according to Art 13 GDPR
- Controller under data protection law (Art 13 (1) (a) GDPR)
Dr Roland Resch, Döblinger Hauptstraße 79, A-1190 Vienna, [email protected], is hereby announced as the controller under data protection law pursuant to Art 13 (1) (a) GDPR.
- Data protection officer (Art 13 (1) (b) GDPR)
Dr Roland Resch (with the data disclosed under point 1) is also named as the data protection officer pursuant to Art 37 GDPR.
- Purposes of the processing and legal basis for the processing (Art. 13 (1) (c) GDPR)
Dr Resch will not process the collected data for purposes other than those specified in the treatment contract with the patient and will process such data only if consent is given by the patient or for one or more other purposes expressly specified in accordance with the GDPR. Use for statistical purposes is excluded from this, provided the data collected is anonymised beforehand. The legal basis for the processing is derived from the purpose of the treatment contract or, where applicable, from an explicit consent given with regard to special categories of personal data.
- Legitimate interests pursued (Art 13 (1) (d) GDPR)
- Recipients of personal data (Art. 13 (1) (e) GDPR)
In order to fulfil the treatment contract, it may also be necessary to forward data to third parties (in particular e.g. laboratories, hospitals, emergency medical care facilities, insurance companies, suppliers of medical products and medical service providers, authorities). Data is forwarded exclusively on the basis of the GDPR, in particular for the fulfilment of the treatment contract or on the basis of the patient’s prior consent. Dr Resch hereby informs that patient data may be passed on to the aforementioned third parties, in particular within the framework of the treatment contract and patient care.
- Third countries, international organisations (Art 13 (1) (f) GDPR)
Some of the recipients of the patient’s personal data mentioned in point 5 are located outside of Austria or process the patient’s personal data there. The level of data protection in other countries may not be the same as in Austria, especially in non-European countries. However, Dr Resch only transfers the patient’s personal data to countries for which the EU Commission has decided that they have an adequate level of data protection. Otherwise, Dr Resch will take adequate measures to ensure that all recipients are subject to an adequate level of data protection by agreeing on standard contractual clauses (210/87/EC, 207/915/EC).
- Storage period (Art 13 (2) (a) GDPR)
Dr Resch will not retain data for longer than is necessary for the fulfilment of contractual and legal obligations and for civil law or tax reasons.
- Rights of the data subject (Art 13 (2) (b) GDPR)
In particular, the patient has a right to information from the controller about the personal data concerning him, to rectification, erasure or restriction of processing, as well as a right to object to processing and the right to data portability. These rights are governed by the provisions of Art 16 to 21 GDPR.
- Withdrawal of consent (Art. 13 (2) (c) GDPR)
Where data processing is based on consent pursuant to Art 6 (1) (a) or Art 9 (2) (a) of the GDPR, the patient has the right to withdraw this consent at any time without affecting the lawfulness of the processing carried out on the basis of the consent up to the time of withdrawal.
- Right to lodge a complaint (Art 13 (2) (d) GDPR)
Patients have the right to lodge a complaint with the supervisory authority, which is the Austrian Data Protection Authority, Wickenburggasse 8, A-1080 Vienna, e-mail: [email protected].
- Consequences of failure to provide data (Art. 13 (2) (e) GDPR)
The provision of the collected data is mandatory for the fulfilment of the treatment contract with the patient. IIf the required data are not provided, this may ultimately lead to a risk to the patient’s health (because, for example, certain medical information is indispensable for the performance of an anaesthetic and an intervention), which is why the failure to provide the required data inevitably means that the treatment contract cannot be fulfilled.
- Profiling (Art 13 (2) (f) GDPR)
If, in individual cases, Dr Resch makes use of automated decision-making including profiling pursuant to Art 22 (1) and (4) of the GDPR, he will expressly inform the patient of this fact within the scope of the existing duty to inform and provide him with meaningful information on the logic involved as well as the scope and the intended effects of such data processing for the patient.
- Further processing for other purposes (Art 13 (3) GDPR)
Should, in individual cases, personal data be further processed for a purpose other than the one for which it was collected, Dr Resch shall provide the patient with detailed information on the other purpose, if any, prior to such further processing, including all information that was already obligatory when the data was collected for the original purpose.
- Data not collected from the patient (Art 14 GDPR)
- Transfer of data to third parties
15.1 In order to fulfil your treatment contract, it may also be necessary to transfer your data to third parties (in particular 4myHealth GmbH, private or public hospitals, laboratories, institutes for imaging diagnostics, doctors’ letters to referring doctors, anaesthetists and anaesthetic nurses, operating theatre nurses and other contractual partners such as banks, legal advisors, auditors, courts, competent administrative authorities, debt collection agencies, medical associations, Statistics Austria, inspectorates, pharmacies, health care providers or non-medical health care professions as well as other service providers whom we use and to whom we make data available, etc.). Your data will be forwarded exclusively and on the basis of the GDPR, in particular for the performance of the treatment contract or on the basis of your prior consent.
15.2 Some of the above-mentioned recipients of your data are located outside of Austria and process your data there. The level of data protection in other countries may not be the same as in Austria. However, we only transfer your personal data to countries for which the EU Commission has decided that they have an adequate level of data protection. Otherwise, we take adequate measures to ensure that all recipients have an adequate level of data protection, for which we conclude standard contractual clauses (2010/87/EC, 2004/915/EC).
