Data protection
1. Data protection at a glance
General information
The following information provides a simple overview of what happens to your personal data when you visit our website. Personal data is any data that can be used to identify you personally. Detailed information on the subject of data protection can be found in our data protection declaration listed below this text.
Data collection on our website
Who is responsible for data collection on this website?
Data processing on this website is carried out by the website operator. You can find the operator's contact details in the legal notice of this website.
How do we collect your data?
On the one hand, your data is collected when you provide it to us. This may, for example, be data that you enter in a contact form.
Other data is collected automatically by our IT systems when you visit the website. This is primarily technical data (e.g. internet browser, operating system or time of page view). This data is collected automatically as soon as you enter our website.
What do we use your data for?
Some of the data is collected to ensure that the website is provided without errors. Other data can be used to analyze your user behavior.
What rights do you have with regard to your data?
You have the right to receive information about the origin, recipient and purpose of your stored personal data free of charge at any time. You also have the right to request the correction, blocking or deletion of this data. You can contact us at any time at the address given in the legal notice if you have any further questions on the subject of data protection. You also have the right to lodge a complaint with the competent supervisory authority.
Analysis tools and tools from third-party providers
When you visit our website, your surfing behavior may be statistically evaluated. This is mainly done using cookies and so-called analysis programs. The analysis of your surfing behavior is usually anonymous; the surfing behavior cannot be traced back to you. You can object to this analysis or prevent it by not using certain tools. Detailed information on this can be found in the following privacy policy.
You can object to this analysis. We will inform you about the objection options in this privacy policy.
2. General notes and mandatory information
Data protection
The operators of these pages take the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the statutory data protection regulations and this privacy policy.
When you use this website, various personal data is collected. Personal data is data that can be used to identify you personally. This privacy policy explains what data we collect and what we use it for. It also explains how and for what purpose this is done.
We would like to point out that data transmission over the Internet (e.g. when communicating by e-mail) may be subject to security vulnerabilities. Complete protection of data against access by third parties is not possible.
Revocation of your consent to data processing
Many data processing operations are only possible with your express consent. You can withdraw your consent at any time. All you need to do is send us an informal e-mail. The legality of the data processing carried out until the revocation remains unaffected by the revocation.
Right to lodge a complaint with the competent supervisory authority
In the event of breaches of data protection law, the data subject has the right to lodge a complaint with the competent supervisory authority. In Austria, this is the data protection authority.
Right to data portability
You have the right to have data that we process automatically on the basis of your consent or in fulfillment of a contract handed over to you or to a third party in a common, machine-readable format. If you request the direct transfer of the data to another controller, this will only take place if it is technically feasible.
SSL or TLS encryption
This site uses SSL or TLS encryption for security reasons and to protect the transmission of confidential content, such as orders or inquiries that you send to us as the site operator. You can recognize an encrypted connection by the fact that the address line of the browser changes from "http://" to "https://" and by the lock symbol in your browser line.
If SSL or TLS encryption is activated, the data you transmit to us cannot be read by third parties.
Information, blocking, deletion
Within the framework of the applicable legal provisions, you have the right to free information about your stored personal data, its origin and recipient and the purpose of the data processing and, if necessary, a right to correction, blocking or deletion of this data at any time. You can contact us at any time at the address given in the legal notice if you have further questions on the subject of personal data.
3. Data collection on our website
Cookies
Some of the Internet pages use so-called cookies. Cookies do not damage your computer and do not contain viruses. Cookies are used to make our website more user-friendly, effective and secure. Cookies are small text files that are stored on your computer and saved by your browser.
Most of the cookies we use are so-called "session cookies". They are automatically deleted at the end of your visit. Other cookies remain stored on your end device until you delete them. These cookies enable us to recognize your browser on your next visit.
You can set your browser so that you are informed about the setting of cookies and only allow cookies in individual cases, exclude the acceptance of cookies for certain cases or in general and activate the automatic deletion of cookies when closing the browser. If cookies are deactivated, the functionality of this website may be restricted.
Cookies that are required to carry out the electronic communication process or to provide certain functions that you have requested (e.g. shopping cart function) are stored on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the storage of cookies for the technically error-free and optimized provision of its services. Insofar as other cookies (e.g. cookies to analyze your surfing behavior) are stored, these are treated separately in this privacy policy.
