Privacy Policy MyTeleDoc

Privacy Policy MyTeleDoc

1) Legal information in accordance with the General Data Protection Regulation

a) Information according to Art. 13 GDPR

By means of this data protection declaration, TELEDOC would like to inform the users of the myTeleDoc APP (users) about the type, scope and purpose of the personal data processed. The terms used in this declaration are based on the definitions in Art. 4 of the EU General Data Protection Regulation (GDPR).

b) Responsible according to Art. 24 DSGVO
Teledoc Holding GmbH (hereinafter “TELEDOC”, “we” or “the person responsible”) Absberggasse 31/10
1010 Vienna

c) Data protection officer in accordance with Art. 37 ff GDPR
TELEDOC is a private company. The following data protection company has been appointed to keep your data secure:

Mr. Ronald Kopeky
KOMDAT data protection GmbH Linzerstrasse 74
A-4614 Marchtrenk
Phone: +43 / 7243 / 54300 www.komdat.at datenschutz@komdat.at

2) Data processing by the myTeleDoc APP (hereinafter referred to as APP)

The APP processes extensive personal data. This section explains the purposes, deadlines and legal bases

You acknowledge and agree that if telemedical services are provided, Teledoc only provides the technical infrastructure and does not provide any medical services. The treatment relationship takes place exclusively between you and the treating doctor or the treating clinic. The responsibility for the processed personal data lies solely with you and the treating doctor or the treating clinic.

Teledoc acts exclusively as a processor within the meaning of Art. 28 GDPR.

In addition to the obvious personal data, usage data (IP address, login information, information about the operating system, date and time information, language, information about the device used, connection information) are processed in the background. By installing the APP, you acknowledge that it is not possible to use the APP without this usage data.
Furthermore, Teledoc processes information on the use of our services, such as information on appointments, duration of treatment, treating doctor or clinic and waiting times.

3) Registration as a patient

In the course of registration, the following data must be provided. • First and Last Name
• Date of birth
• Gender

• E-mail address
• Personal password

A verification code will be sent to the email address provided during the registration process. This must be entered in the APP for confirmation. Your account will then be unlocked and activated.
You acknowledge with approval and irrevocably that retention periods are based on the legal regulations of the country in which the treatment took place, Teledoc has no influence on this and the actual retention periods may therefore differ from those specified here.

Legal basis:

• You express consent in accordance with Article 6 (1) (a) GDPR
• Fulfillment of contract in accordance with Article 6 Paragraph 1 Letter b GDPR
• Teledoc can also process the information provided during registration if this is to fulfill a legal obligation pursuant to Article 6 Paragraph 1 lit. c GDPR or pursuant to Article 9 Paragraph 2 lit. f GDPR for the assertion, exercise or defense legal claims or actions in court.

Memory Limit:
• Up to the deactivation of the account and beyond 7 years as proof

4) Manage Profile

You have the option of managing your personal profile independently. In it you can enter additional personal data such as
• Address
• City

• Country

and also medical details are being saved like: • Allergies
• Pre-existing illness
• Spectacle wearers

• Smokers
• Diabetes
• and other additional information

All information processed as part of the “View profile” function is processed and stored by Teledoc for the lifetime of the account. We would like to point out that the information described can also be transmitted to the doctor or clinic treating you and processed by them.

5) Book an appointment

With the “book an appointment” function, you can enter personal notes and attach documents. We would like to point out that further personal data as well as personal data of special categories within the meaning of Art. 9 Para. 1 DSGVO can be processed here. You acknowledge and agree that Teledoc assumes no responsibility of any kind for this data and indemnify and hold Teledoc harmless in the event of any claims. Due to the encrypted data transmission and encrypted storage, Teledoc never has access to this information.
We would like to point out that the information described will also be transmitted to the doctor or clinic treating you and it can be processed by them. You acknowledge irrevocably with your approval that retention periods are based on the legal regulations of the country in which the treatment took place, Teledoc has no influence on this and the actual retention periods may therefore differ from those specified here.

Legal basis:

• Consent according to Art. 6 Para. 1 lit a GDPR
• Fulfillment of contract in accordance with Article 6 Paragraph 1 Letter b GDPR
• Teledoc can also process the information provided during registration if this is to fulfill a legal obligation pursuant to Article 6 Paragraph 1 lit. c GDPR or pursuant to Article 9 Paragraph 2 lit. f GDPR for the assertion, exercise or defense legal claims or actions in court.

Memory Limit:
• Up to the deactivation of the account and beyond 7 years as proof

d) Fast support 24/7

With the “Call a family doctor / fast support 24/7” function, you will be connected to a doctor after you have selected your Teledoc clinic. In the context of this voice communication, further personal data as well as personal data of special categories within the meaning of Art. 9 Para. 1 DSGVO can be processed. You acknowledge and agree that Teledoc assumes no responsibility whatsoever for this information and you indemnify and hold Teledoc harmless in the event of any claims. Due to the encrypted data transmission and encrypted storage, Teledoc never has access to this information.

