Last update: 29. May 2023
Thank you for your interest in the information on our website!
Controller according to the GDPR
Fuith Rechtsanwälte GmbH Martin Fuith
FN FN 522587 k
t: +43 512 581616
Data collection on our website
On the one hand, personal data is collected from you when you expressly communicate such data to us, on the other hand, data, especially technical data, is automatically collected when you visit our website. Some of this data is collected to ensure that our website functions without errors. Other data may be used for analysis purposes. However, you can use our website without a need to provide personal information.
Technologies on our website
Cookies and Local Storage
Cookies are small packages of data that are exchanged between your browser and our web server whenever you visit our website. They do not cause any damage and are used solely to recognise website visitors. Cookies can only store information provided by your browser, e.g. information that you have entered into your browser or that is available on the website. Cookies cannot execute code and cannot be used to access your terminal device.
The next time you access our website using the same device, the information stored in the cookies can then either be sent back to us (“first-party cookie”) or to a web application of third party to whom the cookie belongs (“third-party cookie”). The information that is stored and sent back allows each web application to recognise that you have already accessed and visited the website using the browser on your device.
Cookies contain the following information:
- Cookie name
- Name of the server from which the cookie originates
- Cookie ID number
- An expiry date, after which the cookie will be automatically deleted
We classify cookies in the following categories depending on their purpose and function:
- Technically necessary cookies, to ensure the technical operation and basic functions of our website. These types of cookies are used, for example, to maintain your settings while you navigate our website; or they can ensure that important information is retained throughout the session (e.g. login, shopping cart).
- Statistics cookies, to understand how visitors interact with our website by collecting and analysing information on an anonymous basis only. In this way we gain valuable insights to optimize both the website and our products and services.
- Marketing cookies, to provide targeted promotional and marketing activities for users on our website.
- Unclassified cookies are cookies that we are trying to classify together with individual cookie providers.
Depending on the storage period, we also divide cookies into session and persistent cookies. Session cookies store information that is used during your current browser session. These cookies are automatically deleted when the browser is closed. No information remains on your device. Persistent cookies store information between two visits to the website. Based on this information, you will be recognized as a returning visitor on your next visit and the website will react accordingly. The lifespan of a persistent cookie is determined by the provider of the cookie.
Please note that a general deactivation of cookies may lead to functional restrictions on our website.
On our website, we also use so-called local storage functions (also called “local data”). This means that data is stored locally in the cache of your browser, which continues to exist and can be read even after you close the browser – as long as you do not delete the cache or data is stored within the session storage.
Third parties cannot access the data stored in the local storage. If special plug-ins or tools use the local storage functions, you are informed within the description of the respective plug-in or tool.
If you do not wish plug-ins or tools to use local storage functions, you can control this in the settings of your respective browser. We would like to point out that this may result in functional restrictions.
Recipient country: USA
We use the functions of the web analytics service Google Analytics on our website to analyse user behaviour and to optimise our website. The provider of this service is Google Ireland Limited, Barrow Street, Dublin 4, Ireland (“Google”).
ATTENTION: Within the scope of this service, data transfer to the US takes place or cannot be ruled out. We would like to point out that, according to the European Court of Justice, there is currently no adequate level of data protection in the case of data transfer to the US and that there are therefore various risks (such as possible access by US secret services).
In general, information about your use of the website is transferred to a Google server and stored there, such as the type and version of browser you used, the operating system you used, the site you visited prior to accessing our site, the host name of the computer (IP address) you used to access the site, and the time of your server request. For this purpose, we have entered into a contract with Google for contractual processing of your data.
At our request, Google will use this information to analyse the use of our website, to create reports on the activities within our website and to render additional services related to the use of our website and of the internet. According to Google, the IP address submitted by your browser will not be added to other data held by Google.
We use Google Analytics only with IP anonymisation activated, which means we have expanded this website to include the code ‘anonymizeIP’. This ensures that your IP address is masked, so that all data is collected anonymously. Only under exceptional circumstances will a full IP address be transmitted to a Google server and truncated there.
During the website visit, the following data is collected:
- the pages you call up, your “click path”
- Achievement of “website goals” (conversions, e.g. newsletter registrations, downloads, purchases)
- Your user behavior (for example clicks, duration of stay, bounce rates)
- Your approximate location (region)
- Your IP address (in shortened form)
- technical information about your browser and the end devices you use (e.g. language settings, screen resolution)
- Your internet provider
- the referrer URL (via which website / via which advertising medium you came to our website)
The data about the use of our website is immediately deleted after expiration of the storage limits that we have set. Google Analytics gives us the following options for the storage limits: 14 months, 26 months, 38 months, 50 months or no automatic deletion. You can ask us any time for the current storage limit that we have set.
