Privacy Policy APP

Privacy Policy Teledoc APP

contents

1) Legal information in accordance with the General Data Protection Regulation

2) Data processing by the myTeleDoc APP (hereinafter referred to as APP)

3) Contact to Teledoc

4) Encryption

5) Defense Against Claims

6) Rights of data subjects

7) Data Transfer/Data Transmission

8) In-App Tracking

9) SSL encryption

10) Changes or Additions

1) Legal information in accordance with the General Data Protection Regulation

a) Information according to Art. 13 GDPR

By means of this data protection declaration, TELEDOC would like to inform the users of the myTeleDoc APP (users) about the type, scope and purpose of the personal data processed

The terms used in this declaration are based on the definitions in Art. 4 of the EU General Data Protection Regulation (GDPR).

b) Responsible according to Art. 24 DSGVO

Teledoc Holding GmbH (hereinafter “TELEDOC”, “we” or “the person responsible”)

Absberggasse 31/10

1010 Vienna

c) Data protection officer in accordance with Art. 37 ff GDPR

TELEDOC is a private company. To protect your data, we have appointed the following data protection officer:

Mr. Ronald Kopeky

KOMDAT data protection GmbH

Linzerstrasse 74

4614 Marchtrenk

Phone: +43 / 7243 / 54300

www.komdat.at

datenschutz@komdat.at

2) Data processing by the myTeleDoc APP (hereinafter referred to as APP)

The APP processes extensive personal data. This section explains the purposes, deadlines and legal bases.

You acknowledge and agree that if telemedical services are provided, Teledoc only provides the technical infrastructure and does not provide any medical services. The treatment relationship takes place exclusively between you and the treating doctor or the treating clinic. The responsibility for the processed personal data lies solely with you and the treating doctor or the treating clinic.

In addition to the obvious personal data, usage data (IP address, login information, information about the operating system, date and time information, language, information about the device used, connection information) are processed in the background. By installing the APP, you acknowledge that it is not possible to use the APP without this usage data.

Furthermore, Teledoc processes information on the use of our services, such as information on appointments, duration of treatment, treating doctor or clinic and waiting times.

a)          Registration

In the course of registration, the following data must be provided.

•                     First and Last Name

•                     Date of birth

•                     Gender

•                     E-mail address

•                     Personal password

A verification code will be sent to the email address provided during the registration process. This must be entered in the APP for confirmation. Your account will then be unlocked and activated.

b)          Manage Profile

You have the option of managing your personal profile independently. In it you can enter additional personal data such as

• Address

• City

• Country and also medical details like

• Allergies

• Pre-existing illness

• Spectacle wearers

• Smokers

• Diabetes

• and other additional information deposit.

All information processed as part of the “View profile” function is processed and stored by Teledoc for the lifetime of the account. We point

points out that the information described can also be transmitted to the treating doctor or the treating clinic and processed by them. You acknowledge with approval and irrevocably that retention periods are based on the legal regulations of the country in which the treatment took place and Teledoc has no influence on this.

Your data will be processed on the basis of your express consent in accordance with Article 6 (1) (a) GDPR and fulfillment of a contract in accordance with Article 6 (1) (b) GDPR.

c) Book an appointment

With the “Book an appointment” function, you can enter personal notes and attach documents. We would like to point out that further personal data as well as personal data of special categories within the meaning of Art. 9 Para. 1 DSGVO can be processed here. You acknowledge and agree that Teledoc assumes no responsibility of any kind for this data and indemnify and hold Teledoc harmless in the event of any claims. Due to the encrypted data transmission and encrypted storage, Teledoc never has access to this information.

All information processed as part of the “Book an appointment” function is processed and stored by Teledoc for 7 years from the last interaction. The data is then automatically deleted in accordance with the law. We would like to point out that the information described will also be transmitted to the doctor or clinic treating you and processed by them. You acknowledge with approval and irrevocably that retention periods are based on the legal regulations of the country in which the treatment took place and Teledoc has no influence on this.

