Demo buchen
Below you will find our data protection information, published on 05.12.2024.
We take the protection of personal data and your privacy very seriously. We would like to take this opportunity to explain how we protect your data and what it means for you when you use our services. To ensure the greatest possible protection of your privacy, it goes without saying that we comply with all legal provisions on data protection. You will find an overview of the individual points below.
We would also like to point out that in this data protection information, references to natural persons are only made in the masculine form but refer to women and men in the same way. When applying the term to certain natural persons, the respective gender-specific form must be used. Customers are understood to include both consumers and (representatives of) companies.
hi.health GmbH
Address: Mariahilfer Straße 117/2/23, 1060 Vienna, Austria
Authorized representative: Sebastian Gruber
Email: privacy@hi.health
Imprint: https://www.hi.health/legal/imprint
Wolfgang Renzl, Lawyer
PARLAW Rechtsanwalts-Partnerschaft
Hegelgasse 19/5+6 (1. Etage), 1010 Wien
Email: office@parlaw.at
Keeping a website and social media channels available to provide information about the company, the person responsible and its products.
4.1.1. Keeping information about the controller's services available for customers and interested parties
4.1.2. Provision of communication channels for the dissemination of content and servicing of the customer relationship
4.2.1. Provision of advertising information to customers, in particular newsletters and contact forms, on the basis of consent with the option to opt out at any time.
Online services: The use of the controller's online services is based on a contract within the meaning of Article 6(1)(b) GDPR.
Consent: For individual services (e.g. newsletters), the controller expressly obtains consent from the customer. This consent can be revoked at any time with effect for the future.
IT security: The controller stores the IP addresses of mere visitors to the website for a period of 7 days in order to be able to defend against targeted attacks in the form of server overload (‘denial of service’ attacks) and other damage to the systems. The controller has an overriding legitimate interest in this data processing for the purpose of maintaining the functionality of its online services (Recital 49 of the GDPR).
There is no change of purpose.
An evaluation of personal aspects of the customer does not take place.
The customer is not obliged to provide data. However, meaningful use of the controller's services requires the truthful provision of the requested data.
The customer is not subject to any automated decision-making that has a legal effect on them.
No other data sources are used.
The controller expressly reserves the right to use additional data processors. These will then be identified in the update of the data protection information following the start of the assignment. This data processing by the commissioned data processors takes place under the responsibility of the controller.
The following data is transferred to countries outside the EU in the course of data processing:
Country: USA
Processor: Webflow
Data points: name, email, phone number, comments, other contact information; and any other personal data that an End User submits to Customer through a free form textbox.
Legal basis for transmission: Adequacy decision of 10 July 2023, “EU-US Data privacy framework”
Country: USA
Processor: Google (Server location EU)
Data points: Name, email, address, telephone number, date of birth, billing data
Legal basis for transmission: Adequacy decision of 10 July 2023, “EU-US Data privacy framework”
Country: USA
Processor: Atlassian (Server location EU)
Data points: Selective email, user ID, name for technical support
Legal basis for transmission: Adequacy decision of 10 July 2023, “EU-US Data privacy framework”
Country: USA
Processor: Zendesk, Inc. (Server location EU)
Data points: Selective email, user ID, name for technical support
Legal basis for transmission: Adequacy decision of 10 July 2023, “EU-US Data privacy framework”
The controller informs that it maintains independent online presences on social media channels for the purposes of advertising and communicating with customers. In these online presences, the customer's data may be processed outside the European Union, which poses an increased risk of data protection violations. These online presences are kept accessible in the technical environment of the respective social media operator. The social media operators then use the customer's visit to the online presence for their own purposes, in particular to display (interest-based) advertising. The social media operators use the visit to store ‘cookies’ on the customer's end device, to read existing cookies/identifiers, to infer the customer's interests from their usage behaviour and thus to enrich the usage profile created for the customer or identifier. The aim of this is to display interest-based advertising to the customer, which may also be displayed on third-party websites visited later. The processing of the customer's personal data is based on the overriding legitimate interests of the controller in the advertising measures and customer communication, which are protected by the freedom of acquisition (Art 6 StGG) and freedom of communication (ins. Art 10 ECHR, which also protects advertising measures) under convention and constitutional law. If the customers are users of the social media channels, the data processing may also be covered by the customer's consent. The controller informs the customer that it has no access to the customer's data. The controller therefore recommends that customers contact the respective social media channel directly if they wish to assert their rights to information, rectification, erasure, restriction, objection and data portability. Users of social media channels can also make changes to their privacy settings themselves. The controller will support the customer in this if necessary.
The customer can find further information at:
Facebook (Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Irland)
Privacy policy: https://www.facebook.com/about/privacy
OptOut: https://www.facebook.com/settings?tab=ads and http://www.youronlinechoices.com
Google/YouTube (Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA)
Privacy policy: https://policies.google.com/privacy
Opt-Out: https://adssettings.google.com/authenticated
Instagram (Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA)
Privacy policy/Opt-Out: http://instagram.com/about/legal/privacy
LinkedIn (LinkedIn Ireland Unlimited Company, Wilton Place, Dublin 2, Irland)
Privacy policy: https://www.linkedin.com/legal/privacy-policy?trk=uno-reg-guest-home-privacy-policy
Non-registered users: The personal data (in particular IP address) of (non-registered) website visitors is stored for 7 days for IT security purposes and then deleted.
Legal basis for contractual relationship: The personal data is generally processed by the controller until 40 months after the last business transaction (= fulfilment or termination of the contract) and then deleted. The end of the contractual relationship is agreed after 5 years of inactivity.
Legal basis consent: The controller processes the personal data until the consent is withdrawn (possible at any time), but in any case after 5 years of inactivity.
Legal basis legal obligation (in particular invoice data): Insofar as there is a legal obligation to retain data, in particular pursuant to Section 132 (1) BAO, personal data processing of (billing) relevant data will continue in any case until the end of the legal obligation to retain data (currently generally 7 years after the end of the financial year in which the data was collected).
Art 15 GDPR ‘Information’: The customer has the right to request information as to whether and to what extent personal data relating to them is being processed.
Art 16 GDPR ‘Rectification’: The customer has the right to request the rectification of inaccurate personal data or the completion of incomplete personal data without undue delay.
Art 17 GDPR ‘Erasure’: The customer has the right to request that the personal data be erased without undue delay, provided that the reasons stated in Art 17 (1) GDPR are fulfilled.
Art 18 GDPR ‘Restriction’: The customer has the right to request that the processing of personal data be restricted, provided that the reasons stated in Art 18 (1) GDPR are fulfilled.
Art 21 GDPR ‘Objection’: The customer has the right to object to the processing of their personal data on the basis of overriding legitimate interest.
Art 20 GDPR ‘Data portability’: The customer has the right to receive the personal data they have provided in a structured, commonly used and machine-readable format.
Art 77 GDPR§ 24 'DSG': Every customer has the right to lodge a complaint with the supervisory authority if they believe that the processing of their personal data violates this regulation.
Austrian Data Protection Authority
Barichgasse 40-42; 1030 Vienna, Austria
Phone: +43 1 52 152-0
E-mail: dsb@dsb.gv.at
This privacy policy may be subject to change over time. We recommend that you check the privacy policy regularly for possible changes.