Privacy Policy
The German version of this privacy policy remains legally authoritative. See the German master at Datenschutzerklärung. The English text below restates the same content for international readers without modifying any of the legal substance.
1. Personal data
We, Tonninger Schermaier & Partner Rechtsanwälte GbR, 1040 Vienna, Rilkeplatz 8, collect, process and use your personal data only with your consent, on the basis of an engagement or order, for the purposes agreed with you, or where another legal basis under the GDPR applies — in each case in compliance with data-protection and civil law.
We collect only such personal data as is required to carry out and handle our legal services or that you have provided to us voluntarily.
Personal data are any information relating to identified or identifiable individuals in their personal or factual circumstances, for example name, address, email address, telephone number, date of birth, age, gender, social-security number, video recordings, photographs, voice recordings as well as biometric data such as fingerprints. Sensitive data such as health data or data in connection with criminal proceedings may also be included.
2. Right of access and deletion
As a client or, more generally, as a data subject, you have the right at any time — subject to attorneys' duty of confidentiality — to information about your stored personal data, their origin and recipients and the purpose of the data processing, as well as a right of rectification, data portability, objection, restriction of processing and blocking or deletion of inaccurate or unlawfully processed data.
Should any changes to your personal data occur, please let us know.
You have the right to withdraw a consent given for the use of your personal data at any time. Your request for access, deletion, rectification, objection and/or data portability — the latter only insofar as it does not cause a disproportionate effort — can be addressed to the firm's address listed in section 14 of this policy.
If you consider that the processing of your personal data by us infringes the applicable data-protection law or otherwise violates your data-protection rights, you may lodge a complaint with the competent supervisory authority. In Austria this is the Austrian Data Protection Authority (Datenschutzbehörde).
3. Data security
The protection of your personal data is ensured by appropriate organisational and technical measures. These measures address in particular protection against unauthorised, unlawful or accidental access, processing, loss, use and manipulation. Notwithstanding our efforts to maintain an appropriately high standard of care, it cannot be ruled out that information you provide to us via the Internet may be viewed and used by others.
Please note, therefore, that we accept no liability of any kind for the disclosure of information due to data-transmission errors not caused by us and/or unauthorised access by third parties (e.g. hacking attacks on an email account or telephone, interception of faxes).
4. Use of the data
We will not process the data provided to us for any purposes other than those covered by the engagement, your consent, or otherwise by a provision of the GDPR. Use for statistical purposes is excluded from this restriction provided that the data have been anonymised.
5. Transfer of data to third parties
In order to fulfil your engagement it may be necessary to transfer your data to third parties (e.g. opposing parties, substitute attorneys, insurers, service providers we engage and to whom we provide data, etc.), courts or authorities. Such a transfer takes place exclusively on the basis of the GDPR, in particular to perform your engagement or on the basis of your prior consent.
We further inform you that, in the course of our legal representation and support, factual and case-related information about you is regularly also obtained from third parties.
Some of the above-mentioned recipients of your personal data are located outside your country or process your personal data there. The level of data protection in other countries may not correspond to that of Austria. We transfer your personal data, however, only to countries for which the EU Commission has decided that they have an adequate level of data protection, or we take measures to ensure that all recipients have an adequate level of data protection — for which purpose we conclude standard contractual clauses (2010/87/EC and/or 2004/915/EC).
6. Notification of data breaches
We strive to ensure that data breaches are detected early and, where applicable, reported promptly to you and/or the competent supervisory authority, including the categories of data concerned.
7. Retention of data
We will not retain data longer than necessary to fulfil our contractual and statutory obligations and to defend against potential liability claims.
8. Cookies
Our website www.ts.at uses “cookies” to make our service more user-friendly, more effective and safer.
A “cookie” is a small text file that our web server sends to your browser's cookie file on your computer's hard disk. This enables our website to recognise you as a user when a connection is established between our web server and your browser. Cookies help us determine the frequency of use and the number of users of our pages. The content of the cookies we use is limited to an identification number that no longer permits any reference to a person. The main purpose of a cookie is to recognise visitors to the website.
Two types of cookies are used on our website:
- Session cookies: These are temporary cookies that remain in your browser's cookie file until you leave our website, and are automatically deleted when your visit ends.
- Persistent cookies: For better usability, cookies remain stored on your device and allow us to recognise your browser on your next visit.
You can configure your browser to inform you about the setting of cookies and to allow cookies only in individual cases, to exclude the acceptance of cookies for specific cases or generally, and to activate the automatic deletion of cookies when the browser is closed. Deactivating cookies may limit the functionality of our website.
9. Cookie banner and consent management
When you first visit our website, a cookie banner opens in which you can control the use of cookies and similar technologies on a granular basis. We distinguish three categories:
- Strictly necessary (cannot be opted out): cookies for the technical operation of the website — e.g. for session, language selection and secure transmission. The legal basis is Art 6(1)(f) GDPR (legitimate interest in the functioning of the website).
