Privacy Policy

The protection of your personal data is important to us. With the following data protection declaration, we would like to inform you about the types of your personal data (hereinafter also referred to as "data") that we process, for what purposes and to what extent. The data protection declaration applies to all processing of personal data carried out by us, both in the context of the provision of our services and in particular on our website, in mobile applications and within external online presences, such as our social media profiles.

The terms used are not gender-specific.

Last updated: 7. November 2023

Responsible in the sense of the General Data Protection Regulation (GDPR)

Christine Rous, Ph.D.
Medical Writer
Neubaugasse 56/7
1070 Vienna
Austria

E: welcome@medwriting.at
P: +43 650 810 1981

Personal data

Personal data is information that can be individually assigned to you as a user of this website. Examples include your address, name, postal address, e-mail address or telephone number. Information such as the number of users who visit a website is not personal data because it does not allow assignment to an individual person.

Legal basis for the processing of personal data

Relevant legal basis according to the GDPR: Unless more specific information is provided in this privacy policy (e.g. for the technologies used), we may process your personal data on the basis of the following legal basis:

• Consent (Art. 6 para. 1 p. 1 lit. a) GDPR) - The data subject has given his/her consent to the processing of personal data relating to him/her for a specific purpose or purposes.
• Performance of a contract and pre-contractual enquiries (Art. 6 para. 1 p. 1 lit. b) GDPR) - Processing is necessary for the performance of a contract to which the data subject is party or for the performance of pre-contractual measures carried out at the data subject's request.
• Legal obligation (Art. 6 para. 1 p. 1 lit. c) GDPR) - Processing is necessary for compliance with a legal obligation to which the controller is subject.
• Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR) - Processing is necessary to protect the legitimate interests of the controller(s) or a third party, unless such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

Please note that in addition to the regulations of the DSGVO, the national data protection regulations in your or our home country may apply.

Overview of the processing

The following overview summarises the types of data processed and the purposes of their processing and refers to the data subjects.

Types of data processed

• Inventory data (e.g. names, addresses)
• Contact data (e.g. e-mail, telephone numbers)
• Content data (e.g. text entries, photographs, videos)
• Usage data (e.g. websites visited, interest in content, access times)
• Meta/communication data (e.g. device information, IP addresses)
• Contract/payment data

Categories of data subjects

• Interested parties
• Users
• Business and contractual partners

Purposes of processing

• Provision of our online offer and user-friendliness
• Responding to contact requests and communication
• Security measures
• Reach measurement/marketing
• Office and organisational procedures
• Feedback

Security measures

We take appropriate technical and organisational measures to ensure a level of protection appropriate to the risk in accordance with the legal requirements, taking into account the state of the art, the implementation costs and the nature, scope, circumstances and purposes of the processing as well as the different probabilities of occurrence and the extent of the threat to the rights and freedoms of natural persons.

The measures include, in particular, ensuring the confidentiality, integrity and availability of data by controlling physical and electronic access to the data as well as access to, input of, disclosure of, assurance of availability of and segregation of the data. We also have procedures in place to ensure the exercise of data subjects' rights, the deletion of data and responses to data compromise. Furthermore, we already take the protection of personal data into account in the development or selection of hardware, software as well as procedures in accordance with the principle of data protection, through technology design and through data protection-friendly default settings.

Shortening of the IP address: If IP addresses are processed by us or by the service providers and technologies used and the processing of a complete IP address is not necessary, the IP address is shortened (also referred to as "IP masking"). In this process, the last two digits or the last part of the IP address after a full stop are removed or replaced by wildcards. The shortening of the IP address is intended to prevent or make it considerably more difficult to identify a person by their IP address.

TLS encryption (https): In order to protect your data transmitted via our online offer, we use TLS encryption. You can recognise such encrypted connections by the prefix https:// in the address line of your browser.

Cooperation with processors and third parties

We carefully select our service providers who process personal data on our behalf. If we commission third parties with the processing of personal data on the basis of a contract processing agreement, this is done in accordance with Art. 28 GDPR.

Transfer to third countries

If we process data in a third country or do so in the context of using third-party services or disclosing or transferring data to other persons or companies, this will only be done on the basis of the legal grounds outlined above for the transfer of data.
Subject to explicit consent or contractual necessity, we only process or allow the processing of data in third countries with a level of data protection recognised as adequate or on the basis of special guarantees, such as a contractual obligation through so-called standard contractual clauses of the EU Commission, the existence of certifications or binding internal data protection regulations, in accordance with Art. 44-49 GDPR.

Data deletion

The data processed by us will be deleted or restricted in its processing in accordance with the legal requirements. Unless expressly stated within the scope of this data protection declaration, the data stored by us will be deleted as soon as it is no longer required for its intended purpose and the deletion does not conflict with any statutory retention obligations. If the data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted. I.e. the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for reasons of commercial or tax law or whose storage is necessary for the assertion, exercise or defence of legal claims or for the protection of the rights of another natural or legal person.

