Obligation to provide information in accordance with Art 13 and Art 14 GDPR
Version of 30/04/2022
The protection of your personal data is of particular concern to us. We therefore process your data exclusively on the basis of the statutory provisions (GDPR, TKG 2003). In this privacy information, we inform you how we ensure this protection and what types of data are processed and for what purpose. Personal data means any information relating to an identified or identifiable natural person, such as your name, address, email addresses, user behavior.
RetInSight GmbH, Elisabethstraße13/1/13 in 1010 Vienna, Austria, CEO: Corinna zur Bonsen-Thomas, Handelsgericht Wien, FN 531348w, T: +43-(0)1-5813881, email@example.com is responsible for the processing of your personal data in accordance with Art. 4 sec. 7 General Data Protection Regulation.
02. Data protection officer
RetInSight GmbH has appointed the company rs consulting GmbH, Buchberggasse 6 in 3400 Klosterneuburg, Austria, CEO: Roland Schopper, Corporate Register Court Korneuburg, FN 411839x, T:+43(2243)22562, firstname.lastname@example.org as external data protection officer.
03. Data categories and purpose of processing
The controller collects and processes different categories of personal data, depending on the purpose for the processing. The following sections show the categories of data by purpose of processing:
03.1 Your Visit of our website
retinsight.com or fluidmonitor-he.retinsight.cloud
03.1.1 Log data of your visit
When you visit our website, we collect the following personal information transferred from your server:
- IP address
- The date and time of the request
- Time zone difference based on Greenwich Mean Time (GMT)
- Content of the request (specific website)
- Volume of data transmitted each time a visit
- Website from which the request comes
- Browser, including language and version
- Operating system and interface
- Visitor’s country of origin
03.1.2 Cookies on retinsight.com
When you visit our website, technically necessary cookies are stored on your computer. Cookies are small text files that are stored on your hard drive in conjunction with the browser you are using. They serve to make our offer more user-friendly and effective. Additionally, and as per the relevant info in the “cookie bar”, you as a visitor can choose to accept or decline the use of cookie(s) for our analytics solution “Matomo”.
03.1.3 Analytics on retinsight.com
Based on your acceptance, we are using the analytics solution “Matomo” in a self-hosted version. Doing this we can ensure that no data is processed in “the cloud” and we keep full control to secure your privacy.
03.2 Your contact with us
If you contact us via a form on the website or by e-mail, your data will be stored with us for six months in order to process the request and in case of follow-up questions. We do not share this data without your consent.
For the purpose of contract processing, the following personal data will be stored with us: contact person, e-mail address, telephone number, contracts and other contractual documents. The data provided by you is necessary for the performance of the contract or for the implementation of pre-contractual measures. Without this data, we cannot conclude the contract with you.
03.4 Employee data
The details of the processing of the data of our employees can be found in the document “Employee Data Protection Declaration”, which is accessible for all employees and persons who intend to become an employee.
03.5 Biometric data in the form of OCT scans
As a processor, we process biometric data in the form of retinal OCT scans. This data will only be transmitted to us in pseudonymous form.
The privilege of processing personal data goes hand in hand with our responsibility to treat this data ethically correct. We are committed to using data responsibly and transparently. RetInSight strives to adhere to high ethical standards in all areas of the company and to pursue an ethical, value-oriented culture in which problems are addressed quickly and visibly.
RetInSight treats all data in accordance with national and international laws and guidelines, as well as ethical standards and principles.
RetInSight processes image data that is classified as sensitive personal data, as the OCT images can be used to draw conclusions about the person’s health status. The protection of privacy is a central and sensitive issue both from a regulatory point of view and for RetInSight’s customers and cooperation partners. Retinal images are categorized as biometric data, since the unique vascular structure cannot be changed (similar to a fingerprint) and therefore can only be pseudonymized (not anonymized) according to current interpretation. RetInSight is aware that customer adoption of artificial intelligence (AI) technology is critical and develops and operates these algorithms in accordance with EU Code of Ethics for Trusted AI.
Pseudonymization means that we as processor cannot assign the collected data to specific patients, and all personally identifiable information (PII) remains with the direct healthcare provider. In addition, full encryption is already included in the development process.
Strict technical and organizational measures resulting from our data protection impact assessment ensure the highest level of privacy and security. All data is encrypted and processed only within the EU. The data sets are pseudonymized from the beginning and only a limited number of employees can access this data.
We are aware of our special responsibility and apply the strictest standards to enable the highest level of security and data protection.
04 Purpose and legal basis of data processing
04.1 Your visit at our website at www.retinsight.com
We want to enable a user-friendly experience of our website, avoiding any technical faults or malfunctions. We also want to ensure that we do provide the most relevant information, which may require to take into account certain personal information, such as the language in your browser settings or the country from where you are visiting our Services. The legal basis for the presented processing of personal data is our legitimate interest, i.e. Art. 6 sec. 1 lit. f) GDPR.
04.2 Your contact with us
When you contact us, we process your personal data to respond to your request. The legal basis for the processing of your personal data is the initiation of a contractual relationship on the basis of your request or an existing contractual relationship with you and thus Art. 6 sec. 1 b) of the GDPR or the protection of our legitimate interests, i.e. Art. 6 sec. 1 lit. f) GDPR.
The data processing is necessary for the fulfilment of the contract and therefore takes place on the basis of the legal provisions of Art 6 (1) lit b of the GDPR.
04.4 Your Cookie Consent
The data processing according to your consent in the “cookie bar” upon your first visit is based on Art. 6 sec. 1 lit. a) GDPR.
05 Transfer to 3rd parties
Data is not transferred to third parties, with the exception of the settled banking institutions / payment service providers for the purpose of processing the payment transactions, to the transport company/shipping company commissioned by us for the delivery of any documents as well as to our tax advisor for the fulfilment of our tax obligations. In specific areas, we cooperate with selected processors with whom we have concluded corresponding agreements in accordance with the GDPR.
06 Storage periods for personal data
Your data will be deleted as soon as you withdraw your consent or in general, as soon as the purpose of the data processing has ceased. In some cases, we are required by law to keep data for a period of time. As soon as this period has elapsed, we will delete this data in accordance with the data protection obligations.
07 Social-Media Plug-ins
For privacy reasons, we do not use Social-Media plug-ins.
08 Integrated third-party service tools
Our website does not include third-party service tools.
09 Your rights
You are entitled to access, rectify, delete, restrict, data portability, revocation and opposition with regard to your data stored by us. If you believe that the processing of your data violates data protection law or your data protection claims have otherwise been violated in any way, you can complain to us or the data protectionauthority, in Austria this is the data protection authority under www.dsb.gv.at.
Regardless of your rights, please contact us for any queries or suggestions via above mentioned channels (under item “Controller” or “Privacy Officer”) details! We look forward to hearing from you!