Privacy Policy


(Last update: March 2024)


1.1 This Privacy Notice (this "Notice") explains how your personal data is processed by Österreichische Vereinigung für Schiedsgerichtsbarkeit, Verein zur Förderung der Schiedsgerichtsbarkeit, Reichsratsstraße 11/11, A-1010 Vienna, Austria, ZVR 791071992, as the data controller ("Arb|Aut" or "we") when you visit our websites (,, or our (social) media channels, register for our newsletter, attain our events, or become a member of Arb|Aut (including Young Austrian Arbitration Practitioners ["YAAP"]).

1.2 We process your personal data in accordance with the EU General Data Protection Regulation ("GDPR") and applicable national data protection laws. Unless otherwise defined in this Notice, the terms used herein shall have the same meaning as defined in the GDPR.


2.1 Arb|Aut Members (including members of YAAP)

2.1.1 If you become a member of Arb|Aut we process the personal data you provide to us for the purpose of (i) managing your membership and participation (Art 6(1) b GDPR – performance of contract), (ii) providing you updates on Arb|Aut, our events or other relevant news (as described in 2.3 below), and (iii) publishing your profile on our websites in line with the purpose of our association and our legitimate interests to support national and international arbitration (Art 6(1) f GDPR) and as voluntarily provided by you (Art 6(1) a GDPR - consent).

2.1.2 We process your name, title, firm, position, area of specialisation / arbitration experience, address, contact (phone, E-Mail, website, social networks), date of birth, languages, nationality, membership status and payments, professional experience (e.g. bar admission; education, publications, professional associations), login credentials (username, password, secret key). Some of the data we request in connection with our above services may be marked as mandatory fields. You are not required to provide these data. However, without providing this information we may not be able to process your request or provide our services.

2.1.3 By default, we will only publish your base data (name, firm, contact) and general information (e.g. area of specialization, languages, nationality, membership status) to be used by visitors to search for relevant experts on our website. You can object to this processing at any time (see contact below).

2.1.4 Additionally, you are free to add, change or remove information to your profile via the "Login for Members" section on our website (Art 6(1) a GDPR - consent). You are free to remove your information at any time or contact us to withdraw your consent (see contact below).

2.2 Arb|Aut Board members (including board members of YAAP)

2.2.1 In addition to the above, data of board members (name, company, contact, photo) is published for representational purposes (Art 6(1) f GDPR) – legitimate interests).

2.3 Newsletter

2.3.1 If you are a member of Arb|Aut or you have subscribed to our newsletter, the personal data you provide to us (e.g. name, email address) will be processed for the purpose of sending you updates on our association, our events and other relevant arbitration news. We process your personal data based on our legitimate interests to inform our members of our activities or based on your consent. If you wish to no longer receive regular updates from us, you may unsubscribe at any time by writing us at the contact below.

2.4 Events

2.4.1 Registration: We also process your registration and payment data for event fees in order to provide our services and to comply with retention obligations of tax and company laws for up to seven years after the end of the respective financial year (Art 6 para 1 lit b and c GDPR).

2.4.2 Recordings: We may process photos and videos of our events within the framework of our legitimate interests (Art 6 (1) lit f DSGVO) for documentation and publication purposes (e.g. event photos, videos of the podium, interviews and participants). You have the right to object to such processing on grounds relating to your particular situation (see contact below).

2.5 Website and Cookies

2.6 You can visit our website without actively providing us with information about you. In this case we collect certain data that your browser transmits to our website server (i.e. access logs) as well as data that we collect via the use of cookies or similar technologies. The following explanations shall serve to inform you about the different ways we may collect personal data about you on our website and for what lawful purposes we may use them.

2.6.1 Log files: Our log files contain the following information: (i) date and time of retrieval of our website, (ii) type, version and settings of your web-browser, (iii) your operating system and internet service provider, (iv) requested pages and files, (v) website used prior to visiting our website as well as (vi) your IP-address. The IP address is a specific number assigned to your computer which enables your device to communicate in a network using the Internet Protocol (IP). The processing of these log files is necessary for us to maintain the functionality, stability and security of our website. We may also process them for the purpose of forensic investigations in the case of a security incident or in order to generate user statistics. For statistical purposes your IP-address is used in anonymized form only (Art 6(1) f GDPR – legitimate interest in maintaining functionality, stability and security of our website). Log files are generally kept for a period of three months. Beyond this time period log files will only be stored for the purpose of investigating irregularities or security incidents in our system.

2.6.2 Cookies: This website uses cookies. Cookies are small text files that may be placed on your device while browsing our website which store certain information about you. Cookies cannot access, read or modify other data stored on your device. When we refer to “cookies” we include other technologies with similar purposes, such as pixel tags.

(a) Necessary cookies: Without necessary cookies the proper functioning of our website would not be possible or only to a limited extent. The use of necessary cookies on our website is possible without your consent (Section 165 Telecommunications Act 2021 – legitimate interest). However, you can deactivate cookies at any time by modifying your browser settings. We use the following cookie(s):

(i) Session Cookie: necessary to identify the user when logged-in (necessary for login) and stored for the time of your session (visit)

(ii) On our website we use the following necessary cookies:

Cookie Name Purpose

Used for security reasons Session

Used for security reasons Session

Used in connection with user login 12 months
Used to indicate the system from which the site was rendered
1 minute

Used for system monitoring/debugging 3 months

wix browser sess
Used for system monitoring/debugging session

Used for cookie banner parameters 12 months

Used for system effectiveness measurement 30 minutes

(b) Optional cookies: These types of cookies may be used to improve our website, optimize your user experience, analyze user behavior or customize marketing activities. Optional cookies may also be placed by external advertising companies ("third party cookies"). Optional cookies will only be used upon your consent which you may provide by clicking "OK" on our website's cookie banner. This consent can be withdrawn at any time with effect for the future. We use the following cookie(s):

(i) None

2.7 Contact

2.7.1 When you contact us, we process those personal data which you voluntarily provide to us (e.g. name, email address, correspondence) for the purpose of answering your questions, fulfilling your requests or otherwise communicating with you (Art 6(1) b GDPR – performance of (pre-)contractual duties and Art 6(1) f GDPR – legitimate interests in documenting requests).

