austrian Federal Fiscal Code or the Austrian Regulation for the Lawyers’ Profession, prevention of money laundering): Art 6 para 1 lit c GDPR.

2.3    Management of our business

Processing in connection with the proper and efficient management of our business (e.g. general and cost accounting, maintenance of the database containing information about our contractual partners): our legitimate interest pursuant to Art 6 para 1 lit f GDPR.

2.4    Maintaining the relationship with our clients

Processing of Data of current, former and prospective clients including their employees (e.g. name, address, e-mail address, company, role), in particular to maintain the relationship and to provide you with up-to-date and relevant legal and business-related information (e.g. newsletters, client alerts) within our legitimate interest pursuant to Art 6 Abs 1 lit f GDPR.

3.    Processing in connection with our website

We process your Data for the following purposes based on the respective legal basis referred to below:

3.1    Publications and events of Wolf Theiss

Processing of any Data provided by you to us (e.g. name, address, e-mail address, company, role; your preferred specific areas of law and jurisdictions) to provide you with up-do-date and relevant legal and business-related information (e.g. newsletters, client alerts). In this context we also process your user data (e.g. open rate, click behavior, deliverability of newsletters) to improve our publications on an ongoing basis.

In the course of the registration for our in-house events we process your registration data to prepare and host the event.

The corresponding legal basis is your consent (e.g. provided to us via the option “GET OUR UPDATES” on our website), which you can revoke at any time with effect from the revocation: Art 6 Abs 1 lit a GDPR.

In order to receive our publications and to be able to participate in our events it is necessary that we process your e-mail address. If you do not provide us with your e-mail address, we may not be able to provide you with the relevant publications or to register your participation at our events.

We also process your registration and payment data for event fees in order to provide our services and to comply with retention obligations of tax and company laws for up to seven years after the end of the respective financial year (Art 6 para 1 lit b and c GDPR).

3.2    Career portal

Processing of any Data provided by you to us (e.g. name, address, e-mail address, CV, certificates, motivation letters and other information you provided to us) in order to be able to offer you a suitable position in our firm and to keep you informed of the process.

The corresponding legal basis is your consent, which you can revoke at any time with effect from the revocation: Art 6 para 1 lit a GDPR.

Please note that we may have to discontinue the application process if you do not, or not sufficiently, provide us with your Data required for the use of the career portal.

We process your data for the duration of the application process. Additionally, we may retain data as far as legal claims can be raised against us (i.e. in Austria at least for 7 months after declining an application due to possible claims under the GlBG). In addition, your data may be stored when you give your consent (e.g. to hold your application for future consideration). More information on processing and retention of applicant data in Prescreen can be found here.

3.3    Logfiles

If you visit or use our website, our system automatically records access data of your device and browser:

  • type, version and settings of your browser;
  • your operating system and service provider;
  • visited websites and files;
  • the website visited prior to accessing our website; and
  • the IP-address allocated to your device.

We need to process these logfiles in order to ensure the functionality, stability and security of our website. We may also use these data in connection with forensic investigations in the event of a security incident or to create user statistics. In connection with statistic purposes we only use an anonymized version of your IP-address. The legal basis is our legitimate interest thereto: Art 6 para 1 lit f GDPR.

3.4    Cookies and external media

3.4.1    What are cookies?

Cookies are small text files stored on your device during your visit of our website which store specific information about you. They cannot access, read or alter any other data stored on your device. Any reference to the term “cookies” shall also be deemed to include other technologies with similar purposes, for example pixel tags.

We use two types of cookies on our website:

3.4.2    Essential cookies

We use essential cookies to transfer messages and provide you with the requested services. Without use of such cookies we would not be able to ensure the proper functionality of our website or it may only function to a limited extent.

The legal basis is our legitimate interest: Art 6 para 1 lit f GDPR.

3.4.3    Optional cookies

This type of cookies helps us to improve our website, to optimize your user experience, to analyze user behavior and to personalize marketing activities.

Legal basis is your consent, given to us in the cookie banner on our website. You can revoke your consent at any time with effect from the revocation: Art 6 para 1 lit a GDPR.

3.4.4    Optional cookie: Google Analytics

Our website uses Google Analytics provided by Google Ireland Limited, register number: 368047, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”) which allows us to analyze the use of our website.

Any information in connection with your use of our website generated by such cookie (including your IP-address and the URLs of the visited websites) may be transmitted to, and stored on, Google servers located in the U.S.A.

