Privacy policy

1. General

For us, ARISTRA GmbH (short "ARISTRA") as the responsible party under data protection law, the security and transparent handling of your personal data is an important concern.

Hereby we inform you about the collection and processing of your personal data (all information that directly or indirectly relates to you/identifies you or makes you identifiable) in the course of your visit to our website.

2. Data Processing

We collect and process your personal data exclusively for the following purposes and in accordance with the DSGVO.

2.1 Visit to our website

As soon as you open our website, we collect and store personal data (traffic data, such as internet browser version, time of request, IP address) in website protocol and log files that your internet browser automatically transmits to us. The legal basis for this processing is our overriding legitimate interest (Art 6 paragraph 1 lit f DSGVO) in the form of the security and protection of our website, the evaluation of visitor statistics, as well as the optimization of our website in connection with system performance, user-friendliness and the provision of useful information about our products and services.

We do not combine this personal data with other personal data sources. However, we reserve the right to check this data retrospectively if we become aware of specific indications of unlawful use.

There are also no fully automated evaluations. There is therefore no automated decision-making including profiling in accordance with Art. 22 DSGVO.

2.2 Cookies and social media plugins

Cookies are small text files that store and/or read various information on your computer when you call up our website. Some cookies are necessary and required for the operation of our website. We use all other cookies (non-essential cookies) to make our website more user-friendly, effective and secure, as well as to perform statistical visitor evaluations and to better promote our products and services. In addition, we use cookies to recognize our website visitors and to enable related comfort features of our website.

Social media plugins from the various social media providers (Facebook, Instagram, LinkedIn, etc.) allow content such as buttons, photos, links or videos, as well as a preview of content, to be displayed or embedded directly on our website. This allows visitors to our website to share displayed or embedded content within their networks, making it easier for their networks to become aware of our website as well as our social media channels. As soon as you call up this content, cookies of the social media providers that are not necessary are sometimes stored on your computer and data is transmitted to the respective social media provider, stored and processed. Social media plugins and non-essential cookies are subsequent collectively referred to as "non-essential cookies".

The legal basis for the processing of non-essential cookies is your voluntary consent (Art. 6 para. 1 lit. a DSGVO) by selecting the respective categories in our cookie banner and subsequent confirmation with "Allow selection" when calling up our website. Supplementary information on the non-essential cookies used by us (see cookie banner when calling up the website) can be found here:

2.2.1 Cookiebot

We use a cookie set on our website to check whether the cookie popup for consent has already been displayed to you and to recognize your selected setting. In doing so, we only store your IP address and the information whether the cookie popup is disabled for you or not. This cookie is deleted after 12 months.

2.2.2 Google

We use different cookies of the provider Google Inc. (1600 Amphitheatre Parkway Mountain View, CA 94043, USA or if you are a resident of the EU, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland) on our website. YouTube is a company of Google.

Analytics: "Google Analytics" cookies are used to analyze interaction with the website. Google Analytics collects data about the apps, browsers and devices you use when accessing our website. This data also includes unique identifiers, the type and settings of the browser, the type and settings of the device, the operating system, information about the mobile network such as the name of the mobile provider and the phone number, and the version number of the app.

YouTube: Cookies from YouTube collect data to track user preferences for embedded YouTube videos; it may also collect whether the website visitor is using a new or old version of the YouTube interface. We use YouTube on our website to display and play content from YouTube on our website and to make it easier for you to share or bookmark content.

reCAPTCHA: We use "reCAPTCHA" on our website to determine whether actions and movements on our website are actually performed by humans. The reCAPTCHA algorithm checks already before a click on "I am not a robot" whether other Google cookies (YouTube, Gmail etc.) are already placed on your browser as well as whether "click speeds" are unusually high. Depending on the result of the analysis, the "I am not a robot" feature will be displayed to you. reCAPTCHA sets cookies in your browser in this context. [DL1]

"The information generated by Google cookies about your website use is usually transferred to a Google server in the USA and stored there. In the event that IP anonymization is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. Under the terms of the commissioned data agreement that we have concluded with Google Inc., the latter uses the information collected to create an evaluation of website use and website activity and provides services associated with internet use.

You can use a browser plugin to prevent the information collected by cookies (including your IP address) from being sent to and used by Google Inc. The following link will take you to the corresponding plugin: http://tools.google.com/dlpage/gaoptout?hl=de. Your personal data will be deleted or anonymized after 12 months.

