Data protection declaration
medlog Medizinische Logistik und Service GmbH
Status: November 2021
medlog Medizinische Logistik & Service GmbH takes the protection of private data very seriously.
We care very much about protecting your privacy, so personal data are only used within the provisions of this data protection declaration and the applicable legislative norms.
This data protection declaration describes the way personal data are used by our company, as well as how much is used and to what purpose. Hence, processing for the management of orders, applications and in the context of the website.
In general, our website can be used without providing personal details. However, if you use our contact form, wish to make direct contact with us, require information or offers concerning our services, or need us to process orders or collaborate within the framework of projects, you will be required to provide us with personal data.
For such purposes we request your consent if there is no other legislative basis for this according to Art. 6 paragraph 1 GDPR.
We have made numerous technical and organisational provisions to ensure the best possible protection of data provided via our contact form and our e-mail server. Internet-based data transfer and e-mail correspondence are prone to security gaps, so it is not possible to guarantee absolute data protection.
Hence, site users and customers are entitled to submit or hand over inquiries and project-related documents to us via alternative means, such as conventional postal delivery or hard copy on the occasion of a business appointment.
1. Contractor / person responsible / contact information
medlog Medizinische Logistik & Service GmbH Mathilde Beyerknecht Straße 9
A-3104 St. Pölten (Austria).
Website: www.medlog.at, Mail: firstname.lastname@example.org
Data Protection Officer: Not appointed. Legal provisions do not apply. Contact for data protection inquiries: Birgit Ebner.
2. Processing & forwarding your personal data
Personal data are items of information about people involved in communicational interaction whose identities have been revealed, or can be determined. Your personal data are solely processed and forwarded according to the provisions of this data protection declaration.
Based on your initial contact, in order to process your request, it may be necessary to save and process data.
If you choose to work with us, we set up a customer/project file used solely for the purpose of conducting tasks required for the implementation of your order or project. We are obliged to treat all data confidentially and not to make them accessible to unauthorised third parties.
The legal basis for such data processing is the implementation of precontractual measures and the implementation of contractual obligations according to Art. 6 paragraph 1 lit b GDPR. No contract can be closed with this company without provision of necessary data. In some cases, it may be necessary to process personal data in order to fulfil legal obligations according to Art. 6 paragraph 1 lit c GDPR (such as storage of accounting documents).
Furthermore, in order to provide services, it may be necessary to forward data to specific third parties, or to store and/or process data in the systems of external service providers: Forwarding of invoice details (name, address, amount billed, service description, service period, VAT ID number, service and project-related slips and documents) to our external tax advisors and accountants, Prosenz & Partner, 1190 Vienna (Austria), the processing and storage of project-related e-mails, documents and records via the IT infrastructure of external service providers (e-mail provider A1, Microsoft Office365 including OneDrive, Apple i Cloud etc.).
Wherever possible we advise you to avoid providing personal details, and to limit data transfer to information pertinent to your project.
Do not send us files/documents that enable conclusions to be made about any person’s health data.
The following personal information is provided on submission of an inquiry using the online contact form on the website, and is processed to deal with initial inquiries:
Company name, name of the contact person, delivery and invoice address(es), telephone number, e-mail address, pick-up address…
This is required for the establishment and administration of customer records, invoicing, accounting and order implementation.
Processing of applicant details
The only information collected, processed and stored when provided by applicants is the information they have made available. This includes, in particular, all data provided in application documents, plus the date of the application.
We collect, process and store your personal data in order to evaluate and process your application and, if considered appropriate, to identify adequate and suitable positions we can offer you. This is in accordance with any precontractual obligations (Art. 6 paragraph 1 lit b GDPR), and because it conforms with the requirements of ‘justified interest’ (Art. 6 paragraph 1 lit f GDPR), and particularly the legal duty to store these data set out in the provisions of the ‘Equal Treatment Act’.
Your data will be deleted no later than 7 months from the date you receive a rejection from us, you withdraw your application or you turn down an offer of employment. This period includes the six months required by the ‘Equal Treatment Act’ and one month for potential pursuance of legal action.
