Privacy policy

Responsible for data processing on this website and MedicusUnion APP Subsequently (platform) within the meaning of the General Data Protection Regulation (GDPR), the

MedicusUnion GmbH

Bruno-Marek-Allee 20/50

1020 Vienna

Handelsgericht Wien, FN 556089d

UID-Nummer: ATU 78538628

Contact information data protection officer

Mag. Markus Brodnik

+43 1 99 78 071

This platform uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller). You can recognize an encrypted connection by the string "https: // " and the lock symbol in your browser line.

Status: January 2023

1) Data collection when visiting our platform

If you use our platform for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called "server log files "). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:

  • Our visited website
  • Date and time at the time of access
  • Amount of data sent in bytes
  • Source/reference from which you came to the page
  • Browser used
  • Operating system used

The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. A transfer or other use of the data does not take place. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.

2) Contact

2.3 Personal data is collected when contacting us (e.g. via contact form or e-mail). Which data is collected in the case of a contact form can be seen from the respective contact form. This data will be stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. The legal basis for the processing of this data is the processing of Art. 6 para. 1 lit. b GDPR (necessary for the implementation of pre-contractual measures). Your data will be deleted 3 years after final processing of your request.

3) Data processing for contract processing

ContractWhen you register to use our services, you provide us with basic information such as: Your e-mail address, name, address and date of birth. Which inventory data is collected can be seen from the respective input forms during registration. In accordance with Art. 6 para. 1 lit. b GDPR, personal data is collected and processed if you provide it to us for the execution of the agency contract. We process inventory data (e.g., names and addresses as well as contact data of users), contract data (e.g. services used, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 para. 1 lit b. GDPR. If users have terminated their user account, their data will be deleted with regard to the user account, unless their storage is required for commercial or tax or medical reasons. Art. 6 para. 1 lit. c GDPR. It is the responsibility of the users to back up their data in the event of termination before the end of the contract. We are entitled to irretrievably delete all user data stored during the term of the contract.

If you use our Services to receive a healthcare service, you may provide us with medical data such as medical history, physical condition information, current health information, history, medical image data (including X-ray, CT scan, MRI, PET, ultrasound, mammography) and medical reports. On our website, we therefore offer users the opportunity to allow access to image files and health data via upload function to the corresponding doctor. The data is stored encrypted on a server of Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. The transmission and processing of personal health data is necessary for the conclusion and execution of the findings contract and the provision of the associated services, to which you have given your express consent by concluding the findings contract. We process your health data for health care, for medical diagnostics or for the care or treatment in the health or social sector by the doctor in accordance with Art. 9 para. 2 lit h GDPR or pursuant to Art. 9 para. 2 lit a GDPR, provided that you have given us your express consent.

These express declarations of consent can be revoked in writing without justification and at any time with effect for the future. You can send this revocation to us at the specified e-mail address. However, if the revocation takes place before the conclusion of the health service contract in question, the processing is necessary for this purpose and can then not be carried out.

Encrypted data transport of health data: The data transport is exclusively encrypted.

In addition to these technical security measures, we have created a security concept.

By authenticating the doctor (when the doctor registers on the platform) and the user (when the user registers on the platform), the system checks whether the doctor and the user are authorized for access. Every action is logged.

By default, doctors have access to the health data released by the user for 90 days, but at least for the duration of the treatment contract. Thereafter, the access authorization expires and only becomes active again when the treatment or care relationship is renewed for treatment.

The period of 90 days is intended for the retrieval of further information on the specific treatment or care case, e.g. if findings or further consultations are still pending after a health service has been provided.

4) Use of your data for direct marketing

4.1 Registration for our e-mail newsletter

If you subscribe to our e-mail newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your e-mail address.

By registering, you give us your consent to the use of your personal data in accordance with Art. 6 para. 1 lit. a GDPR. When registering for the newsletter, we store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your e-mail address at a later date. The data collected by us when registering for the newsletter will be used exclusively for purposes of advertising by means of the newsletter. You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending us a corresponding message. After unsubscribing, your e-mail address will be deleted immediately from our newsletter distribution list.