Our website uses an IP-anonymization function provided by Google Analytics. Consequently, your IP-address will be immediately abbreviated/anonymized by Google upon receipt. Google will use this information on our behalf in order to analyze your use of our website, to prepare reports in connection with your activities on our website and to provide us with any other services in connection with the use of the website and the Internet. Google will not merge your IP-address with other Data.

For further information about the terms of use, concluded by us with Google, as well as the privacy policy and privacy measures of Google, please visit the following link: https://www.google.com/analytics/terms/gb.html.

For more information about how Google Analytics works and the information we can collect and analyze, please visit: https://support.google.com/analytics/answer/1012034?hl=en&ref_topic=6157800

The cookies used by Google Analytics are only set once you give your consent. To deactivate Google Analytics you may also use the following link: https://tools.google.com/dlpage/gaoptout/

3.5    Optional: Social media content plug-ins and external media

Our website is provided with an opportunity to interact with various (social) media networks via plug-ins. These are plug-ins are provided by:

If you click on a plug-in provided by these (social) media networks, such plug-in is activated, a connection will be established to the respective network’s server and your Data may be transmitted to such network. We have no control over the extent, and content, of Data processed by the operator of the respective network following a click on the relevant plug-in. If you do not agree with the transfer of your Data, please avoid activating any plug-ins.

We recommend consulting the privacy policies of the respective network operator in connection with any further information relating to the type, extent and purpose of the Data collected.

3.6    Cookie settings of your browser?

3.6.1    In addition to the possibility to revoke your consent in connection with the use of optional cookies, you may generally prevent the use of cookies by activating the corresponding option of your browser to generally prevent the storage of cookies or by erasing the cookies stored on your device or by your browser. For further information relating to cookie settings of specific browsers, please visit the following websites:

3.6.2    Please note that you might not be able to use all functions of our website or that it may not function properly if you erase cookies or deactivate the cookie function in your browser (e.g. the cookie banner may reappear).

3.7   (Social) media channels

Regarding the operation of the individual social media channels we may act as joint controllers together with the respective operator of the platform where this operator is not acting as sole controller. However, we do not have full access to the data processing by the platform operator. Therefore, we recommend reading our privacy policy together with the privacy policy of each platform to get a comprehensive overview.

For the operation of our social media channels we may, within our legitimate interests thereto (Art 6 para 1 lit f GDPR), process:

  • your personal data, e.g. cookies, when you interact with our social media channels (however, please note, that some data may be collected even if you are not logged in) and
  • interaction data, e.g. if you communicate with us via our social media channels through posts, comments, personal messages or contact forms.

When interacting with our social media channels we may have access to your publicly visible data (e.g. name and profile picture when you make a public comment on our page). Please review your profile settings to check which data is publicly available and to change which data can be shared by the platform. For more information please read the privacy policies of the respective social media platform.

In addition, we receive anonymous statistics from the social media operators about the use and popularity of our social media pages. For this purpose, we collect anonymous statistics within the scope of our legitimate interests and carry out demographic analyses (Art 6 para 1 lit f GDPR). The following information are processed:

  • Total number of followers (i.e. person following our channel)
  • Reach: number of people who see a specific post; number of interactions with a specific post; this enables us to review which topics are of great interest to our community
  • Demographic data of users: age, gender, place of residence, language.
  • Ad performance: How many people were reached by a post or paid ad? How many people have interacted with it?

4.   Do we transfer your data?

4.1    We transfer your data only to the extent there is a valid legal basis for the transfer and if the transfer is not in breach of our professional duty of confidentiality. In any event we only transfer your Data to such an extent as required for the respective purpose, required by applicable law, if there is a legitimate interest, or subject to your consent. Your Data will be transferred in particular to the following recipients:

  • other WOLF THEISS offices, to the extent this is required for us to provide our services (click here for a list of our offices)
  • independent attorneys-at-law in cooperation with WOLF THEISS;
  • service providers in connection with the prevention of money laundering;
  • tax consultants and auditors;
  • competent bar associations;
  • banks and insurance companies;
  • courts and authorities;
  • opponents and their legal representatives;
  • service providers (e.g. travel agencies, taxi service, hotels); and
  • advertising and web analytics partners (e.g. Google).