Rights of the data subjects

Data subjects' rights under the GDPR: As a data subject, you are entitled to various rights under the GDPR, which arise in particular from Art. 15 to 21 GDPR:

• Right to object: You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out on the basis of Art. 6 para. 1 lit. e) or f) GDPR; this also applies to profiling based on these provisions. If the personal data concerning you is processed for the purpose of direct marketing, you have the right to object at any time to the processing of personal data concerning you for the purpose of such marketing; this also applies to profiling insofar as it is related to such direct marketing.
• Right to withdraw consent: You have the right to revoke any consent given at any time.
• Right to information: You have the right to request confirmation as to whether data in question is being processed and to information about this data as well as further information and a copy of the data in accordance with the legal requirements.
• Right to rectification: You have the right, in accordance with the law, to request that data concerning you be completed or that inaccurate data concerning you be rectified.
• Right to erasure and restriction of processing: You have the right, in accordance with the law, to request that data concerning you be erased without delay or, alternatively, to request restriction of the processing of the data in accordance with the law.
• Right to data portability: You have the right to receive data concerning you, which you have provided to us, in a structured, common and machine-readable format in accordance with the legal requirements, or to demand that it be transferred to another responsible party.
• Complaint to the supervisory authority: Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of personal data relating to you infringes the provisions of the GDPR.

Technologies on our website

Cookies

Cookies are small text files or other memory notes that store information on end devices and read information from the end devices. For example, to save the login status in a user account, the contents of a shopping basket in an e-shop, the contents called up or the functions used in an online offer. Cookies can further be used for various purposes, e.g. for purposes of functionality, security and comfort of online offers as well as the creation of analyses of visitor flows.

Notes on consent: We use cookies in accordance with legal requirements. We therefore obtain prior consent from users, except where this is not required by law. In particular, consent is not required if the storage and reading of information, including cookies, is absolutely necessary in order to provide the user with a telemedia service expressly requested by them (i.e. our online offering).

Storage duration: With regard to storage duration, the following types of cookies are distinguished:

• Temporary cookies (also: session cookies): Temporary cookies are deleted at the latest after a user has left an online offer and closed his end device (e.g. browser or mobile application).
• Permanent cookies: Permanent cookies remain stored even after the end device is closed. For example, the login status can be saved or preferred content can be displayed directly when the user visits a website again. Likewise, user data collected with the help of cookies can be used to measure reach. Unless we provide users with explicit information about the type and storage duration of cookies (e.g. when obtaining consent), users should assume that cookies are permanent and that they can be stored for up to two years.

General information on revocation and objection (so-called "opt-out"): Users can revoke the consent they have given at any time and object to processing in accordance with the legal requirements. To do this, users can, among other things, restrict the use of cookies in the settings of their browser (whereby the functionality of our online offer may also be restricted as a result). An objection to the use of cookies for online marketing purposes can also be declared via the websites https://optout.aboutads.info and https://www.youronlinechoices.com/.

Matomo (without cookies):

Matomo is a data protection-friendly web analysis software that is used without cookies and in which recurring users are recognised with the help of a so-called "digital fingerprint", which is stored anonymously and changed every 24 hours. With the "digital fingerprint", user movements within our online offer are recorded with the help of pseudonymised IP addresses in combination with user-side browser settings in such a way that it is not possible to draw conclusions about the identity of individual users. The user data collected through the use of Matomo is only processed by us and is not shared with third parties;
Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR).
Website: https://matomo.org/.

Presence in social networks (social media)

We maintain online presences within social networks and platforms in order to be able to communicate with the customers, interested parties and users active there and to inform them about our services there. When calling up the respective networks and platforms, the terms and conditions and data processing guidelines of their respective operators apply.
Unless otherwise stated in our privacy policy, we process the data of users if they communicate with us within the social networks and platforms, e.g. write posts on our online presences or send us messages.

LinkedIn: Social network;
Service provider: LinkedIn Ireland Unlimited Company, Wilton Plaza Wilton Place, Dublin 2, Ireland;
Legal basis: Legitimate Interests (Art. 6 para. 1 p.1 lit. f) GDPR);
Website: https://www.linkedin.com;
Privacy policy: https://www.linkedin.com/legal/privacy-policy;
Order processing agreement: https://legal.linkedin.com/dpa;
Basis third country transfer: Standard Contractual Clauses (https://legal.linkedin.com/dpa);
Possibility to object (opt-out): https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out.

Webhosting

DomainFactory: Services in the field of providing information technology infrastructure and related services (e.g. storage space and/or computing capacities);
Service provider: Domainfactory GmbH, c/o WeWork, Neuturmstrasse 5, 80331 Munich, Germany;
Legal basis: Legitimate interests (Art. 6 para. 1 p. 1 lit. f) GDPR);
Website: https://www.df.eu;
Privacy policy: https://www.df.eu/de/datenschutz;
Order processing contract: https://www.df.eu/de/support/formulare/.

Google Fonts

We use Google Fonts on our website. These are the "Google Fonts" of Google Inc.
Service provider: Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland;
Legal basis: Legitimate interests (Art. 6 para. 1 sentence 1 lit. f) GDPR);
Website: https://fonts.google.com/;
Privacy Policy: https://policies.google.com/privacy;
Basis for third country transfer: EU-US Data Privacy Framework (DPF).
Further information: https://developers.google.com/fonts/faq/privacy?hl=de.

Amendment and update of the privacy policy

We ask you to regularly inform yourself about the content of our data protection declaration. We adapt the data protection declaration as soon as the changes in the data processing carried out by us make this necessary. We will inform you as soon as the changes require an act of cooperation on your part (e.g. consent) or other individual notification.
If we provide addresses and contact information of companies and organisations in this data protection declaration, please note that the addresses may change over time and please check the information before contacting us.