PRIVACY POLICY

The protection of your personal data is important to us. Your data will be processed exclusively in accordance with the relevant legal provisions (GDPR, DSG, TKG 2021) within the scope of the legal authorisation and for the purposes listed below.

This privacy policy informs you about the key aspects of our data processing. Please read it carefully to understand why and how your data is collected and processed.

1. Contact Details of the Controller

Barbara Sesser, LL.M., Attorney at Law

Am Heumarkt 7/7/93
1030 Vienna, Austria

E: barbara@sesser.law
T: +43 670 182 24 27

2. Data Processing

Your personal data is processed on the basis of the following legal grounds

•  to carry out pre-contractual measures or to fulfil contractual obligations in the context of the customer relationship (Art 6 para 1 lit b GDPR);
•  on the basis of your express consent (Art. 6 para. 1 lit. a GDPR), if you consent to such data processing
•  to fulfil our legal and professional obligations (Art. 6 para. 1 lit. c GDPR).

The processing of your data primarily serves to provide our legal services.

3. Categories of Personal Data

We process the following personal data as part of the client relationship

•  Personal data and contact details
including name, company name, date of birth, photo(s), address, telephone, e-mail, fax, ZVR number or social security data, contact persons and their contact details, persons involved (parties, authorities, third parties)
•  Financial and company data
including bank and transfer data, company register data, land register data, VAT number, company register data, administrative, payment and accounting data, data on creditworthiness and solvency, dunning data and insolvency proceedings.
•  Legal and factual data
including service and file notes, contract texts, business correspondence, factual data and pleadings, court or official settlements.
•  Sensitive data, where necessary
including data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs or trade union membership.

4. Rights of the Data Subjects

You can request access to, rectification, erasure, restriction of processing and data portability of your data at any time. You also have the right to withdraw your consent to the use of your personal data at any time. You can send your data request to the (e-mail) address of the law firm stated above (para. 1).

If you feel that your data protection rights have been violated, you can lodge a complaint with the Austrian Data Protection Authority:

Austrian Data Protection Authority
Barichgasse 40-42
1030 Vienna

T: +43 1 52 152-0
E: dsb@dsb.gv.at

5. Transfer of Data to Third Parties

In order to fulfil your order, it may also be necessary to pass on your data to the following recipients:

•  Service providers for file management software
as part of the support and remote maintenance of our file management software
•  IT service providers
as part of the support and remote maintenance of our IT systems
•  External auditing and tax consultancy
in the context of accounting and tax consulting
•  Web and domain hosting service providers
•  Authorities, courts and experts
as part of the necessary processing of business cases
•  Vienna Bar Association
within the scope of legal and professional obligations
•  Cooperation partners, e.g. lawyers, tax consultants, management consultants
as part of the necessary processing of business cases

We may receive case-related information from third parties as part of our representation.

Some of the above-mentioned recipients of your personal data are located outside your country or process your personal data there. The level of data protection in other countries may not be the same as in Austria. However, we only transfer your personal data to countries for which the EU Commission has decided that they have an adequate level of data protection, or we take measures to ensure that all recipients have an adequate level of data protection, for which we conclude standard contractual clauses [Implementing Decision (EU) 2021/94]. We will provide you with a copy of these standard contractual clauses on request.

6. Retention of the Data

The data will not be stored for longer than is necessary to fulfil contractual and legal obligations and to defend against liability claims. Contracts and related documents and correspondence are stored for ten years for tax reasons.

Files from mandates and documentation in connection with our duty to check for the prevention of money laundering and the financing of terrorism must be retained for five years (see Attorneys' Code).

In individual cases, e.g. in the defence of legal claims, the files are kept for up to 30 years after the end of the mandate.

7. Website

7.1 Hosting

We host the content of our website with the following provider:

Wix

The provider is Wix.com Ltd, 40 Namal Tel Aviv St., Tel Aviv 6350671, Israel (hereinafter ‘WIX’).
WIX is a tool for creating and hosting websites. When you visit our website, WIX is used to analyse user behaviour, visitor sources, the region of website visitors and visitor numbers. WIX stores cookies on your browser that are required to display the website and to ensure security (necessary cookies).

