Privacy Policy

Introduction

The protection of your personal data is of particular importance to us, hylt Hristov Yalcin Rechtsanwälte GmbH. We therefore process your data exclusively on the basis of statutory provisions (GDPR, TKG 2021). In this privacy policy, we inform you about the most important aspects of data processing in connection with our website.

Our website uses cookies and similar technologies; for the sake of simplicity, all of these are referred to as “Cookies.” Cookies are also placed by third parties commissioned by us. In the document below, we inform you about the use of cookies on our website.

Controller

The entity responsible for processing your personal data is:

hylt Hristov Yalcin Rechtsanwälte GmbH
Johannesgasse 18 | 2B | 1010 Vienna
Email: dimitar.hristov@hylt.at and tugce.yalcin@hylt.at
Phone: +43 676 3802611

Collection and Processing of Personal Data

Our website serves to provide information about our firm and our services. You can visit our website without providing any personal information. Each time a website is accessed, the web server automatically stores what is known as a server log file.

Server Log Files

When you visit our website, the following data is automatically collected and stored in server log files:

  • IP address (anonymized)
  • Date and time of the request
  • Name and URL of the retrieved file
  • Website from which access was made (referrer URL)
  • Browser and operating system used
  • Name of the access provider. This data is used exclusively to ensure the smooth operation of the website and to improve our services. This data is not combined with other data sources.
  • Amount of data transferred
  • Notification of whether the retrieval was successful (HTTP status code)

Our website is hosted on servers of Hetzner Online GmbH and operated in Germany. Hetzner implements comprehensive security measures to protect data. More information can be found directly at Hetzner: https://www.hetzner.com. Data processing is carried out on the basis of a data processing agreement pursuant to Art. 28 GDPR.

Client Relationship and Contract Performance

As a law firm, we collect, process, and use your personal data in the context of our engagement/assignment or appointment for the purposes agreed with you or for other purposes arising from our engagement, assignment, or appointment, provided another legal basis exists in accordance with the GDPR (in particular, if data processing is necessary for the agreed purpose within the scope of our engagement); this is done in compliance with data protection and civil law provisions.

We process the following personal data in particular:

  • Names or contact persons and beneficial owners,
  • Address
  • Contact details (email address, telephone number, fax number)
  • Bank account details,
  • Time records of time spent on the matter,
  • Correspondence with our clients, courts, opposing counsel, and authorities,
  • Information regarding court and administrative proceedings,
  • Tax identification number,
  • Personal data that we obtain from public registers (e.g., commercial register, trade register, anti-money laundering databases, etc.).

As a law firm, we may also collect additional personal data on a case-by-case basis. This depends on the individual case. We will of course inform you when collecting information and upon request about the specific data categories involved.

Legal Basis

Performance of the engagement agreement or assignment and provision of pre-contractual measures (Art. 6(1)(b) GDPR)

Processing is carried out to provide our services within the scope of the engagement. The purposes of data processing are primarily determined by the specific engagement (e.g., advisory services, drafting or reviewing contracts, litigation support, transaction support, etc.).

You are generally not obligated to provide us with your personal data. However, providing your data is necessary for the engagement/assignment to be carried out properly. If you do not provide the data, this may result in our inability to accept your assignment or provide the requested services, or only to a limited extent.

Legitimate Interest (Art. 6(1)(f) GDPR)

Where necessary, we process your personal data to protect our legitimate interests. Our legitimate interests may include, in particular, the assertion of legal claims and defense in legal disputes.

Legal Obligations (Art. 6(1)(c) GDPR)

As a law firm, we are subject to various legal obligations (e.g., Attorneys Act, Federal Tax Code, etc.). These processing purposes also include identity verification and anti-money laundering measures to identify the beneficial owner (“ultimate beneficial owner”) or to determine whether you are a politically exposed person (PEP).

Consent (Art. 6(1)(a) and Art. 9(2)(a) GDPR)

If special categories of data are involved (e.g., health data, trade union membership) or if you have given us consent to process personal data for specific purposes, the lawfulness of such processing is based on your consent. Consent given may be withdrawn at any time (preferably to the partner handling the engagement). Withdrawal of consent takes effect only for the future and does not affect the lawfulness of personal data processed prior to withdrawal.
For marketing and advertising purposes, we use your contact details to send you information letters, newsletters, and invitations. This only occurs if you have given your corresponding consent in accordance with the criteria specified in this section.

Who receives my data?

To fulfill your assignment, it may also be necessary to forward your personal data to the following recipients; however, only to the extent necessary to fulfill our assignment to you:

  • Opposing party,
  • Substitutes,
  • Insurance companies,
  • Processors who provide certain services for us,
  • Courts,
  • Banks,
  • Authorities, or
  • Other recipients you designate.

