DATA PROTECTION CLAUSE

The protection of your data is not only important to us, but has top priority within our company. Thus, we can live up to the trust placed in us by our patients, business partners and employees that we will process your data in an appropriate manner. In particular in the field of healthcare, compliance with applicable legal regulations on the protection of personal data and data security is absolutely essential. Thus, compliance with the General Data Protection Regulation (GDPR) as well as complementary national data protection provisions is a matter of course for us. medalp Imst – Zentrum für ambulante Chirurgie Betriebs GmbH has numerous technical and organisational measures (TOM) in place in its business operations in order to ensure the processing of personal data with as little risk as possible. Pursuant to the General Data Protection Regulation, we are obliged to communicate certain information to you. We are happy to meet this obligation by means of this Data Protection Declaration in which we inform you about the type, scope and purpose of the personal data processed by us and the rights to which data subjects are entitled.

If you have any questions or concerns related to data protection, please do not hesitate to contact us or our data protection officer. More detailed information regarding the processing of personal data within our company is available on our website at: www.medalp.com/dsgvo

 

Contact Details of the Controller

medalp Imst – Zentrum für ambulante Chirurgie Betriebs GmbH
Medalp Platz 1 (A12, Exit 136)
6460 Imst
Austria
Phone: +43 5418 51100
Fax: +43 5418 51100 111
E-mail: info@medalp.com

 

Contact details of the Data Protection Officer

Smart Ventures GmbH
Kevin Schmidt
Valiergasse 60
6020 Innsbruck
Austria
Phone: +43 (0)664 11 22 092
E-mail: datenschutz@smartventures.at

Additional gender clause:

On this website, the female form of personal terms is equivalent to the male form. The female form has simply been omitted for the sake of simplification and better readability.

 

 

  

 

PATIENT

Purpose of Data Processing

The purpose of data processing is primarily the execution of the treatment contract. This shall include entry of the patient master data and collection of healthcare data in the course of the treatment. Furthermore, such data are needed for administrative purposes, e.g. for invoicing.

 

Legal Basis and Interests of Data Processing

-          Tiroler Krankenanstaltengesetz TirKAG [Tyrolean Health Institutions Act], in particular Sec. 14 (Secrecy Obligation), Sec. 15(1) (Maintenance of Medical Records) and Sec. 47 (Rights of the Social Insurance Agencies)

-          Versicherungsvertragsgesetz VersVG [Austrian Insurance Contract Act], in particular Sec. 11a (Processing of Data by Insurers)

-          Ärztegesetz ÄrzteG [Austrian Physicians Act], in particular Sec. 51 (Documentation Obligations and Provision of Information)

-          Krankenanstalten- und Kuranstaltengesetz KAKuG [Austrian Health Institutions and Sanatoria Act], ELGA Verordnung 2015 ELGA-VO 2015 [Austrian Electronic Health Record Regulation], Strafgesetzbuch StGB [Austrian Criminal Code] and Allgemeines Sozialversicherungsgesetz ASVG [Austrian General Social Insurance Act]

-          General Data Protection Regulation GDPR Art. 6(1) point (a) (consent to data processing), Art. 6(1) point (b) (performance of a contract), Art. 6(1) point (c) (fulfilment of legal obligations), Art. 6(1) point (d) (vital interests) and Art. 9(2) point (a) (consent to processing of special categories of data)

 

Recipients or Categories of Recipients

In order to prepare diagnoses and develop therapies and other preventive measures in the course of the treatment, it is necessary to cooperate and exchange data with other healthcare providers as they have specialist knowledge as well as devices in specific areas, thus allowing for optimal treatment. In order to clarify cost coverage, personal data are transferred to the respective private and social insurance providers. The recipients include the following categories: social insurance agencies, private insurers, healthcare providers (hospitals, physicians, laboratories...), insured persons, requesting visitors, emergency services, ELGA, processors, administrative authorities, courts, lawyers, Austrian Armed Forces, penal institutions and social welfare agencies.

 

Collection of Data from Other Sources

In order to be able to ensure optimum healthcare provision for patients across organisations and countries, it is necessary to have all relevant information at hand. Therefore, medalp Imst – Zentrum für ambulante Chirurgie Betriebs GmbH frequently requests and obtains personal data from other healthcare providers. This concerns treatment and diagnosis data. Thus, redundancy of examinations and treatments is prevented. In the course of correspondence with insurers, personal data (master and insurance data) can also be transferred to us by the competent insurance companies.

 

Storage Duration of the Data

The entire medical record as well as X-ray images, video recordings and other tools for the preparation of diagnoses are stored for at least 30 years and deleted thereafter. However, all data are archived and access to this data is blocked three years after the treatment. If a patient is admitted again, the block is removed and the three-year period starts over.

 

Provision of Data

The provision of personal data is mandatory for the performance of the treatment.