2.8 Social Media (LinkedIn)

2.8.1 Regarding the operation of the individual social media channels we may act as joint controllers together with the respective operator of the platform where this operator is not acting as sole controller. However, we do not have full access to the data processing by the platform operator. Therefore, we recommend reading our privacy policy together with the privacy policy of each platform to get a comprehensive overview. We operate the following (social) media channels:




2.8.2 For the operation of our social media channels we may, within our legitimate interests thereto (Art 6 para 1 lit f GDPR), process:

(a) your personal data, e.g. cookies, when you interact with our social media channels (however, please note, that some data may be collected even if you are not logged in) and

(b) interaction data, e.g. if you communicate with us via our social media channels through posts, comments, personal messages or contact forms.

2.8.3 When interacting with our social media channels we may have access to your publicly visible data (e.g. name and profile picture when you make a public comment on our page). Please review your profile settings to check which data is publicly available and to change which data can be shared by the platform. For more information please read the privacy policies of the respective social media platform.

2.8.4 When interacting with our social media channels we may have access to your publicly visible data (e.g. name and profile picture when you make a public comment on our page). Please review your profile settings to check which data is publicly available and to change which data can be shared by the platform. For more information please read the privacy policies of the respective social media platform.

(a) Total number of followers (i.e. person following our channel)

(b) Reach: number of people who see a specific post; number of interactions with a specific post; this enables us to review which topics are of great interest to our community

(c) Demographic data of users: age, gender, place of residence, language.

(d) Ad performance: How many people were reached by a post or paid ad? How many people have interacted with it?


3.1 For the above-mentioned purposes, we may share your personal data with the following recipients:

▪ IT service providers who provide hosting, maintenance and security services for our website or newsletter

▪ Event hosting services

▪ Banks

▪ Where disclosure is required (i) by law or regulation or (ii) to establish, exercise or defend legal claims, we may also disclose personal data to a competent authority, such as supervisory, regulatory or criminal authorities, courts of law or other third parties who advise us in this context (e.g. lawyers or forensics experts).

3.2 We do not routinely transmit your personal data to countries outside the EU/EEA. However, where personal data is transferred to such third countries, we implement appropriate safeguards to ensure that your rights are protected in accordance with the GDPR. This includes the conclusion of the EU Commission's standard contractual clauses for the transfer of personal data (Art 46(2) c GDPR). Further details on the implemented safeguards as well as copies of the respective agreements are available on request at

3.3 With your consent, we may share your personal data with third parties (e.g. event co-organizers or participants). You can withdraw your consent at any time with effect for the future by sending an email to


4.1 We generally retain your personal data for as long as this is necessary for the fulfilment of the purpose for which they were obtained or as long as you have not withdrawn your consent. Thus, in any case we process your personal data for the duration of our contractual or service relationship with you (e.g. your membership). Beyond this time period we keep your personal data to comply with statutory retention obligations (e.g. to fulfil the 7-year retention obligation under applicable tax and company law). Communication data will be processed until your inquiry is completed or as long as (pre-)contractual obligations apply. Where necessary we may also keep your data for as long as potential legal claims against us are not yet time-barred; for certain claims the statutory limitation period may be up to 30 years.

4.2 As soon as there are no legitimate grounds for the further storage of personal data available, they will either be deleted or anonymized.


5.1 As a data subject you have the following rights under the statutory conditions:

▪ to check whether and what kind of personal data we hold about you and to request copies of such data (right of access)

▪ to request correction, supplementation or deletion of your personal data that is inaccurate or processed in non-compliance with applicable requirements (right to rectification and erasure)

▪ to request us to restrict the processing of your personal data (right to restriction)

▪ in certain circumstances, to object for legitimate reasons to the processing of your personal data and, where you have given your consent, to revoke your consent freely and at any time (right to object or withdraw consent)

▪ to receive the personal data you provided to us in a structured, commonly used and machine-readable format and to transmit those data to another controller (right to data portability)

5.2 We do not process your personal data for the purpose of taking decisions based solely on automated processing, including profiling, which produce legal effects concerning you (Art 22 GDPR).

5.3 To exercise any of the above rights kindly send an email to our contact mentioned below. In addition, you have the right to lodge a complaint with a supervisory authority, if you believe your data protection rights have been violated. For Austria the competent authority is the Data Protection Authority (Datenschutzbehörde).


6.1 We may update this Notice to reflect legal, technical or business changes. When we update this Notice, we will take reasonable steps to inform you about the changes made. You will find the date of the "last update" at the beginning of this Notice.


7.1 Our websites may contain links to third-party websites. We have no control over the content or privacy practices of these other websites. Please read the respective data protection provisions of other websites that you visit.


8.1 Should you have any requests or questions in relation to the processing of your personal data by us, kindly address them to or our office address Österreichische Vereinigung für Schiedsgerichtsbarkeit, Verein zur Förderung der Schiedsgerichtsbarkeit, Reichsratsstraße 11/11, A-1010 Vienna, Austria.