Server log files
The provider of the pages automatically collects and stores information in so-called server log files, which your browser automatically transmits to us. These are
- Browser type and browser version
- operating system used
- Referrer URL
- Host name of the accessing computer
- Time of the server request
- IP address
This data is not merged with other data sources.
This data is collected on the basis of Art. 6 para. 1 lit. f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimization of its website – the server log files must be recorded for this purpose.
Contact form
If you send us inquiries via the contact form, your details from the inquiry form, including the contact details you provide there, will be stored by us for the purpose of processing the inquiry and in the event of follow-up questions. We will not pass on this data without your consent.
The data entered in the contact form is therefore processed exclusively on the basis of your consent (Art. 6 para. 1 lit. a GDPR). You can withdraw this consent at any time. All you need to do is send us an informal email. The legality of the data processing operations carried out until the revocation remains unaffected by the revocation.
We will retain the data you provide on the contact form until you request its deletion, revoke your consent for its storage, or the purpose for its storage no longer pertains (e.g. after fulfilling your request). Mandatory statutory provisions – in particular retention periods – remain unaffected.
Verarbeiten von Daten (Kunden- und Vertragsdaten)
We collect, process and use personal data only insofar as it is necessary for the establishment, content or modification of the legal relationship (inventory data). This is done on the basis of Art. 6 para. 1 lit. b GDPR, which permits the processing of data for the fulfillment of a contract or pre-contractual measures. We collect, process and use personal data about the use of our website (usage data) only insofar as this is necessary to enable or charge the user for the use of the service.
The customer data collected will be deleted after completion of the order or termination of the business relationship. Statutory retention periods remain unaffected.
4. Analysis tools and advertising
Google Analytics 4
This website uses Google Analytics 4 (GA4), a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). GA4 is loaded only after you have given your consent via our cookie banner. The measurement ID is G-NQZH403PM4.
GA4 processes pseudonymised usage data (e.g. device and browser information, truncated IP address, pages visited, time spent, interactions). Your IP address is truncated within the European Union before any storage. Data may be transferred to the USA on the basis of Google's EU-US Data Privacy Framework certification and EU standard contractual clauses pursuant to Art. 46 GDPR.
The legal basis is your consent pursuant to Art. 6 (1) lit. a GDPR and § 165 (3) TKG 2021 (Austria). You can withdraw your consent at any time via the cookie banner (link at the bottom of every page) with effect for the future. The lawfulness of processing carried out before withdrawal remains unaffected.
A data processing agreement pursuant to Art. 28 GDPR is in place with Google. You can additionally prevent collection by Google Analytics by installing the browser add-on at https://tools.google.com/dlpage/gaoptout?hl=en. For further information, see Google's privacy policy: https://policies.google.com/privacy.
Google Ads and Conversion Tracking
Our website uses Google Ads, an online advertising programme of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). As part of Google Ads we use conversion tracking. When you click on an ad served by Google, a conversion tracking cookie is set. These cookies usually expire after 30 days and are not used to identify you personally.
The conversion cookies allow Google and us to determine whether, after clicking on an ad, you reached certain pages of our website (e.g. a confirmation page). This enables us to statistically evaluate the effectiveness of our advertising campaigns. We do not receive any information that could be used to personally identify you.
The legal basis for storing the tracking cookies and the subsequent processing is your consent pursuant to Art. 6 (1) lit. a GDPR and § 165 (3) TKG 2021 (Austria). You can withdraw your consent at any time via the cookie banner.
Data may be transferred to the USA on the basis of Google's EU-US Data Privacy Framework certification. For further information, see Google's privacy policy: https://policies.google.com/privacy.
Google Ads Remarketing
Our website uses the Google Ads Remarketing function of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). This allows us to target visitors of our website with tailored advertising on third-party sites within the Google advertising network (e.g. Google search or YouTube).
For this purpose, Google sets a cookie in the browser of your device. Based on a pseudonymous cookie ID and the pages you have visited, this cookie enables interest-based advertising. Any further linking with your Google account only takes place if you have agreed to this in your Google account settings.
The legal basis is your consent pursuant to Art. 6 (1) lit. a GDPR and § 165 (3) TKG 2021. You can withdraw your consent at any time via the cookie banner. You can additionally disable personalised advertising in your Google ads settings at https://adssettings.google.com.