- Personal data
We only collect such personal data as are necessary for the performance and execution of the treatment contract – i.e. contractually or legally -, which the patient has voluntarily provided to Dr Resch or whose collection is covered by another legal ground. Personal data are all data that contain individual details about personal or factual circumstances, for example name, address, email address, telephone number, date of birth, age, gender, national insurance number, video recordings, photos, voice recordings of persons as well as biometric data such as fingerprints. Sensitive data, in particular health data or data related to criminal proceedings, may also be included.
- Data security
The protection of the patient’s personal data is ensured by appropriate organisational and technical precautions. These precautions relate in particular to protection against unauthorised, unlawful as well as accidental access, processing, loss, use and manipulation. Notwithstanding the efforts to maintain an appropriately high standard of due diligence at all times, it cannot be completely ruled out that information disclosed by the patient via the Internet may be viewed and used by other persons. Therefore, Dr Resch cannot accept any liability whatsoever for the disclosure of information due to errors in data transfer not caused by him or unauthorised access by third parties (e.g. hacker attack on email account, mobile phone, interception of faxes, etc.).
- Communication of a data breach
Dr Resch endeavours to ensure that data breaches are recognised at an early stage and, if necessary, reported immediately to the patient and the competent supervisory authority, including the respective categories of data affected.
- Contact with Dr. Resch
20.1 Collection of general information when visiting the website of Dr Resch
When the patient accesses the website of Dr Resch, information of a general nature is automatically collected by means of a cookie. This information (server log files) includes, for example, the type of web browser, the operating system used, the domain name of the patient’s internet service provider and the like. This is exclusively information which does not allow any conclusions to be drawn about the person of the patient. This information is technically necessary in order to correctly deliver the contents of websites requested by the patient and is compulsory when using the Internet. In particular, it is processed for the following purposes: Ensuring a smooth connection of the website, ensuring a smooth use of our website, evaluating system security and stability as well as for other administrative purposes. The processing of the patient’s personal data is based on Dr Resch’s legitimate interest arising from the aforementioned data collection purposes. Dr Resch does not use the patient’s data to draw conclusions about the patient’s person. Recipients of the data are only the responsible body and, if necessary, processors. Anonymous information of this kind may be statistically analysed by Dr Resch in order to optimise his website and the technology behind it.
20.2 SSL encryption
For the patient’s own security and to protect his data during transfer, Dr Resch uses state-of-the-art encryption procedures (e.g. SSL) via HTTPS.
20.4 Web analysis
20.5 Conversion tracking with the visitor action pixel from Facebook
With the patient’s consent, Dr Resch uses the “visitor action pixel” of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA (“Facebook”) within his website. With its help, Dr Resch can track the actions of users after they have seen or clicked on a Facebook advertisement. This enables Dr Resch to record the effectiveness of Facebook ads for statistical and market research purposes. The data collected in this way is anonymous for Dr Resch, i.e. he does not gain knowledge of the personal data of individual users. However, this data is stored and processed by Facebook, whereof Dr Resch informs the patient according to his level of knowledge. Facebook may link this data to their Facebook account and also for their own advertising purposes,
in accordance with Facebook’s data usage policy https://www.facebook.com/about/privacy/. The patient may allow Facebook and its partners to display advertisements on and off Facebook. A cookie may also be stored on the patient’s computer for these purposes.
20.6 Google Web Fonts
20.7 Use of Google Maps
This website uses Google Maps API to visually display geographical information. When using Google Maps, Google also collects, processes and uses data about visitors’ use of the map functions. The patient can find more detailed information about data processing by Google in the Google privacy notices. There, the patient can also change his personal data protection settings in the data protection centre. The patient can find detailed instructions on managing his own data in connection with Google products here: https://support.google.com/accounts/answer/3024190
20.8 Google AdWords
Dr Resch’s website uses Google conversion tracking. If the patient has reached Dr Resch’s website via an ad placed by Google, a cookie is set on the patient’s computer by Google Adwords. The conversion tracking cookie is set when a user clicks on an ad placed by Google. These cookies lose their validity after 30 days and are not used for personal identification. If the patient visits certain pages of Dr Resch’s website and the cookie has not yet expired, Dr Resch and Google can recognise that the patient clicked on the ad and was redirected to this page. Each Google AdWords customer receives a different cookie. Cookies can therefore not be tracked via the websites of AdWords customers. The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. The customers learn the total number of users who clicked on their ad and were redirected to a page with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users. IIf the patient does not want to participate in the tracking, he can reject the setting of a cookie required for this – for example, via a browser setting that generally deactivates the automatic setting of cookies or he can set his browser so that cookies from the domain “googleleadservices.com” are blocked. The patient should note that he must not delete the opt-out cookies as long as he does not wish any measurement data to be recorded. If the patient has deleted all his cookies in the browser, he must set the respective opt-out cookie again.
20.9 Google reCAPTCHA
20.10 Embedded YouTube videos
20.11 Social plugins
The patient has the option of subscribing to Dr Resch’s newsletter via his website. For this purpose, Dr Resch requires the patient’s email address and his declaration that the patient agrees to receive the newsletter. As soon as the patient has subscribed to the newsletter, Dr Resch sends the patient a confirmation email with a link to confirm the subscription. The patient can cancel the subscription to the newsletter at any time. Cancellations must be sent to the following e-mail address: [email protected]. Dr Resch will then immediately delete the patient’s data regarding the newsletter mailing.