Wolf Theiss

Privacy Policy

Privacy policy relating to the processing of your personal data by WOLF THEISS
(Last amended on 1 April 2019)


We would like to explain by whom your personal data is processed and for which purposes as well as your corresponding rights and obligations.

1.1    Who is responsible for the processing of your personal data?
WOLF THEISS Rechtsanwälte GmbH & Co KG, Schubertring 6, A-1010 Vienna (“WOLF THEISS”) and, if applicable, jointly together with the independent attorney-at-law providing you with the corresponding legal services.

1.2    Who can assist, if you have any further questions?
Please contact us on data.protection@wolftheiss.com if you have any questions in connection with this policy.

1.3    Which laws apply to the processing?
All relevant laws in the respective applicable version in particular, the Austrian Data Protection Act (“DSG”), the European General Data Protection Regulation (“GDPR”) as well as the Austrian Telecommunications Act (“TKG”).

1.4    What are personal data?
Personal data (“Data”) means any information in connection with personal or factual circumstances, such as name, address, e-mail address, telephone number, date of birth, age, gender, social security number, video recordings, photos, voice recordings of persons as well as biometric data (e.g. fingerprints).



We process your Data for the following purposes based on the respective legal basis referred to below:

2.1    Performance of our contractual obligations
Performance of our legal and other contractually agreed services in the course of our business relationship (e.g. any function as client or supplier) based on the Data, which you have provided to us or which we received from third parties: Art 6 Abs 1 lit b GDPR.
Please note that we may not be able to accept you as our client if you do not, or not sufficiently, provide us with the required Data.

2.2    Compliance with law
Processing in order to comply with applicable law (e.g. storage of Data in compliance with statutory retention periods pursuant to the Austrian Federal Fiscal Code or the Austrian Regulation for the Lawyers’ Profession), prevention of money laundering): Art 6 para 1 lit c GDPR.

2.3    Management of our business
Processing in connection with the proper and efficient management of our business (e.g. general and cost accounting, maintenance of the database containing information about our contractual partners): our legitimate interest pursuant to Art 6 Abs 1 lit f GDPR.

2.4    Maintaining the relationship with our clients
Processing of Data of current, former and prospective clients including their employees (e.g. name, address, e-mail address, company, role), in particular to maintain the relationship and to provide you with up-to-date and relevant legal and business-related information (e.g. newsletters, client alerts): our legitimate interest pursuant to Art 6 Abs 1 lit f GDPR.



We process your Data for the following purposes based on the respective legal basis referred to below:

3.1    Publications and events of WOLF THEISS
Processing of any Data provided by you to us (e.g. name, address, e-mail address, company, role; your preferred specific areas of law and jurisdictions) to provide you with up-do-date and relevant legal and business-related information (e.g. newsletters, client alerts). In this context we also process your user data (e.g. open rate, click behaviour, deliverability of newsletters) to improve our publications on an ongoing basis. In the course of the registration for our in-house events we process your registration data to prepare and host the event.

The corresponding legal basis is your consent (e.g. provided to us via the option “subscribe to our updates” on our website), which you can revoke at any time with effect from the revocation: Art 6 Abs 1 lit a GDPR.

In order to receive our publications and to be able to participate in our events it is necessary that we process your e-mail address. If you do not provide us with your e-mail address, we may not be able to provide you with the relevant publications or to register your participation at our events.

3.2    Career portal
Processing of any Data provided by you to us (e.g. name, address, e-mail address, CV, certificates, motivation letters and other information you provided to us) in order to be able to offer you a suitable position in our firm and to keep you informed of the process.

The corresponding legal basis is your consent, which you can revoke at any time with effect from the revocation: Art 6 Abs 1 lit a GDPR.
Please note that we may have to discontinue the application process if you do not, or not sufficiently, provide us with your Data required for the use of the career portal.

3.3    Logfiles
If you visit or use our website, our system automatically records access data of your device and browser:

  • type, version and settings of your browser;
  • your operating system and service provider;
  • visited websites and files;
  • the website visited prior to accessing our website; and
  • the IP-address allocated to your device.

We need to process these logfiles in order to ensure the functionality, stability and security of our website. We may also use these data in connection with forensic investigations in the event of a security incident or to create user statistics. In connection with statistic purposes we only use an anonymised version of your IP-address.

The legal basis is our legitimate interest: Art 6 Abs 1 lit f GDPR.

3.4    Cookies

3.4.1    What are cookies?
Cookies are small text files stored on your device during your visit of our website which store specific information about you. They cannot access, read or alter any other data stored on your device. Any reference to the term “cookies” shall also be deemed to include other technologies with similar purposes, for example pixel tags.

We use two types of cookies on our website:

3.4.2    Essential cookies
We use essential cookies to transfer messages and provide you with the requested services. Without use of such cookies we would not be able to ensure the proper functionality of our website or it may only function to a limited extent.
The legal basis is our legitimate interest: Art 6 Abs 1 lit f GDPR.

3.4.3    Optional cookies
This type of cookies helps us to improve our website, to optimise your user experience, to analyse user behaviour and to personalise marketing activities.

Legal basis is your consent, given to us by clicking the box “OK” on the cookie banner on our website. You can revoke your consent at any time with effect from the revocation: Art 6 Abs 1 lit a GDPR.

3.4.4    Optional cookie: Google Analytics
Our website uses Google Analytics provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA (“Google”) which allows us to analyse your use of our website.

