Articles

Privacy policy website and fanpages

This privacy policy describes how Jarolim Partner Rechtsanwälte GmbH (hereinafter "JP") processes your personal data. 

1. Controller

The controller within the meaning of the General Data Protection Regulation ("GDPR") is Jarolim Partner Rechtsanwälte GmbH.

Address: Volksgartenstraße 3/2nd floor, 1010 Vienna, Austria

Tel.no.: 0043 1 253 7000

Email: This email address is being protected from spambots. You need JavaScript enabled to view it.

Website: http://www.jarolim.at 

2. Personal data and data processing

Personal data is information that relates to an identified or identifiable natural person (so-called "data subject"). Examples include name, address, e-mail address, telephone number, date of birth, age, gender or social security number - in the area of insurance brokerage, in particular also customer, policy and claim numbers. In addition, there are also special categories of personal data (so-called "sensitive data"). The GDPR understands this to include, for example, health data or data in connection with criminal proceedings. Personal data is only collected if you provide it yourself. In the context of using the website, cookies are processed, more about this under point 6 of this privacy policy. 

Data processing when contacting us: Should you contact JP via e-mail, telephone, the website or otherwise, e.g. via the fanpages, the data necessary to respond to your inquiry will be processed (legal basis: Art 6 para 1 a), b) and f) GDPR). This includes in particular: 

• First and last name

• E-mail address and phone number

• Other personal data provided by you

If you do not wish to disclose any personal data to JP, JP cannot establish a business relationship with you or respond to any inquiries. 

3. Automated decision making according to Art 22 GDPR

JP does not use automated decision making according to Art 22 GDPR. 

4. Legal bases of data processing

JP collects, processes and uses your personal data exclusively if a legal basis as described in Art 6 para 1 GDPR is given. Your data will be processed in particular on the basis of the following legal bases: 

4.1 Consent - Art 6 para 1 lit a GDPR

The processing of such data is based on your consent, provided that you give such consent when contacting us. Sensitive data (Art 9 GDPR) that you disclose to JP in the context of website use will also be processed on the basis of consent. The scope and purposes of the processing depend on the underlying declaration of consent. You may revoke a given consent at any time with effect for the future by notifying JP of the revocation at any time by telephone at 0043 1 253 7000, by e-mail to This email address is being protected from spambots. You need JavaScript enabled to view it.or by post to Jarolim Partner Rechtsanwälte GmbH, Volksgartenstraße 3/2nd floor, 1010 Vienna, Austria. 

4.2 For the fulfillment of a contract - Art 6 para 1 lit b GDPR

All processing that JP has to carry out in connection with the performance of a contract is based on the legal basis of Art 6 para 1 lit b GDPR. This also includes data that JP processes on the basis of pre-contractual obligations. 

4.3Legal obligations - Art 6 para 1 lit c GDPR

If JP is subject to a legal obligation on the basis of which the processing of personal data is required, Art 6 para 1 lit c GDPR serves as the legal basis.

4.4 Legitimate interest - Art 6 para 1 lit f GDPR

If the processing of personal data is necessary to protect a legitimate interest of JP or a third party, Art 6 para 1 lit f GDPR serves as the legal basis. A legitimate interest of JP consists in particular in,

i) ensure the operation and management of the website;

ii) to be able to carry out direct marketing activities;

iii) To ensure network and data security, but only to the extent that our legitimate interest is consistent with applicable law and with the rights and freedoms of our users;

iv) to be able to assert, exercise or defend legal claims. 

5. Transmission to third parties

Due to the complexity of certain data processing processes today, it has become essential to provide certain services with the assistance of third parties. For this purpose, JP uses external service providers, e.g. for web hosting and IT systems, to whom your data is provided for this purpose. These service providers are processors within the meaning of Art. 28 GDPR, who are contractually obligated to treat your data confidentially and to process your data only within the scope of their service provision. These processors include in particular the following:

• World4You Internet Services GmbH

• Ursula Ranft Communications e.U.

• XOXO Websolutions e.U.

