Privacy Policy
This data protection information provides information about the processing of your personal data when you visit our website (hereinafter referred to as “we” or “us”).
1. Scope of application of this data protection information
This data protection information applies to the use of the websites, the use of medical services and subordinate activities in connection therewith (e.g. appointment bookings).
2. Controller responsible for the processing of your personal data
Unless explicitly stated otherwise in this document, the controller for the processing of your personal data is the controller under data protection law:
Dr. Benjamin Loader
Specialist for ear, nose and throat diseases
Heiligenstädter Straße 46-48, 5th floor
1190 Vienna
E-mail: office@loader.at
3. Definitions
This data protection information is based on the following key data protection terms, which we have presented below to make them easier to understand:
- GDPR means the EU General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC).
- Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.
Examples of possible recipients: banks and payment service providers; logistics companies; shipping service providers; IT service providers.
- Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Examples of personal data: Name; contact details; bank and credit card details.
- The controller is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
- (Data) processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
4. Processing on our website and as part of the contractual relationship
When you visit our website to find out about our offers or otherwise actively transmit information, we process your personal data for the following purposes and on the following legal bases:
4.1 Processing for the purpose of IT security
When you visit our website, we process your personal data that is technically necessary for us to be able to display our website to you and to ensure stability and security when you visit our website. For this purpose, we process the following – possibly – personal data:
- IP address
- Browser type and version
- Operating system and platform
- the complete Uniform Resource Locator (URL)
Legal basis:
This data processing is necessary for the provision of our website (legal basis: Art. 6 para. 1 lit. b GDPR) and to safeguard our legitimate interest in ensuring IT security (legal basis: Art. 6 para. 1 lit. f GDPR).
Storage duration:
The aforementioned data is stored in server log files for security purposes, which are automatically deleted after 14 days.
This data processing is necessary to safeguard our legitimate interest in the automated, needs-based provision of our website (legal basis: Art. 6 para. 1 lit. f GDPR).
4.2 Processing for the purpose of concluding contracts or pre-contractual measures and contacting us as well as for the provision of medical services
4.2.1 Treatment in our surgery
When you visit our practice as a patient, we collect personal data in order to be able to carry out the treatment with you. We store this data locally.
We collect the following data for this purpose:
- Surname, first name
- Address data
- Date of birth
- Social security data
- Data on private insurance
- Health data (e.g. medical history of an illness, diagnosis, course of the illness and the type and scope of advisory, diagnostic or therapeutic services, including the use of specialty medicines)
- Phone number
- E-mail address
Legal basis:
This data processing is necessary for the performance of the treatment contract or as a pre-contractual measure (e.g. making an appointment) with you (legal basis: Art. 6 para. 1 lit. b GDPR in conjunction with Art. 9 para. 2 lit. h GDPR). In some cases, the data is also stored on the basis of your consent. This applies to telephone and e-mail address if you expressly wish to be contacted in this way (legal basis: Art. 6 para. 1 lit. a GDPR in conjunction with Art. 9 para. 2 lit. a GDPR).
Storage period: If the data is subject to consent, we store the data for as long as the consent is valid. We store data that constitute records within the meaning of Section 51 ÄrzteG (in particular health data) for at least 10 years in accordance with Section 51 ÄrzteG. Longer storage may be necessary due to the individual situation of the patient.
4.2.2 Special feature regarding appointment booking
We use the DOCTENA tool from Doctena Austria GmbH, Simmeringer Hauptstraße 24, 1110 Vienna. The privacy policy of this service provider is available at https://www.doctena.com/de-at/datenschutzrichtlinie/.
The following data is collected:
- Surname, first name
- e-mail address
- Date
- Phone number
Legal basis:
This data processing is required as a pre-contractual measure (booking a doctor’s appointment) with you (legal basis: Art 6 para 1 lit b GDPR).
Storage duration:
If the transmitted data is required for the processing of the treatment contract (see above), the data will be stored for as long as you maintain a contractual relationship with us. Beyond this, storage is possible within the scope of the statutory storage obligations.
All other data will only be stored within the scope of legal storage obligations and otherwise deleted.
4.3 Cookies
Our Internet pages use so-called “cookies”. Cookies are small data packets and do not cause any damage to your end device. They are stored on your device either temporarily for the duration of a session (session cookies) or permanently (permanent cookies). Session cookies are automatically deleted at the end of your visit. Permanent cookies remain stored on your end device until you delete them yourself or they are automatically deleted by your web browser.
Cookies may originate from us (first-party cookies) or from third-party companies (so-called third-party cookies). Third-party cookies enable the integration of certain services from third-party companies within websites (e.g. cookies for processing payment services).
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them (e.g. the shopping cart function or the display of videos). Other cookies can be used to evaluate user behavior or for advertising purposes.
Cookies that are required to carry out the electronic communication process, to provide certain functions you have requested (e.g. log-in cookies) or to technically optimize the website (essential cookies) are stored on the basis of Art. 6 para. 1 lit. f GDPR, unless another legal basis is specified and do not require consent. The website operator has a legitimate interest in the storage of necessary cookies for the technically error-free and optimized provision of its services. If consent to the storage of cookies and comparable recognition technologies has been requested, the processing is carried out exclusively on the basis of this consent (Art. 6 para. 1 lit a GDPR and Section 165 TKG); the consent can be revoked at any time. You can revoke your consent, for example, via our cookie consent tool at .
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.
When you visit the website, you have the option of deciding which cookies you accept. You can change these settings at any time.