The processing of your data using Google Analytics is subject to your explicit consent in the sense of Art 6 paragraph 1 lit. a of the GDPR. You can revoke your consent at any time with effect for the future.
You can also block the collection of data by downloading and installing the browser plugin available through the link below: http://tools.google.com/dlpage/gaoptout
You can find out exactly where Google data centres are located here: https://www.google.com/about/datacenters/inside/locations/
The data processing terms and conditions for Google products and the standard contractual clauses for data transfers to third countries can be found at https://business.safety.google/adsprocessorterms/
Google Tag Manager
We use the service Google Tag Manager on our website. This service is provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (“Google”).
ATTENTION: Within the scope of this service, data is transferred to the US or such transfer cannot be ruled out. We would like to point out that, in the opinion of the European Court of Justice, there is currently no adequate level of data protection in the case of data transfer to the USA and that there are therefore various risks (such as possible access by US secret services).
When the Tag Manager is started, your browser establishes a connection to Google’s servers, which are mainly situated in the US. This informs Google that our website has been accessed via your IP address. You can find out exactly where Google data centers are located here: https://www.google.com/about/datacenters/inside/locations/
Google Tag Manager is used to manage website tags via an interface. This enables us to embed code snippets such as tracking codes or conversion pixels into our website without interfering with the source code. In this process, Tag Manager data is only transferred, it is neither collected nor stored. The Tag Manager itself is a cookie-less domain and does not process any personal data, because it is used solely to manage other services used on our website based on our legitimate interest according to Art 6 paragraph 1 lit f GDPR. The Tag Manager triggers other tags which in turn collect data under specific circumstances. However, the Tag Manager has no access to this data. If you have chosen to deactivate cookies on our site in general or to deactivate specific cookies, this will remain in effect for all tracking tags that are implemented using the Tag Manager.
For more information about data protection, refer to the following Google websites:
FAQ Google Tag Manager: https://www.google.com/intl/de/tagmanager/faq.html
Use Policy Google Tag Manager: https://marketingplatform.google.com/intl/de/about/analytics/tag-manager/use-policy/
Google Ads Data Processing Terms including standard contractual clauses for third country transfers: https://business.safety.google/adsprocessorterms/
In the process of hosting our website, we store all data related to the operation of our website. This is necessary for enabling operation of our website. Therefore, we process this data on the legal grounds of our legitimate interest in optimising our website as described under Art. 6 paragraph 1 lit. f of the GDPR. To provide access to our website, we use the services of web hosting providers, to whom we supply the aforementioned data within the context of contractual processing in accordance with art. 28 of the GDPR.
Whenever you contact us, your information is used to process and handle your contact request in the course of fulfilling pre-contractual rights and obligations in accordance with Art. 6 paragraph 1 lit. b of the GDPR. To handle and answer your request it is necessary for us to process your data; otherwise we are unable to answer your request or only able to partially answer it. Your information can be stored in a database of customers and leads on the grounds of our legitimate interest in direct marketing as described in Art. 6 paragraph 1 lit. f of the GDPR.
We delete your request and contact information when your request has been definitively answered and there is no legally required time limit for storing this data prior to deletion (e.g. pursuant to a subsequent contractual relationship). This is usually the case when there is no further contact with you for three years in a row.
Server Log Files
For technical reasons, particularly to ensure a functioning and secure website, we process the technically necessary data about accesses to our website in so-called server log files which your browser automatically sends to us.
The access data we process includes:
- The name of the website you are accessing
- The browser type (including version) you use
- The operating system you use
- The site you visited before accessing our site (referrer URL)
- The time of your server request
- The amount of data transferred
- The host name of computer (IP address) you are using to access the site
This data cannot be traced back to any natural person and is used solely to perform statistical analyses and to operate and improve our website while also optimising our site and keeping it secure. This data is sent exclusively to our website operator. The data is neither connected nor aggregated with other data sources. In case of suspicion of unlawful use of our website, we reserve the right to examine the data retroactively. This data processing takes place on the legal grounds of our legitimate interest in maintaining a technically fault-free and optimal website, as described under Art. 6 paragraph 1 lit. f of the GDPR.
