Privacy Policy

Privacy Policy (Version: 2021)

1.  Data controller and scope of application

1.1. 1.1. The data controller within the meaning of Art 4 Z 7 of the General Data Protection Regulation (GDPR), i.e. responsible for operating this website and data processing described below, is

EBG MedAustron GmbH
FN 291863k
Marie Curie-Straße 5
A-2700 Wiener Neustadt
(hereinafter “we” and/or “us“).

1.2. You can contact our data protection officer at datenschutz@medaustron.at.

1.3. Our currently valid privacy policy is available here. It is only valid for our website and not for websites of third parties.

On our website, there are hyperlinks to websites of third parties (e.g. Google Maps); if you click on these hyperlinks, you will be redirected directly to the third party’s website (recognizable by the change of the URL displayed in your internet browser). We have no influence on the processing of your data on third-party websites and can therefore not assume any responsibility for the confidential handling of your personal data on these websites; please inform yourself about the data processing on third-party websites directly on these websites. We neither take on any responsibility or liability for the content, correctness or presentation on third-party websites.

1.4. Our privacy policy describes which personal data we process for which purpose and how we use personal information collected during your visit to our website or as a result of contacting us, when you use one of the contact options offered on our website.

1.5. When processing personal data, we are subject to the applicable legal provisions, in particular the GDPR, the Austrian Data Protection Act 2018 (Datenschutzgesetz DSG 2018) and the Austrian Telecommunications Act 2003 (Telekommunikationsgesetz TKG 2003). In accordance with our obligations, appropriate and state-of-the-art data security measures are taken as defined in Art. 32 GDPR to protect your data against accidental or unlawful destruction or loss, against unauthorized access and to ensure that data are used properly.

Our employees and the processor commissioned by us (see below, item 5.17) are contractually bound to secrecy and to comply with the provisions of the GDPR and the DSG 2018. Health data processed in the context of a therapy request or a therapy contract are also subject to medical confidentiality obligation; these data are only processed by professionals subject to confidentiality or under their responsibility (Art 9 para 3 DSGVO).

2. General contact form 

2.1. If you would like to contact us, please use our contact form. If you would like to submit us a therapy request, please use our special contact form – Therapy Request (see below, item 3).

2.2. If you contact us via our general contact form, we collect your data entered in the data fields of the contact form. Indication of your name and e-mail address is mandatory: We need and process these data in order to answer your inquiry, to provide you with the requested information or to process and deal with your other request submitted to us. Without these data, we will unfortunately not be able to respond to your request. Optionally, you can also give us your telephone number, if you would like us to call you in case of questions; however, providing a telephone number is not mandatory. In case of using the contact form, your personal data will not be passed on to third parties.

2.3. Data collected via the contact form will be processed exclusively for the purpose of dealing with your inquiry/your request. These data are therefore processed for the purpose of contacting you, which is based on our predominant, legitimate interest in providing and using an up-to-date information medium, including the simplest and most easily accessible contact and exchange opportunity for and with visitors to our website (Art 6 para 1 lit f GDPR). Data will be stored and retained for as long as it is necessary to deal with your inquiry or request and will be deleted after the last contact within an appropriate period of time according to the respective circumstances. Beyond that, data will only be retained, if such retention is required to comply with statutory retention periods, if you agreed a longer retention period with us or if we enter into a contractual relationship with you, where processing of these data is (still) necessary. In these cases, data will be deleted after termination of the contractual relationship and expiry of the statutory or agreed retention periods (depending on which one ends last). In the event of litigation, we will retain the data until the end of the litigation(s) in question, if these data are needed as evidence.

3. Contact form – Therapy request

3.1. If you would like to submit us a therapy request, you have the opportunity to use our contact form – Therapy request. If you contact us in this way, we collect your data entered in the data fields of the contact form. Indication of your name and e-mail address is mandatory: We need and process these data in order to answer your therapy request, to provide you with the requested information on our services and/or to process and deal with your other specific request in connection with our therapy services. Without these data, we will unfortunately not be able to respond to your request. Optionally, you can also give us your telephone number, if you would like us to call you in case of questions; however, providing a telephone number is not mandatory. In case of using the contact form, your personal data will not be passed on to third parties.

