Data privacy statement
1. Data privacy at a glance
General information
The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data are all data by means of which you can be personally identified. Detailed information on the topic of data privacy can be found in the data privacy statement provided under this text.
Recording of data on this website
Who is responsible for the recording of data on this website?
Data are processed on this website by the website operator. You can find the latter's contact details in the section “Information about the controller” in this data privacy statement.
How do we record your data?
Your data are firstly collected by you telling them to us. These can be e.g. data that you enter in a contact form.
Other data are recorded by our IT systems automatically or after your consent when you visit the website. These are primarily technical data (e.g. Internet browser, operating system or time when the page is retrieved). These data are recorded automatically as soon as you visit this website.
What do we use your data for?
Some of the data are collected in order to guarantee an error-free provision of the website. Other data can be used to analyse your user behaviour.
What rights do you have with regard to your data?
At all times, you have the right to receive information free of charge about the origin, recipient and purpose of your saved personal data. You also have a right to request the rectification or erasure of these data. If you have given consent to data processing, you can revoke this consent at any time with effect for the future. You also have the right to request the restriction of the processing of your personal data under certain circumstances. In addition, you have the right to appeal to the responsible supervisory authority.
Please feel free to contact us at any time in this regard and also if you have further questions relating to matters of data privacy.
2. Hosting and Content Delivery Networks (CDN)
External hosting
This website is hosted at an external service provider (hoster). The personal data that are recorded on this website are saved on the servers of the hoster. These can be primarily IP addresses, contact requests, meta and communication data, contract data, contact details, names, web page visits and other data that are generated via a website.
The hoster is used for the purpose of fulfilling the contract towards our potential and existing customers (Art. 6 Para. 1 letter b GDPR) and in the interest of a secure, fast and efficient provision of our online offering by a professional provider (Art. 6 Para. 1 letter f GDPR).
Our hoster will only process your data to the extent required to fulfil its performance obligations and will comply with our instructions with regard to these data.
3. General and mandatory information
Data privacy
The operator of this website takes the protection of your personal data very seriously. We treat your personal details as confidential and in accordance with the statutory data privacy regulations and this data privacy statement.
Various personal data are collected when you visit this website. Personal data are data by means of which you can be personally identified. This data privacy statement explains which data we collect and what we use them for. It also explains how and for which purpose this is done.
We would like to point out that the transmission of data over the Internet (e.g. when communicating by e-mail) can have security gaps. Seamless protection of the data against access by third parties is not possible.
Information regarding the controller
The controller for the data processing on this website is:
Dr. Bettina Ehrhardt-Felkl
1030 Vienna, Rudolf von Alt Platz 7/3
Tel: 01 / 715 51 00
E-mail: gesundheit@ordination.or.at
The controller is the natural or legal entity who decides alone or jointly with others on the purposes and means of processing personal data (e.g. names, e-mail addresses, etc.).
Duration of retention
If no more specific duration of retention has been named in this data privacy statement, your personal data are retained by us until the purpose for the data processing no longer exists. If you file a legitimate request for deletion or revoke consent to data processing, your data will be deleted unless we have other grounds that are legally permissible to save your personal data (e.g. retention periods under fiscal or commercial law); in the latter case, the deletion will be done after these grounds no longer exist.
General information on the legal bases of data processing on this website
If you have consented to the data processing, we process your personal data on the basis of Art. 6 Para. 1 letter a GDPR or Art. 9 Para. 2 letter a GDPR if special categories of data according to Art. 9 Para. 1 GDPR are processed. In the event of explicit consent to the transfer of personal data to third countries, the data processing is also done on the basis of Art. 49 Para. 1 letter a GDPR. If you have agreed to the saving of cookies or to access to information on your terminal (e.g. via device fingerprinting), the data processing will also be done on the basis of Section 25 Para. 1 of the Telecommunications-Telemedia Data Privacy Act (TTDSG). Consent may be revoked at any time. If your data are necessary to fulfil the contract or to implement pre-contractual measures, we process your data on the basis of Art. 6 Para. 1 letter b GDPR. We also process your data if this is necessary to fulfil a legal obligation on the basis of Art. 6 Para. 1 letter c GDPR. The data can also be processed on the basis of our legitimate interest according to Art. 6 Para. 1 letter f GDPR. Information on the legal bases relevant in individual cases is provided in the following paragraphs of this data privacy statement.
Information on the transfer of data to the US and other third countries
We use, among others, tools from companies who have their registered office in the US or other third countries that are not secure under data privacy law. If these tools are active, your personal data can be transferred to these third countries and processed there. We would like to point out that no level of data privacy comparable to that in the EU can be guaranteed in these countries. For example, US companies are obligated to surrender personal data to security authorities without you as a data subject being able to take judicial steps against this. It can therefore not be ruled out that US authorities (e.g. secret services) process, analyse and permanently save your data on US servers for surveillance purposes. We do not have any influence on these processing activities.
