1. Personal Data
In the context of our business activities (medical services – Clinic DDr. Heinrich®, business – DDr. Heinrich Shop®) we collect, process, and use your personal data only with your consent for the purposes agreed with you or if another legal basis in accordance with the GDPR exists. This is done in compliance with the provisions of data protection and civil law.
Only those personal data are collected that are necessary to provide and carry out our medical or commercial services, or data that you have voluntarily provided to us.
Personal data is any data that contains specific information of personal or factual circumstances, such as name, address, e-mail address, telephone number, date of birth, age, gender, social security number, video recordings, and photos. For our medical services primarily your health data (sensitive data) is concerned.
2. Information and Erasure
As the data subject you have – at any time – the right to get information about your personal data we store, its origin, its recipients, and the purpose of data processing, as well as a right to rectification, data transmission, objection to or restriction of processing, as well as blocking or erasure of incorrect or inadmissibly processed data.
In case of changes of your personal data, we ask you for appropriate notification.
You have the right to revoke your consent to the use of your personal data at any time. Your request for information, erasure, correction, objection, and/or data transmission – in the latter case, unless this does not cause disproportionate effort – can be addressed to the address provided in section 8 of this document.
If you believe that processing of your personal data by us violates the applicable data protection law or your data protection rights have been violated in another way, it is possible to complain to the competent authority; in Austria, this is the data protection authority (Datenschutzbehörde).
3. Data Security
Your personal data is protected by appropriate organizational and technical measures. These precautions relate in particular to protection against unauthorized, unlawful, or accidental access, processing, loss, use, and manipulation.
Irrespective of the efforts to maintain a consistently high level of due diligence, it cannot be excluded that information you share with us over the Internet will be viewed and used by others.
Please note that we therefore accept no liability whatsoever for the disclosure of information due errors not caused by us in data transmission and/or unauthorized access by third parties (e.g., hacking of e-mail account or telephone, intercepting faxes).
4. Use of the Data
We will not process the information provided to us for purposes other than those covered by the medical treatment contract and/or your product purchases, your consent, or otherwise by a provision in accordance with the GDPR. Excepted from this is the use for statistical purposes, given that the data provided have been anonymized.
5. Transmission of Data to Third Parties
In order to fulfill your request, it may also be necessary to transmit your data to third parties (such as insurance companies, laboratories, service providers, and other contractors that we use and to whom we provide data, etc.), courts, or authorities. Transmission of your data is done exclusively on the basis of the GDPR, in particular in connection with our contractual relationship or on the basis of your prior consent.
6. Notification of Data Breaches
We will endeavor to ensure that any data breaches are detected early and reported to you and/or the appropriate competent authority as soon as possible, taking the relevant data categories involved into account.
7. Data Storage
We will not store data for longer than it is necessary to fulfill our contractual and/or legal obligations and to avert any possible liability claims.
8. Our Contact Details
Protection of your data is particularly important to us. You can contact us at any time with your questions and for revocation using the contact details shown below.
Ordination DDr. Heinrich
Landhausgasse 2, A–1010 Vienna
9. Data Processing on the Websites
In the following data protection information we inform you about the most important aspects of data processing within the websites of Ordination and Shop DDr. Heinrich.
9.1 Protection of Transmitted Data
If you contact us by submitting a form on our websites or via e-mail, or you place an order, we will store your data for the purpose of processing the order/request and to handle follow-up questions. We will not share this information with third parties without your consent.
For the best possible protection of the data you transmit to us via our websites, SSL encryption is used. SSL encryption prevents data that you transmit to our websites, e.g., when when using the contact form or the online shop, from being read by (unauthorized) third parties on the way from your device to our server.
If you want to communicate with us by e-mail, please note the following: When sending data by e-mail, (unauthorized) third parties can become aware of the information and alter the transmitted data. This can lead to the disclosure of your state of health. Only submit data to us by e-mail if you are willing to accept this risk.
You may also agree, until further notice, to communicate with us by means of unencrypted e-mail and authorize us to transmit all information from your patient documentation (this is information about your condition when assuming consultation or treatment, the history of a disease, the diagnosis, the course of the disease, as well as the type and extent of the advisory, diagnostic, or therapeutic services, including the use of medicinal products) to your e-mail address via unencrypted e-mail.
