PRIVACY POLICY

 

Update on 24.05.2018

ORIENTATION GUIDE

Data protection is very important to us. Our privacy policy is therefore very comprehensive. Of course, this is also to fully comply with legal requirements. To help you find your way around, here is a summary of the individual chapters so that you can quickly find the information you are looking for.

1. Präambel
Our position on data protection and which websites it affects
2. cookies
What are cookies and where do we use them
3. log data, location info
Websites also collect information about your web accesses
4. tracking tools
Re-targeting with Google Analytics and Google Maps
5. data storage
Which of your data is stored, how, why, where and for how long
6. data transmission
Here you can read transparently who receives your data from us and why
7. contact with us
Info on how you can be in contact with us
8th Newsletter
Here you can find out what data we store for our newsletter
9. data security
What we do to protect your data as much as possible
10. your rights
We take these very seriously, more on this in this chapter

1. PREAMBLE
With the following data protection declaration, we would like to inform you about the type, scope and purpose of the collection, processing and use of personal data in the context of the use of the websites offered by us and the respective services offered.
Your trust and the protection of your personal data are very important to us. We would therefore like to show you transparently how and for what purpose your data is used. We process your data exclusively on the basis of the current legal provisions in accordance with the EU General Data Protection Regulation (GDPR) and the Telecommunications Act (TKG 2003).
We work according to these principles when processing your personal data:
– You only provide us with the data that is necessary for your treatment
– Your data will only be stored for as long as necessary
– We only use your data for the purposes that we have mutually agreed upon
– We only pass on your data to third parties that are necessary for our service to you
– Your data will only be transmitted and stored by us in encrypted form
This privacy policy applies to the following websites:
www.kitz-hautarzt.at
www.wien-haartransplantation.at
www.kitz-tattooentfernung.at

 

By storing, processing and using personal data, we aim to provide you with a user-friendly, smooth, customer-oriented and secure service.
We will not use or share your information except as described in this Privacy Policy. By using the Service, you consent to the collection and use of information in accordance with this Policy.

Use of script libraries (FontAwesome & Google Webfonts)
In order to display our content correctly and graphically appealing across browsers, we use script libraries and font libraries on this website, such as FontAwesome Web Fonts, which are provided by Fonticons, Inc. or also Google Web Fonts(https://www.google.com/webfonts/). Google Webfonts are transferred to the cache of your browser to avoid multiple loading. If the browser does not support Google Web Fonts or prevents access, content will be displayed in a standard font.
Calling script libraries or font libraries automatically triggers a connection to the library operator. It is theoretically possible – but currently also unclear whether and for what purposes – that operators of such libraries collect data.

The privacy policy of the library operator Google can be found here: https://www.google.com/policies/privacy/
Further information about Font Awesome can be found at https://fontawesome.com/help and in the privacy policy of Fonticons, Inc.: https://fontawesome.com/privacy.

3. LOG DATA & LOCATION INFORMATION
We may also collect information that your browser sends when you visit our Service or when you access the Service from a mobile device (“Log Data”).
This log data may include information such as browser type, browser version, device IP address, the pages you visit on our Services, the time and date of your visit, and the time spent on those pages and other statistics.
When you access the Service from or through a mobile device, this Log Data may include information such as the type of mobile device used, the mobile device’s unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser and other statistics.
We may use and store information about your location if you allow us to do so in your device settings. We use this information to provide features to improve and customize our service. You can activate or deactivate location services at any time via the settings of your mobile device when you use our service.