4.2 Sending the e-mail newsletter to existing customers

If you have provided us with your e-mail address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services, such as those already purchased, from our range by e-mail. According to § 107 TKG, we do not have to obtain any separate consent from you for this. In this respect, data processing is carried out solely on the basis of our legitimate interest in personalized direct advertising in accordance with Art. 6 para. 1 lit. f GDPR and § 174 TKG. If you have initially objected to the use of your e-mail address for this purpose, we will not send an e-mail. You are entitled to object to the use of your e-mail address for the aforementioned advertising purpose at any time with effect for the future by notifying us.

5) Data processing for processing

Use of payment service providers (payment services)

Apple PayIf you choose the "Apple Pay" payment method from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment is processed via the "Apple Pay" function of your device operated with iOS, watchOS or macOS by charging a payment card stored with "Apple Pay". Apple Pay uses security features built into your device's hardware and software to protect your transactions. For the release of a payment, it is therefore necessary to enter a code previously defined by you and to verify it using the "Face ID" or "Touch ID" function of your end device. For the purpose of payment processing, your information provided during the ordering process, along with the information about your order, will be transmitted to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before transmitting the data to the payment service provider of the payment card stored in Apple Pay to process the payment. The encryption ensures that only the website through which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the originating website to confirm payment success.If personal data is processed during the described transfers, the processing takes place exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR. Apple retains anonymized transaction data, including the approximate purchase amount, the approximate date and time, and whether the transaction was successfully completed. The anonymization completely excludes a personal reference. Apple uses the anonymized data to improve Apple Pay and other Apple products and services.When you use Apple Pay on your iPhone or Apple Watch to complete a purchase you made through Safari on your Mac, your Mac and authorization device communicate over an encrypted channel on Apple's servers. Apple does not process or store any of this information in a format that identifies you. You can turn off the ability to use Apple Pay on your Mac in your iPhone's preferences. Go to "Wallet & Apple Pay" and uncheck "Allow payments on Mac". Further information on data protection at Apple Pay can be found at the following Internet address:

PayIf you choose the payment method "Google Pay" of Google Ireland Limited, Gordon House, 4 Barrow St, Dublin, D04 E5W5, Ireland ("Google"), payment is processed via the "Google Pay" application of your mobile device operated with at least Android 4.4 ("KitKat") and having an NFC function by the Charging a payment card or a payment system verified with Google Pay (e.g. PayPal). For the release of a payment via Google Pay in the amount of more than 25, - € the previous unlocking of your mobile device by the respective set up verification measure (such as facial recognition, password, fingerprint or pattern) is required. For the purpose of payment processing, your information provided during the ordering process, together with the information about your order, will be passed on to Google. Google then transmits your payment information stored in Google Pay in the form of a one-time transaction number to the originating website, which is used to verify a payment made. This transaction number does not contain any information about the real payment data of your payment methods stored with Google Pay, but is created and transmitted as a one-time numeric token. For all transactions via Google Pay, Google only acts as an intermediary to process the payment process. The transaction is carried out exclusively in the relationship between the user and the originating website by debiting the means of payment stored with Google Pay.If personal data is processed during the described transmissions, the processing takes place exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR. Google reserves the right to collect, store and evaluate certain transaction-specific information for each transaction made via Google Pay. This includes the date, time and amount of the transaction, merchant location and description, a description provided by the merchant of the goods or services purchased, photos you attached to the transaction, the name and email address of the seller and buyer or the sender and recipient, the payment method used, your description of the reason for the transaction and, if applicable, the offer associated with the transaction.According to Google, this processing takes place. exclusively in accordance with Art. 6 (1) (f) GDPR on the basis of the legitimate interest in proper accounting, the verification of transaction data and the optimization and maintenance of the Google Pay service.Google also reserves the right to merge the processed transaction data with other information collected and stored by Google when using other Google services. The terms of use of Google Pay can be found here:

Further information on data protection at Google Pay can be found at the following Internet address:

StripeIf you choose a payment method from the payment service provider Stripe, payment is processed by the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we will provide your information provided during the ordering process together with the information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 para. 1 lit. b GDPR. Further information on Stripe's data protection can be found at the URL Stripe reserves the right to carry out a credit check on the basis of mathematical-statistical procedures in order to safeguard the legitimate interest in determining the solvency of the user. Stripe may transmit the personal data necessary for a credit check and received in the context of payment processing to selected credit agencies, which Stripe discloses to users upon request. The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Among other things, but not exclusively, address data is included in the calculation of the score values. Stripe uses the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding on the right to use the selected payment method.You can object to this processing of your data at any time by sending a message to Stripe or the commissioned credit agencies. However, Stripe may still be entitled to process your personal data if this is necessary for contractual payment processing.