If applicable, the possible recipient of your personal data is located outside the European Union or processes your personal data there. The level of data protection in other countries may not correspond to that in Austria. However, JP will only transfer your personal data to countries that have an adequate level of data protection according to the EU Commission. Alternatively, JP takes measures to ensure that all recipients have an adequate level of data protection, such as entering into agreements in accordance with the standard contractual clauses (2010/87/EC and/or 2004/915/EC) .

Under certain circumstances, JP may be required by law to disclose your data to, for example, supervisory authorities and law enforcement agencies. However, this is only to the extent necessary for the prevention and/or detection of fraud and other criminal offences or to ensure network and data security.

6. Cookies 

JP uses cookies on the website. A cookie is a small text file that stores Internet settings. Almost every website uses cookie technology. It is downloaded by your internet browser the first time you visit a website. The next time you visit this website with the same terminal device, the cookie and the information stored in it is either sent back to the website that generated it (first party cookie) or sent to another website to which it belongs (third party cookie). As a result, the website recognizes that you have been visited before with this browser and, in some cases, varies the content displayed. Some cookies are extremely useful, as they can improve the user experience when you return to a website that you have already visited several times. Provided that you use the same terminal and the same browser as before, cookies remember, for example, your preferences, communicate how you use a page and adapt the offers displayed to your personal interests and needs.

Essentially, there are the following types of cookies:

• Absolutely necessary cookies, also called "strictly necessary", ensure functions without which you could not use this website as intended. These cookies are used exclusively by JP and are therefore so-called first party cookies. They are only stored on your computer during the current browser session. Such cookies ensure, for example, if necessary, the functionality of a change from http to https during a page change and thus the compliance with increased security requirements for data transmission. In addition, such a cookie also saves your decision regarding the use of cookies on the website. 

• First party cookies requiring consent on this website: Cookies, which by purely legal definition are not absolutely necessary to use the website, nevertheless perform important tasks. Without these cookies, functions that enable comfortable surfing on the website are no longer available and would therefore have to be requested again on every page.

If you delete all your cookies at a later time, it will be necessary to perform the opt-out process again; as well as if you visit this website from other computers. If your security settings are too high and the cookie is blocked, JP will not be able to perform your opt-out request. You will be notified in this case and should repeat the opt-out process with lower security settings.

The JP website processes the following cookies in addition to "strictly necessary" cookies:

• CookieConsent: Used to store consent to cookie usage.

• Functional cookies to ensure the performance of the website.

• Performance cookies to improve the user experience.

7. Server Log Files 

In order to optimize the website in terms of system performance, user-friendliness and provision of useful information about services, the provider of the website automatically collects and stores information in so-called server log files, which your browser automatically transmits to JP. This includes your internet protocol address (IP address), browser and language setting, operating system, referrer URL, your internet service provider and date/time as well as the accessed content. This data is not merged with personal data sources. JP reserves the right to check this data retrospectively if concrete indications of illegal use become known.

8. Facebook fanpage 

JP has a fan page on Facebook. This fan page is the company's user account for contacting users on Facebook. Fan page operators can use the "Facebook Insight" function. This compiles anonymized statistical data about visitors to the fan page. Facebook collects this data by setting cookies. Personal data is therefore processed each time this fan page is visited. The processing of this data also takes place if you are not logged in/registered on Facebook. Thus, JP as the operator of the Fanpage is jointly responsible with Facebook within the meaning of Art 26 GDPR.

Registered users: As part of the registration process with Facebook, you agree to the terms of use or data protection and cookie provisions. JP has no influence on these. If you visit the JP fanpage as a registered user, your data will be collected and processed as specified in these terms and conditions.

Non-registered users: By calling up a subpage of the Fanpage, you give your consent to the processing of your personal data by Facebook (Art 6 para 1 lit a GDPR).

The personal data is stored by Facebook and passed on to JP anonymously in statistical form, which is why it is not possible for JP to pass it on to third parties in identifiable form. The information to whom (as recipients) your personal data is transferred can be found specifically in Facebook's privacy information (https://www.facebook.com/privacy/explanation) and cookie policy (https://www.facebook.com/policies/cookies/).

