Privacy Policy (Website)
This privacy policy contains all the information that we,
PHH Attorneys at Law GmbH, are obliged to provide based on Austrian and European data protection laws, particularly the General Data Protection Regulation ("GDPR"), regarding the processing of personal data on our website.
1. Contact Information of the Controller and Contact Person
The controller in the sense of the relevant data protection laws and the contact person for data protection issues is:
§ PHH Attorneys at Law GmbH (hereinafter referred to as "PHH" or "we")
§ Address: Julius-Raab-Platz 4, 1010 Vienna
§ Contact Person: Theresa Karall
§ Email: datenschutz@phh.at
You can reach us at the address provided or via email.
2. Purposes of Data Processing
We process your personal data while you visit our website for the purposes stated under points 2.1 to 2.3. We generally collect the personal data necessary to fulfill these purposes either actively from you or automatically during your visit to our website. There is no obligation for you to provide us with your personal data. However, failure to provide certain data may mean that we cannot offer the requested services to you.
2.1 Provision and Optimization of the Website
To ensure secure and comfortable usage as well as optimization of our website, the following data are processed:
§ Login location
§ Device and browser information.
This is done based on Article 6(1)(f) GDPR (protection of our legitimate interests). Our legitimate interest in processing the above-mentioned data lies in ensuring the security of our website, system stability and error correction, optimization of the website offer, as well as fraud prevention and user protection.
2.2 Analysis of User Behavior on Our Website
If you have consented, we use features and cookies of the service PostHog Inc., 2261 Market Street #4008, San Francisco, CA 94114, USA ("PostHog") on our website to analyze and optimize user behavior and usability of the website. This involves the processing of personal data. The legal basis for this data processing is Article 6 1(a) GDPR (consent). Please note your right to withdraw your consent in this context (see point 7.6).
If you do not grant us consent to analyze user behavior, no data processing will take place. For information about third-country data transfers, see point 5. For information about cookies, see point 3. You can find more information on PostHog's data protection at: https://posthog.com/privacy.
2.3 Marketing Activities (Advertising Optimization, User Source Attribution)
If you have consented, we use Google Analytics, a web analysis service from Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google Ireland") on our website. The purpose of using Google Analytics is marketing activities (advertising optimization, user source attribution). Using Google Analytics involves the use of cookies and the consequent processing of personal data. The legal basis for this data processing is Article 6 1(a) GDPR (consent). Please note your right to withdraw your consent in this context (see point 7.6).
If you do not grant us consent to analyze user behavior, no data processing will take place. For information about third-country data transfers, see point 5. For information about cookies, see point 3. More information on Google's data protection can be found at: https://policies.google.com/privacy?hl=en.
3. Cookies
Our website uses cookies. These are small text files that are stored on your device with the help of the browser. Cookies can be stored for a certain duration or just during a session.
The processing of personal data when using cookies takes place on the following legal bases:
§ Technically necessary cookies are processed on the basis of our overriding legitimate interest according to Article 6(1)(f) GDPR. The website currently does not use any technically necessary cookies.
§ Non-essential cookie data are processed based on your explicit consent according to Article 6(1)(a) GDPR / § 165(3) Telecommunications Act in its current version ("TKG").
You have the right to withdraw your consent at any time or to restrict certain cookies. The withdrawal of your consent does not affect the lawfulness of the processing based on your consent before its withdrawal.
In the specific case, we use the following cookies:
| Cookie Name | Cookie Type | Purpose | Duration |
|---|---|---|---|
| ph_phc_QEJgIRYVKdFy..._posthog | PostHog tracking | Stores info about visitor behavior | Session |
| ph_current_project_token | PostHog tracking | Keeps track of the current project name | Session |
| posthog_csrftoken | PostHog tracking | Protects against unauthorized or malicious requests | Session |
| ph_current_project_name | PostHog tracking | Stores the server name for PostHog software | Session |
| ph_current_instance | PostHog tracking | Stores the server instance | Session |
| yt-player-headers-readable | YouTube video player | Saves user preferences for video playback | Indefinite |
| yt-remote-cast-available | YouTube video player | Keeps video player settings | Session |
| yt-remote-cast-installed | YouTube video player | Stores info about installed devices | Session |
| yt-remote-connected-devices | YouTube video player | Saves connected devices | Indefinite |
| yt-remote-session-app | YouTube video player | Stores user interface preferences | Session |
| yt-remote-session-name | YouTube video player | Saves session info | Session |
| ytidb::LAST_RESULT_ENTRY_KEY | YouTube video player | Saves the last search result choice | Indefinite |
4. Sharing Your Personal Data
To achieve the processing purposes we pursue, it is sometimes necessary to disclose your personal data to specific recipients. If naming specific recipients isn't feasible, GDPR allows us to specify categories of recipients instead. Data will be shared with the following recipients/categories of recipients:
§ IT service providers we engage (e.g., hosting operators, advertising providers)
As part of transferring your personal data to the recipients mentioned above, there can occasionally be transfers to third countries (those outside the EU/EEA). In section 5, we’ll provide further details on the legal basis that allows us to do so.
