Privacy Statement

1 Preamble

As a law firm, attorney at law Dr. Gerhard Dilger using the brand Bernsteyn-legal (hereinafter: "Bernsteyn-legal", "we" or "us") gives highest priority to the protection of your personal data. Due to our professional duty of confidentiality, we are committed to the utmost secrecy in all of our dealings. When using your personal data, we therefore naturally observe all data protection regulations, including but not limited to the provisions of the EU General Data Protection Regulation (hereinafter: "GDPR"). In this statement we set out which of your personal data will be processed by us, disclose the purposes for which data is processed and how you can exercise your rights under the GDPR.

2 Personal data and data processing purposes

We process your personal data in reliance on our engagement, thus based on the contractual relationship between us. We also process your personal data for the purpose of sending you newsletters on current legal developments and inviting you to certain events only with your consent, which you can revoke at any time. Furthermore, we process your personal data in reliance on any other legal basis in accordance with GDPR and in compliance with data protection and civil law provisions. We collect only personal data, which is necessary in order to carry out and execute our legal services, or data which you have provided to us on a voluntary basis. Please note that under certain circumstances, we might abstain from accepting an engagement if you fail to provide, or provide incomplete personal data which is necessary to execute and implement our legal services. Personal data means any information containing details of personal or material circumstances such as name, address, e-mail address, phone number, date of birth, age, sex, social security number, video recordings, photos, voice recordings of individuals, and biometric data such as fingerprints. Personal data can also include special categories of data such as health data or data relating to criminal proceedings.

3 Your rights in connection with your personal data

As our client and subject to the attorney-client privilege, you have the right to information on your stored personal data, on their origin and recipients, the duration of storage, and the purpose of data processing. If we process inaccurate or incomplete personal data, you have the right to rectification or completion of such data. You may also request us to erase data, which have been processed unlawfully. If it is unclear whether your personal data is inaccurate, incomplete, or unlawfully processed, you may request us to limit the processing of your data until this issue has been resolved. As indicated in Section 2, you have the right to object to the processing of your personal data if we have a legitimate interest in such data processing. If you exercise your right to object, we ask you to give the reasons for doing so. Please note that these rights complement each other; you can therefore request us only to either rectify or complete, or erase your data. In certain cases, you also have the right to receive your personal data processed by us in a machine-readable format of our choice, or to instruct us to transmit such data directly to a third party of your choice; in this context, data portability must not be precluded by unreasonable efforts or legal or other obligations or requirements of confidentiality. We ask you to address all inquiries in connection with the processing of your personal data to our Data Protection Officer, along with an electronic copy of an identity document to verify your identity. Our contact details can be found in Section 11 of this Data Privacy Statement. We ask that you notify us of any change in your personal data. Despite our best efforts to guarantee the protection and integrity of your data, we cannot fully rule out that disagreements will arise on the nature of the use of your data. If you consider that we are unlawfully using your data, you may lodge a complaint with the Austrian Data Protection Authority. However, we hope that you will contact us first and we can address and dispel any doubts you may have.

4 Website and events

4.1 Press releases and newsletters

As part of our client service you can receive upon demand our press releases or newsletters. Our press releases provide the latest updates and information on Bernsteyn-legal deals. Our newsletters allow you to access information on the latest legal developments and update you on our annual developments and other Bernsteyn-legal publications. This service simply requires you to disclose your e-mail address and make a decision as to whether you want to receive our press releases or our newsletters or not and you may easily stopp this by sending us an email.

4.2 Career

You can send us an application for a job opening. We are happy to receive your application. We require certain information from you to assess whether we can offer you a suitable position. We collect only personal data which you have disclosed in your job application: academic degree, name, contact details, interests, CV, letter of motivation, reference letters and any other information and documents you have sent in. Please use the following email-address to submit your application: office@bernsteyn-legal.com.

4.3 Events

Our events, workshops and lectures (collectively: "Events") provide detailed information on latest developments in different areas of law and also allow you to network with industry participants and meet the lawyers and business partners personally. You are therefore welcome to attend these Events at any time. We will use your contact details to send out these invitations.