Categories of data that JP receives in anonymous form from Facebook:

1. Information about the users and their interactions

   1. Users who "like" the fan page: Gender, place of residence, language, age;

   2. Reached users: Those for whom posts JP were placed in the last 28 days;

   3. Interacting users: Users who have interacted with the site in the last 28 days (e.g. by tagging, "liking", etc.);

   4. Medium of users: Whether the access/interaction with the fan page content happens via PC or mobile device;

   5. Fan page views via Facebook or external links that lead to the fan page; 

   6. Clicking buttons (e.g. website, "plan route" button);

   7. the frequency of hits via the fan page preview (when the mouse is hovered over the name or profile picture of the page); 

   8. Online times of users who "like" the fan page;

   9. Information about the success (reach and interaction) of the posts;

   10. Interactions in disaggregated form: Negative (hidden posts, spam messages, "disliked" comments) and positive ("liked", other reactions to posts, etc) interactions. 

2. Like" information

   1. Total number for the fan page; number of new entries; 

   2. Breakdown of data by origin, age, gender, language;

   3. the number of subscriptions to the page. 

3. Range information

   1. For contributions: Number of people who were provided posts by JP, broken down by paid and organic reach;

   2. total reach, that is, the number of users to whom actions of the page of JP were displayed; 

   3. Information about video views, including more detailed information about the length of the view. 

If you have consented to the processing of your data, you have the right to revoke this consent at any time, but this does not affect the lawful data processing that has taken place up to that point. When exercising your rights as a data subject, as well as when revoking your consent, we refer you to the data protection information on Page Insights data from Facebook (https://de-de.facebook.com/legal/terms/information_about_page_insights_data) and to the forms contained/linked therein. Alternatively, you are free to contact Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland by post with your requests.

9. Instagram fanpage

JP also has an Instagram fan page. This fan page is the company's user account for contacting users on Instagram. Fan page operators can use the "Instagram Insight" function. This compiles anonymized statistical data about visitors to the fan page. Instagram collects this data by setting cookies. Personal data is therefore processed each time this fan page is visited. JP, as the operator of the fan page, is therefore jointly responsible with Instagram (Facebook is also the operator here) in accordance with Art 26 GDPR.

Registered users: As part of the registration process on Instagram, you agree to the terms of use, privacy policy and cookie policy. JP has no influence on these. If you visit the JP Fanpage as a registered user, your data will be collected and processed as set out in these terms and conditions.

Non-registered users: By calling up a subpage of the Fanpage, you give your consent to the processing of your personal data by Facebook (Art 6 para 1 lit a GDPR).

The personal data is stored by Instagram and shared anonymously with JP in statistical form, which is why it is not possible for JP to share it with third parties in identifiable form. The information to whom (as recipients) your personal data is transferred can be found specifically in Instagram's privacy information (https://de-de.facebook.com/help/instagram/519522125107875/?helpref=hc_fnav&bc[0]=Instagram help section&bc[1]=Policies%20and%20Messages) and cookie policy (https://de-de.facebook.com/help/instagram/1896641480634370/?helpref=hc_fnav&bc[0]=Instagram help section&bc[1]=Policies%20and%20Messages).

Categories of data that JP receives in anonymous form from Instagram:

• "Overview": overview of the last seven or 30 days of how many accounts were reached and how many interactions and subscribers were achieved in total.

• "Reached accounts": In this metric, JP gets information about the account's reach and impressions, e.g. profile views and website visits. When adding an action button, JP can see how often it was tapped. JP can then see, for example, data on clicks on call, e-mail, SMS, website and "plan route" buttons.

• "Content interactions": This metric provides JP with breakdowns of content interactions, such as likes, comments, replies, and values that indicate how often the content was shared or saved.

• "Total number of subscribers": These insights include information such as the growth in the number of subscribers, the main locations and age range of subscribers, and at what times JP fanpage subscribers are most active on Instagram.

• It is also possible to retrieve insights on individual content, again providing information on interactions and subscribers.

If you have consented to the processing of your data, you have the right to revoke this consent at any time, but this does not affect the lawful data processing that has taken place up to that point. When exercising your rights as a data subject, as well as when revoking your consent, we refer you to Instagram's privacy policy and to the forms contained/linked therein. Alternatively, you are free to contact Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland by post with your requests.

