Last Update: October 2022
Disclosure of information by medical office Dr. Christian Zagler ("we") pursuant to Art 13 EU General Data Protection Regulation ("GDPR") concerning data processing in the course of accessing and using the website https://www.christianzagler.at/ ("Website").
Thank you for your interest in our Website. The protection of your privacy is very important to us. Consequently, we process your data strictly in accordance with the GDPR in conjunction with the Austrian Data Protection Act ("DSG"), the Austrian Telecommunications Act 2003 ("TKG") and other relevant legal provisions.
Data protection regulations primarily concern the processing of personal data. The terms used within the scope of this Data Protection Declaration are defined in and by the GDPR. Thus, the term "processing" of personal data essentially includes any handling of such data. Insofar as data processed by us are human-related and make you identifiable as a person, they are to be considered personal data and you are to be considered a data subject in the sense of Art 4 item 1 GDPR.
Your are not obligated to provide us with any of your data. Any data automatically processed due to merely accessing the website are either of non personal nature or only stored for very short periods (see, in particular, point 2).
- Controller regarding the processing of user data; contact options
Controller in the sense of Art 4 item 7 GDPR:
Dr. Christian Zagler
Telephone: +43 1 5030888
Fax: 01 5350220
When accessing our Website, certain access data are processed automatically in so called server log files for the purposes of technical security, improvement of website quality and statistical purposes; this processing is based on our legitimate interest (Art 6 para 1 lit f GDPR), which consists in achieving the aforementioned purposes.
In particular, the following data are processed in this context: (i) name of visited website; (ii) browser type/version used; (iii) operating system of the user; (iv) previously visited website (referrer URL); (v) time of the server request; (vi) data volume transferred; (vii) host name of the accessing computer (IP address used in anonymised form).
This information does not allow us to identify you personally; however, IP addresses are considered personal data within the meaning of the GDPR. The server log files are, in general, automatically deleted after eight (8) weeks, at the latest.
When contacting us via the contact options outlined in this Data Protection Declaration or in the imprint of our Website, we will use your data as indicated in order to process your contact request and deal with it. The data processing involved is necessary to issue a response in respect of your request as we would otherwise not be able to contact you. Purpose of the data processing is to enable us an exchange with users. We answer your request on the basis of our legitimate interest (Art 6 para 1 lit f GDPR) in maintaining a properly functioning contact system.
We delete your requests as well as your contact data, if the request has been answered conclusively. Your data are, in general, stored for a period of six (6) months and deleted afterwards as long as we do not receive any follow-up requests in the meantime.
- Cookies and storage technologies
Generally, we do not use any storage technologies which store data on your end device or access such information. Cookies are solely used if they are essential in the sense of § 96 para 3 TKG and thus technically necessary to maintain fundamental functions of our Website. Cookies are small data sets that are stored on your end device. They are placed by a web server and sent back to it as soon as a new connection is established in order to recognise the user and his settings. In this sense, a cookie is a small local text file that assigns a specific identity consisting of numbers and letters to your end device.
Most browsers automatically accept cookies, though you have the option to customise your browser settings so that cookies are generally rejected. However, if you change your browser's cookie settings, our Website may no longer be fully usable. We do not use any technologies to track users or to display targeted advertisements.
- Links to third party sites
On our Website, we use links to the websites of third parties. These are, for instance, links to our presences in social networks (e.g. Facebook). If you click on one of these links, you will be forwarded directly to the respective page. For the website operators it is only evident that you have accessed our Website. Accordingly, we refer you, in general, to the separate data protection declarations of these websites.
- Data transfer
In general, your data are transferred to third parties only in exceptional cases (as long as you are not notified separately):
- We transfer your data to other controllers in case we are legally obligated to do so; recipients may primarily be authorities or courts fulfilling their statutory duties;
- processors in the sense of Art 28 GDPR by us if expressly identified and designated in this Data Protection Declaration when outlining a respective data processing operation.
- a transfer of your data to third countries does not take place unless expressly depicted in the course of this Data Protection Declaration.
- Rights of the data subject
You may decide to exercise any of the following rights concerning our processing of your personal data at any time free of charge by means of a notification being sent to one of the contact options outlined under point 1; we shall then answer your request as soon as possible and within one (1) month at the latest (in exceptional cases, restrictions on these rights are possible, for instance, if otherwise the rights of third parties would be affected):
- access and further information concerning your individual data processed by us (right of access, Art 15 GDPR);
- rectification of wrongly recorded data or data that have become inaccurate or incomplete (right to rectification, Art 16 GDPR);
- erasure of data which (i) are not necessary in light of the purpose of data processing, (ii) are processed unlawfully, (iii) must be erased due to a legal obligation or an objection to the processing (right to erasure, Art 17 GDPR);
- temporary restriction of processing under certain circumstances (right to restriction of processing, Art 18 GDPR).
- objection to any processing of your data being based on our legitimate interest (Art 6 Abs 1 lit f GDPR) on grounds relating to your particular situation (right to object; Art 21 Abs 1 GDPR);
- right to lodge a complaint with a national supervisory authority in respect of our processing of your data; in Austria, such complaint follows the requirements and stipulations of § 24 DSG and has to be directed to the Austrian Data Protection Authority, Barichgasse 40–42, 1030 Vienna, (email) email@example.com, (phone) +43 1 52 152-0 (to simplify the processes involved, the Austrian Data Protection Authority provides templates and forms in this regard: https://www.dsb.gv.at/dokumente).