Responsible for data processing on this website and MedicusUnion APP Subsequently (platform) within the meaning of the General Data Protection Regulation (GDPR), the
Handelsgericht Wien, FN 556089d
UID-Nummer: ATU 78538628
Contact information data protection officer
Mag. Markus Brodnik
T +43 1 99 78 071
This platform uses SSL or TLS encryption for security reasons and to protect the transmission of personal data and other confidential content (e.g. orders or inquiries to the controller). You can recognize an encrypted connection by the string "https: // " and the lock symbol in your browser line.
Status: January 2023
1) Data collection when visiting our platform
If you use our platform for information purposes only, i.e. if you do not register or otherwise provide us with information, we only collect data that your browser transmits to our server (so-called "server log files "). When you visit our website, we collect the following data, which is technically necessary for us to display the website to you:
- Our visited website
- Date and time at the time of access
- Amount of data sent in bytes
- Source/reference from which you came to the page
- Browser used
- Operating system used
The processing is carried out in accordance with Art. 6 para. 1 lit. f GDPR on the basis of our legitimate interest in improving the stability and functionality of our website. A transfer or other use of the data does not take place. However, we reserve the right to check the server log files retrospectively if there are concrete indications of illegal use.
2.3 Personal data is collected when contacting us (e.g. via contact form or e-mail). Which data is collected in the case of a contact form can be seen from the respective contact form. This data will be stored and used exclusively for the purpose of answering your request or for contacting you and the associated technical administration. The legal basis for the processing of this data is the processing of Art. 6 para. 1 lit. b GDPR (necessary for the implementation of pre-contractual measures). Your data will be deleted 3 years after final processing of your request.
3) Data processing for contract processing
ContractWhen you register to use our services, you provide us with basic information such as: Your e-mail address, name, address and date of birth. Which inventory data is collected can be seen from the respective input forms during registration. In accordance with Art. 6 para. 1 lit. b GDPR, personal data is collected and processed if you provide it to us for the execution of the agency contract. We process inventory data (e.g., names and addresses as well as contact data of users), contract data (e.g. services used, payment information) for the purpose of fulfilling our contractual obligations and services in accordance with Art. 6 para. 1 lit b. GDPR. If users have terminated their user account, their data will be deleted with regard to the user account, unless their storage is required for commercial or tax or medical reasons. Art. 6 para. 1 lit. c GDPR. It is the responsibility of the users to back up their data in the event of termination before the end of the contract. We are entitled to irretrievably delete all user data stored during the term of the contract.
If you use our Services to receive a healthcare service, you may provide us with medical data such as medical history, physical condition information, current health information, history, medical image data (including X-ray, CT scan, MRI, PET, ultrasound, mammography) and medical reports. On our website, we therefore offer users the opportunity to allow access to image files and health data via upload function to the corresponding doctor. The data is stored encrypted on a server of Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany. The transmission and processing of personal health data is necessary for the conclusion and execution of the findings contract and the provision of the associated services, to which you have given your express consent by concluding the findings contract. We process your health data for health care, for medical diagnostics or for the care or treatment in the health or social sector by the doctor in accordance with Art. 9 para. 2 lit h GDPR or pursuant to Art. 9 para. 2 lit a GDPR, provided that you have given us your express consent.
These express declarations of consent can be revoked in writing without justification and at any time with effect for the future. You can send this revocation to us at the specified e-mail address. However, if the revocation takes place before the conclusion of the health service contract in question, the processing is necessary for this purpose and can then not be carried out.
Encrypted data transport of health data: The data transport is exclusively encrypted.
In addition to these technical security measures, we have created a security concept.
By authenticating the doctor (when the doctor registers on the platform) and the user (when the user registers on the platform), the system checks whether the doctor and the user are authorized for access. Every action is logged.
By default, doctors have access to the health data released by the user for 90 days, but at least for the duration of the treatment contract. Thereafter, the access authorization expires and only becomes active again when the treatment or care relationship is renewed for treatment.
The period of 90 days is intended for the retrieval of further information on the specific treatment or care case, e.g. if findings or further consultations are still pending after a health service has been provided.
4) Use of your data for direct marketing
4.1 Registration for our e-mail newsletter
If you subscribe to our e-mail newsletter, we will regularly send you information about our offers. The only mandatory information for sending the newsletter is your e-mail address.