Revocation of your consent to the data processing
Many data processing processes are only possible with your explicit consent. You can revoke consent that you have given at any time. The lawfulness of the data processing carried out until revocation remains unaffected by the revocation.
Right of objection against the collection of data in special cases and against direct advertising (Art. 21 GDPR)
IF THE DATA PROCESSING IS DONE ON THE BASIS OF ART. 6 PARA. 1 LETTER E OR F GDPR, YOU HAVE THE RIGHT AT ANY TIME, FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION, TO FILE AN OBJECTION TO THE PROCESSING OF YOUR PERSONAL DATA; THIS ALSO APPLIES FOR A PROFILING BASED ON THESE PROVISIONS. THE RESPECTIVE LEGAL BASIS ON WHICH A PROCESSING IS BASED CAN BE FOUND IN THIS DATA PRIVACY STATEMENT. IF YOU FILE AN OBJECTION, WE WILL NO LONGER PROCESS YOUR PERSONAL DATA AFFECTED UNLESS WE CAN PROVE MANDATORY PROTECTABLE GROUNDS FOR THE PROCESSING THAT OUTWEIGH YOUR INTERESTS, RIGHTS AND FREEDOMS OR THE PROCESSING SERVES TO FILE, EXERCISE OR DEFEND LEGAL CLAIMS (RIGHT OF OBJECTION PURSUANT TO ART. 21 PARA. 1 GDPR).
IF YOUR PERSONAL DATA ARE PROCESSED IN ORDER TO CARRY OUT DIRECT ADVERTISING, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING OF PERSONAL DATA RELATING TO YOU FOR THE PURPOSE OF SUCH ADVERTISING; THIS ALSO APPLIES FOR PROFILING IF IT IS ASSOCIATED WITH SUCH DIRECT ADVERTISING. IF YOU OBJECT, YOUR PERSONAL DATA WILL THEN NO LONGER BE USED FOR THE PURPOSE OF DIRECT ADVERTISING (OBJECTION PURSUANT TO ART. 21 PARA. 2 GDPR).
Right to appeal to the responsible supervisory authority
In the event of breaches against the GDPR, the data subjects have the right to appeal to a supervisory authority, in particular in the Member State of their habitual abode, their place of work or the place of the suspected breach. The right of appeal exists irrespective of other legal aids existing under administrative law or by judicial means.
Right to data portability
You have the right to have data that we automatically process on the basis of your consent or in fulfilment of a contract handed over to you or to a third party in a conventional, machine-readable format. If you request the direct transmission of the data to another controller, this will only be done if it is technically possible.
Information, erasure and rectification
Within the framework of the valid statutory provisions you have the right at any time to free-of-charge information about your saved personal data, their origin and recipient and the purpose of the data processing and, if applicable, a right to rectification or erasure of these data. Please feel free to contact us at any time in this regard and also if you have further questions relating to personal data.
Right to restriction of the processing
You have the right to request the restriction of the processing of your personal data. Please feel free to contact us at any time in this regard. The right to restriction of the processing exists in the following cases:
- If you dispute the accuracy of your personal data saved at our company, we usually require time to check this. For the time that we need to check this, you have the right to request the restriction of the processing of your personal data.
- If the processing of your personal data was/is done unlawfully, you can, instead of deletion, request the restriction of the data processing.
- When we no longer require your personal details but you require them to exercise, defend or assert legal claims, you have the right, instead of deletion, to request the restriction of the processing of your personal details.
- If you have filed an objection pursuant to Art. 21 Para. 1 GDPR, a weighing of yours and our interests needs to be done. As long as it is not yet established whose interests outweigh, you have the right to request the restriction of the processing of your personal data.
If you have restricted the processing of your personal data, these data, apart from their saving, may only be processed with your consent or to file, exercise or defend legal claims or to protect the rights of a natural or legal entity or for reasons of an important public interest of the European Union or a Member State.
SSL or TLS encryption
For security reasons and to protect the transmission of confidential content, such as orders or requests that you send to us as the site operator, this site uses SSL or TLS encryption. You can recognise an encrypted connection by the address line of the browser changing from “http://” to “https://” and by the lock symbol in your browser line.
When the SSL or TLS encryption is activated, the data that you send to us cannot be read by third parties.
Objection to promotional e-mails
The usage of contact details published within the framework of the notification of company details obligation to send advertising and information materials not explicitly requested is hereby prohibited. The operator of the site explicitly reserves the right to take legal steps in the event of unsolicited sending of promotional information, for instance through spam e-mails.
4. Recording of data on this website
Cookies
Our website uses so-called “cookies”. Cookies are small data packages and do not cause any damage to your terminal. They are either saved on your terminal temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted after your visit has ended. Permanent cookies remain saved on your terminal until you delete them yourself or they are automatically deleted by your web browser.
Cookies can originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies facilitate the integration of certain services from third-party companies within websites (e.g. cookies for handling payment services).
Cookies have different functions. Many cookies are technically necessary as certain website functions would not work without them (e.g. the shopping cart function or the displaying of videos). Other cookies can be used to analyse user behaviour or for advertising purposes.
