1. General
With this privacy policy, we would like to inform you about the nature, scope and purpose of the collection and use of your personal data by Sportklinik Arlberg. Personal data in this context means any information relating to an identified or identifiable natural person.
We respect your privacy and will process your personal data in accordance with the legal requirements, in particular the General Data Protection Regulation (GDPR) and Austrian Data Protection Act (DSG).
2. Controller and Data Protection Supervisor
The controller in the sense of the GDPR is Sportklinik Arlberg GmbH. You can reach us at the following contact details: Sollederweg 5, 6580 St. Anton am Arlberg, info@sportklinik-arlberg.at as well as our Data Protection Supervisor at: datenschutz@sportklinik-arlberg.at.
3. Collection and Processing of Personal Data
3.1. Contact and Pre-Contractual Measures
We process your personal data when you contact us via form on our website or e-mail for the purpose of responding to your request, scheduling and technical administration.
For this purpose, we process the following personal data from you: First and last name, address, telephone number and e-mail address.
The processing is based on the implementation of pre-contractual measures for the conclusion of a treatment / hospital admission contract in accordance with Art. 6 para. 1 lit. b GDPR.
3.2. Treatment and Hospital Admission Contractg
We process your personal data, in particular necessary data concerning health, as part of the initiation, fulfilment and termination of the treatment contract concluded with you in the case of outpatient treatment or the hospital admission contract in the case of inpatient treatment.
For this purpose, the following personal data and special categories of personal data may be processed: Title, first and last name, address, telephone number, e-mail address, payment data, social security number, social insurer and all data concerning health recorded or stored by you as a patient, such as findings, medications, diagnoses, image data from medical imaging procedures (e.g. X-rays, magnetic resonance imaging (MRI), ultrasound and computer tomography scans), laboratory values, reports of incapacity for work.
The processing is carried out on the basis of your explicit consent, which can be revoked at any time, in accordance with Art. 9 Para. 2 lit a DSGVO and in accordance with Art. 9 para. 2 lit. h and para. 3 GDPR due to the fulfilment of the treatment / hospital admission contract concluded with us as well as the fulfilment of legal documentation and information obligations in accordance with Section 51 para. 2 Austrian Medical Act(ÄrzteG).
As part of the fulfillment of the respective treatment or hospital admission contract, your corresponding personal data may be transferred to Dr. David Ostoverschnigg[ for radiological reporting and to the corresponding social insurance carriers, health care institutions, accountants and tax consultants as part of the fulfillment of our legal documentation, recording and accounting obligations.
Your personal data may also be transferred to the insurance provider you have indicated in the context of the execution of the respective treatment or hospitalization contract for the purpose of obtaining coverage commitments from this insurance provider.
3.3. Doctor in the Home Country
At your request and with your explicit consent, we will transmit your personal data, in particular diagnostic findings, to the doctor in your home country indicated by you (see the form, " Consent to the processing and transfer of your personal patient data").
For this purpose, the following personal data and special categories of personal data may be processed: Title, first and last name, address, telephone number, e-mail address, social security number, social insurer and all data concerning health collected or stored by you as a patient, such as findings, medications, diagnoses and laboratory values.
3.4. Website
We process your personal data, which your browser automatically transmits when you access or use our website, for the purpose of providing the website. The personal data is temporarily stored in a so-called log file.
For this purpose, the following personal data from you is processed: IP address of the requesting computer, date and time of access, name and URL of the accessed file, access website (referrer URL), browser used and, if applicable, the operating system of your computer, as well as the name of your access provider.
The legal basis for the processing is the protection of our legitimate interest pursuant to Art. 6 para. 1 lit. f GDPR. Since the processing is based on the protection of our legitimate interests, you have the right to object (see point 5.4 first paragraph).
4. Storage Period
We process your personal data for as long as is reasonably necessary for the provision of the website, as well as for the fulfilment of pre-contractual measures and the treatment / hospitalization contract concluded with you.
Beyond that, your personal data will be stored in log files for 30 days to safeguard our legitimate interests in preventing threats to our website. As the processing is based on the protection of our legitimate interests, you have the right to object (see point 5.4 first paragraph).
Furthermore, your personal data will be stored for compliance with statutory retention and documentation obligations. Your medical records and documentation are kept for at least 10 years in accordance with Section 51 para. 3 ÄrzteG and your medical histories are kept for up to 30 years in accordance with Section 10 para 1 sent. 3 Austrian Hospitals and Health Resorts Act (KaKuG). Furthermore, the personal data required for this purpose will be stored until the expiry of the retention period under tax law of 7 years in accordance with Section 132 para. 1 Austrian Federal Fiscal Code (BAO) and for 3 or 30 years for the establishment, exercise or defence of legal claims.
5. Your Rights
5.1. Right of Access
Within the framework of the applicable legal provisions, you have the right to obtain confirmation from the controller at any time as to whether personal data relating to you is being processed by us. If this is the case, you have a free right to information about this personal data (e.g. processing purposes, the categories of personal data and recipients).
5.2. Right to Withdraw Consent
You have the right to withdraw any consent you have given at any time. The withdrawal of your consent shall not affect the lawfulness of the data processing prior to the withdrawal.
5.3. Right to Correction, Deletion and Restriction
You have the right to demand that we correct your incorrect personal data without delay. You also have the right, under certain conditions, to request the deletion as well as the restriction of the processing of your personal data without delay.
5.4. Right to Object to Data Processing
If data processing is carried out to protect our legitimate interests, you have the right to object to the processing of your personal data at any time on grounds relating to your particular situation. Please refer to this Privacy Policy for the respective legal basis on which processing is based. If you object, we will no longer process your personal data concerned, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing serves the purpose of asserting, exercising or defending legal claims.
If we process your personal data for direct marketing purposes, you shall have the right to object at any time to processing of your personal data for the purpose of such marketing,5.5. Right to Data Portability
You shall have the right to receive personal data concerning you, which we process on the basis of your consent or in fulfilment of a contract / pre-contractual measures, handed over to you or to a third party in a commonly and machine-readable format. If you request the direct transfer of the data to another controller, this will only be done insofar as it is technically feasible.
5.6. Right to Lodge a Complaint with the Respective Supervisory Authority
If you believe that the processing of your personal data violates Data Protection Law or that your Data Protection Rights have otherwise been violated in some way, you can complain to the supervisory authority. In Austria, the Austrian Data Protection Authority (DPA) is responsible.
You can reach the DPA at the following contact details: Barichgasse 40-42, 1030 Vienna, phone: +43 1 52 152-0, e-mail: dsb@dsb.gv.at.
Cookies
Cookies are small text files that are stored either temporarily for the duration of a session (session cookies) or permanently (permanent cookies) on your terminal device. Session cookies are automatically deleted at the end of your website visit. Permanent cookies remain stored on your end device until you delete them yourself or until they are automatically deleted by your web browser.
Cookies have various functions. Many cookies are technically necessary, as certain website functions would not work without them. Other cookies are used to evaluate user behaviour or to display advertising.
Currently, only technically necessary cookies are used on our website to ensure basic website functions. You can deactivate cookies in your browser. However, disabling all cookies may limit the functionality of our website.