1) Legal information in accordance with the General Data Protection Regulation
a) Information in accordance with Art. 13 GDPR
By means of this data protection declaration, TELEDOC would like to inform users of the myTeleDoc APP (users) about the type, scope and purpose of the data processed inform personal data
The terms used in this declaration are based on the definitions in Article 4 of the EU General Data Protection Regulation (GDPR).
b) Responsible person within the meaning of Art. 24 GDPR
Teledoc Holding GmbH (hereinafter “TELEDOC”, “we” or “the controller”)
Stella-Klein-Löw-Weg 8
1020 Vienna
c) Data protection officer in accordance with Art. 37 ff GDPR
TELEDOC is a private company. To protect your data, we have appointed the following data protection officer:
heyData GmbH
Schützenstraße 5, 10117 Berlin
www.heydata.eu
E-Mail: datenschutz@heydata.eu
2) Data processing by the myTeleDoc APP (hereinafter referred to as APP)
The APP processes extensive personal data. This section explains the purposes, deadlines and legal basis.
You acknowledge and agree that if telemedical services are provided, Teledoc only provides the technical infrastructure and does not provide any medical services. The treatment relationship takes place exclusively between you and the treating doctor or clinic. Responsibility for the processed personal data lies solely with you and the treating doctor or clinic.
Teledoc acts exclusively as a processor within the meaning of Art. 28 GDPR.
In addition to the obvious personal data, usage data (IP address, login information, operating system information, date and time information, language, information about the device used, connection information) is processed in the background. By installing the APP, you agree that it is not possible to use the APP without this usage data.
Teledoc also processes information about the use of our services, such as information about appointments, duration of treatment, treating doctor or clinic and waiting times.
3) Data collection and processing
a) Registration as a patient
The following data must be provided during registration.
• First and Last Name
• birth date
• Gender
• E-mail address
• personal password
A verification code will be sent to the email address provided during the registration process. This must be entered in the APP for confirmation. Your account will then be unlocked and activated.
You agree and irrevocably acknowledge that retention periods are based on the legal regulations of the country in which the treatment took place, that Teledoc has no influence on this and that the actual retention periods may therefore differ from those stated here.
Legal basis:
• Your express consent in accordance with Art. 6 Para. 1 lit a GDPR
• Fulfillment of the contract in accordance with Article 6 Paragraph 1 Letter b GDPR
• Teledoc can also process the information provided during registration if this is to fulfill a legal obligation in accordance with Article 6 Paragraph 1 Letter c GDPR or in accordance with Article 9 Paragraph 2 Letter f GDPR to assert, exercise or defend Legal claims or actions in court are required.
Memory limit:
• Until the account is deactivated
• Sollte dem Account eine Behandlungshistorie angefügt sein oder wurden bereits Unterlagen (siehe Profil verwalten) hochgeladen, dann 10 Jahre ab Deaktivierung
b) Manage profile
You have the opportunity to manage your personal profile independently. In it you can provide additional personal data such as:
• address
• City
• country
and also medical details like
• Allergies
• Pre-existing illness
• Wearing glasses
• Smoker
• diabetes
• and other additional information
deposit.
All information processed as part of the “View profile” function is processed and stored by Teledoc over the life of the account. We would like to point out that the information described can also be transmitted to the treating doctor or clinic and processed by them.
c) book an appointment
With the “Book Appointment” function you can enter personal notes and attach documents. We would like to point out that further personal data as well as personal data in special categories within the meaning of Art. 9 Para. 1 GDPR can be processed here. You acknowledge and agree that Teledoc assumes no responsibility whatsoever for this data and will hold Teledoc harmless in the event of any claims . Teledoc never has access to this information due to encrypted data transmission and encrypted storage.
We would like to point out that the information described will also be transmitted to the treating doctor or clinic and processed by them. You agree and irrevocably acknowledge that retention periods are based on the legal regulations of the country in which the treatment took place, that Teledoc has no influence on this and that the actual retention periods may therefore differ from those stated here.