4.3.1 Essential cookies
We use a cookie from the following company:
Borlabs GmbH
Hamburger Str. 11
22083 Hamburg
Germany
This cookie belongs to a Word Press plugin we use. It enables the data protection-compliant integration of cookies and external tools and is therefore necessary for us to be able to offer our website at all.
Storage period: 60 days
4.3.2 Google reCaptcha
We use Google reCaptcha to prevent certain data from being automatically retrieved from our website. Google re aptcha is used with the consent of the data subject. Google reCaptcha is provided in Europe by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
In addition to the page into which the service is integrated, various settings of your end device, the time spent on the website, information about the operating system, the IP address and information about browser plug-ins are also stored.
Storage period: Google reCaptcha sets various cookies that are stored on the user’s device for between a few minutes and several months.
4.3.3 Google Maps
With your consent, we use Google Maps. If you agree, our locations will be displayed on a map provided by Google. Information is also transmitted to Google. Depending on what other information Google knows (e.g. if you are logged in to Gmail at the same time), this allows Google to make connections to your person. It is also possible that the information from Google Maps will be linked with that from Google Search.
Google Maps is provided in Europe by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Storage period: 182 days
Transfer of data to the USA:
Google Ireland Ltd processes data primarily in Europe. However, the data may also be processed by other Google data centers of Google LLC, for example in the USA. Since the conclusion of the EU-US Privacy Framework, US companies can voluntarily submit to this program, whereby the data transfer to the USA is to be regarded as a data transfer to a secure third country. Google LLC is certified in accordance with the EU-US Data Privacy Framework. The current list is available at https://www.dataprivacyframework.gov/list.
5. Storage period due to legal requirements and for the defense of legal claims
We store your personal data, if necessary, for the duration of the entire business relationship (from the initiation, processing to the termination of a contract) and beyond, in accordance with the statutory retention and documentation obligations or for the defense of legal claims. The retention period thus results from the statutory retention periods or limitation periods. In accordance with the Austrian Commercial Code (UGB) and the Federal Fiscal Code (BAO), these are 7 years and in certain cases “at least” 10 years in accordance with the Austrian Medical Practitioners Act.
In certain cases, a longer retention period may also be required for the defense of legal claims or due to limitation periods.
6. Recipients of your data
Below is a clear list of the recipients of the data described above and other recipients.
6.1 Webhosting
We use World4You Internet Services GmbH, Hafenstraße 35, 4020 Linz, Austria as our web host. For details on data protection there, please refer to the privacy policy https://www.world4you.com/unternehmen/datenschutzerklaerung. We have concluded a contract with World4You for order processing in accordance with Art. 28 GDPR, so the use of this service does not require a separate legal basis.
6.2 Appointment booking
We use Doctena as an appointment booking tool.
6.3 Cards
We integrate Google Maps as a map tool on the homepage.
7. Your further data protection rights
7.1 Rights of data subjects
In the following, we will inform you about your rights as a data subject:
- You have the right to know whether or not we are processing personal data concerning you. If so, you have the right to information about this data in accordance with Article 15 (1) and (2) of the General Data Protection Regulation (GDPR), including a copy of the data in accordance with Article 15 (3) and (4) of the GDPR.
- You can request the correction or completion of incorrect or incomplete data concerning you (Art. 16 of the GDPR).
- You have the right to request the erasure of your data if there is no legal basis for the further processing of your data (see Article 17 of the GDPR in detail). However, please note that deletion cannot take place in cases where processing (storage) is necessary to fulfill a legal obligation (e.g. statutory retention obligations) or if we have overriding legitimate interests (e.g. to assert, exercise or defend specific legal claims).
- Under certain conditions, you have the right to request the restriction of the processing of your data (Art. 18 GDPR).
- You can object to the processing of your data which is necessary to protect our legitimate interests or those of a third party (Art. 6 (1) (f) GDPR). In the event of an objection, we will no longer process your data unless the processing serves to assert, exercise or defend legal claims or we can demonstrate compelling legitimate grounds for processing that outweigh your interests (taking into account your particular situation, if applicable). If you object to processing for direct marketing purposes (including profiling to the extent that it is related to such direct marketing), we will no longer process your personal data for these purposes (Art. 21 of the GDPR).
- You can request that we transfer the data you have provided to us in a structured, commonly used and machine-readable format. However, the right to data portability only exists if the processing is based on your consent or on a contract (Art. 20 GDPR).
Please send us your request by e-mail or in writing, stating at least your first name and surname.
We would like to point out that your rights may be restricted on the basis of Section 3b ÄrzteG. If we nevertheless provide you with information within the scope of Section 3b ÄrzteG, this is to be regarded as voluntary and without any claim to completeness.
If you assert your rights against us, we will process your personal data collected in this context to respond to your request. This data processing is necessary to fulfill a legal obligation (Art. 6 para. 1 lit c GDPR).
Without prejudice to your rights towards us as described above, you can lodge a complaint with the competent supervisory authority for data protection if you believe that the processing of your personal data by us violates the GDPR (Art 77 GDPR). In Austria, this is the data protection authority. You can also lodge a complaint with another data protection supervisory authority in the European Union, in particular at your place of residence or work.
7.2 Revocation of consent
If you have given us your consent to process your personal data, you can withdraw this at any time. The revocation of your consent is effective for the future. The legality of the processing of your personal data up to the time of revocation remains unaffected.
Please send your revocation to webmaster@loader.at.
If you withdraw your consent, we will process your personal data collected in this context to respond to your request. This data processing is necessary to fulfill a legal obligation (Art 6 para 1 lit c GDPR).
Status: July 10, 2024