The access data is deleted within a short period of time after serving its purpose (usually within a few days) unless further storage is required for evidence purposes. In such cases, the data is stored until the incident is definitively resolved.
General information on data protection
The following provisions in its principles apply not only to the data collection on our website, but also in general to other processing of personal data.
Personal data is information that can be assigned to you individually. Examples include your address, your name as well as your postal address, email address or telephone number. Information such as the number of users who visit a website is not personal data because it is not assigned to a person.
Legal basis for the processing of personal data
- consent in accordance with Art. 6 paragraph 1 lit. a of the GDPR – The data subject has given his or her consent to the processing of his or her personal data for one or more specific purposes.
- Fulfillment of a contract and pre-contractual measures pursuant to Art. 6 paragraph 1 lit. b of the GDPR – Processing is necessary for the fulfillment of a contract to which the data subject is a party or for the implementation of pre-contractual measures.
- Legal obligation pursuant to Art. 6 paragraph 1 lit. c of the GDPR – Processing is necessary for the performance of a legal obligation.
- Protection of vital interests pursuant to Art. 6 paragraph 1 lit. d of the GDPR – Processing is necessary to protect the vital interests of the data subject or of another natural person.
- Reasonable interests pursuant to Art. 6 paragraph 1 lit. f of the GDPR – The processing is necessary to protect the legitimate interests of the controller or of a third party unless the interests or fundamental rights and freedoms of the data subject prevail.
Please note that in addition to the provisions of the GDPR, national data protection regulations may apply in your or our home country.
Transfer of personal data
- you have given your express consent in accordance with Art. 6 paragraph 1 lit. a of the GDPR,
- the transfer pursuant to Art. 6 paragraph 1 lit. f of the GDPR is necessary to safeguard reasonable interests, as well as to assert, exercise or defend legal claims and there is no reason to assume that you have a prevailing interest worthy of protection by not disclosing your data,
- there is a legal obligation to transfer the data in accordance with Art. 6 paragraph 1 lit. c of the GDPR, as well as this is legally permissible and / or
- it is required according to Art. 6 paragraph 1 lit. b of the GDPR for the processing of contractual relationships with you.
Cooperation with processors
We carefully select our service providers who process personal data on our behalf. If we commission third parties to process personal data on the basis of a data processing agreement, this is done in accordance with Art. 28 of the GDPR.
Transfer to third countries
If we process data to a third country or if this is done in the context of using the services of third parties or disclosure or transfer of data to other persons or companies, this is only done on the legal basis described above for the transfer of data.
Subject to express consent or contractual necessity, we process or allow data to be processed only in third countries in accordance with Art. 44 – 49 of the GDPR with a recognized level of data protection or on the basis of special guarantees, such as contractual obligations through so-called standard contractual clauses of the EU Commission, the existence of certifications or binding corporate rules.
Data transfer to the US / Discontinuation of the Privacy Shield
We would like to expressly point out that as of July 16, 2020, due to a legal dispute between a private individual and the Irish supervisory authority, the so-called “Privacy-Shield”, an adequacy decision of the EU Commission according to Art 45 GDPR, which confirmed an adequate level of data protection for the US under certain circumstances, is no longer valid with immediate effect.
The Privacy Shield therefore no longer constitutes a valid legal basis for the transfer of personal data to the United States!
What can the transfer of personal data to the US mean for you as a user and what risks are involved?
Risks for you as a user are at any rate the powers of the US secret services and the legal situation in the US, which, in the opinion of the European Court of Justice, no longer ensure an adequate level of data protection. Among other things, this concerns the following points:
- Section 702 of the Foreign Intelligence Surveillance Act (FISA) does not provide for any restrictions on the surveillance measures of the secret services or guarantees for non-US citizens.
- Presidential Policy Directive 28 (PPD-28) does not provide effective remedies for those affected against actions by U.S. authorities and does not provide barriers to ensuring proportionate measures.
- The ombudsman provided for in the Privacy Shield does not have sufficient independence from the executive; he cannot issue binding orders to the U.S. secret services.
Legally compliant transfer of data to the US on the basis of standard contractual clauses?
The standard contractual clauses adopted by the Commission in 2010 (2010/87/EU of 05.02.2010), Art. 46 paragraph 2 lit. c GDPR, are still valid, but a level of protection for personal data must be ensured which is equivalent to the level in the European Union. Therefore, not only the contractual relationships with our service providers are relevant, but also the possibility of access to the data by U.S. authorities and the legal system of the U.S. (legislation and jurisdiction, administrative practice of authorities).