Legal basis:
• Consent in accordance with Art. 6 Para. 1 lit a GDPR
• Fulfillment of the contract in accordance with Article 6 Paragraph 1 Letter b GDPR
• Teledoc can also process the information provided during registration if this is to fulfill a legal obligation in accordance with Article 6 Paragraph 1 Letter c GDPR or in accordance with Article 9 Paragraph 2 Letter f GDPR to assert, exercise or defend Legal claims or actions in court are required.
Memory limit:
• Bis zur Deaktivierung des Accounts
• Sollte dem Account eine Behandlungshistorie angefügt sein oder wurden bereits Unterlagen (siehe Profil verwalten) hochgeladen, dann 10 Jahre ab Deaktivierung
d) I-Virtual-Tool
With the i-Virtual tool integrated into our platform, you can have your vital parameters measured online.
We expressly point out that the measured values do not replace the measurement provided by advice from a medical professional and may under no circumstances be used to treat a medical emergency.
For details on data protection, please see the data protection declaration in the i-Virtual Tool.
e) Fast support 24/7
With the “Call a family doctor / quick support 24/7” function, you will be connected to a doctor after selecting your Teledoc clinic. In the context of this voice communication, further personal data as well as personal data in special categories within the meaning of Art. 9 Para. 1 GDPR may be processed. You acknowledge and agree that Teledoc assumes no responsibility whatsoever for this information and will hold Teledoc harmless in the event of any claims . Teledoc never has access to this information due to encrypted data transmission and encrypted storage.
All information processed as part of the “Call a family doctor / fast support 24/7” function is processed and stored by Teledoc for 7 years from the last interaction. The data is then automatically deleted in accordance with the law. We would like to point out that the information described will also be transmitted to the treating doctor or clinic and processed by them. You agree and irrevocably acknowledge that retention periods are based on the legal regulations of the country in which the treatment took place, that Teledoc has no influence on this and that the actual retention periods may therefore differ from those stated here.
Legal basis:
• Consent in accordance with Art. 6 Para. 1 lit a GDPR
• Fulfillment of the contract in accordance with Article 6 Paragraph 1 Letter b GDPR
• Teledoc can also process the information provided during registration if this is to fulfill a legal obligation in accordance with Article 6 Paragraph 1 Letter c GDPR or in accordance with Article 9 Paragraph 2 Letter f GDPR to assert, exercise or defend Legal claims or actions in court are required.
Memory limit:
• Until the account is deactivated
• If a treatment history is attached to the account or documents have already been uploaded (see Manage Profile), then 10 years from deactivation Visits and documents
Here you can view the history of both calls made and visits. Additionally, you can manage uploaded information.
If further information is uploaded, you agree that Teledoc assumes no responsibility whatsoever for this information and you will hold Teledoc harmless in the event of any claims . Teledoc never has access to this information due to encrypted data transmission and encrypted storage.
We would like to point out that the information described will also be transmitted to the treating doctor or clinic and processed by them.
You agree and irrevocably acknowledge that retention periods are based on the legal regulations of the country in which the treatment took place, that Teledoc has no influence on this and that the actual retention periods may therefore differ from those stated here.
Legal basis:
• Consent in accordance with Art. 6 Para. 1 lit a GDPR
• Fulfillment of the contract in accordance with Article 6 Paragraph 1 Letter b GDPR
• Teledoc can also process the information provided during registration if this is to fulfill a legal obligation in accordance with Article 6 Paragraph 1 Letter c GDPR or in accordance with Article 9 Paragraph 2 Letter f GDPR to assert, exercise or defend Legal claims or actions in court are required.
Memory limit:
• Until the account is deactivated
• If a treatment history is attached to the account or documents have already been uploaded (see Manage Profile), then 10 years from deactivation Visits and documents
f) Deactivate account
You irrevocably acknowledge and expressly agree that if an account is deactivated, data will not be automatically deleted. Data deletion can only take place as part of an account deactivation if there is NO treatment history. If a treatment history exists or visits or documents have already been entered, the account will be deactivated and the data will only be deleted after the statutory retention periods have expired.Contact Teledoc
You can send inquiries, suggestions and requests to Teledoc by email.
You acknowledge that Teledoc will process the information provided for the purpose of processing or answering your request.
