privacy

Data Protection Notice

The protection of your personal data is a special concern for us. We process your data (including medical diagnoses and treatments) exclusively on the basis of the currently valid legal provisions (GDPR, DSG, TKG). For further details, please refer to this link.

Below we inform you about the processing of your personal data by us and the rights and claims you are entitled to under data protection regulations. By using our online services, you consent to this processing until further notice.

Categories of Personal Data Processed

We process the following categories of your personal data:

  • Medical histories according to § 10 (1) KAKuG in the applicable version
  • Health data according to § 2 Z 1 Health Telemedicine Act 2012
  • Your basic data, particularly name, address, and health insurance information

Your Rights

You have the right to access the stored data according to Art. 15 GDPR, to correct incorrect data according to Art. 16 GDPR, to delete data according to Art. 17 GDPR, to restrict the processing of data according to Art. 18 GDPR, to data portability according to Art. 20 GDPR, and to object to unreasonable data processing according to Art. 21 GDPR.

If the processing is based on a consent declaration, you have the right to revoke it at any time without affecting the legality of the processing carried out based on the consent until revocation.

1. Definitions

This data protection declaration of the practice Dr. Clemens Mädel is based on the terminology used by the European legislator when adopting the General Data Protection Regulation (GDPR). Our data protection declaration should be easy to read and understand for the public, as well as for our patients and partners. To ensure this, we would like to explain the terminology used in advance.

2. Name and Address of the Data Controller

The controller in the sense of the GDPR, other data protection laws applicable in the member states of the European Union, and other provisions of a data protection nature is:

Ordination Dr. Clemens Mädel
Josefstädter Strasse 14/14
A-1080 Vienna, Austria
Tel.: +43 1 968 21 11
E-Mail: ordination@kinder-arzt.at
Website: www.kinder-arzt.at

3. Cookies

The website of the practice Dr. Clemens Mädel uses cookies. Cookies are text files that are stored on a computer system via an internet browser.

Numerous internet pages and servers use cookies. Many cookies contain a so-called cookie ID. A cookie ID is a unique identifier of the cookie. It consists of a character string that allows internet pages and servers to be assigned to the specific internet browser in which the cookie was stored. This allows the visited websites and servers to differentiate the individual browser of the affected person from other internet browsers that contain different cookies. A specific internet browser can be recognized and identified via the unique cookie ID.

By using cookies, the practice Dr. Clemens Mädel can provide users of this website with more user-friendly services that would not be possible without setting cookies.

The affected person can prevent the setting of cookies through our website at any time by means of a corresponding setting of the used internet browser and thus permanently object to the setting of cookies. Furthermore, cookies that have already been set can be deleted at any time via an internet browser or other software programs. This is possible in all common internet browsers. If the affected person disables the setting of cookies in the used internet browser, it is possible that not all functions of our website will be fully usable.

4. Collection of General Data and Information

The website of the practice Dr. Clemens Mädel collects a series of general data and information with each call to the website by an affected person or an automated system. This general data and information is stored in the server log files. The following can be collected: (1) the types and versions of the browsers used, (2) the operating system used by the accessing system, (3) the website from which an accessing system reaches our website (so-called referrer), (4) the sub-websites that are accessed via an accessing system on our website, (5) the date and time of access to the website, (6) an Internet Protocol address (IP address), (7) the Internet service provider of the accessing system, and (8) other similar data and information that serve to avert danger in the event of attacks on our information technology systems.

In using this general data and information, the practice Dr. Clemens Mädel does not draw any conclusions about the affected person. This information is rather needed to (1) deliver the contents of our website correctly, (2) optimize the contents of our website and the advertising for these, (3) ensure the long-term functionality of our information technology systems and the technology of our website, and (4) provide law enforcement authorities with the information necessary for criminal prosecution in the event of a cyberattack. These anonymously collected data and information are evaluated by the practice Dr. Clemens Mädel, on the one hand, statistically and further with the aim of increasing data protection and data security in our company, ultimately to ensure an optimal level of protection for the personal data we process. The anonymous data of the server log files are stored separately from all personal data provided by an affected person.

5. Routine Deletion and Blocking of Personal Data

The controller processes and stores personal data of the affected person only for the period necessary to achieve the storage purpose or as far as this is provided for by the European legislator or another legislator in laws or regulations to which the controller is subject.

If the storage purpose is no longer applicable or if a storage period prescribed by the European legislator or another competent legislator expires, the personal data will be routinely blocked or deleted in accordance with legal requirements.

6. Rights of the Affected Person

  • a) Right to Confirmation

    Every affected person has the right granted by the European legislator to request from the controller confirmation as to whether personal data concerning them is being processed. If an affected person wishes to exercise this right of confirmation, they can contact an employee of the controller at any time.