As an alternative to the contact form on our websites and e-mail, you can also submit data to us by fax: +43 1 532 18 01-40.
If you do not want this, you can set up your browser to inform you when a cookie is about to be set, allow setting of cookies only in individual cases, or configure the browser to delete cookies on exit. Disabling cookies may limit the functionality of our websites.
9.3 Matomo Web Analaysis
Our websites use the web analysis software Matomo. For this purpose, cookies are used that allow an analysis of how our websites are used by their visitors. The information generated thereby is transmitted to the server and stored there. Your IP address is collected but immediately pseudonymized. As a result, only a rough localization, but no identification of the according person is possible.
You can object to the recording and analysis of this data and the setting of cookies by disabling the respective cookies in the settings of your browser.
The data processing is based on the legal provisions of § 96 (3) TKG and Art. 6 (1) lit. a (consent) and/or lit. f (legitimate interests) of the GDPR. Our legitimate interest is the improvement of our offer and our websites.
9.4 Orders in the Shop and Payment via PayPal
We point out that for the purpose of easier shopping, the purchase function of the shop, the shopping cart, as well as the payment are carried out via the payment service PayPal. In order to provide these functions and for further performance of the contract by us, PayPal stores, i.a., the IP address of the owner of the internet connection, name, address, and credit card or bank details of the buyer, purchased goods, and the date of purchase. For more information about the data stored by PayPal when using the shopping cart and the payment processing, please refer to the terms and conditions and privacy statements of PayPal (https://www.paypal.com/at/webapps/mpp/ua/legalhub-full).
In addition, we store the following data for the purpose of performing the contract: name, address, e-mail address, phone number, purchased goods, date of purchase, payment data (date, name of the PayPal account/credit card details/bank details). The data provided by you is required to fulfill the contract or to carry out pre-contractual measures. Without this data we can not conclude the contract with you. Data is not transmitted to third parties, with the exception of the transmission to the transport/shipping company commissioned by us for the delivery of the goods as well as to our tax consultant for the fulfillment of our tax obligations. In case of withdrawal from the purchase or non-acceptance of the order by us, we will transmit this information to the payment service providers/banks for the purpose of refunding the purchase price.
If you cancel the online shopping process before performing payment via the payment service provider, no data for the process is stored except for the pseudonymized web statistics data. In case a contract is concluded, all data from the contractual relationship are stored.
The data processing is based on the legal provisions of § 96 (3) TKG and Art. 6 (1) lit. a (consent) and/or lit. b (processing is necessary for the performance of the contract) of the GDPR.
9.5 Google AdWords and Google Conversion Tracking
These cookies lose their validity after 30 days and are not used for personal identification of the users. If the user visits certain pages on our website and the cookie has not expired yet, Google and we may recognize that the user clicked on the ad and was redirected to a specific page of our websites.
The information obtained from the conversion cookie is used to generate conversion statistics for advertisers. AdWords customers are told the total number of users who clicked on their ad and were redirected to a page containing the conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
Conversion cookies are stored on the basis of the legal provisions of § 96 (3) TKG and Art. 6 (1) lit. a (consent) and/or lit. f (legitimate interests) of the GDPR. The provider of the websites has a legitimate interest in analyzing user behavior in order to optimize websites and advertising.
9.6 Social Buttons and YouTube Videos
The social buttons (sharing buttons for Facebook and Twitter) do not transmit any personal data to the respective services when opening pages containing the buttons in the browser. If you use the sharing functionality, you will be redirected to the sharing page of the selected service. The sharing page of the service might collect personal data. Use the social buttons only if you want to disclose your data to the respective service.
You have the opportunity to subscribe to our newsletter to regularly receive offers, news, and information about Ordination and Shop DDr. Heinrich by e-mail. To do so, we need your e-mail address and your consent to receive the newsletter. Registration for the newsletter is made by sending an e-mail from the e-mail address to be subscribed to firstname.lastname@example.org or email@example.com, which contains the declaration of consent to receiving the respective newsletter.
You can cancel the subscription to the newsletter at any time. Please send your cancellation from the e-mail address subscribed to the mailing list to firstname.lastname@example.org or email@example.com. We will immediately delete your data in connection with the newsletter subscription.