For more information on data use or data processing by Google, setting and objection options, please refer to Google's privacy information:"
https://policies.google.com/technologies/adshttps://adssettings.google.com/authenticatedhttps://policies.google.com/privacy?hl=en&gl=en
The U.S. Foreign Intelligence Surveillance Act (FIS Act) and other U.S. laws stipulate that U.S. telecommunications companies and U.S. Internet service providers, among others, are obliged to provide information to the U.S. authorities without a court order, which means that users abroad (such as in the EU) can also be monitored. In the U.S., therefore, there is no effective protection of fundamental rights comparable to the European fundamental right to privacy. As a US company, Google is subject to these legal regulations.

2.2.3 Facebook

We use cookies from the social network facebook.com (Facebook Inc. 1601 S. California Ave, Palo Alto, CA 94304, USA or if you are a resident of the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) on our website to make it easier for you to share or bookmark content. By using these features, cookies may be stored on your device. Through these, behavioral data, such as URL of the previously visited website, URL of the respective page accessed, products/services visited, products/services ordered, URL of the respective page accessed, time of visit, length of stay, time of browser access and number of page views are stored. Furthermore, technical data is collected, such as information about operating system, hardware and software versions, battery level, signal strength, available memory, browser type, app and file names and types as well as plugins, the operations and activities performed on the device, for example, whether a window is in the foreground or background or mouse movements (this can help, distinguish humans from robots), unique identifiers, device IDs and other identifiers such as those of games, apps, or accounts being used, and family device IDs (or other identifiers unique to Facebook companies' products associated with the same device or account). In addition, Bluetooth signals and information about nearby Wi-Fi access points, beacons and wireless cell towers, information that you allow to be obtained through your enabled device settings, such as access to GPS location, may be collected. You can find more information about Facebook's data use or data processing at:
https://www.facebook.com/policy.php
The U.S. Foreign Intelligence Surveillance Act (FIS Act) and other U.S. laws stipulate that U.S. telecommunications companies and U.S. Internet service providers, among others, are obliged to provide information to the U.S. authorities without a court order, which means that users abroad (such as in the EU) can also be monitored. In the U.S., therefore, there is no effective protection of fundamental rights comparable to the European fundamental right to privacy. As a US company, Facebook is subject to these legal regulations.

2.2.4 Vimeo

We use cookies from Vimeo (Vimeo, Inc, 555 West 18th Street, New York, New York 10011, USA) on our website. Cookies from Vimeo collect data to track user preferences for Vimeo videos embedded in websites and to store information such as the volume selected or the timing of playback. We use Vimeo on our website to display and play content from Vimeo on our website and to make it easier for you to share or bookmark content. For more information about Vimeo's data use and processing, please visit
https://vimeo.com/privacy
The U.S. Foreign Intelligence Surveillance Act (FIS Act) and other U.S. laws provide that, among other things, U.S. telecommunication companies and U.S. Internet service providers are obligated to provide information to the U.S. authorities without a court order, which means that surveillance of users abroad (such as the EU) is also possible. In the U.S., there is therefore no effective protection of fundamental rights comparable to the European fundamental right to privacy. As a US company, Vimeo is subject to these legal regulations.

2.2.5 LinkedIn

We use cookies from the social occupational network LinkedIn (LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA or if you are an EU resident, LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland) to make it easier for you to share or bookmark content. Through these features, information about your activities on the Internet, including those on our website, may be logged. LinkedIn is a Microsoft company. For more information about LinkedIn's data use or processing, please visit:
https://www.linkedin.com/legal/privacy-policy
The U.S. Foreign Intelligence Surveillance Act (FIS Act) and other U.S. laws provide that, among other things, U.S. telecommunication companies and U.S. Internet service providers are obligated to provide information to the U.S. authorities without a court order, which means that surveillance of users abroad (such as the EU) is also possible. In the U.S., there is therefore no effective protection of fundamental rights comparable to the European fundamental right to privacy. LinkedIn as a US company is subject to these legal regulations.

2.2.6 Twitter

We use cookies from Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 USA) on our website to make it easier for you to share or bookmark content. These features may log information about your activities on the Internet, including those on our website. For more information about Twitter's data use or processing, please visit:
https://twitter.com/de/privacy
The U.S. Foreign Intelligence Surveillance Act (FIS Act) and other U.S. laws provide that, among other things, U.S. telecommunication companies and U.S. Internet service providers are obligated to provide information to the U.S. authorities without a court order, which means that surveillance of users abroad (such as the EU) is also possible. In the U.S., there is therefore no effective protection of fundamental rights comparable to the European fundamental right to privacy. As a US company, Twitter is subject to these legal regulations.