4.1 Website and Hosting Operations
The technical hosting of the website is carried out by: Infinity Vertigo GmbH, Bergwald 43, 2812 Hollenthon. Server locations: Amazon Web Services (AWS), USA. We (PHH) are responsible for the content of this website. We have concluded the necessary (data protection) agreements with our hosting provider.
5. Cross-Border Data Transfers
Utilizing certain service providers may involve transferring personal data to third countries (outside the EU/EEA). Proof of the appropriate guarantees listed below is available upon request (see contact details according to Section 1).
5.1 PostHog Inc.
Using the analytics tool provided by PostHog involves transferring personal data to and processing by PostHog. The legal basis for such international data transfers and processing is the Adequacy Decision "EU-U.S. Data Privacy Framework" under Article 45 GDPR, concluded between the European Commission and the USA. PostHog is certified under the EU-U.S. Data Privacy Framework and appears on the so-called Data Privacy Framework List (https://www.dataprivacyframework.gov/list). Additionally, standard contractual clauses have been entered into between our hosting provider (see Section 4.1) and PostHog. Further details on PostHog's data protection can be found at: https://posthog.com/privacy.
5.2 Google Analytics
Using Google Analytics by the service provider Google Ireland involves transferring personal data to and processing by Google Ireland. It cannot be excluded that within the usage of Google Analytics, data may be transferred to a third country, e.g., to Google LLC, 1600 Amphitheatre Pkwy, Mountain View, CA 94043, USA. The legal basis for potential international data transfers and processing are Adequacy Decisions concluded between the European Commission and the respective third country (e.g., the Adequacy Decision "EU-U.S. Data Privacy Framework" concluded between the European Commission and the USA) or standard contractual clauses contractually agreed between the respective data processors. Google LLC is certified under the EU-U.S. Data Privacy Framework and appears in the so-called Data Privacy Framework List (https://www.dataprivacyframework.gov/list). Further details on Google’s data protection can be found at: https://policies.google.com/privacy?hl=en.
6. Data Retention Period
We retain your data as follows:
§ Data collected for ensuring secure and comfortable website usage and optimization: 1 year
§ Data collected for analyzing user behavior on our website: 1 year
§ Data collected using Google Analytics: 14 months
7. Your Rights
Regarding the processing of your data, you have the right to access, correction, deletion, restriction, data portability, revocation, and objection. If you wish to exercise any of these rights, please contact us anytime using the contact details provided in Section 1.
If you believe that the processing of your data violates data protection laws or your data protection claims have otherwise been infringed, you can contact us anytime using the contact details provided in Section 1, or lodge a complaint with the competent supervisory authority.
In Austria, this is the Data Protection Authority:
§ Austrian Data Protection Authority
§ Barichgasse 40-42, 1030 Vienna
§ Phone: +43 1 52 152-0
§ Email: dsb@dsb.gv.at
Your specific rights include the following:
7.1 Right to Access
Upon request, within the legally defined period, we will provide information on the data we have stored about you. This information includes the data itself, among other details like processing purpose, legal basis, and type of processing. Your right to access is legally restricted in certain conditions. If this applies, we will inform you of the reasons.
7.2 Right to Rectification
You have the right to have us correct or complete any inaccurate or incomplete data we have collected about you at any time. We may require proof of identity before fulfilling this right. Until your data is corrected or completed, you can also request restriction of its processing.
7.3 Right to Erasure, Right to Restriction
You have the right to request the deletion of your data if and to the extent that
(i) the data is no longer needed for the purposes for which it was collected,
(ii) the data was collected unlawfully, or (iii) the processing is based on your consent, and you have withdrawn your consent. Should a statutory retention obligation exist, the data will be deleted after this period expires. However, these data will be locked for any further use.
There is no right to deletion if the data must not be deleted due to statutory obligations, or data processing is necessary to assert, exercise, or defend legal claims. In such a case, you have the right that the processing of your data is restricted to use required by law or for legal enforcement.
7.4 Right to Data Portability
You have the right, where technically feasible, to have all data we store about you transferred to a third party you specify.
7.5 Right to Object
You can request us to stop processing your data if the processing is carried out based on our legitimate interest or the legitimate interest of another person, and we cannot demonstrate compelling legal grounds for the processing.
7.6 Right to Withdraw Consent
You can withdraw any consent you have given us to collect and process your personal data in whole or in part at any time. We will then promptly delete your data to the extent requested or, where legally not permissible, restrict its processing beyond the legal requirements. For this, you can contact us using the contact details provided in Section 1. Until the point of withdrawal, the processing of your data remains lawful.
8. Changes
We reserve the right to adapt and update this privacy policy if necessary, e.g., due to legal changes. All updates will be published on our website.
9. Scope of this Privacy Policy
This privacy statement applies solely to data collection conducted via our website. It does not apply to websites, services, or products offered or advertised by other companies or individuals, or to linked websites.
FirmaDigital.at
© 2025 | PHH Rechtsanwält:innen GmbH