5. Plugins and tools
Fonts (locally hosted)
For a uniform display of typefaces we use the font families "Montserrat" and "Nunito". These are served exclusively from our own server (locally hosted). No connection is made to external font providers such as Google Fonts; your IP address is not transmitted to Google or any third party.
Google Maps
On our directions and contact pages we embed the map service Google Maps of Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland ("Google"). The map is loaded via an iframe from www.google.com/maps. We do not use our own API key for this.
When the map loads, Google receives your IP address, browser and device information, and the page being viewed. Data may be transferred to the USA on the basis of Google's EU-US Data Privacy Framework certification.
The map is loaded only after you have agreed to the use of external maps via our cookie banner. The legal basis is your consent pursuant to Art. 6 (1) lit. a GDPR. For more information on the handling of user data, see Google's privacy policy: https://policies.google.com/privacy.
AI Chatbot "Carl" (local processing in our practice)
On this website we offer the AI chatbot "Carl", which answers frequently asked questions about our practice and helps with appointment matters. The chat widget is loaded from our own domain (admin.uromed.at) and communicates exclusively with our AI server, which is operated locally at the UROMED practice, Neubaugürtel 47/OG.5, 1150 Vienna.
Processed data: your chat input, technical connection data (IP address, user agent, timestamp) and language/configuration parameters (e.g. "lang=en"). No data is transmitted to external AI providers (e.g. OpenAI, Google, Anthropic) and no data is transferred to third countries. Processing takes place entirely on our own infrastructure in Austria.
Purpose: answering your questions, supporting appointment management, improving the chat service. Legal basis: our legitimate interest in efficient patient communication pursuant to Art. 6 (1) lit. f GDPR; if you enter health data, processing is based on Art. 9 (2) lit. h GDPR in conjunction with § 7 (1) GTelG 2012 (Austrian Health Telematics Act).
Please do not transmit sensitive health data via the chatbot unless explicitly required. Storage period: conversations are stored for quality assurance for a maximum of 30 days and then automatically deleted.
AI Phone Assistant (CGM ONE)
When you call our practice number (01) 353 44 14, your call is initially answered by an AI phone assistant ("CGM ONE") which records your request and forwards it to our practice team. The provider and processor is CompuGroup Medical CGM Clinical Österreich GmbH (CGM Austria), Lagerstraße 11, 1200 Vienna.
Processed data: phone number, voice recording of your request, automatically generated transcripts and request summaries. Storage location: servers within the European Union. Storage period: automatic deletion after 60 days. Access by our practice team is granted exclusively via two-factor authentication.
Purpose: efficient call handling, appointment and request management. Legal basis: Art. 6 (1) lit. b GDPR (initiation and performance of the treatment contract) and, for health data, Art. 9 (2) lit. h GDPR in conjunction with § 7 GTelG 2012. A data processing agreement pursuant to Art. 28 GDPR is in place with CGM Austria.
If you do not wish to speak to the AI phone assistant, you can alternatively contact us by e-mail at ordination@uromed.at or via our online appointment booking portal.
Online Appointment Booking (CGM LIFE eServices)
For online appointment booking we link to the CGM LIFE eServices portal (de.cgmlife.com). When you click the booking link, you leave our website and are forwarded to the service operated by CompuGroup Medical. The CGM privacy policy applies on that portal: https://www.cgm.com/aut_de/datenschutz.html.
The booking portal in particular processes your name, date of birth, contact details, insurance details and the requested appointment / reason for treatment. The servers are located within the European Union; a data processing agreement pursuant to Art. 28 GDPR is in place with CGM. The legal basis is Art. 6 (1) lit. b GDPR (initiation of the treatment contract) and, for health data, Art. 9 (2) lit. h GDPR.
Cookie Banner and Consent Management
We use a cookie banner that allows you to consent to or refuse the use of non-essential cookies and similar technologies (e.g. Google Analytics, Google Ads, embedded maps). Your selection is stored in a strictly necessary cookie on your device.
You can withdraw or adjust your consent at any time via the "Cookie settings" link at the bottom of every page. The legal basis for storing information on your device is § 165 (3) TKG 2021 (Austria) in conjunction with Art. 6 (1) lit. a GDPR.
Your rights
In principle, you have the rights to information, correction, deletion, restriction, data portability, revocation and objection. If you believe that the processing of your data violates data protection law or your data protection rights have been violated in any other way, you can lodge a complaint with the supervisory authority. In Austria, this is the data protection authority.
