This privacy information provides details about the processing of your personal data when you visit our website (hereinafter referred to as “we” or “us”).

Scope of this Privacy Information

This privacy information applies to the use of the website of Priv. Doz. OA Dr. Werner Wackernagel and the measures related to the purchase for the execution and reversal of the contract, the creation of a customer account, the sending of newsletters, further information emails, and customer services.

Controller Responsible for the Processing of Your Personal Data

Unless explicitly stated otherwise in this document, the controller responsible for the processing of your personal data under data protection law is:

Priv. Doz. OA Dr. Werner Wackernagel

Merangasse 30
8010 Graz

Tel.: 0660 / 505 818 0
Email: ordination@wackernagel.at

Definitions

This privacy information is based on the following central data protection terms, which we have presented below for easier understanding:

  • GDPR means the EU General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC).
  • Recipient is a natural or legal person, public authority, agency, or another body to which the personal data are disclosed, whether a third party or not. However, public authorities which may receive personal data in the framework of a particular inquiry in accordance with Union or Member State law shall not be regarded as recipients; the processing of those data by those public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

Examples of possible recipients: banks and payment service providers; logistics companies; shipping service providers; IT service providers.

  • Personal data means any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

Examples of personal data: name; contact details; bank and credit card details.

  • Controller is the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data. Where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law.
  • (Data) processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

Purposes and Legal Bases for the Processing of Your Personal Data

When you access our website to find out about our products and services, purchase products in our online shop, or otherwise actively transmit information to us, we process your personal data for the following purposes and on the basis of the following legal grounds:

Provision of the Website and IT Security

When you visit our website, we process your personal data that is technically necessary for us to display our website to you and to ensure stability and security during your visit. For this purpose, we process the following data, which may be personal data:

  • IP address
  • Browser type and version
  • Operating system and platform
  • The complete Uniform Resource Locator (URL)

The aforementioned data are stored in server log files for security purposes and are automatically deleted after [7] days.

This data processing is necessary for the provision of our website (legal basis: Art. 6 (1) (b) GDPR) and to safeguard our legitimate interest in ensuring IT security (legal basis: Art. 6 (1) (f) GDPR).

When you visit our website, we also process data (which may be personal), such as your language setting in the browser, to automatically display a localized version of our website, specifically one adapted to your language. This data is stored for [3] months.

This data processing is necessary to safeguard our legitimate interest in the automated, demand-oriented provision of our website (legal basis: Art. 6 (1) (f) GDPR).

Google Maps

To make it easier to find our location, we use the map plugin “Maps” from Google LLC (“Google”). If you agree to the use of the tool through the “two-click solution” implemented on our website, your data will be transmitted to Google servers in the USA. No data transfer to Google takes place before your (explicit) consent.

This data processing is carried out on the basis of your consent (legal basis: Art. 6 (1) (a) GDPR). The transfer of your personal data to the USA, which constitutes a third country within the meaning of the GDPR and therefore requires a separate legal basis for transfer, takes place on the basis of your explicit consent (legal basis: Art. 49 (1) (a) GDPR).

Contact Form and Data Transmission via Email

Our website contains a contact form through which you can send us an inquiry. In doing so, the personal data you provide in the free text field and the fields marked as necessary on the website will be processed. Furthermore, you have the option to contact us via email. In this case, the data you provide in this manner will also be processed. Depending on the purpose of your contact, we delete the associated data in most cases after the purpose has been achieved or, in any case, after the end of a statutory retention period.

This data processing is necessary for the performance of a contract with you and constitutes a pre-contractual measure (legal basis: Art. 6 (1) (b) GDPR) or serves to answer a contact inquiry made for other reasons, which we answer based on our legitimate interest (legal basis: Art. 6 (1) (f) GDPR).

Withdrawal of Consent

If you have given us consent for the processing of your personal data, you can withdraw it at any time. The withdrawal of your consent is effective for the future. The lawfulness of the processing of your personal data up to the time of withdrawal remains unaffected.

Please send your withdrawal to ordination@augenzentrum-graz.at.

If you withdraw your consent, we will process your personal data collected in this context to respond to your request. This data processing is necessary to fulfill a legal obligation (Art. 6 (1) (c) GDPR).

Your Other Data Protection Rights

In accordance with the GDPR, you can request from us at any time that we

  • provide you with information about the personal data concerning you that we process (Art. 15 GDPR),
  • rectify personal data concerning you that is inaccurate (Art. 16 GDPR),
  • erase (Art. 17 GDPR), block (Art. 18 GDPR), and/or release/transfer (Art. 20 GDPR) your personal data stored by us.

Please send your respective request, stating at least your first and last name, by email to ordination@eyeside.at or in writing to Augenzentrum Graz, Merangasse 30, 8010 Graz.

If you assert your rights against us, we will process your personal data collected in this context to respond to your request. This data processing is necessary to fulfill a legal obligation (Art. 6 (1) (c) GDPR).

Without prejudice to your rights against us described above, you may lodge a complaint with the competent supervisory authority for data protection if you believe that the processing of personal data concerning you by us violates the GDPR (Art. 77 GDPR). In Austria, this is the Data Protection Authority (Datenschutzbehörde).

Last updated: 2023-10-12