Privacy Policy

1. Personal Data

The law firm of Mag. Sophie Haiden processes and uses your personal data only with your consent and/or mandate or order, for the purposes agreed with you, or if another legal basis in accordance with the GDPR exists; all in compliance with data protection and civil law regulations.

Only such personal data is collected that is necessary for the performance and execution of my legal services or that you have voluntarily provided to me.

Personal data includes all information relating to identified or identifiable individuals, such as name, address, email address, telephone number, date of birth, age, gender, social security number, video recordings, photographs, voice recordings, and biometric data such as fingerprints. This may also include sensitive data, such as health data or data related to criminal proceedings.

2. Information and Deletion

As a client or, more generally, as a data subject, you have – subject to attorney-client confidentiality – the right to access your stored personal data at any time, including their origin and recipients, the purpose of data processing, as well as the right to rectification, data portability, objection, restriction of processing, and the blocking or deletion of incorrect or unlawfully processed data.

If there are any changes to your personal data, please inform me accordingly.

You may revoke your consent to the use of your personal data at any time. Requests for information, deletion, correction, objection, and/or data transfer – the latter provided it does not involve a disproportionate effort – can be addressed to the contact details provided in this statement.

If you believe that the processing of your personal data by me violates applicable data protection laws or your data protection rights have been violated in any other way, you may file a complaint with the competent supervisory authority. In Austria, this is the Data Protection Authority.

3. Data Security

Your personal data is protected through appropriate organizational and technical measures. These measures are intended to protect against unauthorized, unlawful, or accidental access, processing, loss, use, and manipulation.

Despite my efforts to maintain a high level of due diligence, it cannot be ruled out that information you disclose to me over the internet may be accessed and used by others.

Please note that I assume no liability for the disclosure of information due to errors not caused by me during data transmission and/or unauthorized access by third parties (e.g., hacking of email accounts or phones, interception of faxes).

4. Use of Data

I will not process the data provided to me for any purposes other than those covered by the mandate agreement, your consent, or otherwise permitted under the GDPR. An exception applies for use in statistical analyses, provided the data has been anonymized.

5. Transfer of Data to Third Parties

To fulfill your mandate, it may be necessary to forward your data to third parties (e.g., opposing parties, substitutes, insurance companies, service providers I work with and to whom I provide data), courts, or authorities. Data is transferred exclusively based on the GDPR, particularly for the purpose of fulfilling your mandate or based on your prior consent.

Furthermore, I inform you that in the course of my legal representation and support, I regularly obtain case-related and factual information about you from third parties.

Some of the recipients of your personal data mentioned above may be located outside your country or may process your data there. The data protection level in other countries may not correspond to that in Austria. However, I only transmit your personal data to countries for which the European Commission has determined that they have an adequate level of data protection, or I implement measures to ensure that all recipients maintain an adequate level of data protection, including concluding standard contractual clauses (2010/87/EC and/or 2004/915/EC).

6. Notification of Data Breaches

I strive to ensure that data breaches are detected early and, if necessary, reported immediately to you and/or the relevant supervisory authority, including details of the affected data categories.

7. Data Retention

I will not retain data longer than necessary to fulfill my contractual or legal obligations and to defend against any potential liability claims.

8. Cookies

My website uses only technically necessary cookies. These cookies are essential for ensuring the core functionalities and user-friendliness of the website.

I use one cookie:

  • Name: “pll_language”

  • Purpose: Stores the user’s selected language preference so the browser automatically displays the website in the preferred language on future visits.

  • Type of cookie: A technically necessary first-party cookie used to display the website in the user’s chosen language. The cookie is stored in the user’s browser and transmitted to my server with each page request, but it is not stored server-side or shared with third parties.

  • Storage duration: 1 year. The cookie is automatically deleted after this period unless the user changes their language preference in the meantime, which updates the cookie.

9. Logfiles

When you visit my website, my hosting provider Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany creates so-called server log files.

These log files contain the following general, anonymized access data:

  • Date and time of access

  • Accessed pages/files

  • Anonymized IP address (shortened so that personal identification is no longer possible)

  • Browser type and version (if applicable)

  • Operating system used

  • Referrer URL

These data are used exclusively for the following purposes:

  • Maintaining technical operation

  • Ensuring system security (e.g., protection against attacks)

  • Statistical analysis in anonymized form

These data are not combined with other data sources and are not evaluated on a personal level. The anonymized log files are generally stored for a maximum of 14 days and then deleted unless a security-related retention (e.g., during the investigation of attacks) is required.

10. Data Processing on Behalf

My website is hosted by an external service provider (Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany). The personal data collected on this website is processed on the hoster’s servers. This may include IP addresses, meta and communication data, website access, and other data transmitted via a contact form.

The hoster is used for the purpose of fulfilling the contract with my (potential) clients (Art. 6 para. 1 lit. b GDPR).

In addition, emails are also sent and received via the servers of Hetzner Online GmbH. Here too, personal data is processed by Hetzner as a processor.

Hetzner Online GmbH acts as my processor in accordance with Art. 28 GDPR. I have concluded a data processing agreement (DPA) with Hetzner to ensure that the data is handled in compliance with data protection regulations. The data is stored and processed exclusively on servers within the European Union.

11. Contact Information

Protecting your data is especially important to me. You can contact me at the following address for any questions or to revoke your consent:

Mag. Sophie Haiden
Garnisongasse 11/1
1090 Vienna
Austria

Phone: +43 1 36 19 660
Email: office@ra-haiden.at