Data protection is important to us, HULE | BACHMAYR-HEYDA | NORDBERG Rechtsanwälte GmbH. This privacy policy details your rights as well as the nature, scope and purpose of the collection and processing of your personal data. We handle personal data with care and process them in line with the provisions of data protection legislation.

  1. Controller:


Franz-Josefs-Kai 47 (k 47)

1010 Vienna

Tel.: +43 1 532 3 532-0


  1. Collection and processing of personal data:

Personal data comprise all information concerning an identified or identifiable natural person (‘Data Subject’). This might include a person’s name, address, e-mail address, phone number, date of birth, age, gender, social insurance number, IP address or photographs. Even sensitive data such as health and biometric data such as fingerprints might be involved in criminal proceedings.

We will only collect, process and use your personal data for the purposes agreed with you with your consent or mandate, or if we have other legal grounds in the sense of the General Data Protection Regulation (GDPR), and we will of course comply with the provisions of data protection legislation and civil law. We only collect personal data that are necessary for the execution and performance of our legal services or that you provide to us voluntarily, for example by contacting us by e-mail.

  1. Use and disclosure of data:

We will only process the personal data provided to us within the scope of the mandate, your consent or the provisions of the General Data Protection Regulation.

If you contact us by e-mail, fax or phone, we will use the personal data provided to us exclusively for the purposes of responding to your query and initiating a contract, if applicable, and for the performance of contractual duties.

However, for the purposes of executing a contract, it might be necessary to disclose your data to third parties (the opposing party, substitutes, insurance companies, service providers, notaries, banks or tax advisors) or to courts or authorities. Your data will be disclosed exclusively in line with the GDPR, especially for the purposes of executing your mandate or on the grounds of your prior consent. You can withdraw any consent you have granted at any time with future effect. Furthermore, please be aware that, within the context of the legal representation and aid we provide, we are often supplied with case-specific information about you by third parties.

  1. Data storage:

We will not store your data for any longer than is necessary to fulfil our contractual or statutory obligations. If our processing of data is based on consent, the stored personal data will be deleted when that consent is withdrawn. If an enquiry by you does not lead to the initiation or conclusion of a contract, your personal data will be erased two years after you last contacted us. If we do enter into a contract with you, your personal data will be erased at the end of the warranty, guarantee, limitation and statutory storage periods, as well as at the end of any legal disputes requiring the data as evidence.

  1. Server log files:

In order to optimise this website in terms of system performance, user-friendliness and the provision of useful information through our services, the provider of the website automatically collects and stores information in server log files that your browser sends to us automatically. This information includes your IP address, browser and language settings, operating system, referrer URL, ISP, and the date and time.

These data are not associated with sources of personal data. We reserve the right to subsequently examine these data if we have specific indications of unlawful use.

  1. Your rights:

As a client or data subject (our duty of professional secrecy notwithstanding), you are entitled to access information about stored personal data concerning you, the source and recipients of the data and the purpose of the data processing. You might be required to provide suitable evidence of your identity. Likewise, you are entitled to have inaccurate or incomplete personal data rectified as well as to data portability and to object to, restrict the processing of, block or erase inaccurate data and data that have been processed without authorisation.

You are entitled to withdraw, at any time, any consent to the use of your personal data that you have granted, with future effect. You can address requests for information or the erasure/rectification of your personal data, objections and requests for data transmissions (in the latter case) to the postal or e-mail address of the law firm provided above, provided that this will not result in disproportionate effort.

If you take steps to assert the rights described above, we must issue a statement regarding your request or comply with your request without undue delay and in any event within one month of receipt of the request. We will notify you immediately if a solution is prevented by compelling legal grounds.

If you believe that our processing of your personal data is in violation of the relevant data protection legislation or that your rights under data protection law are being infringed against in any other way, you can lodge a complaint with the relevant supervisory authority. The Austrian Data Protection Authority is responsible in Austria. (1080 Vienna, Wickenburggasse 8, tel.: +43 1 52 152-0, e-mail: ).

Please notify us if your personal data should change.

  1. Organisational and technical precautions:

The protection of your personal data is important to us and we have therefore taken suitable organisational and technical precautions. In particular, these precautions concern protection against unauthorised, illegal or even accidental access, processing, loss, use and manipulation. Efforts to maintain consistently high standards of care notwithstanding, it cannot be ruled out that information you disclose to us over the Internet might be accessed and used by other parties. Please note, therefore, that we accept absolutely no liability for the disclosure of information due to data transmission errors and/or unauthorised access by third parties (e.g. hacking of e-mail accounts) for which we are not responsible.

We endeavour to ensure that data breaches and infringements of data protection are discovered in good time and reported to you and the relevant supervisory authority (such reports also detailing the affected data categories) without undue delay.