Your data will be processed on the basis of your express consent in accordance with Article 6 (1) (a) GDPR and fulfillment of a contract in accordance with Article 6 (1) (b) GDPR.

d) Fast support 24/7

With the “Call a family doctor / fast support 24/7” function, you will be connected to a doctor after you have selected your Teledoc clinic. In the context of this voice communication, further personal data as well as personal data of special categories within the meaning of Art. 9 Para. 1 DSGVO can be processed. You acknowledge and agree that Teledoc assumes no responsibility whatsoever for this information and indemnify and hold Teledoc harmless in the event of any claims. Due to the encrypted data transmission and encrypted storage, Teledoc never has access to this information.

All information processed as part of the “Call a family doctor / quick support 24/7” function is processed and stored by Teledoc for 7 years from the last interaction. The data is then automatically deleted in accordance with the law. We would like to point out that the information described will also be transmitted to the doctor or clinic treating you and processed by them. You acknowledge with approval and irrevocably that retention periods are based on the legal regulations of the country in which the treatment took place and Teledoc has no influence on this.

The processing of this data takes place on the basis of your express consent in accordance with Article 6 (1) (a) GDPR and fulfillment of a contract in accordance with Article 6 (1) (b) GDPR.

e) Visits and documents

Here you can view both calls made and visits historically. In addition, you can manage uploaded information.

If further information is uploaded, you acknowledge and agree that Teledoc assumes no responsibility whatsoever for this information and indemnify and hold Teledoc harmless in the event of any claims. Due to the encrypted data transmission and encrypted storage, Teledoc never has access to this information.

All information that is uploaded will be processed and stored by Teledoc for 7 years from the last interaction. The data is then automatically deleted in accordance with the law. We would like to point out that the information described will also be transmitted to the doctor or clinic treating you and processed by them. You acknowledge with approval and irrevocably that retention periods are based on the legal regulations of the country in which the treatment took place and Teledoc has no influence on this.

The processing of this data takes place on the basis of your express consent in accordance with Article 6 (1) (a) GDPR and fulfillment of a contract in accordance with Article 6 (1) (b) GDPR.

3) Contact to Teledoc

You can send inquiries, suggestions and requests to Teledoc by e-mail.

You acknowledge that Teledoc will process the transmitted information for the purpose of processing or answering your request.

The processing takes place on the basis of your consent in accordance with Article 6 Paragraph 1 Letter a GDPR and our legitimate interests in accordance with Article 6 Paragraph 1 Letter f GDPR. All transmitted information will be deleted by Teledoc in accordance with the law after the applicable statutory retention periods have expired.

4) Encryption

All information stored in the health record is extensively encrypted (AES-256) both at server and database level and is protected against access and inspection by unauthorized persons.

5) Defense Against Claims

Teledoc can also process your personal data if this is necessary to fulfill a legal obligation in accordance with Article 6 (1) (c) GDPR or in accordance with Article 9 (2) (f) GDPR for the assertion, exercise or defense of legal claims or in the case of action in court is required.

6) Rights of data subjects

You have comprehensive rights under the General Data Protection Regulation, such as:

• Right to information (Article 15 GDPR)

• Right to rectification (Article 16 GDPR)

• Right to erasure (Art. 17 GDPR)

• Right to restriction of processing (Article 18 GDPR)

• Right to data portability (Art. 20 GDPR)

• Right to object (Art. 21 GDPR)

• Right to withdraw consent (Art. 7 Para. 3 GDPR)

• Right of appeal (Art. 77 GDPR)

To exercise your rights, please contact

• by email to: datenschutz@teledoc.global *

*Please enclose an official copy of your ID.

We cannot process requests for data subjects without prior successful identification. For this reason, we ask you to support the identification process accordingly.

If you come to the conclusion that the processing of your data violates data protection regulations or your data protection rights have otherwise been violated in any way, you can complain to the supervisory authority. In Austria, this is the data protection authority, Wickenburggasse 8, 1080 Vienna. Outside of Austria, it is the relevant data protection authority.