All information processed as part of the “Call a family doctor / fast support 24/7” function is processed and stored by Teledoc for 7 years from the last interaction. The data is then automatically deleted in accordance with the law. We would like to point out that the information described will also be transmitted to the doctor or clinic treating you and processed by them. You acknowledge with approval and irrevocably that retention periods are based on the legal regulations of the country in which the treatment took place, Teledoc has no influence on this and the actual retention periods may therefore differ from those specified here.

Legal basis:

• Consent according to Art. 6 Para. 1 lit a GDPR
• Fulfillment of contract in accordance with Article 6 Paragraph 1 Letter b GDPR
• Teledoc can also process the information provided during registration if this is to fulfill a legal obligation pursuant to Article 6 Paragraph 1 lit. c GDPR or pursuant to Article 9 Paragraph 2 lit. f GDPR for the assertion, exercise or defense legal claims or actions in court.

Memory Limit:
• Up to the deactivation of the account and beyond 7 years as proof

6) Visits and documents

Here you can view both calls made and visits historically. In addition, you can manage uploaded information.
If further information is uploaded, you acknowledge and agree that Teledoc assumes no responsibility whatsoever for this information and indemnify and hold Teledoc harmless in the event of any claims. Due to the encrypted data transmission and encrypted storage, Teledoc never has access to this information.
We would like to point out that the information described will also be transmitted to the doctor or clinic treating you and processed by them.
You acknowledge with approval and irrevocably that retention periods are based on the legal regulations of the country in which the treatment took place, Teledoc has no influence on this and the actual retention periods may therefore differ from those specified here.

Legal basis:

• Consent according to Art. 6 Para. 1 lit a GDPR
• Fulfillment of contract in accordance with Article 6 Paragraph 1 Letter b GDPR
• Teledoc can also process the information provided during registration if this is to fulfill a legal obligation pursuant to Article 6 Paragraph 1 lit. c GDPR or pursuant to Article 9 Paragraph 2 lit. f GDPR for the assertion, exercise or defense legal claims or actions in court.

Memory Limit:
• Up to the deactivation of the account and beyond 7 years as proof

7) Contact to Teledoc

You can send inquiries, suggestions and requests to Teledoc by e-mail.
You acknowledge that Teledoc will process the transmitted information for the purpose of processing or answering your request.

Legal basis:

• Consent according to Art. 6 Para. 1 lit a GDPR
• Fulfillment of contract in accordance with Article 6 Paragraph 1 Letter b GDPR
• Teledoc can also process the information provided during registration if this is to fulfill a legal obligation pursuant to Article 6 Paragraph 1 lit. c GDPR or pursuant to Article 9 Paragraph 2 lit. f GDPR for the assertion, exercise or defense legal claims or actions in court.

Memory Limit:
• Up to the deactivation of the account and beyond 7 years as proof

8) Rights of data subjects

You have comprehensive rights under the General Data Protection Regulation, such as: • Right to information (Article 15 GDPR)
• Right to rectification (Article 16 GDPR)
• Right to erasure (Art. 17 GDPR)

• Right to restriction of processing (Article 18 GDPR) • Right to data portability (Art. 20 GDPR)
• Right to object (Art. 21 GDPR)
• Right to withdraw consent (Art. 7 Para. 3 GDPR)

• Right of appeal (Art. 77 GDPR)
To exercise your rights, please contact

• by email to: datenschutz@teledoc.global * *Please enclose an official copy of your ID.

We cannot process requests for data subjects without prior successful identification. For this reason, we ask you to support the identification process accordingly.
If you come to the conclusion that the processing of your data violates data protection regulations or your data protection rights have otherwise been violated in any way, you can complain to the supervisory authority. In Austria, this is the data protection authority, Wickenburggasse 8, 1080 Vienna. Outside of Austria, it is the relevant data protection authority.

9) Data Transfer/Data Transmission

a) Data transfer to third parties

Your personal data will not be transmitted to third parties for purposes other than those listed below.
We only pass on your personal data to third parties if:

• You have given your express consent in accordance with Article 6 Paragraph 1 Letter a GDPR,
• Disclosure pursuant to Art. 6 (1) (f) GDPR is necessary to safeguard operational interests and to assert, exercise or defend legal claims and there is no reason to assume that you have an overriding legitimate interest in not disclosing your data,
• In the event that there is a legal obligation for disclosure under Article 6 Paragraph 1 Letter c GDPR, and
• This is legally permissible and required for the processing of contractual relationships with you in accordance with Article 6 (1) (b) GDPR.

The controller may share your personal data with suppliers who perform services on our behalf in accordance with our instructions.
The controller may also share your personal information with our affiliated companies and partners.

In addition, the controller may disclose your personal information if we are required to do so by law, regulation or regulatory authority, or if we believe disclosure is necessary or appropriate to prevent physical harm or financial loss.

