Privacy Policy
Privacy Policy
As required by the Medical Technical Act (MTD-Gesetz), it has always been a matter of course for me to treat your personal data confidentially and to only share it with institutions that need it to fulfill their tasks, such as referring doctors and health insurance providers.
In the future, I will continue to use the data you provide solely for the purpose of your therapy!
Scope of this Privacy Policy
The following information applies to all personal data collected during your visit to my practice. I, Iris Munsperger, located at Hütteldorferstrasse 277/1/4-5, 1140 Vienna, am the responsible provider for this content.
The legal basis for data protection is the EU General Data Protection Regulation (GDPR).
Definitions
Personal Data
"Personal data" refers to any information that relates to an identified or identifiable natural person. An identifiable person is one who can be identified, directly or indirectly, particularly by reference to an identifier such as a name, identification number, or specific characteristics that express the physical, physiological, genetic, mental, economic, cultural, or social identity of that person.
Processing
"Processing" refers to any operation or series of operations performed on personal data, whether by automated means or not, such as collection, recording, organization, structuring, storage, modification, retrieval, use, disclosure, restriction, erasure, or destruction.
Data Processed
Basic data (First name, last name, address, contact details, date of birth)
Billing data (Proof of payment, transfer receipt)
Health data: Collected data about your health status, medical history, treatment plan, medication, diagnostic images, medical history, and treatment records before, during, and after treatment.
Purposes and Legal Basis for Data Processing
I process your basic and billing data for the purpose of fulfilling the contract and billing for my services. If you pay by debit card, the card details will be transferred to the payment provider [Insert payment provider name, address, and link to its privacy policy] for processing. The legal basis for processing your basic and billing data is Article 6(1) b GDPR.
Your medical history and treatment data are also required for contract fulfillment (legal basis: Article 6(1) a and b, Article 9(2) a GDPR).
I use your basic data (name and address only) to inform you by mail about my offers, promotions, and services for direct marketing purposes (legal basis: Article 6(1) f GDPR). If you have explicitly consented, I may also send you promotional materials via email, phone, fax, or social media (Article 6(1) a GDPR).
If you provide me with personal data for purposes other than therapy, the processing purpose depends on your inquiry. I will use your personal data to address your inquiry. Emails and personal data provided in the communication will be stored on the servers of my email provider [Insert name, address, website of the email provider]. The legal basis for this is Article 6(1) a and f GDPR. My legitimate interest in processing this data is that I cannot process your inquiry without this data.
Data Transfer to Third Countries
I do not transfer any of the personal data covered by this policy to third countries.
Voluntariness of Data Provision
Providing the personal data mentioned in section 3 is necessary for entering into a contract. If you visit my practice without booking a treatment or consultation, providing data is voluntary.
Data Retention Duration
Personal data processed for contractual purposes (basic data, billing data) is stored in accordance with tax and commercial retention periods. Health and treatment data are stored for 10 years. If you provide personal data for purposes other than treatment, the retention period will depend on your request. Emails are stored on my email provider’s servers for 6 years, unless they are subject to longer tax or commercial retention periods.
Website Usage - www.physiotherapie-munsperger.at
I integrate services from other companies on my website to make our offer more attractive and to continuously optimize it (legal basis: Article 6(1) a, f GDPR).
Google Analytics
This website uses Google Analytics, a web analytics service provided by Google Inc. ("Google"). Google Analytics uses "cookies," which are text files stored on your computer, to analyze your usage of the website. The data generated by the cookies is typically transferred to and stored on a server in the USA. If IP anonymization is activated, your IP address will be truncated within EU member states or other contracting states to the European Economic Area. The legal basis for using Google Analytics is Article 6(1) GDPR.
For data transfers to the USA, Google has complied with the EU-US Privacy Shield: [https://www.privacyshield.gov/EU-US-Framework].
Google Maps
We use Google Maps on our website. By using this service, you agree to the transfer of your IP address and data entered in Google Maps. The legal basis for using Google Maps is Article 6(1) GDPR.
Google Fonts
This website uses Google Fonts to ensure fonts are displayed properly. When you visit a page, your browser connects to Google’s servers, which can identify your IP address. The legal basis for processing is Article 6(1) f GDPR, as we have a legitimate interest in displaying our website in an optimized manner.
Share Buttons
Our website contains social media share buttons for Facebook, Google+, and Twitter. These buttons are designed to protect the privacy of visitors, as no personal data is processed until the user interacts with the buttons. For more information, please refer to the privacy policies of the respective social media platforms.
Cookies
This website uses cookies, which help improve user experience and make the website more efficient. A cookie is a small text file stored on the visitor’s computer. For more information about cookies, refer to [Wikipedia].
Contact Form
If you send inquiries via the contact form, the data you provide will be stored to process the request and for follow-up queries. We do not share this data without your consent.
Right to Object
You have the right to object to the processing of your personal data at any time under Article 6(1) f GDPR, if there are reasons related to your specific situation.
Other Rights
Under GDPR, you have the right to request access to your personal data, the right to withdraw consent, the right to rectification, erasure, restriction, and transfer of your data. You can also lodge a complaint with the responsible data protection authority if you believe your rights have been violated.
Austrian Data Protection Authority
Wickenburggasse 8
1080 Vienna
Phone: +43 1 52 152-0
Email: dsb@dsb.gv.at