4. RE-TARGETING THROUGH GOOGLE ANALYTICS ON OUR WEBSITES
We use tracking tools on our websites to measure user behavior on our websites in order to better understand it and further develop our offers in a customer-oriented manner. This also enables us to use targeted advertising in the online area. This is done in accordance with GDPR Art. 6 Para1 lit. f (for our legitimate interest).
For this purpose, we have installed a so-called “cookie banner” on all our websites, by means of which you give us your consent (GDPR Art.6 Para1 lit. a) or, of course, reject this as well. You can change this decision at any time by clicking on the link “Revoke cookie decision” (in the browser window at the bottom right).
Google Analytics
On our websites we use Google Analytics, a web analysis service of Google Inc. (“Google”). Google Analytics also uses “cookies”, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of our websites is usually transmitted to a Google server in the USA and stored there. However, by activating IP anonymization, your IP address will be shortened by Google beforehand within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there.
Google will use this information on our behalf to evaluate your use of our websites, to compile reports on website activity and to provide us with other services relating to website activity and internet usage. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You can also prevent Google from collecting the data generated by the cookie and relating to your use of our website (including your IP address) and from processing this data by Google by downloading and installing the browser plug-in available under the following link for deactivation: https://tools.google.com/dlpage/gaoptout?hl=de
We have concluded a corresponding contract with Google for commissioned data processing. You can find more information about Google Analytics’ compliance with data protection here: http://www.google.com/intl/de/analytics/privacyoverview.html
Integration of Google Maps
We use Google Maps on this website. This allows us to show you interactive maps directly on the website and enables you to use the map function conveniently.
By visiting the website, Google receives the information that you have accessed the corresponding subpage of our website. In addition, the data mentioned under § 3 of this declaration will be transmitted. This takes place regardless of whether Google provides a user account through which you are logged in or whether no user account exists. If you are logged in to Google, your data will be assigned directly to your account. If you do not wish to be associated with your Google profile, you must log out before activating the button. Google stores your data as usage profiles and uses them for the purposes of advertising, market research and/or the needs-based design of its website. Such an evaluation is carried out in particular (even for users who are not logged in) to provide needs-based advertising and to inform other users of the social network about your activities on our website. You have the right to object to the creation of these user profiles, whereby you must contact Google to exercise this right.
Further information on the purpose and scope of data collection and its processing by the plug-in provider can be found in the provider’s privacy policy. There you will also find further information on your rights in this regard and setting options to protect your privacy: http://www.google.de/intl/de/policies/privacy. Google also processes your personal data in the USA and has submitted to the EU-US Privacy Shield, https://www.privacyshield.gov/EU-US-Framework.

5. DATA STORAGE
Data storage for treatments and other services
The data provided by you (list the collected data in detail here) is required to fulfill the contract or to carry out pre-contractual measures. Without this data, we cannot conclude or implement the contract with you. We endeavor to update this data regularly with our customers and to correct it if necessary. If a contract is concluded for treatments, therapies and other services, all data from the contractual relationship will be stored until further notice, at the latest after the end of the treatment until the end of the statutory retention period (30 years). Data processing is carried out on the basis of the statutory provisions of §96 para. 3 TKG and Art.6 Para1 lit. a (your consent) and/or lit. b (necessary for the performance of a contract) of the GDPR.
Regular backups of the stored personal data
To ensure the availability of your data, we create regular backups of the data stored on our server.

6. TRANSFER OF PERSONAL DATA TO THIRD PARTIES FOR THIS PURPOSE
We use third-party companies to provide our services, to perform service-related services within the framework of concluded contracts or to support us in analyzing how our service is used.
These third parties only have access to your personal data in order to carry out these tasks on our behalf and are obliged not to disclose or use it for any other purpose. We have concluded corresponding contracts for commissioned data processing with all third-party providers. In this way, we want to ensure that these data processors are also fully committed to the applicable legal provisions on data protection (GDPR).
Newsletter and e-mail marketing
When you register for the newsletter (see section 10) in the course of an advertising offer on one of our websites or after personal registration in our practice, your personal data will be stored on the web servers of our contract processor for email marketing.
We currently work with ActiveCampaign, LLC, 1 North Dearborn Street, 5th Floor, Chicago, IL 60602, USA (“ActiveCampaign”). In order to be able to offer you our services mentioned above, we transmit your name and e-mail address in encrypted form (SSL) to the ActiveCampaign web server outside the EU. No other personal data will be transmitted. ActiveCampaign is certified under the US-EU data protection agreement “Privacy Shield”, a corresponding contract for commissioned data processing has been concluded. Privacy Shield

