Privacy Policy
Last updated: May 2026

At a Glance
We are lawyers admitted to practise in Austria and are subject to statutory duties of confidentiality.
We process your data exclusively in order to advise and represent you and to comply with legal obligations.
We only disclose your data to selected service providers and authorities where this is necessary.
You have the right at any time to request access to, rectification or erasure of your data, or to lodge a complaint with the data protection authority.
01 Controller
The controller responsible for the processing of your personal data within the meaning of the General Data Protection Regulation (“GDPR”) is the lawyer advising you in each individual case:
Mag. Bernhard Gartner, LL.M. or Mag. Monika Roiser
both Nestroyplatz 1/1/18, A-1020 Vienna, Austria
E-mail: office@gartner-roiser.at
02 Which Data We Process
Personal data means any information relating to an identified or identifiable person. In particular, we process the following categories:
- master data: name, address, date of birth, identification documents;
- contact details: telephone number, e-mail address, correspondence;
- contract and mandate data: subject matter of the engagement, correspondence, file management;
- billing and payment data: fee notes, bank details, incoming payments;
- data required to fulfil legal obligations: anti-money laundering checks, KYC, beneficial owners; and/or
- where applicable, special categories of personal data pursuant to Art 9 GDPR, such as health data or data relating to criminal proceedings, insofar as this is required for the mandate.
We collect these data directly from you, from your representatives, from publicly accessible sources such as the commercial register, land register or the internet, or from courts, authorities and third parties, for example if you are an opposing party, a co-involved party or a person providing information. Where data of third parties are collected, we rely on the exemption from the duty to provide information pursuant to Art 14 para 5 GDPR.
03 Purposes and Legal Bases
We process your data on the following legal bases:
| Purpose | Legal basis | GDPR |
|---|---|---|
| Initiation, conclusion and performance of the mandate | Performance of a contract | Art 6 para 1 lit b |
| Compliance with legal obligations (RAO, BAO, WiEReG, FM-GwG) | Legal obligation | Art 6 para 1 lit c |
| Establishment, exercise and defence of legal claims | Legitimate interest | Art 6 para 1 lit f |
| Processing of special categories of data in connection with the mandate | Mandate-related processing | Art 9 para 2 lit f |
| Marketing and newsletter (only with active consent) | Consent | Art 6 para 1 lit a |
04 Recipients of Your Data
We only disclose your data to third parties if this is necessary for the handling of our mandate relationship, if you have consented to such disclosure, or if we are subject to a legal obligation. No transfer to countries outside the EU/EEA currently takes place.
Processors and Service Providers
| Recipient | Function | Registered office |
|---|---|---|
| Easyname GmbH | Website hosting | Austria (EEA) |
| ADVOKAT Unternehmensberatung Greiter & Greiter GmbH | File management software, support, remote maintenance, training | Austria (EEA) |
| Insyde GmbH | Website maintenance | Austria (EEA) |
| ITNS GmbH | IT support, remote maintenance and infrastructure; data centre: Digital Realty, Louis-Häfliger-Gasse 10, Building 2, 1210 Vienna | Austria (EEA) |
| WÖBER DIRMHIRN Steuerberatung und Wirtschaftsprüfung GmbH | Accounting, payroll accounting, tax advisory services | Austria (EEA) |
| Vienna Bar Association | Registration of trainee lawyers, handling of trust transactions (eTHB) | Austria (EEA) |
Other Recipients
Depending on the mandate, we disclose your data, where and insofar as necessary, to the following recipients:
- courts, authorities and/or notaries,
- opposing parties and their legal representatives,
- appointed experts and interpreters,
- banks in connection with trust transactions as well as insurance companies in the event of a claim.
05 How Long We Store Your Data
We store your data only for as long as is necessary for the respective purposes or as required by statutory retention periods:
- mandate files: 5 years after the end of the mandate (§ 12 RAO, FM-GwG); for the establishment and defence against legal claims, up to 30 years
- contracts, accounting documents and tax-relevant documents: 7 to 10 years (§ 132 BAO, § 212 UGB)
- application data: 7 months after completion of the application process, unless consent has been given for longer storage
- data processed on the basis of consent: until such consent is withdrawn
06 Data Security
We take appropriate technical and organisational measures to protect your data against unauthorised access, loss, manipulation or destruction. This includes, in particular, encrypted data transmission, access controls, regular backups, secure file management and carefully selected processors with contractual data protection obligations pursuant to Art 28 GDPR.
Despite all due care, the transmission of data via the internet cannot be 100% secure. We assume no liability for damage caused by transmission errors for which we are not responsible or by unauthorised access by third parties, such as the hacking of e-mail accounts.
07 Your Rights
Under the GDPR, you have the following rights at any time, free of charge and without formal requirements:
- access to the data stored about you (Art 15)
- rectification of inaccurate data (Art 16)
- erasure of your data, provided that there is no retention obligation (Art 17)
- restriction of processing (Art 18)
- data portability (Art 20)
- objection to processing (Art 21)
- withdrawal of consent given, with effect for the future (Art 7 para 3)
To exercise your rights, an informal message to office@gartner-roiser.at or by post to Nestroyplatz 1/1/18, A-1020 Vienna, Austria is sufficient.
Right to Lodge a Complaint
If you believe that the processing of your data violates data protection law, you have the right to lodge a complaint with the supervisory authority responsible for us.
Austrian Data Protection Authority
Barichgasse 40–42, 1030 Vienna, Austria
dsb@dsb.gv.at
www.dsb.gv.at
08 Updates to this Policy
We reserve the right to amend this Privacy Policy if the legal framework, our processing activities or the service providers we use change. The current version can be found on our website.
If you have any questions about the processing of your data, you can contact us at office@gartner-roiser.at or by post at the law firm’s address.