2.2.7 hCaptcha

We use the hCaptcha anti-bot service (hereinafter "hCaptcha") on our website. This service is provided by Intuition Machines, Inc, a Delaware US Corporation ("IMI"). hCaptcha is used to check whether data entered on our website (such as login data or contact forms) has been entered by a human or an automated program. To accomplish this, hCaptcha analyzes the behavior of visitors to the website or mobile app, based on various characteristics. This analysis starts automatically when a visitor visits a part of the website or mobile app that has hCaptcha enabled. For the analysis, hCaptcha examines various information (such as IP addresses, how long a visitor stays on the website or app, and mouse movements made by the visitor). The data collected during the analysis is forwarded to IMI. The hCaptcha analysis in "invisible mode" can run completely in the background. Website or app visitors are not notified separately as long as no direct check is performed. Data protection is based on Art. 6(1)(f) of the GDPR (DSGVO): the website or app operator has a legitimate interest in protecting the site from abusive automatic crawling or spam. IMI acts as a "data processor" on behalf of its customers, as defined in the GDPR, and as a "service provider" under the California Consumer Privacy Act (CCPA).

For more information about hCaptcha and IMI's Privacy Policy and Terms of Use, please visit the following links:
https://hcaptcha.com/privacy/https://hcaptcha.com/terms

2.2.8 WPML

WPML uses cookies to identify the visitor’s current language, the last visited language and the language of users who have logged in.

While you use the plugin, WPML will share data regarding the site through Installer. No data from the user itself will be shared.
For more information about WPML and it's Privacy Policy, please visit the following link:
https://wpml.org/de/documentation-3/privacy-policy-and-gdpr-compliance/

2.3 Social media channels

Our website uses various social media channels so that you can also follow us through these channels and share content within your network. Below you will find information on the social media channels we use. Regardless of the legal basis for the creation of the respective accounts on the various social media channels as well as processing by the social media channels, we process the data mentioned below on the basis of our overriding legitimate interest (Art. 6 para. 1 lit. f DSGVO), which lies in increasing our marketing reach or our level of awareness.

2.3.1 Facebook

We use Facebook (Facebook Inc. 1601 S. California Ave, Palo Alto, CA 94304, USA or if you are a resident of the EU, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland) to increase our reach and thus better reach potential customers and interested parties and to facilitate the sharing or bookmarking of content. Facebook provides us with so-called page insights as part of the ARISTRA pages on Facebook. With the help of this information, we receive insights about how you interact with our pages and with the linked content. Because we collect this data jointly with Facebook, we are together responsible with Facebook for the collection of this data. For an overview of the agreement we have with Facebook, please visit:
https://www.facebook.com/legal/terms/page_controller_addendum
In this context, Facebook assumes the obligations under the GDPR for the processing of Insight Data (including Articles 12 and 13 GDPR, Articles 15 to 21 GDPR, Articles 33 and 34 GDPR).For more information on data use or data processing by Facebook, please visit:
http://www.facebook.com/policy.php
The U.S. Foreign Intelligence Surveillance Act (FIS Act) and other U.S. laws stipulate that U.S. telecommunication companies and U.S. Internet service providers, among others, are obliged to provide information to the U.S. authorities without a court order, which means that users abroad (such as in the EU) can also be monitored. In the U.S., there is therefor no effective protection of fundamental rights comparable to the European fundamental right to privacy. As a US company, Facebook is subject to these legal regulations.

2.3.2 Instagram

We use Instagram (Facebook Inc. 1601 S. California Ave, Palo Alto, CA 94304, USA or if you are an EU resident, Facebook Ireland Ltd, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland), which is a part of the Facebook company group, to increase our reach and thus better reach potential customers and interested parties and to facilitate the sharing or bookmarking of content. Instagram provides us with so-called page insights as part of the Aristra pages on Instagram. With the help of this information, we obtain insights into how you interact with our pages and with the linked content. As with Facebook (see point 3.3.1.), we are also jointly responsible for the collection of this data in the case of Instagram use. In this context, Facebook assumes the obligations under the GDPR for the processing of Insight Data (including Articles 12 and 13 GDPR, Articles 15 to 21 GDPR, Articles 33 and 34 GDPR). For more information about Instagram's data use or processing, please visit: 
https://help.instagram.com/519522125107875
The U.S. Foreign Intelligence Surveillance Act (FIS Act) and other U.S. laws provide that, among other things, U.S. telecommunication companies and U.S. Internet service providers are obligated to provide information to the U.S. authorities without a court order, which means that surveillance of users abroad (such as the EU) is also possible. In the U.S., there is thus no effective protection of fundamental rights comparable to the European fundamental right to privacy. As a US company, Instagram is subject to these legal regulations.