5 Data security

We have taken appropriate organisational and technical measures to ensure the protection of your personal data in particular against unauthorised, unlawful or accidental access, processing, loss, use and tampering. In spite of our efforts of ensuring an appropriately high standard of diligence requirements at all times, it cannot be ruled out that information you have provided via the internet will be accessed or used by other persons. Please note that we can therefore not assume any liability whatsoever for the disclosure of information due to errors in the data transfer and/or unauthorised access by third parties not caused by us (e.g. hacking of e-mail accounts, telephone, or interception of fax messages).

6 Use of data

When concluding a client-attorney relationship or a contractual relationship with us, you will disclose your (or your relatives', co-workers' or other third parties') personal data and business or trade secrets. In all these cases, we generally assume that you are authorised to disclose this data. We use your data and data of third parties nominated by you, only to the extent this is necessary for the proper establishment and processing of our mandate or contractual relationship with you. We will not process data made available for purposes other than those covered by your consent or otherwise by a provision in accordance with GDPR.

7 Transfer of data to third parties

7.1 Mandate

The execution of your mandate may require us to transfer your data to third parties (e.g. to your opponent, to substitute lawyers, to insurance companies and service providers we may use and to which we provide data, etc.), and to courts or authorities. Also, an international issue arising in connection with a mandate may require us to exchange data within the Bernsteyn-legal network and/or any other business partners. Data will be transferred only in reliance on data protection laws and in particular to execute your mandate or based on your prior consent. Furthermore, we would like to inform you that information relating to the circumstances of your case may regularly be sourced from third parties (e.g. search engines, social networks, your company website, lawyer ranking providers, pitch processors/ pitching companies ) in connection with our legal and also our own business operations. We may also have to disclose your personal data to courts or authorities on request. However, in all these cases, we will always ensure that we comply with legal regulations and protect your data. Some of the above recipients of your personal data are located abroad or outside the EU/EEA and process your personal data there. The level of data protection in other countries may not be exactly equal to the level of protection in Austria. We will ensure that the European level of data protection and the European data security standards are maintained.

7.2 Data processing

Due to the complexity of today’s data processing operations, we may sometimes have to appoint processors for the processing of your data. Some of these processors are located outside the territory of the EU/EEA. However, whenever we use processors, we always ensure to maintain the European level of data protection and the European data security standards. Should you have submitted a job application via our career portal, we may also source data about you from third parties (e.g. search engines, social networks).

8 Notification of data incidents

We aim to ensure that data incidents are detected at an early stage and immediately reported to you or to the competent supervisory authority, including the respective data categories concerned.

9 Storage of data

We will store data no longer than is necessary to fulfil our contractual or legal obligations and to defend liability claims, if any.

10 Cookies

This website uses "cookies" to ensure that our services are user-friendly and more effective for our clients. A "cookie" is a tiny text file that is downloaded by our web server provider on the hard drive of your computer via your browser and allows our website to recognise you as a user if a connection is made between our web server and your browser. Cookies help us to establish the frequency of use and the number of users who visit our website. The content of the cookies we use is confined to an identification number and does not allow us to personally identify a user. The main purpose of cookies is to recognise the user of a website. Our website uses two types of cookies: 1) Session cookies: These are transient cookies stored in temporary memory, which are automatically erased when you close your browser. 2) Permanent cookies: Cookies are stored on your hard drive to enhance user friendliness and allow us to recognise you when you visit our website again. You can adjust the settings on your browser (i) to activate functionality which notifies you on the setting of cookies and to allow cookies only in a particular case, (ii) you may disable cookies for certain cases or in general, and (iii) you can also activate functionality which will automatically delete cookies when you close your browser. Disabling cookies may result in disabling certain functionality and features of this site. For optimised system performance, user friendliness and the provision of useful information on our services, the website provider automatically collects and stores so called server log files, which your browser automatically transmits to us. This information includes your IP address, browser and language settings, operating system, referral URL, your internet service provider, and the date/time of your visit. This data is not pooled with sources of personal data by us. We reserve the right to examine this data later on if there is solid evidence, which suggests unlawful use

11 Contact details

Controller of all your personal data is: Rechtsanwalt Dr. Gerhard Dilger, using the brand bernsteyn-legal. Please address any queries or your notice of withdrawal to dataprotection@bernsteyn-legal.com.