3.2. Data collected via the contact form will be processed exclusively for the purpose of dealing with your therapy request. These data are therefore processed for the purpose of contacting you and are required for implementing pre-contractual measures upon your request (Art 6 para 1 lit b GDPR). Data will be stored and retained for as long as it is necessary to deal with your request and will be deleted after the last contact within an appropriate period of time according to the respective circumstances. Beyond that, data will only be retained, if such retention is required to comply with statutory retention periods, if you agreed a longer retention period with us or if we enter into a contractual relationship with you, where processing of these data is (still) necessary. In these cases, data will be deleted after termination of the contractual relationship and expiry of the statutory or agreed retention periods (depending on which one ends last). In the event of litigation, we will retain the data until the end of the litigation(s) in question, if these data are needed as evidence.

3.3. Upon receipt of your request, our patient reception department will create a personalized, password-protected transfer link and send it to the e-mail address you provided in the contact form. This link will take you to our transfer portal, which you can use to securely transmit your health-related data (e.g. findings, doctors’ reports, etc.). The transfer portal is hosted by us on our own server in Austria; data are not transferred to third parties. Data transmitted to us via the transfer portal will immediately be deleted from this portal after having been entered into our internal patient data management system for further processing your request and implementing any therapy contract that may then be concluded.

3.4. Data collected via the transfer portal will be processed exclusively for the purpose of further dealing with your therapy request. These data are therefore processed for the purpose of clarifying whether our services are suitable for you as a therapy, as well as of further implementing any therapy contract that may then be concluded. Without these data, we will unfortunately not be able to proceed with your request. Data processing is therefore necessary for implementing pre-contractual or – in the case of concluding a therapy contract – contractual measures upon your request (Art 9 para 2 lit h GDPR). Data will be stored and retained for as long as it is necessary to deal with your inquiry and/or request and/or to implement the therapy contract and will be deleted after the last contact and/or the conclusion of the therapy contract within an appropriate period of time according to the respective circumstances. Beyond that, data will only be retained, if such retention is necessary to comply with statutory retention periods (e.g. according to the Austrian Federal Law on Hospitals and Rehabilitation Centers – KaKuG, § 10 Abs 1 Z 3 KaKuG) or if you agreed a longer retention period with us. In these cases, data will be deleted after expiry of the statutory or agreed retention periods (depending on which one ends last). In the event of litigation, we will retain the data until the end of the litigation(s) in question, if these data are needed as evidence.

4. Contact by e-mail or phone

4.1. If you contact us by e-mail or telephone, we collect and process the data provided to us by e-mail or telephone. When contact is made by e-mail, we process the sender’s name and e-mail address appearing in the e-mail header or in the text of the e-mail; we also process the content of the message and any attachments. We need and process these data in order to answer your inquiry, to provide you with the requested information or to process and deal with your other specific request submitted to us. Without these data, we will not be able to proceed with your request.

4.2. Your data provided to us in this way will be processed exclusively for the purpose of dealing with your request(s). These data are therefore processed for the purpose of contacting you, which is based on our predominant, legitimate interest in providing and using an up-to-date information medium, including the simplest and most easily accessible contact and exchange opportunity for and with visitors to our website (Art 6 para 1 lit f GDPR). Data will be stored and retained for as long as it is necessary to deal with your inquiry and will be deleted after the last contact within an appropriate period of time according to the respective circumstances. Beyond that, data will only be retained, if such retention is required to comply with statutory retention periods, if you agreed a longer retention period with us or if we enter into a contractual relationship with you, where processing of these data is (still) necessary. In these cases, data will be deleted after termination of the contractual relationship and expiry of the statutory or agreed retention periods (depending on which one ends last). In the event of litigation, we will retain the data until the end of the litigation(s) in question, if these data are needed as evidence.

4.3. Health data are a special category of personal data (“sensitive data”) and may only be processed under strict conditions. Therefore, we kindly ask you not to send any personal health data (e.g. social security number, medical reports, etc.) in an unencrypted way via e-mail or through other insecure electronic communication channels. If you would like to submit a therapy request and/or send us health data, please use our contact form – therapy request. We will then immediately send you a link to our secure transfer portal (item 3.3).

5. Online application portal

5.1. We offer you the opportunity to apply for vacant positions via our online application portal or to send us an unsolicited application. If you would like to use our online application portal, please create a user account. We collect and process your provided data requested in the registration form.

