All data collected by us is protected against misuse by technical and organisational measures to the best of our ability. In particular, we use state-of-the-art encryption. Personal data is deleted as soon as it is no longer required for the respective purpose and the data is not subject to any statutory retention obligation.
Without your express consent or a legal basis, your data will not be passed on to third parties outside the processing of the contract. We have commissioned external service providers we trust as processors to process personal data on our behalf and according to our instructions, e.g. to support us in hosting and operating our services. However, we retain responsibility and control over the use of our users' personal data at all times. Of course, we do not sell personal data to third parties. All our service providers are also subject to the strict provisions of European data protection law. They are located in the European Union or offer an adequate level of data protection according to these regulations in order to ensure data security.
1. Legal basis for data processing
Insofar as we obtain the consent of the data subject for processing operations of personal data, Art. 6 (1) (a) EU General Data Protection Regulation (GDPR) serves as the legal basis for the processing of personal data. When processing personal data that is necessary for the performance of a contract to which the data subject is a party, Art. 6 (1) (b) GDPR serves as the legal basis. This also applies to processing operations that are necessary for the performance of pre-contractual measures. If processing of personal data is necessary for compliance with a legal obligation to which our company is subject, Art. 6 (1) (c) GDPR serves as the legal basis. If processing is necessary to protect a legitimate interest of our company or a third party and if the interests, fundamental rights and freedoms of the data subject do not outweigh the first-mentioned interest, Art. 6 (1) (f) GDPR serves as the legal basis for the processing.
2. Hosting and platform security
For the purposes of hosting our platforms and services, we use order processors, so that personal data stored on our platforms is transmitted to these order processors. These processors are Hetzner Online GmbH (Industriestraße 25, 91710 Gunzenhausen, Germany) and checkdomain GmbH (Große Burgstraße 27/29, 23552 Lübeck, Germany).
The legal basis for the use of these order processors is a legitimate interest according to Art. 6 (1) (f) GDPR. The legitimate interest consists of the pursuit of our business purposes, in particular for the provision of the services described in the rest of this data protection declaration. A conflicting interest is not apparent.
3. Data processing during the use of our website
In the case of merely informational use of the website, i.e. if you do not, for example, book an appointment, register for the newsletter or use any functions of the customer portal, we do not collect any personal data, with the exception of the data that your browser transmits to enable you to visit the website. These are:
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status/HTTP status code
- Amount of data transferred in each case
- Website from which the request came
- Browser and its interface
- Operating system and its interface
- Language and version of the browser software
- The country the visitor comes from.
The data collected is only used to improve the website and for statistical analysis. If there are concrete indications of illegal use, we also reserve the right to check the server log files retrospectively. For storage purposes, we use a contract processor who, as a cloud provider, stores this data in the European Union on our behalf and according to our instructions.
The legal basis for the processing and subsequent storage of the IP address is a legitimate interest pursuant to Art. 6 (1) (f) GDPR. The legitimate interest with regard to the transmission of the IP address is that it is necessary for the display of the contents of the platform; without the transmission of the IP address, it is not possible to display the website. The legitimate interest in the storage is our security interests.
4. Special features of our website
When you register to receive our newsletter, you will receive information about our products, services and services. Your name and e-mail address will be processed for this purpose.
You can revoke your consent at any time via the link in each newsletter with effect for the future. If this is not technically possible, you can also send us this revocation via e-mail.
The newsletter is sent via Mailchimp, a mailing platform of the provider The Rocket Science Group LLC (675 Ponce de Leon Ave NE, Suite 5000, Atlanta, GA 30308, USA). Information on the data protection provisions of the shipping service provider can be found at: https://mailchimp.com/legal/privacy/.
4.2 Newsletter performance measurement
Our newsletters contain so-called cookies or tracking pixels (for the definition and functioning of cookies, see below). This means that data, such as when the newsletter was opened and which links were clicked on, is processed and stored by our dispatch service provider. We base this on our legitimate interests according to Art. 6 (1) (f) GDPR, as we need this data to improve the mailings to newsletter recipients and to adapt them to their reading habits. You can object to this processing at any time by revoking your consent to the newsletter - either via the link in the newsletter or via e-mail.
4.3. Contact forms
If you contact us via e-mail or the contact form on the website, the information you provide will be stored for the purpose of processing the enquiry and for possible follow-up questions. The personal data voluntarily transmitted to us in this context is used by us to process your enquiry and to contact you. The legal basis for the transmission of the data is Art. 6 (1) (a) or Art. 6 (1) (b) GDPR. This personal data is not passed on to third parties.
If you click on the external link in one of our e-mails to participate in an evaluation or survey, no information is stored that allows us to draw conclusions about you as a participant in the survey.