2.3.3 LinkedIn

We use LinkedIn (LinkedIn Corporation, 1000 W. Maude Avenue, Sunnyvale, CA 94085, USA or if you are an EU resident, LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland) to increase our reach and thus to better reach potential customers and interested parties and to facilitate the sharing or bookmarking of content. LinkedIn provides us with so-called page insights as part of the ARISTRA pages on LinkedIn. Using this information, we gain insights into how you interact with our pages and with related content. Since we collect this data jointly with LinkedIn, we are together responsible with LinkedIn for the collection of this data. For an overview of the agreement we have entered with LinkedIn, please visit: 
https://legal.linkedin.com/pages-joint-controller-addendum
In this context, LinkedIn assumes the obligations under the GDPR for the processing of Insight Data (including Articles 12 to 22 and 32 to 34 GDPR). You can find more information about data use or data processing by LinkedIn at:
https://www.linkedin.com/legal/privacy-policy
The U.S. Foreign Intelligence Surveillance Act (FIS Act) and other U.S. laws provide that U.S. telecommunication companies and U.S. Internet service providers, among others, are obliged to provide information to the U.S. authorities without a court order, which means that surveillance of users abroad (such as in the EU) is also possible. In the U.S., there is therefore no effective protection of fundamental rights comparable to the European fundamental right to privacy. LinkedIn as a US company is subject to these legal regulations.

2.3.4 Vimeo

We use Vimeo (Vimeo, Inc, 555 West 18th Street, New York, New York 10011, USA) to increase our reach and thus better reach potential customers and interested parties and to facilitate the sharing or bookmarking of content. Vimeo provides us with so-called page insights as part of the ARISTRA pages on Vimeo. Using this information, we gain insights into how you interact with our pages and with related content. Because we collect this information jointly with Vimeo, we are together responsible with Vimeo for the collection of this information. Vimeo does not currently provide an Art 26 GDPR agreement. For more information about Vimeo's data use or processing, please visit:
https://vimeo.com/privacy
The U.S. Foreign Intelligence Surveillance Act (FIS Act) and other U.S. laws provide that U.S. telecommunication companies and U.S. Internet service providers, among others, are obligated to provide information to U.S. authorities without a court order, which makes it possible to monitor users abroad (such as in the EU). In the U.S., there is therefore no effective protection of fundamental rights comparable to the European fundamental right to privacy. As a US company, Vimeo is subject to these legal regulations.

2.3.5 YouTube

We use YouTube (Google Inc. 1600 Amphitheatre Parkway Mountain View, CA 94043, USA or if you are a resident of the EU, Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland), as part of the Google group of companies, to increase our reach and thus better reach potential customers and interested parties and to facilitate the sharing or bookmarking of content. YouTube provides us with so-called page insights as part of the ARISTRA pages on YouTube. Using this information, we gain insights into how you interact with our pages and with related content. Because we collect this data jointly with YouTube, we are together responsible with YouTube for the collection of this data. YouTube does not currently provide an Art 26 DSGVO agreement. For more information on data use or data processing by YouTube, please visit:
https://policies.google.com/privacy?hl=en
The U.S. Foreign Intelligence Surveillance Act (FIS Act) and other U.S. laws stipulate that U.S. telecommunication companies and U.S. Internet service providers, among others, are obliged to provide information to the U.S. authorities without a court order, which means that users abroad (such as in the EU) can also be monitored. In the U.S., there is no effective protection of fundamental rights comparable to the European fundamental right to privacy. As a US company, Google is subject to these legal regulations.