  • b) Right to Access

    Every person affected by the processing of personal data has the right granted by the European legislator to obtain at any time from the controller free information about the personal data stored about them and a copy of this information. Furthermore, the European legislator has granted the affected person access to the following information:

    • the purposes of processing
    • the categories of personal data being processed
    • the recipients or categories of recipients to whom the personal data have been or will be disclosed, especially recipients in third countries or international organizations
    • the planned duration for which the personal data will be stored, or, if that is not possible, the criteria used to determine that duration
    • the existence of the right to rectification or erasure of personal data concerning them or to restriction of processing by the controller or to object to such processing
    • the existence of the right to lodge a complaint with a supervisory authority
    • where the personal data is not collected from the data subject: All available information as to their source
    • the existence of automated decision-making, including profiling, in accordance with Article 22(1) and (4) GDPR and — at least in those cases — meaningful information about the logic involved as well as the significance and the envisaged consequences of such processing for the data subject

    The affected person also has the right to know whether personal data has been transferred to a third country or to an international organization. If this is the case, the affected person has the right to obtain information about the appropriate safeguards relating to the transfer.

  • c) Right to Rectification

    Every person affected by the processing of personal data has the right granted by the European legislator to obtain without undue delay the rectification of inaccurate personal data concerning them. Taking into account the purposes of the processing, the affected person has the right to have incomplete personal data completed, including by means of providing a supplementary statement.

  • d) Right to Erasure (Right to be Forgotten)

    Every person affected by the processing of personal data has the right granted by the European legislator to request from the controller the erasure of personal data concerning them without undue delay, and the controller shall be obliged to erase personal data without undue delay where one of the following grounds applies:

    • The personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
    • The affected person withdraws consent on which the processing is based according to Art. 6(1)(a) GDPR or Art. 9(2)(a) GDPR, and where there is no other legal ground for the processing.
    • The affected person objects to the processing pursuant to Art. 21(1) GDPR and there are no overriding legitimate grounds for the processing, or the affected person objects to the processing pursuant to Art. 21(2) GDPR.
    • The personal data have been unlawfully processed.
    • The erasure of personal data is necessary for compliance with a legal obligation in Union or Member State law to which the controller is subject.
    • The personal data have been collected in relation to the offer of information society services referred to in Article 8(1) GDPR.

    If one of the aforementioned reasons applies and an affected person wishes to request the deletion of personal data stored at the practice Dr. Clemens Mädel, they can contact an employee of the controller at any time. The employee of the practice Dr. Clemens Mädel will ensure that the deletion request is complied with without delay.

  • e) Right to Restriction of Processing

    Every person affected by the processing of personal data has the right granted by the European legislator to obtain from the controller restriction of processing where one of the following applies:

    • The accuracy of the personal data is contested by the data subject, for a period enabling the controller to verify the accuracy of the personal data.
    • The processing is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead.
    • The controller no longer needs the personal data for the purposes of the processing, but they are required by the data subject for the establishment, exercise or defense of legal claims.
    • The data subject has objected to processing pursuant to Article 21(1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

    If one of the aforementioned conditions is met and an affected person wishes to request the restriction of personal data stored at the practice Dr. Clemens Mädel, they can contact an employee of the controller at any time. The employee of the practice Dr. Clemens Mädel will initiate the restriction of processing.

  • f) Right to Data Portability

    Every person affected by the processing of personal data has the right granted by the European legislator to receive the personal data concerning them, which they have provided to a controller, in a structured, commonly used and machine-readable format. They have the right to transmit those data to another controller without hindrance from the controller to which the personal data have been provided, where the processing is based on consent pursuant to Article 6(1)(a) GDPR or Article 9(2)(a) GDPR or on a contract pursuant to Article 6(1)(b) GDPR and the processing is carried out by automated means, provided that the processing is not necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.

  • g) Right to Object

    Every person affected by the processing of personal data has the right granted by the European legislator to object, on grounds relating to their particular situation, at any time to processing of personal data concerning them which is based on Article 6(1)(e) or (f) GDPR, including profiling based on those provisions.

8. Data Protection for Applications and the Application Process

The controller collects and processes the personal data of applicants for the purpose of processing the application process. The processing may also take place electronically. This is particularly the case when an applicant submits corresponding application documents by electronic means, for example by e-mail or via a web form located on the website of the controller. If the controller concludes an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship, in compliance with legal provisions. If no employment contract is concluded with the applicant, the application documents will be automatically deleted two months after notification of the rejection decision, provided that no other legitimate interests of the controller oppose deletion. Other legitimate interest in this sense is, for example, a burden of proof in proceedings under the General Equal Treatment Act (AGG).

