Privacy policy

Provision of information for the website https://evahammertinger.com/ (‘website’) in accordance with Article 13 of the EU General Data Protection Regulation (‘GDPR’) concerning data processing operations in connection with access to and use of the website.

Thank you for your interest in our website. The protection of your personal data is very important to us. We therefore process your data exclusively on the basis of the legal requirements of the GDPR in conjunction with the Austrian Data Protection Act (DSG), the Austrian Telecommunications Act 2021 (TKG) and other relevant legal provisions.

With certain exceptions, data protection regulations apply to the processing of personal data. For the scope of this privacy policy, reference is made to the definition of terms in the GDPR. Thus, the ‘processing’ of personal data essentially encompasses any handling of such data. Insofar as the data processed by us can be related to individuals and make you identifiable as a person, it is generally personal data, which means that you are considered a data subject within the meaning of Art. 4(1) GDPR.

You are not obliged to provide data. Data processed automatically when accessing the website is not personal data or is only stored for very short periods (see in particular point 2.1).

1. Information about the data controller

1.1 Responsible for processing user data and contact details

 

Responsible party pursuant to Art. 26 GDPR (‘we’): Contact:
Together Telephone: +43 1 226 44 22
Mobile: +43 676 37 33 946
Fax: +43 1 226 44 22 10
Eva Hammertinger Rechtsanwalts GmbH,
Freyung 6/12/3-4, AT-1010 Vienna, Austria		 Email: office@evahammertinger.legal
Eva Hammertinger Real Estate & Consulting GmbH E-Mail: consulting@evahammertinger.com

1.1 Information on joint responsibility pursuant to Article 26 GDPR

We collect your personal data in connection with your use of the website to the extent described below. As the website is a joint offering by the companies listed in section 1.1, it is necessary for administrative and processing purposes in this context that your personal data collected via the website be processed by both controllers. This corresponds to a joint responsibility of the aforementioned companies within the meaning of Article 26 GDPR.

Eva Hammertinger Rechtsanwalts GmbH acts as the primary contact for questions or concerns regarding legal advice; Eva Hammertinger Real Estate & Consulting GmbH, on the other hand, acts as the primary contact for questions or concerns regarding management consulting. With regard to the specific data processing carried out via our website, you are welcome to contact any of the above-mentioned responsible parties (e.g. for questions, concerns, exercising data subject rights, etc.). The information required under Article 13 of the GDPR is provided in full in this privacy policy.

Your data will be processed by both controllers to the extent specified below using uniform technical and organisational systems.

2. Data processing operations

2.1 Verarbeitung von Zugriffsdaten beim Websiteaufruf

  • Type and scope of data processing: You can visit our website without having to provide any personal information. When you visit our website, only general access data is stored automatically in so-called server log files. The following data in particular is processed: (i) name of the website visited; (ii) browser type/version used; (iii) operating system used by the user; (iv) previously visited website (referrer URL); (v) time of server request; (vi) amount of data transferred; (vii) host name of the accessing computer (abbreviated IP address used). This information does not allow us to draw any conclusions about your person; however, IP addresses are considered personal data within the meaning of the GDPR.
  • Legal basis and purpose: The purpose of this data processing is to establish and maintain the technical security of our website, to improve its quality and to generate statistical information. Processing is based on our legitimate interest (Art. 6(1)(f) GDPR), which consists of achieving the aforementioned purposes.
  • Storage period: Server log files are generally deleted automatically within fourteen (14) days, provided that they are no longer required for the purpose for which they were collected in individual cases.

2.2 Establishing contact

  • Type and scope of data processing: When you contact us via one of the contact options listed in this privacy policy or on our website, the information you provide will be processed for the purpose of handling your contact request and processing it. The processing of your data is necessary for handling and responding to your request, as we would otherwise have no way of contacting you.
  • Legal basis and purpose: The purpose of this data processing is to enable us to communicate with users of the website. We respond to your enquiries on the basis of our legitimate interest (Art. 6(1)(f) GDPR) in a functioning contact system as a prerequisite for the provision of any services. In the case of recurring contact enquiries or the establishment of a client relationship (see point 2.3), your data may also be processed for other purposes, about which you will be informed separately if necessary.
  • Storage period: We will delete your enquiry(ies) and your contact details once your enquiry has been conclusively answered. Your data will generally be stored for six (6) months and deleted after this period has expired, unless you send us any follow-up enquiries or we need to process the data for other purposes.

