Privacy Policy

The protection of personal data is important to us. We make great efforts to ensure a moderate and maximum safe handling of personal data from a technical, organisational and human resources viewpoint.

What is personal data?

The term “personal data” is defined in Art. 4 para 1 EU General Data Protection Regulation (GDPR) as “information relating to an identified or identifiable natural person”. This covers personal details, such as name or e-mail address and surfing and communications behaviour.

What personal data do we process?

  1. Contact details for business transactions
  2. Applicant data
  3. Server log files
  4. Client details (first name, surname, date of birth, address, e-mail address, telephone number) and, where applicable, special categories of personal data – especially health data

ad 1. Contact details for business transactions - B2B

In the course of initiating and transacting business with our customers, we store contact data, contract data, order data, invoicing data and correspondence.

Legal basis

- For existing customers, processing is necessary in order to satisfy the contract or precontractual measures.

- For potential customers, we refer to the legal basis of legitimate interest in the initiation of business.

- In the context of invoicing for services rendered, we are obliged, based on the Federal Fiscal Code (BAO), the Commercial Code (UGB) and the Value Added Tax Act (UStG) to store the data for the purposes of tax calculation and tax adjustments and any bookkeeping obligations that apply to us. Without providing your data, we cannot meet our obligations.

- Various statutory provisions or regulations result in obligations to store data that apply to us, such as:

Erasure deadlines

- We store the data of existing customers as long as the business relationship is maintained. Once it is over, we store the contact data for as long as the aforementioned statutory provision requires this (up to 30 years).

- All invoicing data is stored in accordance with the statutory retention data (usually for 7 years) and subsequently erased or anonymised, insofar as the aforementioned special regulations do not standardise a deviation therefrom.


- Beyond our internal access-authorised employees, only the invoicing data will be disclosed to our tax advisors (and thus to third parties).

ad 2. Applicants

From some candidates, we receive personal data in letters of application and CVs. But we also approach some candidates proactively, who have been recommended to us, or whose profile stood out to us as being promising. In addition to the contact data, professional experiences, insights, interests and leisure time occupations, which we receive in the letter of application and CV, we also record the status of the recruitment phase and the first impressions that we have gained from the first interview that took place at our company.

Legal basis

- In the case of applicants who send us their data themselves, the processing serves precontractual purposes.

- Whenever we proactively approach potential employees, we act on the basis of our legitimate interest in expanding our team with the best minds in the industry and making applicants an attractive offer.

- In the best case, we reach an agreement and are pleased about the addition to our team. However, the profile does not always exactly fit the post that has just become vacant, even if we do find it very interesting. In such cases, we ask the applicant(s) for their consent to our keeping their data on record.

Erasure deadlines

- If an employment relationship with potential employees does not materialise, the data are kept for 6 months in order to be able to respond to legal claims if necessary. Only with the consent of applicants to keeping their data on record will the data be kept, until their consent is revoked at the latest.


- The only people with access to applicant data are those responsible internally for recruitment and the relevant managers. The personal data of applicants is not disclosed to third parties.

ad 3. Server log files

As the host of this website, UPC collects data about access to the site and saves them as "server log files". The following data is logged in this way:

- website visited

- time of access

- amount of data sent in bytes

- source / referral from which you arrived at this site

- browser used

- operating system used

- IP address used

The data collected is used solely for the purpose of statistical evaluations and to improve the website. However, the website operator reserves the right to subsequently check the server log files if there are concrete indications of illegal use.

ad 4. Client details and special categories of personal data (especially health data)

We process your personal data or your health data (special categories of personal data in accordance with Article 9 GDPR) in order to fulfil mandate agreements concluded with the respective data controllers. They may be disclosed to third parties exclusively within the context of the existing mandate conditions and only for their proper performance, not however to other countries.

Your rights in respect of your personal data

In principle, you have the rights to information, rectification, correction, erasure, restriction, data portability and objection.

When we process your data based on your consent (e.g. in the event of our keeping your data on record for future job opportunities), you can revoke your consent at any time simply by sending us an e-mail. Processing remains lawful until such revocation.

You can contact us via

If you believe that the processing of your data violates data protection law or your data protection rights have been otherwise violated in any way, you can complain to the supervisory authority. In Austria, the Datenschutzbehörde at Wickenburggasse 8, A-1080 Vienna, Tel.: 0043 (0) 1 52 152 -0,, is responsible.

Data Controller and contact

Responsible for the processing of (personal) data are:

You can reach each of these data controllers at the e-mail address

If you contact us by using the form on the website or by e-mail, we will store the data you provide for six months for the purpose of processing your enquiry and in the event of followup questions. These data will not be disclosed without your consent.

Right to modification

This privacy policy refers to the respective applicable law. We expressly reserve the right to make changes and adjustments to the above information in the future. Therefore, we recommend that you read this information on a regular basis, to keep your knowledge of the use of personal data and data protection in the law practice of Lackner, Burger, Ulrich up to date.