10. LinkedIn fanpage

JP has a fan page on LinkedIn. This fan page is the company's user account for contacting users on LinkedIn. Fan page operators can use the "LinkedIn Insight" function. This compiles anonymized statistical data about visitors to the fan page. LinkedIn collects this data by setting cookies. Personal data is therefore processed each time this fan page is visited. The processing of this data also takes place if you are not logged in/registered on LinkedIn. Thus, JP as the operator of the Fanpage is jointly responsible with LinkedIn within the meaning of Art 26 GDPR.

Registered users: As part of the registration process with LinkedIn, you agree to the terms of use or data protection and cookie provisions. JP has no influence on these. If you visit the JP Fanpage as a registered user, your data will be collected and processed as set out in these terms and conditions. 

Non-registered users: By calling up a subpage of the Fanpage, you give your consent to the processing of your personal data by Facebook (Art 6 para 1 lit a GDPR). 

The personal data is stored by LinkedIn and passed on to JP anonymously in statistical form, which is why it is not possible for JP to process it to third parties in identifiable form. The information to whom (as recipients) your personal data is transferred can be found specifically in Facebook's Privacy Policy (https://www.linkedin.com/legal/privacy-policy) and Cookie Policy (https://www.linkedin.com/legal/cookie-policy).

Categories of data that JP receives in anonymous form from LinkedIn: 

• Statistics about members, their profession or industry 

• Calculation of switched or clicked advertisements 

• Visitor demographics

• Additional Insight features can be found in LinkedIn's Privacy Policy and Cookies Policy linked above. 

If you have consented to the processing of your data, you have the right to revoke this consent at any time, but this does not affect the lawful data processing that has taken place up to that point. When exercising your rights as a data subject, as well as when revoking consent, we refer you to LinkedIn's user agreement (https://de.linkedin.com/legal/user-agreement?) and to the forms contained/linked therein. Alternatively, you are free to contact LinkedIn Ireland Unlimited Company ("LinkedIn Ireland"), Wilton Place, Dublin 2, Ireland by post with your requests.

11. Data security and data retention 

Your personal data is protected by appropriate organizational and technical precautions. These precautions relate in particular to the protection against unauthorized, illegal or even accidental access, processing, loss, use and manipulation of your personal data. Notwithstanding our efforts to maintain an appropriately high level of due diligence at all times, it cannot be ruled out that information you disclose to JP via the Internet may be viewed and used by other persons. Please note that no liability whatsoever will therefore be accepted for the disclosure of information due to errors in data transmission not caused by JP and/or unauthorized access by third parties (e.g. hacking attack on email account or telephone, interception of faxes).

Your personal data will be processed as long as this is necessary for the fulfillment of contractual or legal retention obligations, for the defense of any liability claims and for the duration of the declaration of consent. JP will ensure that your personal data is treated in accordance with this data protection notice for the entire period.

JP deletes contact data three months after contact has been made, provided that no contractual relationship or declaration of consent subsequently arises. 

12. Your rights as a data subject

As a data subject you have, among others, the following rights in terms of the GDPR: 

• The right to information about your stored personal data, its origin and recipient and the purpose of data processing. 

• Furthermore, you have the right to correct and transfer your data and, if necessary, to object, to restrict the processing or to delete processed data.

Your request for information, deletion, correction, objection and/or data transfer can be sent to the e-mail address This email address is being protected from spambots. You need JavaScript enabled to view it.

If you are of the opinion that the processing of your personal data by JP violates applicable data protection law or that your data protection rights have been violated in any other way, you have the possibility to complain to the competent supervisory authority. In Austria, the competent authority for this is the data protection authority (www.dsb.gv.at). 

13. Changes to the privacy notice 

JP reserves the right to adapt this data protection information if necessary, for example due to technical developments or legal changes, or to update it in connection with the offer of new services or products. The updated data protection notice will be published on the website http://www.jarolim.at. Please check the relevant page regularly.

Current status: May 2021