Any information in connection with your use of our website generated by such cookie (including your IP-address and the URLs of the visited websites) is transmitted to, and stored on, the Google server located in the U.S.A. We do not store any of your Data collected via Google Analytics.
Our website uses an IP-anonymisation function provided by Google Analytics. Consequently, your IP-address will be immediately abbreviated/anonymised by Google upon receipt. Google will use this information on our behalf in order to analyse your use of our website, to prepare reports in connection with your activities on our website and to provide us with any other services in connection with the use of the website and the Internet. Google will not merge your IP-address with other Data.

For further information about the terms of use as well as the privacy policy of Google, please visit the following link: https://www.google.com/analytics/terms/gb.html.

3.5    Social media plug-ins
Our website is provided with an opportunity to interact with various social media networks via plug-ins. These are plug-ins are provided by:

  • Facebook, operated by Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland;
  • YouTube, operated by YouTube LLC, 901 Cherry Avenue, San Bruno, CA 94066 USA;
  • Instagram, operated by Instagram LLC, 1601 Willow Road, Menlo Park CA 94025 USA;
  • Twitter, operated by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103; and
  • XING, operated by XING SE, Dammtorstraße 30, 20354 Hamburg, Germany.

If you click on a plug-in provided by these social media networks, such plug-in is activated, a connection will be established to the respective network’s server and your Data may be transmitted to such network. We have no control over the extent, and content, of Data transferred to the operator of the respective network following a click on the relevant plug-in. If you do not agree with the transfer of your Data, please avoid activating any plug-ins.
We recommend consulting the privacy policies of the respective network operator in connection with any further information relating to the type, extent and purpose of the Data collected.

3.6    How can you manage logfiles, cookies and social media plug-ins?

3.6.1    In addition to the possibility to revoke your consent in connection with the use of optional cookies, you may generally prevent the use of cookies by activating the corresponding option of your browser to generally prevent the storage of cookies or by erasing the cookies stored on your device or by your browser. For further information relating to cookie settings of specific browsers, please visit the following websites:

  • Cookie settings in Internet Explorer  
  • Cookie settings in Firefox
  • Cookie settings in Chrome
  • Cookie settings in Safari

In connection with Google Analytics you can object to the collection and use of your Data by downloading and installing the browser plug-in provided on: https://tools.google.com/dlpage/gaoptout.

3.6.2    Please note that you might not be able to use all functions of our website or that it may not function properly if you erase cookies or deactivate the cookie function in your browser.



4.1    We transfer your data only to the extent there is a valid legal basis for the transfer and if the transfer is not in breach of our professional duty of confidentiality. In any event we only transfer your Data to such an extent as required for the respective purpose, required by applicable law, if there is a legitimate interest, or subject to your consent. Your Data will be transferred in particular to the following recipients:

  • other WOLF THEISS offices, to the extent this is required for us to provide our services (click here for a list of our offices)
  • independent attorneys-at-law in cooperation with WOLF THEISS;
  • service providers in connection with the prevention of money laundering;
  • tax consultants and auditors;
  • competent bar associations;
  • banks and insurance companies;
  • courts and authorities;
  • opponents and their legal representatives;
  • service providers (e.g. travel agencies, taxi service, hotels); and
  • advertising and web analytics partners (e.g. Google LLC).

4.2    Our service providers (“Processors”) also process your Data. These Processors are in particular IT-services providers, providers of other tools and software solutions as well as of similar services. Our Processors will only process your Data on our behalf, in accordance with our instructions and for the above-mentioned purposes.

4.3    Some of the recipients referred to in this privacy policy process your Data, or have their seat, outside the European Economic Area.
In these countries the level of data protection might not be the same as in Austria. We will ensure compliance with the level of data protection customary in Europe and the respective data security standards. Consequently, we will transfer your Data only to countries if the EU Commission has decided that such countries provide for an adequate level of protection or we will take measures to ensure that all recipients provide for an adequate level of protection such as the conclusion of EU standard contractual clauses.


We keep your Data only as long as this is required for the above-mentioned purposes and to comply with our contractual and/or legal obligations. If we do no longer require your Data, we erase or render them anonymous to ensure that you can no longer be identified.



6.1    You can exercise the following rights at any time:

  • right to access in connection with your Data processed by us, to the extent there is no conflict with our professional duty of confidentiality (Art 15 GDPR);
  • right to rectification of inaccurate Data and to erasure of any unlawfully processed Data (Art 16, 17 GDPR);
  • right to revoke your consent in connection with the processing of Data with effect from the revocation if and to the extent the processing is based on your consent (Art 7 GDPR);
  • right to restriction of the processing of your Data (Art 18 GDPR); and
  • right to receive your Data provided to us in a machine-readable format (Art 20 GDPR).

6.2    Furthermore, you have the right to object to the processing of your Data at any time.
If you object to the processing in connection with direct marketing (e.g. newsletters, client alerts), we will cease the corresponding processing with effect from the date of your objection. In any other case we will only cease processing, if there are justified grounds for the objection having regard to the individual circumstances (Art 21 GDPR).

6.3    We do not process your Data for decision-making which is solely based on automated processing, including profiling, and which result in legal effects for you (Art 22 GDPR).

6.4    You can file a complaint with the Austrian data protection authority, Barichgasse 40-42, 1030 Vienna, the competent supervisory authority, at any time.



7.1    We may update this privacy policy to reflect legal or technical changes or any changes to our business.
We will take reasonable efforts to inform you of such updates. The date of the most recent update is included in the heading of this privacy policy.

7.2    This privacy policy also links to websites of third parties.
We have no control over the content, or the data protection practices, of these websites. We recommend reading the data protection policies of any websites of third parties visited.


Find a Lawyer