The Controller reserves the right to port personal information we hold about you if we sell or transfer all or a portion of our business or assets (including in the event of a reorganization, dissolution or liquidation).

b) Data transfers

The Controller may also transfer your personal data to countries outside the country where the information was originally collected. These countries may not have the same data protection laws as the country where you originally provided the personal information. If we transfer your information to other countries, we will protect that information as described in this Privacy Policy and such transfers will be governed by applicable law.

The countries to which we transfer the personal data are located

• within the European Union or • outside the European Union

If we transfer personal data from the European Union to countries or international organizations outside the European Union, the transfer takes place on the basis:

• An adequacy decision by the European Commission
• In the absence of such for other legitimate reasons such as the existence of a legally binding and enforceable document between the authorities or public bodies, binding internal company rules, standard data protection clauses and approved or certified codes of conduct.

In exceptional cases, data can also be transferred on the basis of Art. 49 GDPR:

• Article 49(1)(a) GDPR
the data subject has expressly consented to the proposed transfer of data after being informed of the possible risks to them of such transfers of data without the existence of an adequacy decision and without appropriate guarantees,
• Article 49(1)(b) GDPR
the transmission is necessary for the performance of a contract between the data subject and the person responsible or for the implementation of pre-contractual measures at the request of the data subject,
• Article 49(1)(c) GDPR
the transmission is necessary for the conclusion or fulfillment of a contract concluded in the interest of the person concerned by the person responsible with another natural or legal person.

10) In-App Tracking

The APP uses in-APP tracking to collect data for product analysis and marketing purposes. This data collection is based on an additional consent by the user.
The following products are used as a service:

a) Amplitude

Amplitude, an analysis service provided by Amplitude Inc. (631 Howard St 5th Floor, San Francisco, CA 94105, US), is used to analyze user behavior. For this purpose, the APP collects personal data (email, gender, first name, ID). This information is sent to Amplitude. There is no transmission of data that allows conclusions to be drawn about an individual user. https://amplitude.com/privacy

Since no personal data within the meaning of Art. 4 Z.1 DSGVO is processed by Amplitude, no consent or other legal basis is required for the use of the service.

b) Google Analytics

This APP uses Google Analytics, an analysis service provided by Google Inc. (hereinafter: Google). Google Analytics uses so-called “cookies”, i.e. text files which are stored on your

computer and which enable an analysis of your use of the app. The information generated by the cookie about your use of this app is usually transmitted to a Google server in the USA and stored there.
On behalf of the operator of this APP, Google will use this information to evaluate your use of the APP, to compile reports on the activities and to provide other services related to the use of the APP to the operator. The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
You can prevent the storage of cookies by setting your browser software accordingly; we would like to point out to you, however, that in this case you can if applicable not use all functions of this website in full. You can also prevent Google from collecting the data generated by the cookie and related to your use of the website (including your IP address) and from processing this data by Google by downloading the browser plug-in available under the following link and install: Browser add-on to disable Google Analytics.
The data collected is processed on the basis of your consent in accordance with Article 6 (1) (a) GDPR.

c) Facebook pixels

We use the Facebook pixel from Facebook on our website. We have implemented code for this on our website. The Facebook pixel is a snippet of JavaScript code that loads a collection of functions that Facebook can use to track your user actions if you came to our website via Facebook ads. For example, when you purchase a product on our website, the Facebook pixel is triggered and stores your actions on our website in one or more cookies. These cookies enable Facebook to compare your user data (customer data such as IP address, user ID) with the data in your Facebook account. Then Facebook deletes this data again. The data collected is anonymous and cannot be viewed by us and can only be used in the context of placing advertisements. If you are a Facebook user yourself and are logged in, your visit to our website will automatically be assigned to your Facebook user account.

We only want to show our services and products to those people who are really interested in them. With the help of Facebook pixels, our advertising measures can be better tailored to your wishes and interests. In this way, Facebook users (if they have allowed personalized advertising) will see appropriate advertising. Furthermore, Facebook uses the collected data for analysis purposes and its own advertisements.

The data collected is processed on the basis of your consent in accordance with Article 6 (1) (a) GDPR.
If you are logged in to Facebook, you can change your settings for advertisements yourself at https://www.facebook.com/ads/preferences/?entry_product=ad_settings_screen. If you are not a Facebook user, you can generally manage your usage-based online advertising at http://www.youronlinechoices.com/de/praferenzmanagement/. There you have the option of deactivating or activating providers.

If you want to learn more about Facebook’s privacy policy, we recommend the company’s own privacy policy at https://www.facebook.com/policy.php

11) SSL Encryption/Encryption

All information stored in the health record is extensively encrypted (AES-256) both on the server and database level and is protected against access and inspection by unauthorized persons.
In order to protect the security of your data during transmission, we use state-of-the-art encryption methods (e.g. SSL) via HTTPS. You can recognize an encrypted connection by the character string “https://” and the lock symbol in your browser line

12) Modifications or Additions

Teledoc reserves the right to make changes or additions to the information content at any time and without prior notice. If parts or individual formulations of this text do not, no longer or not completely correspond to the applicable legal situation, the remaining parts of the document remain unaffected in their content and validity.

09/2022