7. CONTACT WITH US
Contact form and callback service
You can contact us directly using our contact form on the website. The personal data you provide there (name, e-mail address, telephone number) is used to contact you directly.
If you register for our call-back service, we will process and store your data in order to remind you of appointments regularly by telephone or e-mail, as you have requested. We will retain your data until you cancel the contract by unsubscribing from this service.
The personal data you provide in the contact form will then be deleted by us after 12 months. During this period, we take the liberty of contacting you about our products to the usual business extent.
Data processing is carried out on the basis of the statutory provisions of §96 para. 3 TKG and Art.6 Para1 lit. a (your consent)
Communication with you by e-mail
With a written declaration of consent, you can agree that we may send all information from my patient documentation (i.e. information about my condition at the time of consultation or treatment, the history of an illness, the diagnosis, the course of the illness and the nature and extent of the consultative, diagnostic or therapeutic services, including the use of specialty medicines) to your personal e-mail address by e-mail until further notice.
All of the above information is sent by e-mail exclusively as a file attachment in the form of a password-protected PDF. The password will only be communicated to you verbally and in person.
Data processing is carried out on the basis of the statutory provisions of §96 para. 3 TKG and Art.6 Para1 lit. a (your consent)

8. REGISTRATION FOR THE NEWSLETTER
You have the option of subscribing to our newsletter. We would like to keep you up to date with the latest products, ideas, news and information about our services. You will need to enter your name and e-mail address.
Data processing is carried out on the basis of the statutory provisions of §96 para. 3 TKG and Art.6 Para1 lit. a (your consent) of the GDPR.
If you have registered online with your contact details (name, e-mail address), we will send you an e-mail in which we ask you to confirm your e-mail address again by clicking on the confirmation button (double opt-in). If you do not confirm your registration within 24 hours, your information will be blocked and automatically deleted after one month. In addition, we store the IP addresses you use and the times of registration and confirmation. The purpose of the procedure is to be able to prove your registration and, if necessary, to clarify any possible misuse of your personal data.
The only mandatory information for sending the newsletter is your e-mail address. The provision of further, separately marked data is voluntary and is used to be able to address you personally. After your confirmation, we will save your e-mail address for the purpose of sending you the newsletter. The legal basis is Art. 6 para. 1 p. 1 lit. a GDPR.
You can revoke your consent to receive the newsletter at any time and unsubscribe from the newsletter. You can declare your revocation by clicking on the link provided in every newsletter e-mail, by e-mail to praxis@wien-hautarzt.at or by sending a message to the contact details given in the imprint.

9. DATA SECURITY
Data protection and children
Our service is not intended for persons under the age of 14 (“children”). We do not knowingly or intentionally collect personal data from children under the age of 14. If you are a parent or guardian and you are aware that your child has provided us with personal data, please contact us. If we are aware that we have collected personal information from children under the age of 14 without the consent of their legal guardians, we will take steps to remove this information from our servers.
Technical and organizational measures for data security
The security of your personal information is very important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal information, we cannot guarantee its absolute security.
We take these technical and organizational measures to ensure the security of your personal data:
– Virus protection for all IT hardware used
– SSL encryption for secure data transmission
– Firewall for our internal network
– Different passwords for all software tools
– Policy on access authorizations within our team
– Regular training on data security and protection for our team
– Regular updates of all software components
– Regular data backups to ensure availability
– Regular risk analyses of the corresponding IT systems

10. WE ARE HAPPY TO BE THERE FOR YOU TO FULFILL YOUR RIGHTS
You can contact us at any time if you have questions about our data protection precautions or wish to have your profile and all personal data stored about you deleted or corrected. You also have the right to free information about your stored data at any time, as well as the right to restriction, data transfer of your data and to revocation or objection. If a third party has registered with us using your e-mail address, please notify us accordingly and, if you wish, we will delete your profile immediately.
If you believe that the processing of your data violates data protection law or that your data protection claims have been violated in any other way, you can bring this to the attention of the supervisory authority in the form of a complaint. In Austria, this is the Austrian Data Protection Authority, Wickenburggasse 8, 1080 Vienna, telephone: +43 1 52 152-0, e-mail: dsb@dsb.gv.at
In the course of the further development of our services and the implementation of new technologies, We reserve the right to update this privacy policy on an ongoing basis. We therefore recommend that you revisit and read this Privacy Policy from time to time.
If you have any questions about data protection, please do not hesitate to contact us. Simply send us an e-mail to: praxis@wien-hautarzt.at, write to us at our postal address or call us personally on +43 1 480 40 80.

Data protection is important to us – that’s why your data is in good hands with us, just like you personally!
With best regards

Dr. Norbert Kohrgruber
Rupertusplatz 3, 1170 Vienna

This post is also available in: German