2.3 Establishment of a mandate relationship

  • Type and scope of data processing: If you contact us to make use of our legal or business consulting services, we will provide you with the relevant information regarding the processing of personal data within the framework of a client relationship separately, if necessary. In general, it may also be necessary for us to process personal data of third parties in the course of providing our services in connection with a client relationship; we will determine the relevant data protection requirements on a case-by-case basis and provide the relevant information where necessary.

However, restrictions on the general right to provide information under data protection law may arise due to the solicitor’s right to confidentiality in order to ensure the protection of a party or the rights and freedoms of other persons (cf. Section 9(4) of the Solicitors’ Regulations).

  • Legal basis and purpose: We process data within the scope of a client relationship primarily for the purpose of fulfilling the client agreement concluded in this regard (Art. 6(1)(b) GDPR) and for the purpose of fulfilling our associated legal obligations (Art. 6(1)(c) GDPR). Any necessary processing of third-party personal data in this context is usually based on the pursuit of legitimate interests of us or our clients following a corresponding balancing of interests (Art. 6(1)(f) GDPR).
  • Storage period: We will provide further information on the storage period in connection with client relationships separately when necessary.

3. Cookies and other storage technologies

3.1 Cookies

Our website uses cookies if you give us your consent in accordance with Art. 6(1)(a) GDPR (you can revoke your consent to the use of cookies at any time [see ‘Right of revocation’ under point 8]); If you refuse to give your consent, we will limit the use of cookies to those that are technically necessary to maintain the functionality of our website (see below) and which we use on the basis of our legitimate interest in this regard (Article 6(1)(f) GDPR), insofar as this involves the processing of personal data.

Cookies are small data files that are managed and stored on your device by your browser. They are initially placed by a web server and sent back to it as soon as a new connection is established in order to recognise the user and their settings. Your device is assigned a specific identity consisting of numbers and letters.

Cookies can serve various purposes and, for example, help to maintain the functionality of a website in terms of features and user experience in line with the latest technology. The actual content of a specific cookie is always determined by the website that created it.

Cookies always contain the following information:

  • Name of the cookie;
  • Name of the server from which the cookie originates;
  • ID number of the cookie;
  • an end date, after which the cookie is automatically deleted.

Cookies can be classified according to their type and purpose as follows:

  • Technically necessary cookies: Technically necessary (also: essential) cookies help to make a website usable by enabling basic functions such as page navigation and access to secure areas of the website. Without these cookies, a website may often not function properly. Technically necessary cookies are always first-party cookies. These cookies can only be deactivated in your browser settings by rejecting all cookies without exception (see below) and are also used on our website in a legally permissible manner without obtaining consent.
  • Preference cookies: Preference cookies allow a website to remember information that affects the way a website behaves or looks, such as your preferred language or the region you are in.
  • Statistics cookies: Statistics cookies help website operators understand how visitors interact with websites by collecting and evaluating information anonymously. Such cookies are therefore used to collect information about user behaviour. The following information may be stored, for example: subpages visited (duration and frequency); order of pages visited; search terms used that led to a visit to our website; mouse movements (scrolling and clicks); country and region of access. Cookies enable us to determine what the user is interested in and thus adapt the content and functionality of our website to individual user needs.
  • Tracking cookies: Tracking cookies are used to track visitors to websites. The intention is to display advertisements that are relevant and appealing to the individual user and therefore more valuable to publishers and third-party advertisers. This is made possible by analysing your usage behaviour, which allows for the personalisation of advertising based on the interests identified.
  • Social media content: These cookies originate from video or social media platforms and are necessary to retrieve content from the respective platform that is integrated into a website. They may be used by the respective third-party provider for certain analysis and tracking purposes.

Depending on the storage period, a distinction is also made between:

  • Session cookies: These cookies are deleted without your intervention as soon as you end your current browser session.
  • Persistent cookies: These cookies (e.g. for storing your language settings) remain stored on your device until a predefined expiry date or until you manually delete them.

Depending on the subject of attribution, a further distinction can be made as follows:

  • First-party cookies: These cookies are used by us and set directly by our website. They are generally not made accessible across domains by browsers, which means that the user can only be recognised by the site from which the cookie originates.
  • Third-party cookies: These cookies (also known as third-party cookies) are not set by us, but by third parties, in particular for advertising purposes (e.g. to track surfing behaviour) when you visit our website. This includes, for example, information about various page views and their frequency.

