PRIVACY POLICY
This statement describes how I process your personal data as a doctor, employer, colleague, business partner and customer, i.e. how I collect, store and, if applicable, pass it on to third parties. This statement is addressed to patients, prospective patients, employees and other contractual partners, as well as their respective shareholders, bodies and other employees.
Personal data includes all information relating to an identified or identifiable natural person. This includes your name, address and date of birth, as well as your telephone number and email address, for example.
As part of my medical activities, my role as an employer and, where applicable, my role as a business partner involves processing what are known as “special categories of personal data”. This information, formerly referred to as ‘sensitive data’, includes your health and genetic data, as well as data concerning your sexual orientation and ethnic origin.
The protection of your personal data is of particular importance to me. I therefore only process this data on the basis of statutory provisions and regulations (EU GDPR, DSG 2018, TKG 2003, ÄrzteG, BAO, UGB, AngG, ASVG, ABGB, EpidemieG, TuberkuloseG, AIDS-G, GeschlechtskrankheitenG, GesundheitstelematikG, etc.), to fulfil my contractual obligations under the treatment contract, for the purposes of my legitimate interests and with your consent.
Purposes of Data Processing
I process special categories of personal data for the following purposes:
• Maintaining patient records
• Preparing findings and expert opinions.
• Requesting and transmitting findings;
• obtaining and providing medical consultations
• examination of samples
• Managing prescriptions
• ELGA
• Corresponding with patients, prospective patients, employees, colleagues and other contractual partners.
• Issuing certificates
• Statutory notifications and reporting obligations
• Participation in proceedings
• Billing
• Communication with the chamber (medical association).
• Accounting and logistics
• Personnel administration
• Management of periods of incapacity for work
• Management of substitutions
• File management
• Liaising with patients and their legal representatives, as well as prospective patients.
Legal bases for processing
If you are my patient, I will process your personal data, including special categories of personal data, because this is necessary in order to:
• fulfil the treatment contract concluded with you (medical treatment and correspondence via customary means, e.g. fax, email or SMS);
• comply with legal obligations (Art. 6(1)(b) in conjunction with Art. 9(2)(h) and (i) GDPR);
• comply with my legal obligations under the Doctors Act, the Epidemic Act, the Tuberculosis Act, the AIDS Act, the Sexually Transmitted Diseases Act, the Health Telematics Act, the ASVG, etc. (Art. 6(1)(c) in conjunction with Art. 9(2)(b) GDPR),
• fulfil my legitimate interests, for example with regard to IT and network security or in the event of legal disputes (Art. 6(1)(f) in conjunction with Art. 9(2)(f) GDPR) and
• on the basis of your consent, for example if you request the transmission of your data to a third party or a form of transmission not typically covered by our contract (e.g. WhatsApp), or in cases of release from medical confidentiality (Art. 6(1)(a) in conjunction with Art. 9(2)(a) GDPR).
If you are an employee or substitute physician, I will process your personal data, including special categories, because this is necessary for the purposes of:
• fulfil the employment contract with you (employment relationship and correspondence via customary means, e.g. fax, email or SMS; Art. 6(1)(b) GDPR);
• comply with my legal obligations under the AngG, ASVG, ABGB, ÄrzteG, BAO and UGB (Art. 6(1)(c) GDPR). 9(2)(b) GDPR),
• fulfil my legitimate interests, for example with regard to IT and network security or in the event of legal disputes (Art. 6(1)(f) GDPR);
• fulfil my legal obligations under the AngG, ASVG, ABGB, ÄrzteG, BAO and UGB (Art. 6(1)(c) GDPR);
• fulfil the employment contract with you (employment relationship and correspondence via customary means, e.g. fax, email or SMS) (Art. 6(1)(b) GDPR);
• process your data on the basis of your consent, for example if you request the transmission of your data to a third party or a form of transmission not typically covered by our contract (e.g. WhatsApp) (Art. 6(1)(a) GDPR). 9(2)(f) GDPR);
• on the basis of your consent, for example if you request the transmission of your data to a third party or a form of transmission not typically covered by our contract (e.g. WhatsApp) (Art. 6(1)(a) in conjunction with Art. 9(2)(a) GDPR). 9(2)(a) GDPR).
If you are another one of my contractual partners, I process your personal data because this is necessary to
• fulfil the contract concluded with you (performance of the contract and correspondence via customary means, e.g. fax, email or SMS) (Art. 6(1)(b) GDPR);
• comply with my legal obligations under the ABGB, BAO, UGB and similar legislation (Art. 6(1)(c) GDPR);
• fulfil my legitimate interests, for example with regard to IT and network security or in the event of legal disputes (Art. 6(1)(f) GDPR); and
• on the basis of your consent, for example if you request the transmission of your data to a third party (Art. 6(1)(a) GDPR).
Transfer of your personal data
We will transfer your personal data to the following recipients to the extent necessary for the aforementioned data processing purposes:
– physicians, hospitals, outpatient clinics, laboratories, nursing homes and retirement homes;
– pharmacies, healthcare service providers (ELGA) and non-physician health professionals;
– legal representatives;
– tax advisors and auditors;
– banks and external financiers;
– courts, administrative authorities and inspectorates;
– insurance companies;
– collection agencies;
– contractual and business partners (such as suppliers, transport companies, etc.);
– interest and professional associations;
– provident and severance pay funds, social insurance institutions and pension funds.
For the sake of completeness, I would like to point out that some of the above recipients are located outside Austria or may process your personal data outside Austria. The level of data protection in other countries may not correspond to that in Austria. I therefore take measures to ensure that all recipients provide an adequate level of data protection. To this end, we conclude standard contractual clauses (2010/87/EC and/or 2004/915/EC), for example. These are available upon request (see item 6).
