Privacy Policy

Dear Visitor, the EU General Data Protection Regulation (GDPR) establishes new rules to provide enhanced security and protection for your personal data. Below, we provide an overview of how we handle your data:

  • How we use your personal data
  • The measures we take to protect your data
  • Your rights and options to review and protect your privacy

This privacy policy includes details about the personal data we collect, how we process it, and which third parties, if any, may receive your data.

For what purposes and on what legal basis is your personal data processed?

  1. With Your Consent (Article 6(1)(a) GDPR): If you have provided consent for the processing of your personal data, it will only be processed for the purposes outlined in your consent (e.g., responding to inquiries, contact regarding prior appointments, transmitting results to referring physicians, online access to results, conducting studies, analyzing feedback, etc.). Consent can be withdrawn at any time without giving reasons, with effect for the future.
  2. To Fulfill Contractual Obligations (Article 6(1)(b) GDPR): Personal data is processed to perform our contractual obligations with you, such as managing client/patient data, invoicing for private services, or handling interactions with partners and suppliers.
  3. To Comply with Legal Obligations (Article 6(1)(c) GDPR): Processing may be required to comply with legal obligations, such as those related to contracts, accounting, and medical laws.
  4. To Protect Legitimate Interests (Article 6(1)(f) GDPR): Personal data may be processed to safeguard our legitimate interests, such as:
    • Ensuring proper documentation (e.g., tracking whether results have been issued)
    • Reporting adverse drug reactions
    • Recording medical emergencies
    • Conducting business analysis
    • Protecting the property and personnel of the company
    • Pursuing or defending legal claims

Who Receives Your Personal Data?

We prioritize the confidentiality of your data. Data will only be disclosed as outlined below or at the time of collection.

  1. Sharing with Other Parties: Data may be shared with certain service providers (e.g., external data protection officers, insurance companies, or law enforcement).
  2. With Your Consent: Personal data may be shared with third parties if you provide explicit consent.
  3. Data Processors: Data may be shared with processors (e.g., for billing or account management), who are bound by confidentiality agreements.
  4. Other Transfers: Data may be disclosed if legally required, to prevent harm or financial loss, or in cases of suspected fraud or illegal activities.

Will Data Be Transferred Outside the EU/EEA?

Data may be transferred to third countries only if necessary for fulfilling contractual obligations, with your consent, or based on legitimate interests. Transfers comply with GDPR standards (e.g., recognized adequacy decisions or standard contractual clauses).

How Long Will Your Data Be Stored?

Data is retained for the duration of the business relationship and in accordance with legal retention periods (e.g., medical, corporate, or tax laws). The general retention period can extend up to 30 years in certain cases.

Your Rights Regarding Personal Data

  1. Right of Access: Obtain confirmation on whether we process your data and access details of processing.
  2. Right to Rectification: Correct inaccurate data or complete incomplete data.
  3. Right to Erasure („Right to Be Forgotten“): Request deletion of data under specific circumstances, unless processing is required by law.
  4. Right to Restriction of Processing: Limit processing under certain conditions.
  5. Right to Data Portability: Receive your data in a structured, machine-readable format or have it transmitted to another party, where technically feasible.
  6. Right to Object: Withdraw your consent to data processing at any time or object to specific processing activities.

For any of these rights, contact our Data Protection Officer.

Complaint to Supervisory Authority

You have the right to lodge a complaint with your local supervisory authority. In Austria, this is the Data Protection Authority.

Data Processing for Different Purposes

Generally, your data will be processed only for the purposes for which it was collected. If used for other purposes, you will be informed in advance.

Types of Personal Data Processed

We process the following types of personal data, as necessary:

  • Basic details (e.g., name, address, date of birth, social security number)
  • Contact details (e.g., email, phone numbers)
  • Documentation (e.g., reports, records of incidents)
  • Health data (e.g., medical history, diagnostic results)
  • Financial details (e.g., bank information for payments)

How Are My Data Protected?

We implement technical and organizational measures to prevent unauthorized access, loss, or damage to your personal data.

Website Use and Cookies

Our website uses cookies to improve usability and analyze website traffic. Cookies can be managed via your browser settings.

Google Services (Analytics and Maps)

Our website uses Google Analytics and Google Maps. These services may collect usage data. Details about their processing can be found in Google’s privacy policies.

For any questions or concerns, feel free to contact us.