Legal basis:
• Consent in accordance with Art. 6 Para. 1 lit a GDPR
• Fulfillment of the contract in accordance with Article 6 Paragraph 1 Letter b GDPR
• Teledoc can also process the information provided during registration if this is to fulfill a legal obligation in accordance with Article 6 Paragraph 1 Letter c GDPR or in accordance with Article 9 Paragraph 2 Letter f GDPR to assert, exercise or defend Legal claims or actions in court are required.
Memory limit:
• Until the account is deactivated and beyond that, 7 years as proof
4) Rights of those affected
You have comprehensive rights under the General Data Protection Regulation, such as:
• Right to information (Art. 15 GDPR)
• Right to rectification (Article 16 GDPR)
• Right to deletion (Article 17 GDPR)
• Right to restriction of processing (Article 18 GDPR)
• Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to revoke consent (Art. 7 Para. 3 GDPR)
• Right to complain (Art. 77 GDPR)
To exercise your rights, please contact
• by email to : privacy@myteledoc.app
*Please enclose a copy of your official ID.
Without prior successful identification, we cannot process requests from those affected. For this reason, we ask you to support the identification process accordingly.
If you come to the conclusion that the processing of your data violates data protection regulations or that your data protection rights have been violated in any other way, you can complain to the supervisory authority. In Austria this is the data protection authority, Wickenburggasse 8, 1080 Vienna. Outside Austria, this is the relevant data protection authority.
5) Data transmission/data transfer
a) Data transfer to third parties
Your personal data will not be transferred to third parties for purposes other than those listed below.
We will only share your personal information with third parties if:
• you have given your express consent in accordance with Article 6 Paragraph 1 Letter a GDPR,
• the disclosure in accordance with Article 6 Paragraph 1 Letter f of the GDPR is necessary to protect operational interests and to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
• in the event that there is a legal obligation for the transfer in accordance with Art. 6 Para. 1 lit. c GDPR and
• This is legally permissible and is necessary for the processing of contractual relationships with you in accordance with Article 6 Paragraph 1 Letter b of the GDPR.
The Controller may disclose your personal data to suppliers who provide services on our behalf in accordance with our instructions.
The controller may also pass on your personal data to our affiliated companies and partners.
In addition, the controller may disclose your personal data if we are required to do so by law, regulation or governmental authority or if we believe that disclosure is necessary or appropriate to prevent physical harm or financial loss.
The Controller reserves the right to transfer any personal data we hold about you if we sell or transfer all or part of our business or assets (including in the event of a restructuring, dissolution or liquidation).
b) Data transfers
The controller may also transfer your personal data outside the country in which the information was originally collected. These countries may not have the same data protection laws as the country in which you originally provided the personal information. If we transfer your information to other countries, we will protect that information as described in this privacy policy, and such transfers will be governed by applicable law.
The countries to which we share personal data are:
• within the European Union or
• outside the European Union
If we transfer personal data from the European Union to countries or international organizations outside the European Union, the transfer will take place on the basis:
• an adequacy decision by the European Commission;
• In the absence of such, on other legally permissible grounds such as the existence of a legally binding and enforceable document between authorities or public bodies, binding internal company rules, standard data protection clauses and approved or certified codes of conduct.
In exceptional cases, data transfer can also take place on the basis of Art. 49 GDPR:
• Art. 49 Para. 1 lit. a GDPR
the data subject has expressly consented to the proposed data transfer after being informed of the possible risks to him of such data transfers without the existence of an adequacy decision and without suitable guarantees,
• Art. 49 Para. 1 lit. b GDPR
the transfer is necessary for the performance of a contract between the data subject and the person responsible or to carry out pre-contractual measures at the request of the data subject,
• Art. 49 Para. 1 lit. c GDPR
the transmission is necessary to conclude or fulfill a contract concluded by the controller with another natural or legal person in the interests of the data subject.
6) In-app tracking
The APP uses in-APP tracking to collect data for product analysis and marketing purposes. This data collection is based on additional consent from the user.