Storage period
I will store your personal data until the applicable statutory limitation and retention periods expire; thereafter, until any legal disputes in which the data is required as evidence are concluded.
Data security
I ensure the protection of your personal data through appropriate organisational and technical measures. These precautions particularly concern protection against unauthorised, unlawful or accidental access, processing, loss, use and manipulation, as well as options for data recovery.
Despite my efforts to maintain consistently high standards of care, I cannot rule out the possibility that information you disclose to me via the internet (e.g. website forms or emails) may be viewed and used by other people.
Please note that I therefore accept no liability whatsoever for the disclosure of information due to errors in data transmission not caused by me, or unauthorised access by third parties (e.g. hacking of an email account or telephone, interception of faxes, etc.).
Website
The protection of your personal data is a matter of particular concern to me. I therefore only process your data on the basis of statutory provisions (GDPR, TKG 2003). In this privacy information, I inform you about the most important aspects of data processing in the context of our website.
Contacting us
If you contact us via the website form or by email, we will store the data you provide for six months for the purpose of processing your request and for follow-up questions. I will not pass on this data without your consent.
Web analytics
Our website uses Google Analytics, a web analytics service provided by Google Inc. (“Google”). We have concluded a corresponding commissioned data processing contract with the provider.
Data processing is carried out on the basis of the statutory provisions of §96(3) TKG, as well as Article 6(1)(a) (consent) of the GDPR. No data is transmitted to Google until the user has explicitly consented to the use of Google Analytics on this website. As the privacy of our users is important to us, user data is pseudonymised.
When you activate IP anonymisation on this website, Google will shorten your IP address within European Union member states or other contracting states to the European Economic Area Agreement. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. As Google is based in the USA, the transmission of IP addresses and other data to the USA is considered a transfer to an unsafe third country and therefore only takes place after the user has given explicit consent.
Google Analytics uses “cookies”, which are text files stored on your computer, to analyse your use of the website. The information generated by the cookie about your use of the website is usually sent to a Google server in the US and stored there. You can prevent this by configuring your browser to reject cookies.
Google will use this information, on behalf of the operator of this website, to evaluate your use of the website, compile reports on website activity and provide the website operator with other services relating to website and internet usage. The anonymised IP address sent by your browser as part of Google Analytics will not be combined with other Google data.
You can prevent cookies from being stored by adjusting your browser settings; however, please note that you may not be able to use all of this website’s functions to their full extent in this case. Alternatively, you can prevent Google from collecting the data generated by the cookie relating to your use of the website (including your IP address), as well as prevent Google from processing this data, by downloading and installing the browser plugin available at the following link: http://tools.google.com/dlpage/gaoptout?hl=de .
As an alternative to the browser add-on, especially for mobile browsers, you can prevent Google Analytics from collecting your data by clicking the following button and adjusting your privacy settings: Change privacy settings.
Your personal settings will be stored via an essential cookie. This settings cookie only applies to this browser and our website, and is stored on your device. If you delete cookies in this browser, you will also need to reset your settings.
Google Maps
My website uses Google Maps to visually display geographical information. Google Maps is a mapping service provided by Google LLC, 1600 Amphitheatre Parkway, Mountain View, California, USA. When you access a page of my website that contains Google Maps, information about your use of the website, including your IP address, is transmitted to Google’s servers in the USA. When you access a page of my website containing Google Maps, your browser establishes a direct connection to Google’s servers. Google then transmits the map content directly to your browser, which integrates it into the website.
More detailed information about data processing by Google can be found in Google’s privacy policy: www.google.com/privacypolicy.html .
The terms of use for Google Maps can be found at the following URL: www.google.com/intl/de_de/help/terms_maps.html .
Newsletter
You can subscribe to my email newsletter, Beautynews, via my website. To do so, you will need to provide your email address and confirm that you agree to receive the newsletter.
You can unsubscribe from the newsletter at any time. Please send your cancellation to the following email address: office@sawetz-paiva.at. I will then immediately delete any data relating to the dispatch of the newsletter.
Your rights in connection with personal data
Data protection law entitles you to request free information from me as the controller regarding whether I have processed any personal data concerning you. If this is the case, you are entitled under Art. 15 GDPR, among other things,
(i) verify which personal data I am processing and for what purposes;
(ii) request the rectification, completion or deletion, as well as the restriction of the processing of your personal data, and (iii) object to the processing.
Under certain circumstances, you can also object to the processing of your personal data or revoke consent previously given for processing. However, a revocation does not affect the lawfulness of processing carried out before the revocation.
(iv) obtain all available information about the source of the data if it was not collected from you by me, my employees, or my representatives;
(v) request data portability;
(vi) to find out to whom your personal data is transmitted;
(vii) obtain information on automated decision-making (not applicable to physicians), including profiling, and, in such cases, receive meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for you;
If your personal data is transferred to a third country or international organisation, you also have the right to be informed of the appropriate safeguards pursuant to Art. 46 GDPR in connection with the transfer.
If you wish, I will provide you with a copy of the personal data that I am processing. I may charge a reasonable fee based on administrative costs for any further copies you request.
You have the right to submit your request electronically. Unless another legal basis states otherwise, I will comply with your request by the deadline and provide you with the information in a commonly used electronic format.
Furthermore, data protection law entitles you to lodge a complaint with the data protection authority (www.dsb.gv.at).
My contact details as controller:
If you have any questions about this statement or wish to submit requests, please contact:
Dr. Isabelle Sawetz-Paiva
Wollzeile 9, 4th Floor
A-1010 Vienna
T +431 943 9393
office@sawetz-paiva.at