The standard contractual clauses cannot bind authorities in the US and therefore do not yet provide adequate protection in cases in which the authorities are authorized under the law in the US to intervene in the rights of the data subjects without additional measures by us and our service provider.
Legally compliant transfer of data to the US on the basis of your consent?
It is currently controversial whether informed consent and thus a deliberate and knowingly restriction of parts of your basic right to data protection is legally possible at all.
What measures do we take to ensure that a data transfer to the US complies with the law?
Insofar as US providers offer the option, we choose to process data on EU servers. This should technically ensure that the data is located within the European Union and cannot be accessed by US authorities.
Furthermore, we carefully examine European alternatives to US tools used. However, this is a process that does not happen overnight, as it also involves technical and economic consequences for us. Only if the use of European tools and / or the immediate switch off of the US tools is impossible for us for technical and / or economic reasons, US service providers are currently still used.
For the further use of US tools we take the following measures:
As far as possible, your consent will be asked for before using a US tool and you will be informed in advance in a transparent manner about the functioning of a service. The risks involved in transferring data to the USA can be found in this section.
We make every effort to conclude standard contract clauses with US service providers and to demand additional guarantees. In particular, we require the use of technologies that do not allow access to data, e.g. the use of encryption that cannot be broken even by US services or anonymization or pseudonymization of data, where only the service provider can make the assignment to a person. At the same time, we require additional information from the service provider if data is actually accessed by third parties or the service provider exhausts all legal remedies until access to data is granted at all.
Storage periods in general
If no explicit storage period is specified during the collection of data (e.g. in the context of a declaration of consent), we are obliged to delete personal data in accordance with Art. 5 paragraph 1 lit. e of the GDPR as soon as the purpose for processing has been fulfilled. In this context, we would like to point out that legal storage obligations represent a legitimate purpose for the further processing of affected personal data.
Personal data will be stored and retained by us in principle until the termination of a business relationship or until the expiry of any applicable guarantee, warranty or limitation periods, in addition, until the end of any legal disputes in which the data is required as evidence, or in any event until the expiry of the third year following the last contact with a business partner.
Storage periods in particular
Rights of data subjects
- (i) in accordance with Art. 15 of the GDPR, to request information about your personal data processed by us. In particular, you may request information on the purposes of processing, the category of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned duration of storage, the existence of a right of rectification, deletion, restriction of processing or opposition, the existence of a right of appeal, the origin of your data, if not collected by us, as well as the existence of automated decision making including profiling and, where applicable, meaningful information on the details thereof;
- (ii) in accordance with Art. 16 of the GDPR, to demand without delay the correction of incorrect or incomplete personal data stored by us;
- (iii) in accordance with Art. 17 of the GDPR, under specific circumstances to demand the deletion of your personal data stored with us, unless the processing is necessary to exercise the right to freedom of expression and information, to fulfill a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- (iv) in accordance with Art. 18 of the GDPR, to demand the (temporary) restriction of the processing of your personal data, insofar as the accuracy of the data is disputed by you, the processing is unlawful, but you refuse to delete it and we no longer require the data, but you require it for the assertion, exercise or defense of legal claims or you have lodged an objection to the processing in accordance with Art. 21 of the GDPR;
- (v) in accordance with Art. 20 of the GDPR, to receive your personal data that you have provided to us in a structured, common and machine-readable format or to request that it be transferred to another controller; However, this only covers those of your personal data that we process with the help of automated processes after your consent or on the basis of a contract with you;
- (vi) in accordance with Art. 21 of the GDPR, if your personal data are processed on the basis of our legitimate interest, to object to the processing of your personal data for reasons arising from your specific situation or if the objection is directed against direct advertising. In the latter case, you have a general right of objection, which we will implement without indicating a specific situation.
- (viii) in accordance with Art. 77 of the GDPR to complain to a data protection authority regarding the illegal processing of your data by us. As a rule, you can contact the data protection authority at your usual place of residence or workplace or at the headquarters of our company.
Assertion of rights of data subjects
You yourself decide on the use of your personal data. Should you therefore wish to exercise one of your above-mentioned rights towards us, you are welcome to contact us by email at email@example.com or by post, as well as by telephone.
Please assist us in specifying your request by answering questions from our responsible employees regarding the specific processing of your personal data. If there are reasonable doubts about your identity, we may request a copy of your identification.