Privacy Policy

Read our Privacy Policy in German here.

01. Controller

RetInSight GmbH, Elisabethstra├če13/1/13 in 1010 Vienna, Austria, CEO: Corinna zur Bonsen-Thomas, Handelsgericht Wien, FN 531348w, T: +43-(0)1-5813881, corinna.thomas@retinsight.com is responsible for the processing of your personal data in accordance with Art. 4 sec. 7 General Data Protection Regulation.

02. Data protection officer

RetInSight GmbH has appointed the company rs consulting GmbH, Buchberggasse 6 in 3400 Klosterneuburg, Austria, CEO: Roland Schopper, Corporate Register Court Korneuburg, FN 411839x, T:+43(2243)22562, datenschutz@resultate.at as external data protection officer.

03. Data categories and purpose of processing

The controller collects and processes different categories of personal data, depending on the purpose for the processing. The following sections show the categories of data by purpose of processing:

03.1 Your Visit of our website

03.1.1 Log data of your visit

When you visit our website, we collect the following personal information transferred from your server:

  • IP address
  • The date and time of the request
  • Time zone difference based on Greenwich Mean Time (GMT)
  • Content of the request (specific website)
  • HTTP-Status-Code
  • Volume of data transmitted each time a visit
  • Website from which the request comes
  • Browser, including language and version
  • Operating system and interface
  • Visitor’s country of origin

03.1.2 Cookies

When you visit our website, technically necessary cookies are stored on your computer. Cookies are small text files that are stored on your hard drive in conjunction with the browser you are using. They serve to make our offer more user-friendly and effective. This website uses different types of cookies in accordance with our cookie policy.

03.1.3 Analytics

For privacy reasons, we do not use web analytics services.

03.2 Your contact with us

If you contact us via a form on the website or by e-mail, your data will be stored with us for six months in order to process the request and in case of follow-up questions. We do not share this data without your consent.

03.3 Contract

For the purpose of contract processing, the following personal data will be stored with us: contact person, e-mail address, telephone number, contracts and other contractual documents. The data provided by you is necessary for the performance of the contract or for the implementation of pre-contractual measures. Without this data, we cannot conclude the contract with you.

03.4 Employee data

The details of the processing of the data of our employees can be found in the document “Employee Data Protection Declaration”, which is accessible for all employees and persons who intend to become an employee.

03.5 Biometric data in the form of OCT scans

As a processor, we process biometric data in the form of retinal OCT scans. This data will only be transmitted to us in pseudonymous form.

The privilege of processing personal data goes hand in hand with our responsibility to treat this data ethically correct. We are committed to using data responsibly and transparently. RetInSight strives to adhere to high ethical standards in all areas of the company and to pursue an ethical, value-oriented culture in which problems are addressed quickly and visibly.

RetInSight treats all data in accordance with national and international laws and guidelines, as well as ethical standards and principles.

RetInSight processes image data that is classified as sensitive personal data, as the OCT images can be used to draw conclusions about the person’s health status. The protection of privacy is a central and sensitive issue both from a regulatory point of view and for RetInSight’s customers and cooperation partners. Retinal images are categorized as biometric data, since the unique vascular structure cannot be changed (similar to a fingerprint) and therefore can only be pseudonymized (not anonymized) according to current interpretation. RetInSight is aware that customer adoption of artificial intelligence (AI) technology is critical and develops and operates these algorithms in accordance with EU Code of Ethics for Trusted AI.

Pseudonymization means that we as processor cannot assign the collected data to specific patients, and all personally identifiable information (PII) remains with the direct healthcare provider. In addition, full encryption is already included in the development process.

Strict technical and organizational measures resulting from our data protection impact assessment ensure the highest level of privacy and security. All data is encrypted and processed only within the EU. The data sets are pseudonymized from the beginning and only a limited number of employees can access this data.

We are aware of our special responsibility and apply the strictest standards to enable the highest level of security and data protection.

04 Purpose and legal basis of data processing

04.1 Your visit at our website at www.retinsight.com

We want to enable a user-friendly experience of our website, avoiding any technical faults or malfunctions. We also want to ensure that we do provide the most relevant information, which may require to take into account certain personal information, such as the language in your browser settings or the country from where you are visiting our Services. The legal basis for the presented processing of personal data is our legitimate interest, i.e. Art. 6 sec. 1 lit. f) GDPR.

04.2 Your contact with us

When you contact us, we process your personal data to respond to your request. The legal basis for the processing of your personal data is the initiation of a contractual relationship on the basis of your request or an existing contractual relationship with you and thus Art. 6 sec. 1 b) of the GDPR or the protection of our legitimate interests, i.e. Art. 6 sec. 1 lit. f) GDPR.

04.3 Contract

The data processing is necessary for the fulfilment of the contract and therefore takes place on the basis of the legal provisions of Art 6 (1) lit b of the GDPR.

05 Transfer to 3rd parties

Data is not transferred to third parties, with the exception of the settled banking institutions / payment service providers for the purpose of processing the payment transactions, to the transport company/shipping company commissioned by us for the delivery of any documents as well as to our tax advisor for the fulfilment of our tax obligations. In specific areas, we cooperate with selected processors with whom we have concluded corresponding agreements in accordance with the GDPR.

06 Storage periods for personal data

Your data will be deleted as soon as you withdraw your consent or in general, as soon as the purpose of the data processing has ceased. In some cases, we are required by law to keep data for a period of time. As soon as this period has elapsed, we will delete this data in accordance with the data protection obligations.

07 Social-Media Plug-ins

For privacy reasons, we do not currently use Social-Media plug-ins.

08 Integrated third-party service tools

Our website does not include third-party service tools.

09 Your rights

You are entitled to access, rectify, delete, restrict, data portability, revocation and opposition with regard to your data stored by us. If you believe that the processing of your data violates data protection law or your data protection claims have otherwise been violated in any way, you can complain to us or the data protectionauthority, in Austria this is the data protection authority under www.dsb.gv.at.

Regardless of your rights, please contact us for any queries or suggestions via above mentioned channels (under item “Controller” or “Privacy Officer”) details! We look forward to hearing from you!