 

Further Processing of Data for Other Purposes

The data collected will exclusively be used for the activities in the course of the treatment.


 

 

VIDEO SURVEILLANCE

Purpose of Data Processing

Detailed list of the purposes of the individual video cameras:

-          car park: fulfilment of the duty to ensure public safety; prevention, containment and investigation of conduct relevant under criminal law, e.g. parking damage

-          helicopter pad: medical emergencies and incidents; prevention, containment and investigation of conduct relevant under criminal law; safety precautions

-          entry and exit doors: for the protection of property; prevention, containment and investigation of conduct relevant under criminal law, e.g. burglaries

-          front office and waiting room: prevention, containment and investigation of conduct relevant under criminal law, e.g. theft; medical emergencies and incidents of patients waiting

 

Legal Basis and Interests of Data Processing

-          General Data Protection Regulation (GDPR) Art. 6(1) point (d) (vital interest) and Art. 6(1) point (f) (legitimate interest of the data controller or a third party)

-          Datenschutzgesetz DSG [Austrian Data Protection Act], in particular Sec. 12 (image processing – legitimacy of image recording) and Sec. 13 (image processing – special data backup measures and marking)

-          Strafprozessordnung 1975 StPO [Austrian Code of Criminal Procedure], in particular Sec. 80 (right to report and to stop) and Sec. 109 et seq. (seizure)

-          works agreements

 

Recipients or Categories of Recipients

Within the company, only the system administrators as well as the staff of the wake-up/follow-up support department have access to the surveillance material. In addition, in its role as processor, the company ÖWD security systems GmbH & Co KG is engaged in processing. In principle, transfer to third parties is possible; however, this is subject to a concrete reason and/or overriding interest. The recipients include the following categories: security authorities, public prosecutor’s offices, courts, district courts, insurance companies, lawyers and police authorities.

-          ÖWD security systems GmbH & Co KG

Bayerhamerstraße 14c, 5020 Salzburg, Austria

Company ID number: ATU52497702

 

Storage Duration of the Data

The surveillance material will be stored for 72 hours for security purposes and preservation of evidence. In case of extraordinary events, such material may be stored for a longer period (for the duration of the investigation and/or clarification). Where applicable, the video material will be stored for the duration of the proceedings, including the statutory storage duration.

 

Provision of Data

Video surveillance is mandatory for the containment and investigation of conduct relevant under criminal and civil law.

 

Further Processing of Data for Other Purposes

The data collected will only be collected for the purposes set forth above and will not be further processed for any other purposes.

 


 

 

RIGHTS OF THE DATA SUBJECT

Right of Access

Pursuant to Art. 15 GDPR, you can request information whether and/or which personal data relating to you are processed within our company.

 

Right to Rectification

If we process inaccurate or incomplete data relating to you, these may be rectified pursuant to Art. 16 GDPR.

 

Right to Erasure

The relevant personal data can be erased at your request if the conditions of Art. 17 GDPR are met.

 

Right to Restriction of Processing

If the conditions pursuant to Art. 18 GDPR are met, your data can only be processed in a restricted form.

 

Right to Data Portability

We will transfer data which you have provided to us in an automated process in a structured, commonly used and machine-readable format (Art. 20 GDPR).

 

Right to Object

If processing is based on a legitimate interest, you have the right to object at any time pursuant to Art. 21 GDPR. If processing takes place for the purposes of direct marketing and profiling related thereto, this right shall exist without restrictions.

 

Right to Withdrawal

Any consent to the processing of personal data which has been granted can be withdrawn at any time. This shall not affect the lawfulness of the processing which was carried out before the time of withdrawal.

 

Right to Lodge a Complaint

You have the right to lodge a complaint with a supervisory authority (data protection authority) competent for you, in particular in the EU member state of your habitual residence, your place of work or the place of the alleged infringement if you are of the opinion that the processing of the personal data related to you violates the General Data Protection Regulation or that your rights as a data subject have been violated.

We would appreciate it if you contacted us beforehand to provide us with the opportunity to make a statement.

-          List of the supervisory authorities:

http://ec.europa.eu/newsroom/article29/item-detail.cfm?item_id=612080

-          Name and address of the Austrian Supervisory Authority:

Österreichische Datenschutzbehörde (DSB)

Wickenburggasse 8, 1080 Vienna

Phone: +43 1 521 52-25 69

E-mail: dsb@dsb.gv.at

Website: www.dsb.gv.at

 

 

medalp Imst - Zentrum für ambulante Chirurgie Betriebs GmbH


 medalp hotline 
+43 699 1611 9988     

medalp sportclinic - Imst

Medalp Platz 1
A-6460 Imst

 

Tel +43 5418 51100     

info@medalp.com 

 

medalp rehaclinic - Imst

Medalp Platz 1
A-6460 Imst

 

Tel +43 5418 51100 470     

rehaclinic@medalp.com