Most browsers automatically accept cookies. However, you have the option of adjusting your browser settings so that cookies are either generally rejected or only certain types are allowed (e.g. restriction of rejection to third-party cookies). If you change your browser’s cookie settings, however, you may no longer be able to use our website to its full extent. You can also use your browser settings to delete all cookies already stored on your device. This also constitutes a revocation of your consent.

3.2 Local Storage; Session Storage

If you give us your consent within the meaning of Art. 6 (1) (a) GDPR, we will use the storage capacity of your browser software, for example, to improve the usability of our website, its user-friendliness and our offering in general (e.g. to save your language settings). For this purpose, we use local storage or session storage to store certain data on your device, whereby your browser creates local storage or session storage separately for different domains. Apart from yourself, only we can access the data processed in this context. Insofar as this is technically necessary to maintain the functionality of our website, certain information may also be stored in your browser’s local storage or session storage without your consent. Uninvolved third parties have no access to this information under any circumstances; however, it may be stored on your device by our partners (third-party providers) on our behalf for specific purposes. Unlike cookies, this method is faster and more secure, as data is not automatically transferred to the respective server with every HTTP request, but is only stored by your browser software; in addition, local storage or session storage offers up to 5 megabytes of storage space, while a single cookie can only contain a maximum of 4096 bytes.

Since the functionalities are similar to cookies, the information provided in section 3.1 applies accordingly. Please note that information in local storage does not have an expiry date (it is comparable to persistent cookies). Information in session storage, on the other hand, is only stored for the duration of the respective browser session (it is comparable to session cookies).

Manually removing data from local storage or session storage works in the same way as manually removing cookies in most browser settings, as cookies are usually grouped together with other website data within this option (e.g. ‘cookies and other website data’); in this respect, please refer to the explanations under point 3.1. If the browser software you use combines cookies and other website data in this sense, blocking cookies will also block access to local storage or session storage (which may also lead to restrictions on the use of our website). If you deactivate JavaScript, we will also no longer be able to use local storage or session storage, but this can generally lead to considerable restrictions on use.

3.3 Truendo – Cookie-Management-Tool

In order to obtain consent for the use of cookies and third-party services on our website in accordance with data protection regulations, we use the consent tool provided by TRUENDO Technologies GmbH, Leonard-Bernstein-Straße 10, 1220 Vienna, Austria (‘TRUENDO’). For more information about this company, please visit www.truendo.com.

The consent tool records and stores the decision of each user of our website regarding the use of cookies. This ensures that cookies and social media content that are not technically necessary are only permitted once the user has given their express consent to their use.

The extent to which the user has confirmed the use of cookies is stored; this decision can be revoked at any time. Revocation is done by calling up the cookie settings at the bottom left of the website and adjusting the settings there.

Cookies set up to that point will be deleted after any revocation. A cookie is also set or local/session storage is accessed to store the user’s consent status. When the service is accessed, the IP address of the respective user is sent to TRUENDO’s servers, but is not stored or linked to other data. The use of the service is based on our legitimate interest in the legally compliant design of our website in accordance with Art. 6 (1) lit. f GDPR. In this context, TRUENDO acts as our processor within the meaning of Art. 28 GDPR.

Further information can be found in TRUENDO’s privacy policy at
https://www.truendo.com/privacy.

4. Links to third-party sites

We use links to third-party websites on our website. These are primarily links to our social media pages (e.g. Facebook). If you click on one of these links, you will be redirected directly to the respective page. The website operators can only see that you have accessed their site via our website. Accordingly, we generally refer to the separate privacy policies of these websites. For more information about how we process your data in connection with our social media pages, see section 6.

5. Integration of YouTube videos

We embed videos from the platform https://www.youtube.com, a service provided by Google Ireland Limited, Gordon House, 4 Barrow Street, Dublin, Ireland (‘Google Ireland’), on our website. The embedding is done using inline frames.

Since Google Ireland uses cookies and local/session storage for data collection and statistical data analysis as part of this integration, the display of these videos on our website is disabled by default. In order for us to display such a video, we require your prior consent within the meaning of Art. 6 (1) (a) GDPR for the use of third-party cookies and the associated data processing. To do this, you can manually select the use of cookies for YouTube when you visit the website using our cookie management tool (see section 3.3) or click directly on the ‘Allow’ button for a specific video after reading the information provided. Only after activating this function in one of the ways described will the videos be loaded on our website and Google Ireland be able to process data about the visit via cookies.