Cookies that are required for the implementation of the electronic communication process, for the provision of certain functions required by you (e.g. for the shopping cart function) or to optimise the website (e.g. cookies to measure the web audience) (necessary cookies) are saved on the basis of Art. 6 Para. 1 letter f GDPR if no other legal basis is indicated. The website operator has a legitimate interest in saving necessary cookies for the technically fault-free and optimised provision of its services. If consent to the saving of cookies and comparable recognition technologies has been requested, the processing is done solely on the basis of this consent (Art. 6 Para. 1 letter a GDPR and Section 25 Para. 1 of the Telecommunications-Telemedia Data Privacy Act [TTDSG]); consent can be revoked at any time.
You can set your browser so that you are informed about the setting of cookies and only permit cookies in individual cases, exclude the acceptance of cookies for certain cases or in general, and activate the automatic deletion of the cookies when the browser is closed. When cookies are deactivated, the functionality of this website can be restricted.
You can read in this data privacy statement which cookies and services are used on this website.
Consent with Usercentrics
This website uses the consent technology of Usercentrics in order to obtain your consent to the saving of certain cookies on your terminal or for the use of certain technologies and to document it in compliance with data privacy law. The provider of this technology is Usercentrics GmbH, Sendlinger Straße 7, 80331 Munich, website: https://usercentrics.com/de/ (hereinafter “Usercentrics”).
When you visit our website, the following personal data are transmitted to Usercentrics:
- Your consent or revocation of your consent
- Your IP address
- Information about your browser
- Information about your terminal
- Time of your visit to the website
In addition, Usercentrics saves a cookie in your browser in order to be able to assign the consent or revocation to you. The data recorded in this way are saved until you ask us to delete them, delete the Usercentrics cookie yourself or the purpose for saving the data no longer exists. Mandatory statutory retention obligations remain unaffected.
Usercentrics is used in order to obtain the consent specified by law for the use of certain technologies. The legal basis for this is Art. 6 Para. 1 letter c of the GDPR
Cookie settings
Contract processing
We have concluded a contract regarding contract processing for the use of the aforementioned service. This is a contract specified by data privacy law that guarantees that the contract processor only uses the personal data of our website visitors according to our instructions and in compliance with the GDPR.
Server log files
The provider of the pages automatically collects and saves information in so-called server log files that your browser automatically sends to us. These are:
- browser type and browser version
- operating system used
- referrer URL
- host name of the accessing computer
- time of the server request
- IP address
These data are not merged with other sources of data.
These data are recorded on the basis of Art. 6 Para. 1 letter f GDPR. The website operator has a legitimate interest in the technically fault-free depiction and optimisation of its website – the server log files have to be recorded for this purpose.
Request by e-mail, telephone or fax
When you contact us by e-mail, telephone or fax, your request along with any resulting personal data (name, request) are saved and processed at our company for the purpose of handling your request. We do not share these data without your consent.
These data are processed on the basis of Art. 6 Para. 1 letter b of the GDPR if your request is associated with the fulfilment of a contract or is necessary to implement pre-contractual measures. In all other cases, the processing is based on our legitimate interest in the effective processing of the requests addressed to us (Art. 6 Para. 1 letter f of the GDPR) or on your consent (Art. 6 Para. 1 letter a GDPR) if this was requested; consent can be revoked at any time.
The data sent by you to us my means of contact requests remain at our company until you ask us to delete them, revoke your consent to them being saved or the purpose for saving the data no longer exists (e.g. after the processing of your request has been completed). Mandatory statutory provisions – in particular statutory retention periods – remain unaffected.
5. Plug-ins and tools
Google Maps
This site uses the map service Google Maps. The provider is Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
To use the functions of Google Maps, it is necessary to save your IP address. This information is usually transmitted to a server belonging to Google in the US and saved there. The provider of this site does not have any influence over this data transfer. When Google Maps is activated, Google can use Google Fonts for the purpose of depicting the fonts in a uniform way. When Google Maps is called up, your browser loads the required web fonts into your browser cache in order to display texts and fonts correctly.
Google Maps is used in the interest of depicting our online offerings in an appealing way and to make it easy to find the locations indicated by us on the website. This constitutes a legitimate interest pursuant to Art. 6 Para. 1 letter f of the GDPR. If corresponding consent has been requested, the processing is done solely on the basis of Art. 6 Para. 1 letter a of the GDPR and Section 25 Para. 1 of the Telecommunications-Telemedia Data Privacy Act (TTDSG) if the consent includes the saving of cookies or the access to information on the user's terminal (e.g. device fingerprinting) pursuant to the TTDSG. Consent may be revoked at any time.
Transmission of the data to the US is based on the standard contractual clauses of the EU Commission. Details can be found here: https://privacy.google.com/businesses/gdprcontrollerterms/ und https://privacy.google.com/businesses/gdprcontrollerterms/sccs/.
Further information on the handling of user data can be found in the data privacy statement of Google: https://policies.google.com/privacy?hl=de.