7) Data Transfer/Data Transmission

a) Data transfer to third parties

Your personal data will not be transmitted to third parties for purposes other than those listed below.

We only pass on your personal data to third parties if:

• You have given your express consent in accordance with Article 6 Paragraph 1 Letter a GDPR,

• Disclosure pursuant to Art. 6 (1) (f) GDPR is necessary to safeguard operational interests and to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data ,

• in the event that there is a legal obligation for disclosure under Article 6 Paragraph 1 Letter c GDPR, and

• this is legally permissible and required for the processing of contractual relationships with you in accordance with Article 6 (1) (b) GDPR.

The controller may share your personal data with suppliers who perform services on our behalf in accordance with our instructions.

The controller may also share your personal information with our affiliated companies and partners.

In addition, the controller may disclose your personal information if we are required to do so by law, regulation or regulatory authority, or if we believe disclosure is necessary or appropriate to prevent physical harm or financial loss.

The Controller reserves the right to port personal information we hold about you if we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution or liquidation).

b) data transfers

The Controller may also transfer your personal data to countries outside the country where the information was originally collected. These countries may not have the same data protection laws as the country where you originally provided the personal information. If we transfer your information to other countries, we will protect that information as described in this Privacy Policy and such transfers will be governed by applicable law.

The countries to which we transfer the personal data are located

• within the European Union or

• outside the European Union

If we transfer personal data from the European Union to countries or international organizations outside the European Union, the transfer takes place on the basis:

• an adequacy decision by the European Commission;

• In the absence of such for other legitimate reasons such as the existence of a legally binding and enforceable document between the authorities or public bodies, binding internal company rules, standard data protection clauses and approved or certified codes of conduct.

In exceptional cases, data can also be transferred on the basis of Art. 49 GDPR:

• Article 49(1)(a) GDPR

the data subject has expressly consented to the proposed transfer of data after being informed of the possible risks to them of such transfers of data without the existence of an adequacy decision and without appropriate guarantees,

• Article 49(1)(b) GDPR

the transmission is necessary for the performance of a contract between the data subject and the person responsible or for the implementation of pre-contractual measures at the request of the data subject,

• Article 49(1)(c) GDPR

the transmission is necessary for the conclusion or fulfillment of a contract concluded in the interest of the person concerned by the person responsible with another natural or legal person.

8) In-App Tracking

The APP uses in-APP tracking to collect data for product analysis and marketing purposes. This data collection is based on an additional consent by the user.

The following products are used as a service:

a) amplitude

Amplitude, an analysis service provided by Amplitude Inc. (631 Howard St 5th floor, San Francisco, CA 94105, US), is used to analyze user behavior. For this purpose, the Teledoc app transmits anonymous information about your use to an Amplitude server. There is no transmission of data that allows conclusions to be drawn about an individual user.

The legal basis for the transmission is your consent in accordance with Article 6 (1) (a) GDPR. You can revoke your consent to tracking at any time in the app settings.

b) Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Inc. (hereinafter: Google). Google Analytics uses so-called “cookies”, i.e. text files which are stored on your computer and which enable an analysis of your use of the website. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. Due to the activation of IP anonymization on this website, however, your IP address will be shortened beforehand by Google within member states of the European Union or in other contracting states of the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be sent to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information to evaluate your use of the website, to compile reports on website activity and to provide other services related to website activity and internet usage to the website operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.

You can prevent the storage of cookies by setting your browser software accordingly; we would like to point out to you however that in this case you can if applicable not use all functions of this website in full. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install: Browser add-on to disable Google Analytics.

The data collected is processed on the basis of your consent in accordance with Article 6 (1) (a) GDPR.

Name: _ga

Purpose: By default, analytics.js uses the _ga cookie to save the user ID. Basically, it serves to differentiate between website visitors.

Expiry date: after 2 years

Name: _gid

Purpose: The cookie is also used to distinguish between website visitors

Expiry date: after 24 hours

Name: _gat_gtag_UA_<property-id>

value: 1

Purpose: Used to lower the request rate. If Google Analytics is provided via Google Tag Manager, this cookie is given the name _dc_gtm_ <property-id>.