By registering, you give us your consent to the use of your personal data in accordance with Art. 6 para. 1 lit. a GDPR. When registering for the newsletter, we store your IP address entered by the Internet Service Provider (ISP) as well as the date and time of registration in order to be able to trace any possible misuse of your e-mail address at a later date. The data collected by us when registering for the newsletter will be used exclusively for purposes of advertising by means of the newsletter. You can unsubscribe from the newsletter at any time via the link provided in the newsletter or by sending us a corresponding message. After unsubscribing, your e-mail address will be deleted immediately from our newsletter distribution list.
4.2 Sending the e-mail newsletter to existing customers
If you have provided us with your e-mail address when purchasing goods or services, we reserve the right to regularly send you offers for similar goods or services, such as those already purchased, from our range by e-mail. According to § 107 TKG, we do not have to obtain any separate consent from you for this. In this respect, data processing is carried out solely on the basis of our legitimate interest in personalized direct advertising in accordance with Art. 6 para. 1 lit. f GDPR and § 174 TKG. If you have initially objected to the use of your e-mail address for this purpose, we will not send an e-mail. You are entitled to object to the use of your e-mail address for the aforementioned advertising purpose at any time with effect for the future by notifying us.
5) Data processing for processing
Use of payment service providers (payment services)
Apple PayIf you choose the "Apple Pay" payment method from Apple Distribution International (Apple), Hollyhill Industrial Estate, Hollyhill, Cork, Ireland, payment is processed via the "Apple Pay" function of your device operated with iOS, watchOS or macOS by charging a payment card stored with "Apple Pay". Apple Pay uses security features built into your device's hardware and software to protect your transactions. For the release of a payment, it is therefore necessary to enter a code previously defined by you and to verify it using the "Face ID" or "Touch ID" function of your end device. For the purpose of payment processing, your information provided during the ordering process, along with the information about your order, will be transmitted to Apple in encrypted form. Apple then encrypts this data again with a developer-specific key before transmitting the data to the payment service provider of the payment card stored in Apple Pay to process the payment. The encryption ensures that only the website through which the purchase was made can access the payment data. After the payment has been made, Apple sends your device account number and a transaction-specific, dynamic security code to the originating website to confirm payment success.If personal data is processed during the described transfers, the processing takes place exclusively for the purpose of payment processing in accordance with Art. 6 para. 1 lit. b GDPR. Apple retains anonymized transaction data, including the approximate purchase amount, the approximate date and time, and whether the transaction was successfully completed. The anonymization completely excludes a personal reference. Apple uses the anonymized data to improve Apple Pay and other Apple products and services.When you use Apple Pay on your iPhone or Apple Watch to complete a purchase you made through Safari on your Mac, your Mac and authorization device communicate over an encrypted channel on Apple's servers. Apple does not process or store any of this information in a format that identifies you. You can turn off the ability to use Apple Pay on your Mac in your iPhone's preferences. Go to "Wallet & Apple Pay" and uncheck "Allow payments on Mac". Further information on data protection at Apple Pay can be found at the following Internet address: https://support.apple.com/de-de/HT203027
Further information on data protection at Google Pay can be found at the following Internet address: https://payments.google.com/payments/apis-secure/get_legal_document?ldo=0&ldt=privacynotice&ldl=de
StripeIf you choose a payment method from the payment service provider Stripe, payment is processed by the payment service provider Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin, Ireland, to whom we will provide your information provided during the ordering process together with the information about your order (name, address, account number, bank code, possibly credit card number, invoice amount, currency and transaction number) in accordance with Art. 6 para. 1 lit. b GDPR. Further information on Stripe's data protection can be found at the URL https://stripe.com/de/privacy#translation. Stripe reserves the right to carry out a credit check on the basis of mathematical-statistical procedures in order to safeguard the legitimate interest in determining the solvency of the user. Stripe may transmit the personal data necessary for a credit check and received in the context of payment processing to selected credit agencies, which Stripe discloses to users upon request. The credit report may contain probability values (so-called score values). Insofar as score values are included in the result of the credit report, they are based on a scientifically recognized mathematical-statistical procedure. Among other things, but not exclusively, address data is included in the calculation of the score values. Stripe uses the result of the credit check with regard to the statistical probability of non-payment for the purpose of deciding on the right to use the selected payment method.You can object to this processing of your data at any time by sending a message to Stripe or the commissioned credit agencies. However, Stripe may still be entitled to process your personal data if this is necessary for contractual payment processing.