9. Data Protection Regulations on the Use of AddThis

The controller has integrated components of the company AddThis on this website. AddThis is a so-called bookmarking provider. The service allows for simplified bookmarking of websites via buttons. By hovering over the AddThis component with the mouse or by clicking on it, a list of bookmarking and sharing services is displayed. AddThis is used on over 15 million websites, and the buttons are displayed over 20 billion times a year according to the operating company.

10. Data Protection Regulations on the Use of Facebook

The controller has integrated components of the company Facebook on this website. Facebook is a social network. A social network is an online community that enables users to communicate and interact in a virtual space. Facebook allows users to create private profiles, upload photos, and connect with others through friend requests.

11. Data Protection Regulations on the Use of Google AdSense

The controller has integrated Google AdSense on this website. Google AdSense is an online service that enables the placement of advertisements on third-party websites. Google AdSense is based on an algorithm that selects the advertisements displayed on third-party sites according to the contents of the respective third site.

12. Data Protection Regulations on the Use of Google Analytics (with Anonymization Function)

The controller has integrated Google Analytics (with anonymization function) on this website. Google Analytics is a web analysis service. Web analysis is the collection, gathering, and evaluation of data about the behavior of visitors to websites.

13. Data Protection Regulations on the Use of Google Remarketing

The controller has integrated Google Remarketing services on this website. Google Remarketing is a function of Google AdWords that enables a company to show advertisements to internet users who have previously visited the company’s website.

14. Data Protection Regulations on the Use of Instagram

The controller has integrated components of the service Instagram on this website. Instagram is a service that qualifies as an audiovisual platform and allows users to share photos and videos.

15. Legal Basis for Processing

Article 6(1)(a) GDPR serves our practice as the legal basis for processing operations where we obtain consent for a specific processing purpose.

16. Legitimate Interests in Processing Pursued by the Controller or a Third Party

If the processing of personal data is based on Article 6(1)(f) GDPR, our legitimate interest is to conduct our business operations for the benefit of all our employees and shareholders.

17. Duration of Storage of Personal Data

The criterion for the duration of storage of personal data is the respective statutory retention period. After the retention period has expired, the corresponding data will routinely be deleted, provided they are no longer required for the fulfillment of the contract or for initiating a contract.

18. Existence of Automated Decision-Making

As a responsible company, we refrain from automated decision-making or profiling.

This data protection declaration was generated by the Data Protection Declaration Generator of the DGD Deutsche Gesellschaft für Datenschutz GmbH, which acts as a data protection officer, in cooperation with the data protection lawyers of the WILDE BEUGER SOLMECKE | Rechtsanwälte law firm.

In addition to the above:

This site uses the Google Maps mapping service via an API. The provider is Google Inc., 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA.

To use the features of Google Maps, it is necessary to store your IP address. This information is usually transmitted to a Google server in the USA and stored there. The provider of this site has no influence on this data transmission.

The use of Google Maps is in the interest of providing an appealing presentation of our online offerings and easy location of the places indicated on the website. This represents a legitimate interest within the meaning of Art. 6(1)(f) GDPR.

By using this website, you consent to the collection, processing, and use of the data collected by Google.

If you do not agree with this processing of your data, you have the option to deactivate the Google Maps service and thereby prevent the transmission of data to Google. To do this, you must disable the JavaScript function in your browser. However, we would like to point out that you may not be able to use Google Maps or only partially.

The use of Google Maps and the information obtained through Google Maps is governed by the Google Terms of Service http://www.google.de/intl/de/policies/terms/regional.html as well as the additional terms of service for Google Maps https://www.google.com/intl/de_de/help/terms_maps.html.

For more information on how to handle user data, please refer to the Google Privacy Policy: https://www.google.de/intl/de/policies/privacy/

Contact Information

If you have any questions, please contact:

Dr. med. univ. Clemens Mädel
Josefstädter Strasse 14/14
A-1080 Vienna
Tel: +43 1 9977210, +43 1 968 21 11
E-Mail: ordination@kinder-arzt.at

Your Rights

You have the rights regarding your data stored with us, including access, rectification, deletion, restriction, data portability, revocation, and objection. If you believe that the processing of your data violates data protection law or your data protection rights have otherwise been violated, you can file a complaint with us or with the data protection authority.

You have the right to complain to the supervisory authority – in Austria, this is the Data Protection Authority. The address is:

Österreichische Datenschutzbehörde,
Wickenburggasse 8,
1080 Vienna,
Telephone: +43 1 52 152-0,
E-Mail: dsb@dsb.gv.at

If you contact us by email, you consent to the processing of your data entered for the purpose of processing your request. Please do not disclose any health data in your message or in an attachment, as email is not intended for the transmission of health data.

Please note that we do not assume any liability for the disclosure of information due to errors in data transmission not caused by us and/or unauthorized access by third parties (e.g., hacking of email accounts or phones, interception of faxes).