The data collected by WIX may be stored on various servers worldwide. The WIX servers are located in the USA, among other places.
Details can be found in the WIX privacy policy: https://de.wix.com/about/privacy.
According to WIX, data transfer to the USA and other third countries is based on the standard contractual clauses of the EU Commission or comparable guarantees in accordance with Art. 46 GDPR. Details can be found here: https://de.wix.com/about/privacy-dpa-users.

The use of WIX is based on Art. 6 para. 1 lit. f GDPR. We have a legitimate interest in ensuring that our website is displayed as reliably as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TTDSG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TTDSG. Consent can be revoked at any time.

The company is certified in accordance with the ‘EU-US Data Privacy Framework’ (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/s/participant-search/participant-detail?contact=true&id=a2zt0000000GnbGAAS&status=Active.

Order data processing
We have concluded a data processing agreement (DPA) for the use of the above-mentioned service. This is a contract prescribed by data protection law, which ensures that the provider processes the personal data of our website visitors only in accordance with our instructions and in compliance with the GDPR.

7.2 Log Files

The use of the sesser.legal website, including access to the information published on it, is generally possible without providing your personal data.
However, like most website operators, the following access data (‘log files’) provided by your internet provider is collected and stored in the course of your use of the website
- IP address and IP location
- Referrer URL (the previously and subsequently visited website)
- Number, duration and time of visits (your interaction with the website)
- Search engines and keywords you used to find us
- Browser type, screen size and operating system.

This access data is collected automatically using a website analysis tool. The access data collected is only stored in aggregated and therefore not individually assignable form. The data is therefore not used to personally identify visitors to our website. The access data collected is only used for statistical evaluations for the purpose of the operation, security and optimisation of the website (predominantly legitimate interests pursuant to Article 6(1)(f) GDPR).
Your personal data collected on the basis of your use of the website will not be passed on to third parties unless it is necessary to fulfil legal obligations.

7.3 SSL Encryption

This website uses SSL encryption for security reasons and to protect the transmission of confidential content, such as the enquiries you send to us as the site operator. You can recognise an encrypted connection by the fact that the address line of the browser changes from ‘http://’ to ‘https://’ and by the lock symbol in your browser line. If SSL encryption is activated, the data you transmit to us cannot be read by third parties.

9.4 Cookies

This website uses ‘cookies’ to make the website more user-friendly, effective and secure.
A ‘cookie’ is a small text file that is transmitted via our web server to the cookie file of the browser on the hard drive of your computer. This enables our website to recognise you as a user when a connection is established between our web server and your browser. Cookies help us to determine the frequency of use and the number of users of our website. The content of the cookies we use is limited to an identification number that can no longer be traced back to the user. The main purpose of a cookie is to recognise visitors to the website.
One type of cookie is used on this website:

- Session cookies: These are temporary cookies that remain in your browser's cookie file until you leave our website and are automatically deleted at the end of your visit.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.

8. appointment booking with Calendly

You have the option of making appointments with us on our website. We use the ‘Calendly’ tool to book appointments. The provider is Calendly LLC, 271 17th St NW, 10th Floor, Atlanta, Georgia 30363, USA (hereinafter ‘Calendly’).

For the purpose of booking an appointment, you enter the requested data and the desired date in the mask provided for this purpose. The data entered will be used for the planning, realisation and, if necessary, follow-up of the appointment. The appointment data is stored for us on the servers of Calendly, whose privacy policy you can view here: https://calendly.com/privacy.

The data you enter will remain with us until you ask us to delete it, revoke your consent to storage or the purpose for data storage no longer applies. Mandatory statutory provisions - in particular retention periods - remain unaffected.

The legal basis for data processing is Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in making appointments with interested parties and customers as uncomplicated as possible. If a corresponding consent has been requested, the processing is carried out exclusively on the basis of Art. 6 para. 1 lit. a GDPR and § 25 para. 1 TDDDG, insofar as the consent includes the storage of cookies or access to information in the user's terminal device (e.g. device fingerprinting) within the meaning of the TDDDG. Consent can be revoked at any time.

Data transfer to the USA is based on the standard contractual clauses of the EU Commission. Details can be found here: https://calendly.com/pages/dpa.

The company is certified in accordance with the ‘EU-US Data Privacy Framework’ (DPF). The DPF is an agreement between the European Union and the USA that is intended to ensure compliance with European data protection standards for data processing in the USA. Every company certified under the DPF undertakes to comply with these data protection standards. Further information on this can be obtained from the provider at the following link: https://www.dataprivacyframework.gov/participant/6050.