The protection of your personal data is very important to me. I therefore process your data exclusively on the basis of the statutory provisions (GDPR, TKG 2003). In this data protection information I inform you about the most important aspects of data processing within the framework of this website.
Contact with me
If you contact me using the form on the website or by e-mail, the data you provide will be stored for six months for the purpose of processing the request and in the event of follow-up questions. I will not pass on this data without your consent.
My website may use so-called cookies. These are small text files that are stored on your end device with the help of the browser. They do no harm.
If this is not desired, you can set up your browser so that it informs you about the setting of cookies and you can only allow this in individual cases.
If cookies are deactivated, the functionality of this website may be restricted or eliminated.
In principle, you have the right to information, correction, deletion, restriction, data transferability, revocation and objection. If you believe that the processing of your data violates data protection law or your data protection claims have otherwise been violated in any way, you can complain to the supervisory authority. In Austria, this is the data protection authority. You can reach me as data protection officer at email@example.com or by phone +43 670 5089980.
|Company name:||Dr. Philipp Wimmer, specialist in ear, nose and throat diseases|
|Company address:||Schönbrunner Straße 9, 1040 Wien|
|Contact details (telephone, email):||+43 670 5089980, firstname.lastname@example.org|
|Person responsible for data protection or data protection officer / contact details (telephone, e-mail):||Dr. Philipp Wimmer, internal data protection officer, address as above, email@example.com, Tel. +43 670 5089980|
List of processing activities
|Data categories:||1. User information (time of registration, confirmation of registration, (pseudonymized) IP address).|
2. Usage data (open rates, clicks on links, geographic data, times).
|Affected persons:||Website visitors|
2. Optimization of user-friendliness, more interesting content, increase in economic efficiency.
|Legal basis:||EU General Data Protection Regulation 1. Article 6(1)(a) (consent). EU General Data Protection Regulation 2. Article 6(1)(f) (legitimate interests). EU General Data Protection Regulation 3. Article 6 paragraph 1 lit. f (legitimate interests).|
|Data source:||Website, express consent.|
|Recipient:||Internal: IT, marketing.|
|Deletion:||1. Upon request, storage 6 years.|
2. Upon request, storage 6 years.
|Protective measures:||Reference is made to the general technical and organizational measures.|
General technical and organizational measures
|Access control (firewalls, virus protection, authentication concepts)|
|Access Control (Secure Storage, Destruction, Encryption)|
|Transmission control (determination of recipients, pseudonymization, encryption)|
|Input control (logging)|
|Order control (instructions, contractual obligations)|
|Availability control (emergency concept, backup system)|
|Ensuring the earmarking/separation requirement (e.g. physical data separation, authorization concepts)|
|Risk:||Unauthorized access to the database|
|Categories of data for impact assessment:||Personal Data|
|Classification of risk (physical, tangible, intangible):||Probability of occurrence: normal.|
Damage to those affected: increased (spam, phishing, etc.) to e-mail address.
|Protective measures:||Hard and software firewall, immediate updates of the software and hardware, current state of the art, intrusion detection systems, authorization concept and password management, special instructions for employees, guaranteed protective measures by the web host, information for users.|
|Risk sufficiently averted (consideration with remaining risks):||The risk is sufficiently averted, the remaining risks are proportionate:|
A milder measure is data minimization (Art. 5 Para. 2 GDPR) by dispensing with statistical surveys of reading behavior. However, it is precisely the core function that offers a special user for the recipient with a pre-selection of relevant information. Furthermore, users are made aware of the analysis and informed in detail in the data protection declaration. Therefore, the function based on Art. 6 Para. 1 lit. a and f GDPR can be retained without violating the rights of the users.