4.2    Our service providers (“Processors”) also process your Data. These Processors are in particular IT-services providers, providers of other tools and software solutions as well as of similar services. Our Processors will only process your Data on our behalf, in accordance with our instructions and for the above-mentioned purposes.

4.3    Some of the recipients referred to in this privacy policy process your Data, or have their seat, outside the European Economic Area. In these countries the level of data protection might not be the same as in Austria. We will ensure compliance with the level of data protection customary in Europe and the respective data security standards. Consequently, we will transfer your Data only to countries if the EU Commission has decided that such countries provide for an adequate level of protection (e.g. for US organizations participating in the EU-U.S. Data Privacy Framework) or we will take measures to ensure that all recipients provide for an adequate level of protection such as the conclusion of EU standard contractual clauses, which are available on request. In certain cases, after separate information, your data will also be transmitted on the basis of your explicit consent (Art 49 (1) lit a GDPR), or insofar as the transmission is necessary for the performance of the contract (Art 49 (1) lit b GDPR).

4.4    How long do we keep your data in general?

We keep your Data only as long as this is required for the above-mentioned purposes and to comply with our contractual and/or legal obligations. If we do no longer require your Data, we erase or render them anonymous to ensure that you can no longer be identified. In particular, your personal data will be stored for the duration of the contractual relationship and within the scope of the statutory retention periods (e.g. 7 years for invoices); furthermore, insofar as there are justified interests in further processing (e.g. for the establishment, exercise or defense of legal claims). If necessary, we may also store your data as long as potential legal claims against us have not yet become statute-barred; for certain claims the statutory limitation period may be up to 30 years.

Communication data will be processed until your inquiry is completed or as long as (pre-)contractual obligations apply.

For the storage period of cookies please refer to the cookie section of this privacy notice. You may also delete cookies in your browser settings at any time.

5.    How long do we keep your data?

We keep your Data only as long as this is required for the above-mentioned purposes and to comply with our contractual and/or legal obligations. If we do no longer require your Data, we erase or render them anonymous to ensure that you can no longer be identified. In particular, your personal data will be stored for the duration of the contractual relationship and within the scope of the statutory retention periods (e.g. 7 years for invoices); furthermore, insofar as there are justified interests in further processing (e.g. for the establishment, exercise or defense of legal claims). If necessary, we may also store your data as long as potential legal claims against us have not yet become statute-barred; for certain claims the statutory limitation period may be up to 30 years.

Communication data will be processed until your inquiry is completed or as long as (pre-)contractual obligations apply.

For the storage period of cookies please refer to the cookie section of this privacy notice. You may also delete cookies in your browser settings at any time.

6.   Your rights

6.1    Within the statutory provisions you have the following rights concerning the processing of your personal data:

  • right to access in connection with your Data processed by us, to the extent there is no conflict with our professional duty of confidentiality (Art 15 GDPR);
  • right to rectification of inaccurate Data and to erasure of any unlawfully processed Data (Art 16, 17 GDPR);
  • right to withdraw your consent in connection with the processing of Data with effect for the future if and to the extent the processing is based on your consent (Art 7 GDPR)
  • right to restriction of the processing of your Data (Art 18 GDPR); and
  • right to data portability for data provided by you (Art 20 GDPR).

6.2    Furthermore, you have the right to object to a processing of your Data based on legitimate interests at any time. If you object to the processing in connection with direct marketing (e.g. newsletters, client alerts), we will cease the corresponding processing with effect from the date of your objection. In any other case we will only cease processing, if there are justified grounds for the objection having regard to the individual circumstances (Art 21 GDPR).

6.3    We do not process your Data for decision-making which is solely based on automated processing, including profiling, and which results in legal effects for you (Art 22 GDPR).

6.4    Additionally, you have the right to file a complaint with the competent supervisory authority, e.g. if you believe that we have violated your privacy rights or have not adequately enforced your data subject rights. In Austria: Austrian Data Protection Authority, Barichgasse 40-42, A-1030 Vienna, https://www.data-protection-authority.gv.at/.

7.    Miscellaneous

7.1    We may update this privacy policy to reflect legal or technical changes or any changes to our business. We will take reasonable efforts to inform you of such updates. The date of the most recent update is included in the heading of this privacy policy.

7.2    This privacy policy also links to websites of third parties. We have no control over the content, or the data protection practices, of these websites. We recommend reading the data protection policies of any websites of third parties visited.