Privacy Policy (Website)
This privacy policy provides you with all the information that we, PHH Rechtsanwält:innen GmbH, are required to provide under Austrian and European data protection laws, in particular based on the General Data Protection Regulation ("GDPR"), when processing personal data through our website.
Controller and Contact Person
The controller within the meaning of the relevant data protection laws and the contact person for data protection matters is:
§ PHH Rechtsanwält:innen GmbH (hereinafter "PHH" or "we")
§ Address: Julius-Raab-Platz 4, 1010 Vienna
§ Contact person: Theresa Karall
§ Email: datenschutz@phh.at
YYou can contact us at the above address or by email.
Purposes of Data Processing
We process your personal data when you visit our website for the purposes listed under points 2.1 to 2.3. We collect the personal data required to fulfil the purposes either actively from you or automatically when you visit our website. There is no obligation to provide us with your personal data. However, if certain information is not provided, we may not be able to provide you with all of our services..
2.1 Providing and Optimizing of our Website
To ensure secure and user-friendly use and optimization of our website, we process the following data:
§ Login location
§ Device and browser information.
This is based on Article 6 para 1 lit f GDPR (protecting our legitimate interests). Our legitimate interest in processing the data mentioned above lies in ensuring the security of our website, system stability and error correction, optimization of website offerings as well as fraud prevention and user protection.
2.2 Analysis of User Behavior on our Website
If you have given your consent, we use features and cookies on our website provided by PostHog Inc., 2261 Market Street #4008, San Francisco, CA 94114, USA ("PostHog") to analyse and optimize user behaviour and the user-friendliness of the website. This involves the processing of personal data. The legal basis for this data processing is Article 6 para 1 lit a GDPR (consent). In this context, please note your right to withdraw your consent (see point 7.6).
Without your consent to analyse user behaviour, no data will be processed in this regard. We inform you about the related third-country data transfers under point 5. We provide information on cookies under point 3. More information on privacy at PostHog can be found at: https://posthog.com/privacy.
2.3 Marketing Activities (Advertising Optimization, User Source Attribution)
If you have given your consent, we use Google Analytics on our website, a web analysis service of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google Ireland"). The purpose for using Google Analytics is for marketing activities (advertising optimization, user source attribution). The use of Google Analytics involves the use of cookies and the processing of personal data. The legal basis for this data processing is Article 6 para 1 lit a GDPR (consent). In this context, please note your right to withdraw your consent (see point 7.6).
Without your consent to analyse user behaviour, no data will be processed in this regard. We inform you about the related third-country data transfers under point 5. We provide information on cookies under point 3. More information on privacy at Google can be found at: https://policies.google.com/privacy?hl=en.
2.4 Display of Content on our Website (YouTube)
We have included YouTube videos on our website to give you more information about our products and services. YouTube is a video portal provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google Ireland"). When embedding YouTube videos on our website, personal data may be processed. The processing of personal data in this regard is based on the legal ground of Article 6 para 1 lit a GDPR (consent). In this context, please note your right to withdraw your consent (see point 7.6). Without your consent, no data will be processed in this regard. YouTube videos will then neither be displayed nor played. We inform you about the related third-country data transfers under point 5. More information on privacy at on privacy at Google can be found at: https://policies.google.com/privacy?hl=en.
Cookies
Our website uses cookies. These are small text files that are stored on your device using the browser. Cookies can be stored for a certain duration or only during a session.
The processing of personal data when using cookies occurs on the following legal basis:
§ Technically necessary cookies are generally processed on the basis of an overriding legitimate interest according to Article 6 para 1 lit f GDPR. Our website currently does not use any technically necessary cookies.
§ Technically not necessary cookies are processed on the basis of your explicit consent according to Article 6 para 1 lit a GDPR / § 165 para 3 Telecommunications Act in the respective valid version ("TKG").
You have the right to withdraw your consent at any time or to restrict it to certain cookies. Withdrawing your consent does not affect the lawfulness of the processing carried out based on your consent before its withdrawal.
In this specific case, we use the following cookies:
| Cookie Name | Type of Cookie | Purpose | Duration |
|---|---|---|---|
| ph_phc_****_posthog | analytics | Keeps track of what you do on our site with PostHog | 2 years |
| _ga_**** | analytics | Google Analytics session tracker | 2 years |
| _ga | analytics | Helps Google Analytics follow your actions to improve your experience | 2 years |
Disclosure of your Personal Data
To fulfil the processing purposes specified above, it is necessary, among other things, to disclose your personal data to certain recipients. If listing specific recipients is not possible, the GDPR also permits us to specify categories of recipients. Data will be disclosed to the following recipients/categories of recipients:
§ IT service providers used by us (e.g. hosting providers, advertising providers)
When transferring personal data to the above-mentioned recipients, personal data may occasionally also be transferred to third countries (i.e. countries outside the EU/EEA). Under point 5, we therefore also inform you about the basis on which we are authorized to do so.
4.1 Website and Hosting Operator
The technical hosting of our website is operated by: Infinity Vertigo GmbH, Bergwald 43, 2812 Hollenthon. Server locations: Amazon Web Services (AWS), USA. We (PHH) are responsible for the content on our website. We have concluded the appropriate (data protection) agreements with our website and hosting operator.