Only the date, time and duration of your participation are recorded, as well as your IP address. To conduct these surveys, we use the service provider SurveyMonkey from SurveyMonkey Inc. (One Curiosity Way, San Mateo, 94403 CA, USA). The aforementioned data is required to deliver the survey content correctly and to optimise it for our users. We therefore invoke the legal basis of Art. 6 (1) (f), our legitimate interests.
We use the service provider eTermin.net for the online appointment booking service we offer. eTermin.net provides an external platform for our customers to book appointments. The appointment booking service can be accessed via our website. You automatically use the eTermin.net service when you use the appointment booking service.
The data collected includes the name entered, the IP address at the time of the booked appointment, the date and time, as well as any information you enter on the booking page itself. This additionally includes your address, national insurance number as well as contact details. This data is only used to manage appointments and is later validated during your personal visit. We therefore rely on the legal basis of Art 6 (1) (b) GDPR for the processing of this data, as these appointments are necessary for the initiation of the contract. For more information, please visit https://www.etermin.net/online-terminbuchung-datenschutz.
4.6. Applications and applicant portal
If you send us application data via our application portal on the website or otherwise by e-mail, the data you provide will be processed for the purpose of checking the application. For this purpose, we use the recruiting software Prescreen from NEW WORK AUSTRIA XING kununu Prescreen GmbH (Schottenring 2-6, 1010 Vienna). According to Art. 6 (1) (b) GDPR, the legal basis is the implementation of pre-contractual measures based on your application.
If we conclude an employment contract with an applicant, the transmitted data will be stored for the purpose of processing the employment relationship in compliance with the statutory provisions. If no employment contract is concluded with the applicant, the application documents will be stored for at least another six months in order to be able to comply with the obligations of proof under the Equal Treatment Act.
In addition, the data and application documents you send us will be stored for the purpose of keeping records and sending you information about further job advertisements, provided you give us your consent to do so.
5. Website Plugins
In order to make our website more appealing, we have integrated videos from the YouTube website at various points. This website is operated by YouTube LLC (901 Cherry Ave, San Bruno, 94066 CA, USA). We base the use of the YouTube plugin on our legitimate interests according to Art. 6 (1) (f) GDPR, namely the design of our website.
5.2 Google Maps
We use an API of the mapping service Google Maps for our website. Google Maps is provided by Google LLC (1600 Amphitheatre Pkwy, Mountain View, 94043 CA, USA). In order to use the functions of Google Maps, your IP address must be processed by Google Maps. We have no influence on this data transmission. The legal basis for us is Art. 6 (1) (f) GDPR, the legitimate interest in the appealing design of our website.
In the following data protection declaration you will find further information on the handling of user data by Google: https://www.google.de/intl/de/policies/privacy/.
6. Cookies and usage analysis of our website
Cookies are small text files that are stored on an end device with the help of the browser. They do not cause any damage. We use such cookies on our website and for our services to enable the use of certain functions, to make our offers more user-friendly and attractive based on the analysis of our visitors' website behaviour, and to send targeted advertising. For this purpose, we may also use other techniques such as tracking pixels. Art. 6 (1) (f) GDPR, legitimate interests, acts as the legal basis for the processing of personal data.
Most of the cookies we use are deleted again after the end of the browser session, i.e. after you close your browser (so-called session cookies). Other cookies remain on your terminal device and enable us or our partner companies to recognise your browser on your next visit (persistent cookies). You can find out the exact storage period of a cookie, unless specifically stated below, by displaying the cookie in your browser.
When you access our website, you will be asked right at the beginning whether and if so which cookies you wish to accept. You can decide for yourself whether to accept cookies that are only necessary for the operation of the website or also cookies that go beyond this and can optimise your visit to our website. If you do not accept cookies, the functionality of our website may be limited.
6.1 Use of Google Analytics
You can prevent the storage of cookies by rejecting the corresponding message when visiting our website. You have the option of making this decision when visiting our website for the first time and can also change this decision at any time via the menu item Cookie settings.
6.2. Facebook Pixel
We use the "Facebook Pixel" of the social network Facebook (1601 South California Avenue, Palo Alto, CA 94304, USA) within our website. So-called tracking pixels are integrated on our pages. When you visit our website, a direct connection is established between your browser and the Facebook server via the tracking pixel.
Facebook thereby receives, among other things, the information from your browser that our page has been accessed from your end device. If you are a Facebook user, Facebook can assign your visit to our pages to your user account. We would like to point out that we, as the provider of the pages, have no knowledge of the content of the transmitted data or its use by Facebook. We can only select which segments of Facebook users (such as age, interests) should be shown our advertising.
By calling up the pixel from your browser, Facebook can also see whether a Facebook ad was successful, e.g. led to an online purchase. This enables us to record the effectiveness of the Facebook ads for statistical and market research purposes.