Expiry date: after 1 minute

Name: AMP_TOKEN

Value: no information

Purpose: The cookie has a token that can be used to retrieve a user ID from the AMP Client ID service. Other possible values ​​indicate an opt-out, a request, or an error.

Expiry date: after 30 seconds to a year

Name: __utma

Purpose: This cookie can be used to track your behavior on the website and measure performance. The cookie is updated each time information is sent to Google Analytics.

Expiry date: after 2 years

Name: __utmt

value: 1

Purpose: Like _gat_gtag_UA_<property-id>, the cookie is used to throttle the request rate.

Expiry date: after 10 minutes

Name: __utmb

Purpose: This cookie is used to determine new sessions. It is updated every time new data or information is sent to Google Analytics.

Expiry date: after 30 minutes

Name: __utmc

Purpose: This cookie is used to set new sessions for returning visitors. This is a session cookie and is only stored until you close the browser.

Expiry date: After closing the browser

Name: __utmz

Value: m|utmccn=(referral)|utmcmd=referral|utmcct=/

Purpose: The cookie is used to identify the source of traffic to our website. This means that the cookie stores where you came from on our website. That could have been another page or an advertisement.

Expiry date: after 6 months

Name: __utmv

Value: not specified

Purpose: The cookie is used to store user-defined user data. It is always updated when information is sent to Google Analytics.

Expiry date: after 2 years

c) Facebook pixels

We use the Facebook pixel from Facebook on our website. We have implemented code for this on our website. The Facebook pixel is a snippet of JavaScript code that loads a collection of functions that Facebook can use to track your user actions if you came to our website via Facebook ads. For example, when you purchase a product on our website, the Facebook pixel is triggered and stores your actions on our website in one or more cookies. These cookies enable Facebook to compare your user data (customer data such as IP address, user ID) with the data in your Facebook account. Then Facebook deletes this data again. The data collected is anonymous and cannot be viewed by us and can only be used in the context of placing advertisements. If you are a Facebook user yourself and are logged in, your visit to our website will automatically be assigned to your Facebook user account.

We only want to show our services and products to those people who are really interested in them. With the help of Facebook pixels, our advertising measures can be better tailored to your wishes and interests. In this way, Facebook users (if they have allowed personalized advertising) will see appropriate advertising. Furthermore, Facebook uses the collected data for analysis purposes and its own advertisements.

The data collected is processed on the basis of your consent in accordance with Article 6 (1) (a) GDPR.

Name: _fbp

Purpose: This cookie is used by Facebook to display advertising products.

Expiry date: after 3 months

Name: fr

Purpose: This cookie is used to ensure that the Facebook pixel works properly.

Expiry date: after 3 months

Name: comment_author_xxxxxx

Value: Author’s name

Purpose: This cookie stores the text and the name of a user who leaves a comment, for example.

Expiry date: after 12 months

Name: comment_author_url_xxxxx

Purpose: This cookie stores the URL of the website that the user enters in a text field on our website.

Expiry date: after 12 months

Name: comment_author_email_xxxxx

Value: Author’s email address

Purpose: This cookie saves the e-mail address of the user if he has announced it on the website.

Expiry date: after 12 months

If you are logged in to Facebook, you can change your settings for advertisements yourself at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. If you are not a Facebook user, you can generally manage your usage-based online advertising at http://www.youronlinechoices.com/de/praferenzmanagement/. There you have the option of deactivating or activating providers.

If you want to learn more about Facebook’s privacy policy, we recommend the company’s own privacy policy at https://www.facebook.com/policy.php.

9) SSL encryption

In order to protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS. You can recognize an encrypted connection by the character string “https://” and the lock symbol in your browser line

10) Changes or additions

Teledoc reserves the right to make changes or additions to the information content at any time and without prior notice. If parts or individual formulations of this text do not, no longer or not completely correspond to the applicable legal situation, the remaining parts of the document remain unaffected in their content and validity.

Status 04/2022