← Back to home

Privacy Policy

Last updated: [DATE] · Applies to the ViennaScan website and concierge service

In short: we use the details you send us only to answer your enquiry and arrange your imaging appointment. We treat any health information with extra care, never sell your data, and you can ask us to delete it at any time. The full detail is below.

1. Who is responsible for your data

The controller responsible for your personal data is [LEGAL ENTITY NAME], [LEGAL FORM], registered at [REGISTERED ADDRESS] (“ViennaScan”, “we”, “us”).

For any privacy question, or to exercise your rights, contact us at [PRIVACY EMAIL] or by post at the address above. [If a Data Protection Officer is appointed, add their contact here.]

2. What information we collect

We collect only what we need to respond to you and coordinate your scan:

  • Details you give us in the request form: full name, country, email address, phone/WhatsApp number (optional), the examination you need, whether you have a doctor’s referral, and anything you choose to write in the free-text “anything we should know” field.
  • Your referral and medical documents, if and when you send them to us so we can arrange the appointment.
  • Correspondence: the emails, messages and call notes exchanged while we help you.
  • Technical data: basic, privacy-friendly website usage statistics (see Cookies & analytics). We do not use advertising trackers.

3. Health information (special-category data)

Some of what you share — the type of scan, your referral, or notes about your condition — is health data, a “special category” under Article 9 of the GDPR that deserves extra protection. You decide how much to share: you do not need to describe your diagnosis to get a quote. We process this information only on the basis of your explicit consent (the consent checkbox on the form), solely to arrange your imaging, and you can withdraw that consent at any time.

4. Why we use your data and our legal basis

  • To answer your enquiry and arrange your appointment — performance of, or steps prior to, a contract with you (Art. 6(1)(b) GDPR).
  • To process health information — your explicit consent (Art. 6(1)(a) and Art. 9(2)(a) GDPR).
  • To keep our website secure and improve it — our legitimate interests (Art. 6(1)(f) GDPR).
  • To meet legal and accounting obligations — compliance with a legal obligation (Art. 6(1)(c) GDPR).

5. Who we share your data with

We never sell your data. We share it only as needed to deliver the service:

  • The radiology institute in Vienna you are being booked with — to arrange and confirm your appointment.
  • Service providers acting on our instructions (processors): our website host ([Cloudflare]), our form/enquiry and email tools ([FORM/EMAIL PROVIDER]), and, where you request it, translation providers. Each is bound by a data-processing agreement.
  • Professional advisers and authorities where we are legally required to disclose.

6. International transfers

We aim to keep your data within the EU/EEA. Where a provider processes data outside the EEA (for example, a US-based tool), we rely on an adequacy decision or the European Commission’s Standard Contractual Clauses to protect it. [Confirm and list the specific providers and safeguards.]

7. How long we keep your data

We keep your enquiry and related correspondence only as long as needed to provide the service and then for any period required by law (for example, accounting records). Health information you sent is deleted once it is no longer needed for your booking, or sooner if you ask. [State concrete retention periods once decided.]

8. Your rights

Under the GDPR you have the right to:

  • access the personal data we hold about you;
  • have inaccurate data corrected, or incomplete data completed;
  • have your data erased (“right to be forgotten”);
  • restrict or object to our processing;
  • receive your data in a portable format;
  • withdraw your consent at any time, without affecting processing done before withdrawal.

To exercise any of these, email [PRIVACY EMAIL]. You also have the right to lodge a complaint with a data-protection authority — in Austria, the Datenschutzbehörde (dsb.gv.at), or the supervisory authority in your home country.

9. Cookies & analytics

This site uses no advertising or cross-site tracking cookies. We use only what is strictly necessary to run the site and, optionally, a privacy-friendly, cookieless analytics tool to count visits and measure interest in aggregate. [If/when analytics or any cookie is added, name the tool and update this section and any cookie banner.]

10. How we protect your data

We use appropriate technical and organisational measures — encrypted connections (HTTPS), access controls, and data minimisation — to protect your information. No method of transmission is 100% secure, but we work to protect your data and to notify you and the authorities of any breach as required by law.

11. Changes to this policy & how to contact us

We may update this policy as the service develops; the “last updated” date above shows the current version. For any privacy matter, contact [LEGAL ENTITY NAME] at [PRIVACY EMAIL] or [REGISTERED ADDRESS].