5.2. You can also import the form data from XING; for this purpose, you must log in with your XING access data to allow our processor (see below, item 5.17) to access your data stored on XING. This data import is therefore based on your explicit consent (Art 6 para 1 lit a GDPR). This consent can be revoked with effect for the future; however, lawful data imports already carried out on the basis of your consent remain lawful despite revocation.

5.3. We need the data collected by means of the registration form in order to provide you with this service to be used by you.

5.4. After creating your user account, you can complete your application by entering further data and information about your CV and skills or other additional information. Furthermore, you are able to upload a profile picture and application documents (e.g. certificates).

5.5. We do not yet have access to your data entered/uploaded. You only transmit/send us your entered data by clicking the “complete” button.

5.6. In the course of creating your user account, you can specify whether you only want to create your applicant profile for an individual application (“individual application”) or whether we are allowed to keep your applicant profile on file for an additional 24-month period (“extended retention period”).

5.7. If you want to extend the retention period, please activate the checkbox (consent to extended retention period) at the end of the first page of data entry. In this case, our data processing beyond the recruiting process resulting from your current application (storage of your data for the purpose of further consideration and contact in the event of future vacancies matching your applicant profile) is based on your consent (Art 6 Para 1 lit a DSGVO), which you can revoke for the future at any time.

5.8. If you do not activate the checkbox (consent to extended retention period), your application will be treated as an individual application.

5.9. We process and use your provided data solely for the purpose of assessing whether your profile matches an advertised position and/or whether we can offer you a job that matches your profile. Furthermore, we process your data for proceeding with the application process and for initiating any employment relationship in our company.

5.10. These data are therefore processed for the purpose of implementing the recruiting process and pre-contractual measures upon your initiative (Art 6 para 1 lit b GDPR). Your application/documents will not be passed on to third parties. Without these data, you will unfortunately not be able to use our application portal or we cannot check whether you are eligible for any vacant position with us.

5.11. If you decided to submit an individual application, your user account will be deleted no later than seven months after completion of the recruiting process. If you apply for a new job using your existing user account before expiration, the deletion period will end after completion of this recruiting process. The recruiting process is complete when the applicant was hired or when we informed him/her about cancellation or termination/discontinuation of the recruiting process.

5.12. In each case (individual application as well as extended retention period), we will send you an e-mail two weeks before the expiry of the deletion period and inform you that you can consent to extended data retention if you would like us to (continue to) keep your applicant profile on file for future job vacancies. In this case, our data processing (data storage and contact for future suitable job offers) is based on your consent (Art 6 para 1 lit a GDPR), which you can revoke for the future at any time.

5.13. If you revoke your consent to extended data retention, we will no longer be able to consider your application data for future job vacancies. At the time of revocation, we will continue application processes already initiated with your consent and store/process the data required for this purpose for the duration of the application process; unless an employment relationship is established, such data will be deleted no later than seven months after completion of the recruiting process (item 5.11).

5.14. Beyond the deletion periods defined in this item 5, data will only be retained, if such retention is required to comply with statutory retention periods. In this case, data will be deleted after expiration of the statutory retention periods. In the event of litigation, we will retain the data until the end of the litigation(s) in question, if these data are needed as evidence.

5.15. Your user name and personal password ensure that only you have access to your user account, where you can change (add, correct and delete) data and even delete the entire user account. Neither we can see your password.

5.16. After login, you can directly edit, change, update or delete your individual data or your entire user account at any time. In this context, please also use the menu item “Help”, which you will find directly in your user account. If you have any further questions, please do not hesitate to contact us at human.recources@medaustron.at or datenschutz@medaustron.at.

5.17. The online application portal is operated on our behalf by New Work SE (the “Processor”) using the “Prescreen” applicant management software. We concluded a processing contract with the processor according to Art 28 para 3 GDPR, according to which the processor is obliged to use the data exclusively within the scope of our contract and to disclose them only to us; in any case, the processor must not transfer the data used or use them for own purposes without our corresponding assignment.

6. Use of the website

6.1. You can furthermore access and use our website without registering or creating a user account.

6.2. When you visit our website, your browser automatically transmits the IP address of your computer to our server; this is necessary for our website to be retrieved from our server and displayed in your browser. Depending on the configuration of your browser, further data (e.g. browser type, browser version, operating system used, referrer URL) may be transmitted.