2.3.6 Twitter

We use Twitter (Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 USA) to increase our reach and thus better reach potential customers and interested parties and to facilitate the sharing or bookmarking of content. Twitter provides us with so-called page insights as part of the ARISTRA pages on Twitter. With the help of this information, we obtain insights into how you interact with our pages and with the linked content. Because we collect this data jointly with Twitter, we are together responsible with Twitter for the collection of this data. Twitter does not currently provide an Art 26 GDPR agreement. For more information on data use or data processing by Twitter, please visit:
https://twitter.com/de/privacy
The U.S. Foreign Intelligence Surveillance Act (FIS Act) and other U.S. laws provide that U.S. telecommunication companies and U.S. Internet service providers, among others, are obliged to provide information to the U.S. authorities without a court order, which means that surveillance of users abroad (such as in the EU) is also possible. In the U.S., there is therefore no effective protection of fundamental rights comparable to the European fundamental right to privacy. As a US company, Twitter is subject to these legal regulations.

2.4 General contact form

If you contact us via the form on our website, we process your personal data (contact details; any information you provide in the free text field) to process the request. The legal basis for this processing are pre-contractual measures (Art. 6 para. 1 lit. b DSGVO).

2.5 Forms for making appointments

If you make an appointment via the patient form on our website, we process your personal data (contact data of the patient and/or physician, patient and examination data; as well as all information you provide in the free text fields) to process and coordinate the request or to make an appointment. The legal basis for this processing are pre-contractual measures (Art. 6 para. 1 lit. b in conjunction with Art. 9 para. 2 lit h in conjunction with Art. 9 para. 3 DSGVO). The contact details are also used to confirm appointments via email, SMS or telephone as well as to remind you of the respective appointment before it takes place.

If you make an appointment via our website, we process your personal data (doctor/patient, contact details; any information Sue provides to us in the comments field) to process the appointment request. In principle, we do not pass on the data from your appointment request to anyone, however, under certain circumstances if this is necessary for the execution of the appointment, to medneo GmbH, Hausvogteiplatz 12, 10117 Berlin, Germany (www.medneo.com) as the operator of the respective diagnostic center. The legal basis for this processing are pre-contractual measures (Art 6 para 1 lit b DSGVO).

2.6 Newsletter

If you have registered for our newsletter, we process your personal data (contact details). The legal basis for this processing is your voluntary consent (Art 6 para 1 lit a DSGVO).

If there is an active contractual relationship between us, we have a legitimate interest (Art 6 para 1 lit f DSGVO) in informing you by e-mail about news and information about our products and services in accordance with our contractual relationship.

3. Transmission of data to third parties

The processing of personal data collected in the course of website use may be carried out by our order processors. These processors are in particular IT service providers, software solution providers and similar providers. We have concluded a processor agreement with each of our processors in accordance with Art 28 DSGVO.

Especially in connection with our social media channels, processing is also carried out by the providers of these channels. Please refer to the information on the respective providers in section 2.3.

4. Storage period

Your personal data will only be stored for as long as is necessary to fulfill the purposes outlined above and our contractual or legal obligations. As soon as we no longer need your personal data, we will irrevocably delete or anonymize it (so that a traceability to you is irretrievably excluded). As far as we process your data on the basis of your consent, this will be done until you revoke it, whereby the revocation of your consent will not affect the lawfulness of the processing carried out on the basis of the consent until revocation.

5. Data security

We protect your personal data by appropriate organizational and technical precautions according to the state of the art. These precautions relate in particular to protection against unauthorized, illegal or even accidental access, processing, loss, use and manipulation.

6. Your rights (data subject rights)

As a visitor to our website, you have the right at any time to request information about your personal data stored by us, its origin, any recipients and the purpose of data processing, correction, data transmission, restriction of processing, blocking or deletion of incorrect or unlawfully processed personal data, as well as to object to the lawfulness of the processing. In addition, you have the right to complain with the competent supervisory authority under data protection law.

If we process personal data on the basis of your voluntarily given consent, you can revoke the given consent at any time, whereby the lawfulness of the data processed until then remains unaffected.

The provision of your personal data is neither legally nor contractually required. Automated decision-making including profiling does not take place.

7. Cookie configuration

8. Contact information

Responsible for data protection:

ARISTRA GmbH
www.aristra.com
Bornholmerstrasse 90
10439 Berlin
Germany


Data Security Officer:

RA Mag. Sascha Jung, LL.M. LL.M.
Jank Weiler Operenyi Attorneys at Law | Deloitte Legal
Schottengasse 1
A-1010 Vienna
E-mail: s.jung@jankweiler.at
menu