Google Ireland uses the information collected by cookies under its own responsibility to generate accurate video statistics, prevent fraud and improve user-friendliness. The cookie information, other statistical data and your IP address are transmitted to a Google server and stored there. However, the IP address is truncated beforehand. Direct assignment is possible if you are logged into your Google account while watching the video or, after giving your consent, when you visit a page that contains such a video. Therefore, please log out of your account before allowing us to display the videos or visiting the respective page.

We receive statistical evaluations from Google Ireland on the retrieval of individual videos embedded in the website without any reference to the respective user. Since the videos are only embedded in our website, but are transmitted directly via https://www.youtube.com, the terms of use and privacy policy of YouTube/Google apply. Please note the following link: https://policies.google.com/privacy?hl=de&gl=en.

Google Ireland endeavours to process data from users in the EEA in European data centres wherever possible. However, your data may be transferred to companies affiliated with Google Ireland, in particular to the parent company based in the USA, Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA-94043, USA. Any transfer of your data by Google Ireland to such sub-processors in third countries is based on the EU Commission’s standard data protection clauses within the meaning of Art. 46(2)(c) GDPR. An overview of all Google data centre locations can be found here: https://www.google.com/about/datacenters/inside/locations/?hl=de.

6. Social media presence

We maintain a presence on social networks for the purpose of promoting our business activities and advertising our offers. The processing of your data in this context is based on our legitimate interests pursuant to Art. 6(1)(f) GDPR, which consist of increasing our reach and providing social network users with additional information and communication channels. In order to best achieve these purposes, reach measurement (access statistics, recognition of returning users, etc.) may be carried out within the scope of the respective service provider’s offering.

When you access one of the online presences illustrated below, we process the general information that is visible in your profile with the respective provider, as well as any other inventory data, contact data or content data that you provide to us by interacting with our respective online presence and its content. We do not store this data separately outside of the respective social network.

Since we decide on the purposes and means of data processing that takes place within the scope of our respective online presence together with the respective provider (or the entity otherwise designated as responsible), joint responsibility within the meaning of Art. 26 GDPR applies in each case. In this context, the provider of the respective social network is the central contact for all general and technical questions relating to our online presence; This also applies to the fulfilment of data subject rights within the meaning of point 8. However, if enquiries concern the specific operation of our online presence, your interactions with it and the information published/collected on it, we are the primary point of contact; point 8 and the other provisions of this privacy policy apply mutatis mutandis.

6.1 Facebook

From a data protection perspective, the social network ‘Facebook’ is managed in the EEA by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland (‘Meta Ireland’). With regard to the operation of our Facebook fan page ‘Eva Hammertinger Legal & Strategy Consulting’ (https://www.facebook.com/medienanwaeltin), we are jointly responsible with Meta Ireland for the processing of your personal data within the meaning of Art. 26 GDPR.

Your data may also be transferred to companies affiliated with Meta Ireland, in particular Meta Platforms Inc, 1601 Willow Road, Menlo Park, California 94025, USA; any transfer of your data by Meta Ireland to such affiliated companies is based on standard data protection clauses of the EU Commission within the meaning of Art. 46(2)(c) GDPR.

Please note that we have no influence on the programming and design of the social network, but can only personalise and maintain our Facebook fan page within the scope of the options provided by Facebook. Therefore, please take into account the terms and conditions that the service provider imposes on the use of the social network (https://www.facebook.com/terms), the separately provided data protection information (https://www.facebook.com/policy.php) and the existing setting options in your Facebook account. We are, of course, fully responsible for the information we provide using the mechanisms provided by Facebook (posts, shares, etc.).

6.2 Instagram

The social network ‘Instagram’ is operated by Instagram Inc, 1601 Willow Road, Menlo Park, California 94025, USA, which is part of the Facebook group. Meta Ireland is responsible for data protection in the EEA (see section 6.1). With regard to the operation of our Instagram account ‘medienanwaeltin’ (https://www.instagram.com/medienanwaeltin/), we are jointly responsible with Meta Ireland for the processing of your personal data within this framework in accordance with Art. 26 GDPR.

Your data may also be transferred to companies affiliated with Meta Ireland, in particular Instagram Inc or Meta Platforms Inc, 1601 Willow Road, Menlo Park, California 94025, USA; any transfer of your data by Meta Ireland to such affiliated companies is based on standard data protection clauses of the EU Commission within the meaning of Art. 46(2)(c) GDPR.