Some of the above-mentioned recipients of your personal data are located outside the European Union. The level of data protection in these countries may not correspond to that of Austria. However, we only transfer your personal data to countries for which the EU Commission has determined that they have an adequate level of data protection, to recipients certified under the EU–US Data Privacy Framework, or we implement measures to ensure that all recipients have an adequate level of data protection, for which we conclude standard contractual clauses ((EU) 2021/914). For a copy of these standard contractual clauses, please contact us using the contact details above.

Source of Data Not Obtained from You

We further inform you that in the context of our legal representation and support, case-specific and fact-related information about you is regularly obtained from third parties or from publicly accessible sources (e.g., debtor registers, land registers, commercial registers, press, internet). Third parties may also include partner law firms that engage us in the course of the engagement (e.g., because a connection to Austrian law only arises during the engagement).

We will of course inform you upon receipt of the information or upon request from which specific third parties we have received personal data.

How long will my personal data be stored?

We store your personal data until the above-mentioned purposes are achieved. In addition, we store the data for up to 10 years from the end of the calendar year relevant for wage and tax obligations in order to fulfill tax and corporate law retention obligations. Where necessary to defend or assert legal claims, we store the data for a maximum of 30 years from collection. If our legitimate interest (e.g., processing for defense purposes in liability cases) ceases to exist, the personal data will be deleted. The same applies if data processing is based on consent and that consent is withdrawn.

Cookies

The legal basis for the processing of personal data in this context is either your express and revocable consent within the meaning of Art. 6(1)(a) GDPR or our legitimate interest pursuant to Art. 6(1)(f) GDPR, as this serves the proper operation of the website and system security. The provision of personal data based on your consent is neither contractually required nor necessary for entering into a contract. You are not obligated to provide the personal data. Please refer to the following link for the respective storage duration and recipient.

[borlabs-cookie type=”btn-consent-preferences” title=”Privacy Settings” /]

Disclosure of Data to Third Parties

Your personal data will not be disclosed to third parties unless there is a legal obligation to do so or this is necessary to enforce our rights and unless expressly stated otherwise in this privacy policy.

Applications

If you apply to us (e.g., in writing or by email), your data will be processed in connection with your application and with regard to a possible employment relationship.
Your data will be deleted 6 months after your application, unless you have consented to our keeping your documents on record for a longer period.

The processing of personal data is carried out on the basis of legitimate interests pursuant to Art. 6(1)(f) GDPR. If you accept the position for which you applied, we will process your personal data provided during the application process in the course of the employment relationship and within the framework of the provisions intended for this purpose.

Your Rights

There is no automated decision-making in individual cases and no profiling.

We would also like to inform you of the following rights to which you are entitled as a data subject under the GDPR with regard to your personal data:

  • pursuant to Art. 15 GDPR, the right to request information about your personal data processed by us to the extent specified therein, as well as the right to receive copies of the data;
  • pursuant to Art. 16 GDPR, the right to request the immediate correction of inaccurate data or completion of your personal data stored by us;
  • pursuant to Art. 17 GDPR, the right to request the deletion of your personal data stored by us, unless further processing is
    1. necessary for exercising the right to freedom of expression and information;
    1. necessary for compliance with a legal obligation;
    1. necessary for reasons of public interest; or
    1. necessary for the establishment, exercise, or defense of legal claims;
  • pursuant to Art. 18 GDPR, the right to request restriction of the processing of your personal data, insofar as
    1. the accuracy of the data is contested by you;
    1. the processing is unlawful, but you refuse deletion;
    1. we no longer need the data, but you require it for the establishment, exercise, or defense of legal claims; or
    1. you have objected to the processing pursuant to Art. 21 GDPR;
      pursuant to Art. 20 GDPR, the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request transmission to another controller;
  • pursuant to Art. 21 GDPR, the right to object to the processing;

Furthermore, you also have the right to lodge a complaint with the data protection authority (Art. 77 GDPR, Section 24 Data Protection Act). In this regard, we also refer to the homepage of the data protection authority, which can be accessed at https://www.dsb.gv.at/.

Insofar as the attorney’s right to confidentiality requires this to ensure the protection of the party or the rights and freedoms of other persons or the enforcement of civil law claims, the data subject may not invoke the rights under Articles 12 to 22 and Article 34 of the GDPR, as well as Section 1 of the Data Protection Act.

For data processing related to the management of trust facilities, the rights and obligations arising from Articles 12 to 22 and Article 34 of the GDPR, as well as the right to information, correction, and deletion pursuant to Section 1 of the Data Protection Act, and their enforcement, are governed by the provisions of the Attorneys Act and the guidelines issued pursuant to Section 27(1)(g) of the Attorneys Act. Other rights and obligations of the controller for such data processing rest with the Bar Association, unless the Attorneys Act or the guidelines issued pursuant to Section 27(1)(g) of the Attorneys Act assign responsibility to the individual attorney.

Data Security

We implement technical and organizational security measures to protect your data from loss, misuse, and unauthorized access.

Changes to the Privacy Policy

This privacy policy may be updated at any time. The current version is available on our website.

EN | DE