Data protection

The protection of your personal data is very important to me. I therefore process your data exclusively on the basis of the statutory provisions (GDPR, TKG 2003). In this data protection information I inform you about the most important aspects of data processing within the framework of this website.

Contact with me

If you contact me using the form on the website or by e-mail, the data you provide will be stored for six months for the purpose of processing the request and in the event of follow-up questions. I will not pass on this data without your consent.


My website may use so-called cookies. These are small text files that are stored on your end device with the help of the browser. They do no harm.
I use cookies to make the offer on this site user-friendly. Some cookies remain stored on your end device until you delete them. They enable me to recognize your browser on your next visit.
If this is not desired, you can set up your browser so that it informs you about the setting of cookies and you can only allow this in individual cases.
If cookies are deactivated, the functionality of this website may be restricted or eliminated.

Your rights

In principle, you have the right to information, correction, deletion, restriction, data transferability, revocation and objection. If you believe that the processing of your data violates data protection law or your data protection claims have otherwise been violated in any way, you can complain to the supervisory authority. In Austria, this is the data protection authority. You can reach me as data protection officer at or by phone +43 670 5089980.

Basic information

Company name:Dr. Philipp Wimmer, specialist in ear, nose and throat diseases
Company address:Schönbrunner Straße 9, 1040 Wien
Contact details (telephone, email):‭+43 720 506075,
Person responsible for data protection or data protection officer / contact details (telephone, e-mail):Dr. Philipp Wimmer, internal data protection officer, address as above,, Tel. ‭+43 720 506075

List of processing activities

Data categories:1. User information (time of registration, confirmation of registration, (pseudonymized) IP address).
2. Usage data (open rates, clicks on links, geographic data, times).
Affected persons:Website visitors
Purposes:1. Addressing.
2. Optimization of user-friendliness, more interesting content, increase in economic efficiency.
Legal basis:EU General Data Protection Regulation 1. Article 6(1)(a) (consent). EU General Data Protection Regulation 2. Article 6(1)(f) (legitimate interests). EU General Data Protection Regulation 3. Article 6 paragraph 1 lit. f (legitimate interests).
Data source:Website, express consent.
Information for those affected:Reference to content, data protection declaration, analysis, shipping service provider and revocation on the registration form; Details in the privacy policy.
Recipient:Internal: IT, marketing.
Deletion:1. Upon request, storage 6 years.
2. Upon request, storage 6 years.
Protective measures:Reference is made to the general technical and organizational measures.

General technical and organizational measures

Access control (firewalls, virus protection, authentication concepts)
Access Control (Secure Storage, Destruction, Encryption)
Transmission control (determination of recipients, pseudonymization, encryption)
Input control (logging)
Order control (instructions, contractual obligations)
Availability control (emergency concept, backup system)
Ensuring the earmarking/separation requirement (e.g. physical data separation, authorization concepts)

Risk assessment

Risk:Unauthorized access to the database
Categories of data for impact assessment:Personal Data
Affected:Website visitors
Classification of risk (physical, tangible, intangible):Probability of occurrence: normal.
Damage to those affected: increased (spam, phishing, etc.) to e-mail address.
Protective measures:Hard and software firewall, immediate updates of the software and hardware, current state of the art, intrusion detection systems, authorization concept and password management, special instructions for employees, guaranteed protective measures by the web host, information for users.
Risk sufficiently averted (consideration with remaining risks):The risk is sufficiently averted, the remaining risks are proportionate:
A milder measure is data minimization (Art. 5 Para. 2 GDPR) by dispensing with statistical surveys of reading behavior. However, it is precisely the core function that offers a special user for the recipient with a pre-selection of relevant information. Furthermore, users are made aware of the analysis and informed in detail in the data protection declaration. Therefore, the function based on Art. 6 Para. 1 lit. a and f GDPR can be retained without violating the rights of the users.
Permission granted:Yes