- Reach measurement (optional): anonymised analysis of website use via Google Analytics. The legal basis is Art 6(1)(a) GDPR (consent).
- Marketing & ad tracking (optional): conversion tracking for our Google Ads campaigns — see section 10. The legal basis is Art 6(1)(a) GDPR (consent); when enabled, personal data may be transmitted to the United States.
You can enable or disable individual categories (“Confirm selection”), accept all categories at once (“Accept all (incl. US providers)”), or reject everything except the strictly necessary cookies (“Reject all (except strictly necessary)”). Your selection is stored in your browser's local storage under the key “tsp-consent” for twelve months; after that period the banner appears again.
You can withdraw your consent or change your selection at any time by clicking the “Cookie settings” link in the footer. Withdrawal is effective for the future; the lawfulness of processing carried out before withdrawal is not affected.
Cookie overview
Below is a list of the cookies we or our third-party providers may set with your consent:
Strictly necessary (always active)
| Name | Duration | Purpose |
|---|---|---|
tsp-consent | 12 months | Stores your cookie selection in your browser's local storage. |
Reach measurement (consent required)
| Name | Duration | Purpose |
|---|---|---|
_ga | 2 years | Google Analytics — anonymous visitor ID to distinguish returning users. |
_ga_* | 2 years | Google Analytics 4 — session state and engagement. |
_gid | 24 hours | Google Analytics — user re-recognition within a single day. |
Marketing & ad tracking (consent required)
| Name | Duration | Purpose |
|---|---|---|
_gcl_au | 3 months | Google Ads — conversion linker to attribute clicks from Google ads. |
IDE | 1 year | Google DoubleClick — advertising ID for measuring ad effectiveness. |
10. Use of Google services (Google Ads, Google Analytics and Google Tag Manager)
Our website uses the advertising and web-analysis services Google Ads, Google Analytics and Google Tag Manager operated by Google Ireland Limited (Gordon House, Barrow Street, Dublin 4, Ireland). These services use cookies to store information about your use of our website (including your IP address, location, time and frequency of your visits to our website) together with your upstream and downstream behaviour on the Internet.
Because Google Ireland Limited is a subsidiary of the US-based Google Inc., headquartered in Delaware, we cannot exclude that personal data are processed in the United States via cookies set in the course of using the Google services.
In this regard we point out that the Court of Justice of the European Union (CJEU) has not certified the United States as providing an adequate level of data protection. There is therefore in particular a risk that your data may be subject to access by US authorities for control and surveillance purposes, without effective legal remedies being available.
The use of the Google services and the related cookies on our website accordingly requires your consent (which you may withdraw at any time with effect for the future); the legal basis for this data processing is Art 6(1)(a) GDPR.
11. Lead forms on our landing pages (Web3Forms)
If you visit our website via a landing page — e.g. reached through a Google Ads advertisement — you have the option of contacting us with your personal data to receive a free call-back. Your telephone number is required; you can optionally also provide your name and a short description of your matter.
The technical transmission of this form data takes place via the service “Web3Forms” (ND Software, web3forms.com, India). Web3Forms forwards the form data as an email to our firm's address and does not store it permanently. A data-processing agreement (Art 28 GDPR) is in place between us and Web3Forms; the data transfer to a third country (India) is secured by EU standard contractual clauses pursuant to Art 46(2)(c) GDPR.
The legal basis for this data processing is Art 6(1)(b) GDPR (initiation of an attorney-client relationship) as well as Art 6(1)(f) GDPR (legitimate interest in client communication). The retention period follows the retention periods applicable to attorneys.
12. Hosting (Cloudflare Pages)
Our website is delivered via Cloudflare Pages (Cloudflare, Inc., 101 Townsend St, San Francisco, CA, USA). Cloudflare processes connection data, in particular IP addresses and HTTP headers, in the course of its CDN and DDoS-protection services to deliver the website and defend against attacks. A data-processing agreement (Art 28 GDPR) is in place with Cloudflare; for the transfer to the United States the EU standard contractual clauses and the EU–US Data Privacy Framework apply. The legal basis is Art 6(1)(f) GDPR (legitimate interest in the secure technical operation of the website).
13. Server log files
To optimise our website regarding system performance, usability and the provision of useful information about our services, the website's provider automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These include your Internet Protocol address (IP address), browser and language settings, operating system, referrer URL, your Internet service provider and date/time.
These data are not consolidated with personal data sources. We reserve the right to review these data retrospectively if we become aware of specific indications of unlawful use.
14. Controllers
The protection of your data is particularly important to us. You can reach us at any time at the contact details below for your questions or your withdrawal.
Tonninger Schermaier & Partner Rechtsanwälte GbR
1040 Vienna, Rilkeplatz 8
Telephone: +43/1/218 44 40
Email: office@ts.at
Dr. Bernhard Tonninger
Dr. Stefan Schermaier
Mag. Clemens Schmied
Mag. Dr. Markus Albrecht
Mag. Jan Gross