6.3. These data are processed for exclusively technical purposes. So, we can guarantee a smooth (technical) connection between your browser and our server (pure page loading) and even enable you to use our website at all] The legal basis for this data processing is our legitimate interest in having a web presence (Art 6 para 1 lit f GDPR). We have to process the date in order to make the website available to you. Without these data we cannot operate this website and you cannot access our website. We do not permanently store the data, nor read or process them for any other purpose.

6.4. YouTube videos are embedded on our website by means of framing technology. We activated the “privacy-enhanced mode“. According to YouTube, no information about your visit to our website is sent to YouTube and/or the Google network. However, when you click on the video to watch it, YouTube sets cookies and data are transferred to YouTube and/or the Google network.

You can find more information about data collection and processing at Google here.

7. Cookies

7.1. A cookie is a short alphanumeric text that is stored on your terminal device and can be retrieved later. In principle, distinction is made between

7.1.1. session cookies, which are automatically deleted when you close your browser;

7.1.2. persistent cookies, which remain stored on your terminal device until a defined expiration date;

7.1.3. first party cookies set by or for us as the operator of this website; and

7.1.4. third party cookies, which are not set by or for us, but by or for a third party.

7.2. Necessary cookies

Our website uses cookies to provide you with services and features for an optimized, personalized website experience and greater usability. For example, cookies are required so that you do not have to log in each time you navigate your account.

The following cookies are required in order that you can use our website appropriately or according to your settings:

  • Type, designation: Cookie accepted
  • Description: first party persistent cookie to store your decision regarding cookie placement by our website. This cookie is only set, if you click the “Do not ask again” checkbox provided for this purpose in our cookie consent tool.
  • Expiry date: 3 months
  • Type, designation: Matomo Deaktivierungs Cookie
    [Matomo_ignore]
  • Description: first party persistent cookie to store your decision regarding the tracking opt-out by our website (see below, item 8.3.3)
    This cookie is only set, if you activate the checkbox described in item 8.3.3.
  • Expiry date: 2 years
  • Type, designation: Prescreen Session Cookie PHPSESSID
  • Description: This cookie serves to identify the user during the use of Prescreen. The cookie is mandatory for correct functionality.
  • Expiry date: The cookie loses its validity when the browser is closed.

Processing of these data is based on our legitimate interest in operating the website and making it available to visitors (Art 6 para 1 lit f GDPR).

In your browser settings, you can determine whether cookies should be allowed or not. If you deactivate cookies completely, necessary cookies will also be rejected. As a result, certain features on our website may not be displayed or run properly. This can limit your possibilities to use this website and may prejudice its appearance and your user experience.

7.3. Useful cookies

In addition, some cookies used are not absolutely required for the functionality of the website and/or the services requested by you as a user, but are useful:

  • Type, designation: MATOMO Tracking Cookie 1
    _pk_id.[0-9].[a-z][0-9][0-9]
  • Description: persistent recognition cookies set by Matomo (see below, item 8) for the purpose of statistical analysis of visitor accesses to our website.
  • Expiry date: 7 days
  • Type, designation: MATOMO Tracking Cookie 2
    _pk_ref.[0-9].[a-z][0-9][0-9])
  • Description: persistent recognition cookies set by Matomo (see below, item 8) for the purpose of statistical analysis of visitor accesses to our website.
  • Expiry date: 7 days
  • Type, designation: MATOMO Tracking Cookie 3
    _pk_ses.[0-9].[a-z][0-9][0-9]
  • Description: session recognition cookies set by Matomo (see below, item 8) for the purpose of recognition allowing statistical analysis of visitor accesses to our website. at the end of session
  • Expiry date: at the end of the session
  • Type, designation: Prescreen Persistent Cookie _ga
  • Description: This cookie is used to record usage behavior of applicants.
  • Expiry date: 24 months
  • Type, designation: Prescreen Persistent Cookie _gat
  • Description: This cookie is used to record usage behavior of applicants.
  • Ablaufdatum: 24 months
  • Type, designation: Prescreen Persistent Cookie REMEMBERME
  • Description: This cookie is used to restore an expired session
  • Expiry date: 2 weeks

Processing of these data is based on your consent (Art 6 para 1 lit a GDPR).

Our website is configured in such a way that useful cookies are only stored by default after your explicit consent. You can select your consent to storing cookies in our cookie banner, which appears when calling the site for the first time.

This setting may be changed again by clearing the cache of your browser.