6) Web analysis services

MatomoCertain user information is collected and stored on this website using the web analysis service software Matomo (, a service provided by InnoCraft Ltd., 150 Willis St, 6011 Wellington, New Zealand ("Matomo"). From this information, pseudonymised user profiles can be created and evaluated. The information collected with Matomo technology (including your pseudonymised IP address) is processed on our servers. This website uses Matomo exclusively without the use of cookies, which means that Matomo does not set cookies on your device at any time. All processing described above, in particular the reading of information on the terminal device used, will only be carried out if you have given us your express consent in accordance with Art. 6 para. 1 lit. a GDPR. You can revoke your consent at any time with effect for the future by deactivating this service in the "Cookie Consent Tool" provided on the website

7) Rights of the data subject

7.1 The applicable data protection law grants you comprehensive data subject rights vis-à-vis the controller with regard to the processing of your personal data, about which we inform you below:

  • Right to information pursuant to Article 15 GDPR: In particular, you have a right to information about your personal data processed by us, the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to rectification, deletion, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data, if it was not collected by us from you, the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved and the scope concerning you and the intended effects of such processing, as well as your right to information, what guarantees exist in accordance with Article 46 GDPR when transferring your data to third countries;
  • Right to rectification in accordance with Article 16 GDPR: You have the right to immediate correction of incorrect data concerning you and/or completion of your incomplete data stored by us;
  • Right to erasure pursuant to Article 17 GDPR: You have the right to request the deletion of your personal data if the requirements of Article 17 (1) GDPR are met. However, this right does not exist in particular if the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
  • Right to restriction of processing pursuant to Article 18 GDPR: You have the right to demand the restriction of the processing of your personal data as long as the accuracy of your data disputed by you is verified, if you refuse to delete your data due to inadmissible data processing and instead request the restriction of the processing of your data if you use your data to assert exercise or defence of legal claims after we no longer need this data after the purpose has been achieved or if you have objected for reasons of your particular situation, as long as it is not yet clear whether our legitimate reasons prevail;
  • Right to information pursuant to Article 19 GDPR: If you have asserted your right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.
  • Right to data portability pursuant to Article 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request transmission to another controller, insofar as this is technically feasible;
  • Right to revoke granted consent in accordance with Article 7 (3) GDPR: You have the right to revoke your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation;
  • Right to lodge a complaint pursuant to Article 77 GDPR: If you believe that the processing of personal data concerning you violates the GDPR, you have the right - without prejudice to any other administrative or judicial remedy - to lodge a complaint with a supervisory authority, in Austria the Data Protection Authority

7.2 Right to object

If your personal data is processed on the basis of our overriding interest, you have the right at any time to object to this processing with effect for the future. However, we reserve the right to further processing if there are compelling reasons for further processing.

8) Duration of storage of personal data

The duration of the storage of personal data is determined on the basis of the respective legal basis, the processing purpose and the respective statutory retention period (e.g. medical, corporate and tax retention periods).

When processing personal data on the basis of explicit consent pursuant to Art. 6 para. 1 lit. a GDPR, this data will be stored until the data subject revokes his consent. Personal data will be stored in your account until you delete this data or ask us to do so. Printouts of the data are automatically destroyed after one year of storage.

If there are statutory retention periods for data that are processed within the framework of contractual or quasi-contractual obligations on the basis of Art. 6 para. 1 lit. b GDPR, this data will be routinely deleted after expiry of the retention periods, provided that they are no longer required for the fulfilment or initiation of the contract and/or there is no legitimate interest on our part in further storage.

When processing personal data for the purpose of direct marketing on the basis of Art. 6 para. 1 lit. f GDPR, this data will be stored until the data subject exercises his right of objection pursuant to Art. 21 para. 2 GDPR.

9) The German version is decisive

Translations of this policy into languages other than German are provided for convenience only.

This cookie policy has been created and updated by the Cookie Consent Tool.

This cookie policy has been created and updated by the Cookie Consent Tool.