6) Web analysis services
7) Rights of the data subject
7.1 The applicable data protection law grants you comprehensive data subject rights vis-à-vis the controller with regard to the processing of your personal data, about which we inform you below:
- Right to information pursuant to Article 15 GDPR: In particular, you have a right to information about your personal data processed by us, the purposes of processing, the categories of personal data processed, the recipients or categories of recipients to whom your data has been or will be disclosed, the planned storage period or the criteria for determining the storage period, the existence of a right to rectification, deletion, restriction of processing, objection to processing, complaint to a supervisory authority, the origin of your data, if it was not collected by us from you, the existence of automated decision-making including profiling and, if applicable, meaningful information about the logic involved and the scope concerning you and the intended effects of such processing, as well as your right to information, what guarantees exist in accordance with Article 46 GDPR when transferring your data to third countries;
- Right to rectification in accordance with Article 16 GDPR: You have the right to immediate correction of incorrect data concerning you and/or completion of your incomplete data stored by us;
- Right to erasure pursuant to Article 17 GDPR: You have the right to request the deletion of your personal data if the requirements of Article 17 (1) GDPR are met. However, this right does not exist in particular if the processing is necessary to exercise the right to freedom of expression and information, to fulfil a legal obligation, for reasons of public interest or to assert, exercise or defend legal claims;
- Right to restriction of processing pursuant to Article 18 GDPR: You have the right to demand the restriction of the processing of your personal data as long as the accuracy of your data disputed by you is verified, if you refuse to delete your data due to inadmissible data processing and instead request the restriction of the processing of your data if you use your data to assert exercise or defence of legal claims after we no longer need this data after the purpose has been achieved or if you have objected for reasons of your particular situation, as long as it is not yet clear whether our legitimate reasons prevail;
- Right to information pursuant to Article 19 GDPR: If you have asserted your right to rectification, erasure or restriction of processing vis-à-vis the controller, the controller is obliged to inform all recipients to whom the personal data concerning you have been disclosed of this rectification or erasure of the data or restriction of processing, unless this proves impossible or involves disproportionate effort. You have the right to be informed about these recipients.
- Right to data portability pursuant to Article 20 GDPR: You have the right to receive your personal data that you have provided to us in a structured, commonly used and machine-readable format or to request transmission to another controller, insofar as this is technically feasible;
- Right to revoke granted consent in accordance with Article 7 (3) GDPR: You have the right to revoke your consent to the processing of data at any time with effect for the future. In the event of revocation, we will delete the data concerned immediately, unless further processing can be based on a legal basis for processing without consent. The revocation of consent does not affect the legality of the processing carried out on the basis of the consent until the revocation;
- Right to lodge a complaint pursuant to Article 77 GDPR: If you believe that the processing of personal data concerning you violates the GDPR, you have the right - without prejudice to any other administrative or judicial remedy - to lodge a complaint with a supervisory authority, in Austria the Data Protection Authority
7.2 Right to object
If your personal data is processed on the basis of our overriding interest, you have the right at any time to object to this processing with effect for the future. However, we reserve the right to further processing if there are compelling reasons for further processing.
8) Duration of storage of personal data
The duration of the storage of personal data is determined on the basis of the respective legal basis, the processing purpose and the respective statutory retention period (e.g. medical, corporate and tax retention periods).
When processing personal data on the basis of explicit consent pursuant to Art. 6 para. 1 lit. a GDPR, this data will be stored until the data subject revokes his consent. Personal data will be stored in your account until you delete this data or ask us to do so. Printouts of the data are automatically destroyed after one year of storage.
If there are statutory retention periods for data that are processed within the framework of contractual or quasi-contractual obligations on the basis of Art. 6 para. 1 lit. b GDPR, this data will be routinely deleted after expiry of the retention periods, provided that they are no longer required for the fulfilment or initiation of the contract and/or there is no legitimate interest on our part in further storage.
When processing personal data for the purpose of direct marketing on the basis of Art. 6 para. 1 lit. f GDPR, this data will be stored until the data subject exercises his right of objection pursuant to Art. 21 para. 2 GDPR.
9) The German version is decisive
Translations of this policy into languages other than German are provided for convenience only.