8. Collection and analysis of statistical data

8.1. The web analysis service Matomo collects and analyses statistical data on the use of our Internet services: The program is installed on our server and stores data only on our own server in Austria (in-house solution). Data thus remain under our control and management; there is no transmission or transfer to an external web analysis processor.

8.2. Matomo attempts to recognize visitors to our website by tracking certain information, including the visitor’s IP address. For more information on how Matomo works, click here.

8.3. The following implementations aim at protecting your privacy:

8.3.1. Activation of the plugin “IP anonymization”: This anonymizes each visitor’s IP address before storage by masking the last 2 bytes of your IP address. This virtually eliminates the possibility of tracing the IP address.

8.3.2. Logs older than 7 days are deleted by default.

8.3.3. Tracking opt-out:

You can decide for yourself, whether you wish to accept the tracking cookie set by Matomo (see above, item 7.3). If you refuse cookies, this cookie will not be set.

In addition, you may object to tracking also other information (including collection and analysis of your already anonymized IP address; see above item 8.3.1) by activating the checkbox below. A Matomo deactivation cookie is then stored. Please note that the Matomo deactivation cookie is deleted, when you delete the cookies stored in your browser. In addition, it must be deactivated separately, if you access our website from another computer or from another web browser.

This setting may be changed again by activating the checkbox once more.

9. Transfer

9.1. We will not transfer any data obtained as described in the items above, except upon your explicit request or consent in writing to transfer your data.

10. Your rights according to the GDPR

10.1. Right to information: We are pleased to inform you, whether we process your data and – if applicable – which of them. If you wish to receive information about your data, please send a request for information in writing to datenschutz@medaustron.at. Please attach a copy of an official photo ID to your request for information in order to prove your identity.

Please note that you can only request information about your own data, but not about the data of other persons.

10.2. Right of rectification and erasure: According to the provisions of the GDPR, we are obliged to rectify or erase incorrect data or data processed against the provisions of the data protection regulation, on our own initiative as soon as we become aware of incorrect data or their inadmissible processing, or upon your reasoned request. If you believe that we process your personal data inaccurately or against the provisions of the data protection regulation, please send your reasoned request in writing by e-mail to datenschutz@medaustron.at. Regarding changes, additions and erasure of data in your user account, see above, item 5.16.

10.3. Right to restrict processing: You may request us to restrict processing your data in the following cases:

  • if you challenge the accuracy of the data for a period of time that allows us to verify the accuracy of the data;
  • if processing of the data is unlawful, but you refuse erasure and request restriction of using the data instead;
  • if we no longer need the data for the intended purpose, but you still need these data to assert or defend legal claims, or
  • if you objected to processing of the data.

10.4. Right to data portability: You have the right that we supply your data in a structured, common and machine-readable format, provided that

  • we process these data on the basis of your consent or for legitimate interest or processing is required for implementing proper fulfilment of a contract between us, and
  • your data are processed by means of automated processes.

10.5. Right of objection: In cases where we base our data processing on our legitimate interest, you may object to this data processing at any time, provided that there are reasons arising from your particular situation. However, we would like to point out that we are entitled to continue processing the data despite your objection, if we can demonstrate compelling legitimate reasons worth protecting processing, which override your interests, rights and freedoms, or if processing serves the assertion, exercise or defense of legal claims. If you wish to exercise your right of objection, we ask you to send your reasoned objection by e-mail to datenschutz@medaustron.at.

10.6. Right of revocation: If we process data on the basis of your consent, you have the right to revoke this consent with effect for the future at any time.

11. Data of other persons

11.1. If you provide us with other persons’ data, please ensure their consent in advance that you transmit their personal data to us and that we are allowed use them in accordance with our privacy policy.

12. Changes to the privacy policy

12.1. Our privacy policy will be updated with effect for the future in the event of changes to the law or significant changes to the functional scope of our website. Therefore, this privacy policy may change over time. We recommend you to read our privacy policy each time you visit our website or at regular intervals so that you are always informed about how we handle your personal data.

13. Questions, contact

13.1. If you have any other questions about this privacy policy, please do not hesitate to contact us at datenschutz@medaustron.at.

14. Right to lodge a complaint

14.1. If you believe that we violate Austrian or European data protection law in processing your data, we ask you to contact us in order to clarify any issues. Of course, you also have the right to lodge a complaint with the supervisory authority (in Austria, this is the data protection authority).