Privacy Policy

Last updated: May 2026

At a Glance

We are lawyers admitted to practise in Austria and are subject to statutory duties of confidentiality.

We process your data exclusively in order to advise and represent you and to comply with legal obligations.

We only disclose your data to selected service providers and authorities where this is necessary.

You have the right at any time to request access to, rectification or erasure of your data, or to lodge a complaint with the data protection authority.

01 Controller

The controller responsible for the processing of your personal data within the meaning of the General Data Protection Regulation (“GDPR”) is the lawyer advising you in each individual case:

Mag. Bernhard Gartner, LL.M. or Mag. Monika Roiser
both Nestroyplatz 1/1/18, A-1020 Vienna, Austria
E-mail: office@gartner-roiser.at

02 Which Data We Process

Personal data means any information relating to an identified or identifiable person. In particular, we process the following categories:

  • master data: name, address, date of birth, identification documents;
  • contact details: telephone number, e-mail address, correspondence;
  • contract and mandate data: subject matter of the engagement, correspondence, file management;
  • billing and payment data: fee notes, bank details, incoming payments;
  • data required to fulfil legal obligations: anti-money laundering checks, KYC, beneficial owners; and/or
  • where applicable, special categories of personal data pursuant to Art 9 GDPR, such as health data or data relating to criminal proceedings, insofar as this is required for the mandate.

We collect these data directly from you, from your representatives, from publicly accessible sources such as the commercial register, land register or the internet, or from courts, authorities and third parties, for example if you are an opposing party, a co-involved party or a person providing information. Where data of third parties are collected, we rely on the exemption from the duty to provide information pursuant to Art 14 para 5 GDPR.

03 Purposes and Legal Bases

We process your data on the following legal bases:

Purpose Legal basis GDPR
Initiation, conclusion and performance of the mandate Performance of a contract Art 6 para 1 lit b
Compliance with legal obligations (RAO, BAO, WiEReG, FM-GwG) Legal obligation Art 6 para 1 lit c
Establishment, exercise and defence of legal claims Legitimate interest Art 6 para 1 lit f
Processing of special categories of data in connection with the mandate Mandate-related processing Art 9 para 2 lit f
Marketing and newsletter (only with active consent) Consent Art 6 para 1 lit a

04 Recipients of Your Data

We only disclose your data to third parties if this is necessary for the handling of our mandate relationship, if you have consented to such disclosure, or if we are subject to a legal obligation. No transfer to countries outside the EU/EEA currently takes place.

Processors and Service Providers

Recipient Function Registered office
Easyname GmbH Website hosting Austria (EEA)
ADVOKAT Unternehmensberatung Greiter & Greiter GmbH File management software, support, remote maintenance, training Austria (EEA)
Insyde GmbH Website maintenance Austria (EEA)
ITNS GmbH IT support, remote maintenance and infrastructure; data centre: Digital Realty, Louis-Häfliger-Gasse 10, Building 2, 1210 Vienna Austria (EEA)
WÖBER DIRMHIRN Steuerberatung und Wirtschaftsprüfung GmbH Accounting, payroll accounting, tax advisory services Austria (EEA)
Vienna Bar Association Registration of trainee lawyers, handling of trust transactions (eTHB) Austria (EEA)

Other Recipients

Depending on the mandate, we disclose your data, where and insofar as necessary, to the following recipients:

  • courts, authorities and/or notaries,
  • opposing parties and their legal representatives,
  • appointed experts and interpreters,
  • banks in connection with trust transactions as well as insurance companies in the event of a claim.

05 How Long We Store Your Data

We store your data only for as long as is necessary for the respective purposes or as required by statutory retention periods:

  • mandate files: 5 years after the end of the mandate (§ 12 RAO, FM-GwG); for the establishment and defence against legal claims, up to 30 years
  • contracts, accounting documents and tax-relevant documents: 7 to 10 years (§ 132 BAO, § 212 UGB)
  • application data: 7 months after completion of the application process, unless consent has been given for longer storage
  • data processed on the basis of consent: until such consent is withdrawn

06 Data Security

We take appropriate technical and organisational measures to protect your data against unauthorised access, loss, manipulation or destruction. This includes, in particular, encrypted data transmission, access controls, regular backups, secure file management and carefully selected processors with contractual data protection obligations pursuant to Art 28 GDPR.

Despite all due care, the transmission of data via the internet cannot be 100% secure. We assume no liability for damage caused by transmission errors for which we are not responsible or by unauthorised access by third parties, such as the hacking of e-mail accounts.

07 Your Rights

Under the GDPR, you have the following rights at any time, free of charge and without formal requirements:

  • access to the data stored about you (Art 15)
  • rectification of inaccurate data (Art 16)
  • erasure of your data, provided that there is no retention obligation (Art 17)
  • restriction of processing (Art 18)
  • data portability (Art 20)
  • objection to processing (Art 21)
  • withdrawal of consent given, with effect for the future (Art 7 para 3)

To exercise your rights, an informal message to office@gartner-roiser.at or by post to Nestroyplatz 1/1/18, A-1020 Vienna, Austria is sufficient.

Right to Lodge a Complaint

If you believe that the processing of your data violates data protection law, you have the right to lodge a complaint with the supervisory authority responsible for us.

Austrian Data Protection Authority
Barichgasse 40–42, 1030 Vienna, Austria
dsb@dsb.gv.at
www.dsb.gv.at

08 Updates to this Policy

We reserve the right to amend this Privacy Policy if the legal framework, our processing activities or the service providers we use change. The current version can be found on our website.

If you have any questions about the processing of your data, you can contact us at office@gartner-roiser.at or by post at the law firm’s address.