Please note that we have no influence on the programming and design of the social network, but can only personalise and manage our Instagram account within the scope of the options provided by Instagram. Therefore, please take into account the terms and conditions that the service provider imposes on the use of the social network (https://help.instagram.com/581066165581870), the separately provided data protection information (https://help.instagram.com/519522125107875) and the existing setting options in your Instagram account. We are, of course, fully responsible for the information we provide using the mechanisms provided by Instagram (posts, stories, etc.).

6.3 Twitter

From a data protection perspective, the social network ‘Twitter’ is operated in the EEA by Twitter International Company, One Cumberland Place, Fenian Street, Dublin 2, D02 AX07 Ireland (‘Twitter International’). With regard to the operation of our Twitter account ‘Eva Hammertinger’ (https://twitter.com/evahammertinger), we are jointly responsible with Twitter International for the processing of your personal data within this framework in accordance with Art. 26 GDPR.

Your data may also be transferred to companies affiliated with Twitter International, in particular Twitter Inc, 1355 Market Street Suite, 900 San Francisco, California 94103, USA; any transfer of your data by Twitter International to such affiliated companies is based on standard data protection clauses of the EU Commission within the meaning of Art. 46 (2) (c) GDPR.

Please note that we have no influence on the programming and design of the social network, but can only personalise and manage our Twitter account within the scope of the options provided by Twitter. Therefore, please take into account the terms and conditions that the service provider imposes on the use of the social network (https://twitter.com/de/tos), the separately provided data protection information (https://twitter.com/de/privacy) and the existing setting options in your Twitter account. We are, of course, fully responsible for the information we provide using the mechanisms provided by Twitter (tweets, etc.).

7. Transfer of your data; recipients

In order to carry out the processing activities listed in this privacy policy, your personal data will be transferred to or disclosed to the following recipients:

Within our organisation, only those employees who absolutely need access to your data in order to fulfil their or our respective duties have access to it.

Furthermore, (external) processors commissioned by us will receive your data if they need it to perform their respective services (whereby access to personal data is sufficient). All processors are contractually obliged to process your data in strict compliance with the requirements of the GDPR and exclusively in accordance with our instructions.

Within the scope of our website, the following processors employed by us may have access to your data:

  • the provider of our cookie management tool, TRUENDO Technologies GmbH, Leonard-Bernstein-Straße 10, 1220 Vienna, Austria (see section 3.3).

In addition, we transfer your data to independent controllers if this is necessary or if we are legally obliged to do so. In addition to the providers listed in section 5, this may include courts or authorities within the scope of their legal jurisdiction.

Joint responsibility within the meaning of Article 26 of the GDPR exists between the controllers identified in points 1.2 and 6.

8. Rights of the data subject

You have the following rights at any time with regard to your personal data processed by us, which can be exercised free of charge by notifying one of the contact options listed in section 1.1 (please note the relevant information in section 1.2) and will be answered as soon as possible, but in any case within one month one month (restrictions are possible in certain exceptional cases, such as when the rights of third parties are at risk):

  • Access to and further information about specific personal data processed (right of access, Art. 15 GDPR);
  • Correction of incomplete or incorrectly recorded or changed data (right to rectification, Art. 16 GDPR);
  • Correction of incomplete or incorrectly recorded or changed data (right to rectification, Art. 16 GDPR);
  • temporary restriction of processing under certain conditions (right to restriction, Art. 18 GDPR);
  • Revocation at any time of consent once given to the processing of your data; please note, however, that revocation does not render past processing activities based on the consent in question retroactively inadmissible – it only has effect for the future (right of revocation, Art. 7(3) GDPR);
  • Revocation at any time of consent once given to the processing of your data; please note, however, that revocation does not render past processing activities based on the consent in question retroactively inadmissible – it only has effect for the future (right of revocation, Art. 7(3) GDPR);
  • Transfer of your personal data, which we process for the performance of a contract with you, for the implementation of pre-contractual measures at your request or on the basis of your consent, to you or directly to another controller in a commonly used machine-readable format (right to data portability, Art. 20 GDPR);
  • Right to lodge a complaint about our processing of your personal data with a national supervisory authority; a complaint in Austria must comply with the requirements of Section 24 of the Data Protection Act and must be addressed to the Austrian Data Protection Authority, Barichgasse 40–42, 1030 Vienna, (e-mail) dsb@dsb.gv.at, (telephone) +43 1 52 152-0 (to simplify the process, the Austrian Data Protection Authority provides forms: https://www.dsb.gv.at/dokumente).