Data privacy statement "Digitalen Gesundheitsreise"

1. Information pursuant to Art. 13, 14 GDPR (in detail, in the format of a “Data privacy statement”)

We care about protecting your personal data. All processing steps strictly comply with the provisions of the EU General Data Protection Regulation, the Austrian Data Protection Act (DSG), the provisions of the Health Telematics Act relevant to data protection law (GTelG) as well as other applicable laws.

1.1. Controller responsible for the processing:

Vinzenz Gruppe Krankenhausbeteiligungs- und Management GmbH
Gumpendorfer Straße 108
A-1060 Vienna
Tel +43 (1) 599 88 -0
Fax +43 (1) 599 88 -4044
office@vinzenzgruppe.at as the operator of the joint processing.

As the data subject, you can assert your rights towards each controller involved in the processing (https://www.vinzenzgruppe.at/wir-ueber-uns/unternehmensportrait “Our facilities”).

1.2. Contact details of the Data Protection Officer:

Siegfried Gruber, MA (O.P.P. – Compliance GmbH), datenschutz@vinzenzgruppe.at

1.3. Data categories

1.3.1. What personal data do we use?

Name, data of birth, social security number, patient ID, contact details (email address, photograph (if made available to us), contact and availability details of your treating physician, data relating to past and future appointments, information uploaded by you (results, documents), user name and encrypted password, data relating to use (access to the portal, to information), communication data (exchanged information)  Purposes/legal bases

1.3.2. For what purpose and on what legal basis are the data processed?

Your personal data are used to provide you with information in the context of your health/medical treatment/follow-up care/preventative care and to give you the opportunity to provide us with information.

(legal basis: Art. 6 para. 1 lit. a GDPR (consent))

Consent is given following provision of the required information in the context of registering for our service. You can revoke your consent at any time by deleting your user account (this also deletes all personal data processed for this purpose) or by informing us of your revocation via support@gesundeidee.at or by phone (+43) 01 90 122. Your revocation will not affect the legality of the further use of the data processed lawfully before the revocation.

Further use of your personal data for other purposes is not planned.

1.4. Transfer of data

To whom do we transfer your data?

Your personal data are processed by the hospitals of the Vinzenz Group (https://www.vinzenzgruppe.at/wir-ueber-uns/unternehmensportrait “Our facilities”) as joint controllers in the sense of Art. 28 GDPR and forwarded to Vinzenz Group Krankenhausbeteiligungs- und Management GmbH for the purpose of technical operations.

If this is required for your medical treatment, the data will be forwarded to other health care experts involved in the treatment.

1.5. Transfer of data to recipients in third countries?

No personal data are transferred to recipients in third countries.

1.6. Duration of storage

How long are the data stored?

The personal data are processed for use of the patient portal for the duration of your use for as long as your user account is active. The provider reserves the right to block your account if you are inactive for 3 years (can be reactivated) and, after inactivity for a further 2 years, to delete your user account and all related personal data.

In addition, the provider reserves the right to block access to or delete your user account and all related personal data if the platform is misused in the sense of a failure to comply with legal use.

1.7. Rights of the data subject

What are your rights as a data subject under data protection law?

You have the following rights pursuant to the GDPR if the legal conditions are met: right to information, correction, erasure, restriction of processing, data portability, objection to the processing. You have the right to lodge a complaint with the following supervisory authority, if you are of the opinion that the processing of your personal data is not lawful. Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna, email: dsb@dsb.gv.at