Third Country Data Transfer
When using certain service providers, personal data may be transferred to third countries (i.e. countries outside the EU/EEA). Proof of the appropriate guarantees listed below is available on request (see contact details under point 1).
5.1 PostHog Inc.
When using the analysis tool provided by PostHog, personal data is transferred to and processed by PostHog. The legal basis for this international data transfer and processing is the adequacy decision "EU-U.S. Data Privacy Framework" according to Article 45 GDPR, concluded between the European Commission and the US. PostHog is certified under the EU-U.S. Data Privacy Framework and is listed on the so-called Data Privacy Framework List (https://www.dataprivacyframework.gov/list). In addition, standard contractual clauses have been concluded between our hosting operator (see point 4.1) and PostHog. More information on privacy at PostHog can be found at: https://posthog.com/privacy.
5.2 Google Analytics
When using Google Analytics provided by Google Ireland, personal data is transferred to Google Ireland and processed by Google Ireland. It cannot be excluded that data may also be transferred to third countries, including Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA. The legal basis for possible international data transfers and processing are adequacy decisions, concluded between the European Commission and the respective third country (e.g., the adequacy decision "EU-U.S. Data Privacy Framework", concluded between the European Commission and the USA), or standard contractual clauses concluded between the respective data processors. Google LLC is certified under the EU-U.S. Data Privacy Framework and is listed on the so-called Data Privacy Framework List (https://www.dataprivacyframework.gov/list). More information on privacy at Google can be found at: https://policies.google.com/privacy?hl=en.
5.3 Google Ireland Limited (YouTube)
When embedding YouTube videos on our website, personal data is transferred to and processed by Google Ireland. In the course of using YouTube, it cannot be excluded that data may be transferred to a third country, including Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA. The legal basis for possible international data transfers and processing are adequacy decisions, concluded between the European Commission and the respective third country (e.g., the adequacy decision "EU-U.S. Data Privacy Framework", concluded between the European Commission and the USA), or standard contractual clauses concluded between the respective data processors. Google LLC is certified under the EU-U.S. Data Privacy Framework and is listed on the so-called Data Privacy Framework List (https://www.dataprivacyframework.gov/list). More information on privacy at Google can be found at: https://policies.google.com/privacy?hl=en.
Data Storage
We store your data to the following extent:
§ Data collected to ensure secure and user-friendly use and to optimize our website: 1 year
§ Data collected to analyse user behaviour on our website: 1 year
§ Data collected as part of the use of Google Analytics: 14 months
Data Subject Rights
You have the right to information, rectification, erasure, restriction of processing, data portability, withdrawal of consent and the right to object to the processing of your data. If you wish to exercise one of these rights, you can contact us at any time using the contact details provided under point 1.
If you believe that the processing of your data violates data protection law or your data protection rights have otherwise been infringed in any way, you may also contact us anytime using the contact details provided under point 1 or lodge a complaint with the competent supervisory authority.
In Austria, this is the Data Protection Authority:
§ Austrian Data Protection Authority
§ Barichgasse 40-42, 1030 Vienna
§ Phone: +43 1 52 152-0
§ Email: dsb@dsb.gv.at
In detail, you have the following rights:
7.1 Right to Information
Upon request, we will provide information within the legally specified period about the data we hold about you. This information includes, among other things, the purpose of processing, the legal basis, and the type of processing. Your right to access is legally restricted under certain conditions. In such cases, we will explain the reasons to you.
7.2 Right to Rectification
You have the right to have incorrect or incomplete data corrected or supplemented. In some cases, we may require proof of your identity before fulfilling this right. Until your data is corrected or supplemented, you may also request the restriction of its processing.
7.3 Right to Erasure and Restriction
You have the right to request deletion of your data from us if and to the extent that: (i) the data is no longer needed for the purposes for which it was collected, (ii) the data was collected unlawfully, or (iii) the processing is based on your consent, and you have withdrawn your consent. If a statutory retention obligation exists, the data will only be erased after this period has expired. However, the data will be blocked from further use. No right to erasure exists if the data cannot be deleted due to a legal obligation, or if data processing is necessary for asserting, exercising, or defending legal claims. In this case, you have the right to request that the processing of your data be restricted to the legally required or needed extent for asserting rights.
7.4 Right to Data Portability
You have the right, insofar as this is technically possible, to have all the data we have stored about you transferred to a third party specified by you.
7.5 Right to Object
You may request us to stop processing your data when processing is based on our or another person's legitimate interest, and we cannot provide any overriding/ mandatory legal reasons for the processing.
7.6 Right to Withdraw Consent
You can withdraw any consent given for the collection and processing of your personal data at any time with effect for the future, either entirely or partially. In such cases, we will promptly delete your data to the extent you request, or, where this is not legally permissible, restrict processing for use beyond the statutory requirements. You can contact us at any time using the contact details provided under point 1. Until withdrawal of consent, the processing of your data is lawful.
Changes
We reserve the right to adapt and update this privacy policy as necessary, for example, due to legal changes. All updates will be published on our website.
Scope of Application of the Privacy Policy
This privacy policy only applies to data processing that takes place via our website. It does not apply to websites, services, or products offered or promoted by other companies or individuals or to linked websites.
FirmaDigital.at
© 2025 | PHH Rechtsanwält:innen GmbH