Should you not be offered employment, whether we wish to keep you in our records or you desire us to do so, you have consented to data processing in accordance with Art. 6 paragraph 1 lit a GDPR. This consent can be withdrawn without further explanation at any time.
3. Forwarding data to third parties or granting access to associated service providers
Above all, the personal data we store is used and processed according to the provisions of the law to justify your employment, for administrative purposes and to enable you to conduct your work. Hence, this necessitates the forwarding of/access to these data for third parties whenever such data are required to justify your activity, or enable you to conduct and manage tasks (e.g. to companies, service providers and third parties with whom you are in constant or project-related contact, and to our business associates and freight service subcontractors etc.).
Such third parties are logical choices according to the type and scope of the project / collaboration, or will be stated in writing.
If supplementary details are agreed which deviate from the original provisions, this shall require the signing of a separate declaration of confidentiality.
4. Collection of general data and information related to the website
Every page view on our website automatically provides a variety of data. These general data are stored in logfiles on the server in Austria.
What may be recorded?
a) Type and version of browser used
b) Operating system used by the system obtaining access
c) Country and town from which access is gained
d) Referrer URL (site and page visitor is referred from) and the sub-pages that direct to our site from the system that has gained access
e) Date and time of access to our website/page
f) The internet service provider of the system that has gained access
g) Host name and IP address of the device that has gained access
h) Other similar items of information that aid defence of our IT systems when under cyber attack
We do not use any of this general information to draw conclusions about individuals. The data is used to:
a) To ensure our internet content is correct
b) To optimise our internet content and promotional output
c) To ensure our IT systems and infrastructure for our website function smoothly
d) To provide the authorities involved in criminal investigations into cyber attacks with all necessary information.
These data are collected anonymously for statistical evaluation aimed at raising the standards of data protection and data security within our company; ultimately to guarantee an optimum level of protection for the personal data we use.
The anonymous server logfile data are stored separately from all data provided by an individual user.
Your IP address is not saved or processed for statistical research (e.g. access statistics). IP addresses have already been removed/deleted from older statistics.
5. Rights of affected individuals
If you demand so in writing and your identity can be suitably proven, we shall be obliged to inform you – without charge – about our source, the recipient and the reason for processing your data.
If you demand so, we shall be obliged to correct our information, block it or delete it due to your justified application to this end. Furthermore, you are entitled to restrict data processing and data transfer, and to contact the address in point 1 at any time.
In as far as the use of data is not a legal obligation, you are entitled to object to their use at any time.
Should you object to the processing of your personal data, we will cease to do so, unless we are under obligation to do so for a justifiable reason of greater importance than the protection of your interests, rights or freedoms; or if processing the data serves the enforcement, exercising or defence of legal rights.
If we use your personal data to distribute direct advertising, you shall be entitled to object to the processing of your personal data for the purpose of distributing such advertisements at any time. If you object to the processing of your personal data, we will cease to do so for the above-mentioned purpose.
Furthermore, for reasons arising from your own particular situation, you are entitled to object to our use of your personal data for scientific, historical or statistical purposes, unless processing is required for the fulfilment of a task in the interest of the general public.
You are entitled to revoke consent to the use of your personal data at any time.
If you believe our processing of your data violates data protection legislation, or violates your information privacy rights in any other way, you are entitled to lodge a complaint with the responsible supervisory authority. In Austria this is the Data Protection Authority.
6. Data security
We consider data security to be a very important issue. Data security measures should guarantee the confidentiality and integrity of your personal data. We implement several measures to ensure this is the case, such as the following: HTTPS, encoding (SSH, STARTTLS or TLS / SSL, password hashing etc.).
7. Data storage
Your data is only stored for the period it is required to fulfil a purpose, or as long as is legally required. Please note, some data may be stored after completion of contractual obligations – as is the case when data availability is a legal obligation.
8. Newsletters and other promotional activities
To the degree required and when situationally relevant, we also use your personal data to inform you of important individual developments.
We provide a standardised newsletter if you have consented to the provision of general information, and will remove you from the distribution list if you withdraw consent.