The following products are used as a service:
a) amplitude
Amplitude, an analytics service provided by Amplitude Inc. (631 Howard St 5th floor , San Francisco, CA 94105, US), is used to analyze user behavior. For this purpose, the APP collects personal data (email, gender, first name, ID). This information is transmitted to Amplitude. There is no transfer of data that allows conclusions to be drawn about an individual user.
https://amplitude.com/privacy
Since Amplitude does not process any personal data within the meaning of Art. 4 Z.1 GDPR, no consent or other legal basis is necessary for the use of the service.
b) Google Analytics
This APP uses Google Analytics, an analysis service provided by Google Inc. (hereinafter: Google). Google Analytics uses so-called “cookies”, i.e. text files that are stored on your computer and that enable your use of the app to be analyzed. The information generated by the cookie about your use of this APP is usually transmitted to a Google server in the USA and stored there.
On behalf of the operator of this APP, Google will use this information to evaluate your use of the APP, to compile reports on activities and to provide other services related to the use of the APP to the operator. The IP address transmitted by your browser as part of Google Analytics is not combined with other Google data.
You can prevent the storage of cookies by setting your browser software accordingly; However, we would like to point out that in this case you may not be able to fully use all functions of this website. You can also prevent Google from collecting the data generated by the cookie and relating to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install: Browser add-on to deactivate Google Analytics .
The data collected is processed based on your consent in accordance with Article 6 (1) (a) GDPR.
c) Facebook pixels
We use the Facebook pixel from Facebook on our website. We have implemented code for this on our website. The Facebook pixel is a snippet of JavaScript code that loads a collection of functions that allow Facebook to track your user actions if you came to our website via Facebook Ads. For example, if you purchase a product on our website, the Facebook pixel is triggered and stores your actions on our website in one or more cookies. These cookies enable Facebook to compare your user data (customer data such as IP address, user ID) with the data from your Facebook account. Then Facebook deletes this data again. The data collected is anonymous and cannot be viewed by us and can only be used to place advertisements. If you are a Facebook user and are logged in, your visit to our website will automatically be assigned to your Facebook user account.
We only want to show our services and products to those people who are really interested in them. With the help of Facebook pixels, our advertising measures can be better tailored to your wishes and interests. This means that Facebook users (if they have allowed personalized advertising) see appropriate advertising. Facebook also uses the data collected for analysis purposes and its own advertisements.
The data collected is processed based on your consent in accordance with Article 6 (1) (a) GDPR.
If you are logged in to Facebook, you can change your advertising settings yourself at
https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. If you are not a Facebook user, you can generally manage your usage-based online advertising at
http://www.youronlinechoices.com/de/praferenzmanagement/. There you have the option to deactivate or activate providers.
If you would like to learn morabout Facebook's data protection, we recommend the company's own data policies at
https://www.facebook.com/policy.php.
d) Microsoft Clarity
This APP uses Microsoft Clarity, a user behavior analytics tool provided by Microsoft Corporation (One Microsoft Way, Redmond, WA 98052, USA). Microsoft Clarity uses cookies and other technologies to collect data about your usage patterns, interactions, and engagement with the APP. This data is used to understand user behavior, optimize the user experience, and improve the performance of the APP.The information collected by Microsoft Clarity may include IP address, device type, browser information, and interaction data. This information is typically transmitted to and stored by Microsoft on servers in the USA. Microsoft Clarity does not collect personally identifiable information (PII), and all data is anonymized before being used for analysis.The data collected is processed based on your consent in accordance with Article 6 (1) (a) GDPR. You can review Microsoft's privacy policy for more details at
https://privacy.microsoft.com/en-us/privacystatement.
7) SSL encryption /encryption
All information stored in the health record is extensively encrypted (AES-256) at both server and database level and is protected from access and viewing by unauthorized persons.
To protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS. You can recognize an encrypted connection by the string “https://” and the lock symbol in your browser bar
8) Changes or additions
Teledoc reserves the right to make changes or additions to the information content at any time and without notice. If parts or individual formulations of this text do not, no longer or do not completely correspond to the applicable legal situation, the remaining parts of the document remain unaffected in their content and validity.
Status 02/2024