Please click here (https://www.facebook.com/settings?tab=ads) if you do not wish to have data collected via the Facebook Pixel. Alternatively, you can deactivate the Facebook Pixel on the Digital Advertising Alliance page at the following link: http://www.aboutads.info/choices/.
6.3 Google AdWords
Our website uses the Google conversion tracking of Google LLC (1600 Amphitheatre Pkwy, Mountain View, 94043 CA, USA). If you have accessed our website via an ad placed by Google, Google AdWords will set a cookie on your computer. The conversion tracking cookie is set when a user clicks on an ad placed by Google. These cookies lose their validity after 30 days and are not used for personal identification. If the user visits certain pages of our website and the cookie has not yet expired, we and Google can recognise that the user clicked on the ad and was redirected to this page. Each Google AdWords customer receives a different cookie. Cookies can therefore not be tracked via the websites of AdWords customers. The information obtained using the conversion cookie is used to create conversion statistics for AdWords customers who have opted for conversion tracking. The customers learn the total number of users who clicked on their ad and were redirected to a page tagged with a conversion tracking tag. However, they do not receive any information that can be used to personally identify users.
If you do not wish to participate in the tracking, you can refuse the setting of a cookie required for this - namely in the cookie message in which we ask for your consent, via browser settings that generally deactivate the automatic setting of cookies, or in your browser settings to block cookies from the domain "googleleadservices.com".
6.4. Google Remarketing
Our website uses the functions of Google Analytics Remarketing in conjunction with the cross-device functions of Google AdWords and Google DoubleClick. The provider is Google LLC (1600 Amphitheatre Pkwy, Mountain View, 94043 CA, USA). This function makes it possible to link the advertising target groups created with Google Analytics Remarketing with the cross-device functions of Google AdWords and Google DoubleClick. In this way, interest-based, personalised advertising messages that have been adapted to you depending on your previous usage and surfing behaviour on one end device (e.g. mobile phone) can also be displayed on another of your end devices (e.g. tablet or PC).
If you have given your consent, Google will link your web and app browsing history to your Google account for this purpose. In this way, the same personalised advertising messages can be displayed on every end device on which you log in with your Google account.
To support this feature, Google Analytics collects Google-authenticated IDs of users, which are temporarily linked to our Google Analytics data to define and create target groups for cross-device ad advertising.
You can permanently object to cross-device remarketing/targeting by deactivating personalised advertising in your Google account; follow this link: https://www.google.com/settings/ads/onweb/. Google also offers a browser plug-in that allows you to permanently disable the DoubleClick cookie. You can download the browser plug-in here: https://www.google.com/settings/ads/plugin?hl=de Further information and the data protection provisions can be found in Google's data protection declaration at: http://www.google.com/policies/technologies/ads/.
7. Data processing when using our apps
We offer our customers the additional option of booking appointments via our apps. When installing the apps, no personal data are processed, with the exception of those data that are necessary for the technical maintenance and troubleshooting of the system. We use Firebase for this purpose. In particular, IP addresses and device specifications are processed. Further information can be found at https://firebase.google.com/support/privacy.
The data collected is only used to improve the apps and for statistical analysis. If there are concrete indications of illegal use, we also reserve the right to check the crash reports retrospectively. For the storage, we use an order processor who, as a cloud provider, stores this data in the European Union on our behalf and according to our instructions.
The legal basis for the processing and subsequent storage is a legitimate interest pursuant to Art. 6 (1) (f) GDPR.
For booking appointments within the app, we use the API of the service provider eTermin.net. The data collected includes the name entered, the IP address at the time of the booked appointment, the date and time, as well as all information that you enter yourself on the booking page. This additionally includes your address, national insurance number as well as contact details. This data is only used to manage appointments and is later validated during your personal visit. We therefore rely on the legal basis of Art 6 (1) (b) GDPR for the processing of this data, as these appointments are necessary for the initiation of the contract. For more information, please visit https://www.etermin.net/online-terminbuchung-datenschutz.
In principle, you have the rights to information (Article 15 GDPR), correction (Article 16 GDPR), deletion (Article 17 GDPR), restriction (Article 18 GDPR), data portability (Article 20 GDPR) and objection (Article 21 GDPR). Simply contact us for this purpose.
Data protection and data security are also very important to us with regard to data subject rights, which is why the assertion of data subject rights is only possible after the data subject has been identified beyond doubt.
If you are of the opinion that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can also complain to the data protection authority.
Dental Clinic Vienna Döbling
SANODENT Krankenhausbetriebsgesellschaft m.b.H.
Sieveringer Strasse 17, 1190 Vienna
Mag. Maximilian Wanitschek, Dr. Maximilian Nimmervoll