The Federal Office for Safety in Health Care (BASG) handles your personal data very carefully and the following data protection information is intended to give you an overview of how your data is processed and what measures we take to protect it. We therefore process your data exclusively on an existing legal basis (in particular DSGVO, DSG, TKG 2003, GESG, contract, legitimate interest, consent).
The person responsible for data processing is the Federal Office for Safety in Health Care, Traisengasse 5, 1200 Vienna.
The data protection officer can be contacted at firstname.lastname@example.org .
The legal framework is laid down in the Health and Food Safety Act (GESG), Federal Law Gazette I No. 63/2002 as amended. In fulfilment of its statutory duties, the BASG is entitled to process personal data and, in addition, the rights and obligations under Art. 13 (duty to provide information when personal data are collected from the data subject), Art. 14 (duty to provide information when personal data are not collected from the data subject), Art. 18 (right to restrict processing) and Art. 21 (right to object) DSGVO are excluded.
1. Category and type of personal data
Personal data is data and information that can be traced back to an identified or identifiable person. Examples: Name, address, telephone number, e-mail, profession, education, health data, hobbies, IP address, etc.
Depending on the specific processing purpose, inventory, customer, contact, order, health and communication data as well as image data are processed in particular.
2. Basis and purpose of the data processing
The following legal basis is applicable to the processing of personal data:
a. Legal basis
The tasks of the BASG are defined in § 6a GESG. In fulfilling these tasks, the BASG is entitled to process personal data pursuant to § 9 para 7 GESG.
In addition, personal data are processed on the basis of the material laws assigned to the BASG for enforcement or on the basis of these material laws enacted.
This essentially concerns tasks in accordance with the legal matters listed below:
- Medicines Act
- Medicinal Products Import Act 2010
- Blood Safety Act
- Tissue Safety Act
- medical products law
- prescription law
- Narcotic Substances Act
- Medicinal product operating regulations 2009
- Stock-specific vaccines - Company regulations
- Distance Selling Ordinance
- Medicinal feedstuffs plant regulations 2006
- tissue banking regulation
- Tissue Collection Facility Ordinance 2008
- Tissue vigilance ordinance 2008
- Haemovigilance Ordinance 2007
- Medical Device Notification Ordinance
- Pharmacovigilance Ordinance 2013
- narcotics regulation
- Ordinance of the Federal Minister for Health and Women on medicinal products derived from human blood
- Ordinance of the Federal Minister of Health on the reporting requirement for non-interventional studies
Legal basis: Art. 6 para. 1 lit c and Art. 9 para. 2 lit b DSGVO
The processing of personal data is also lawful if there is a legally valid consent of the data subject. On the basis of given consents, we process personal data, among other things, for the dispatch of newsletters or process your contact enquiries. Consents given can be revoked informally at any time. The revocation of the consent does not affect the lawfulness of the processing carried out on the basis of the consent up to the revocation.
Legal basis: Art. 6 para. 1 lit a and Art. 9 para. 2 lit a DSGVO
c. Public interest in the field of public health
Among other things, the BASG is required by law to carry out tasks in the field of public health in the interest of the common good. In this context, personal data are lawfully processed for reasons of public interest in the field of public health, such as protection against serious cross-border health threats or to ensure high standards of quality and safety in health care and for medicinal products and medical devices.
Legal basis: Art. 9 para 2 lit i DSGVO.
3. Disclosure to third parties
The passing on of personal data can take place in particular on the basis of relevant legal obligations to authorities and international organizations as well as to service providers for the fulfilment of the contract. In all cases, we ensure that a uniform level of data protection is guaranteed.
The corresponding provisions authorising the BASG to pass on personal data can be found in the relevant material laws (e.g. Section 80 of the Medicines Act).
4. Data security
The BASG provides for technical and organisational measures in the following areas, among others: Access control, system access control, data access control, data transmission control, ensuring the availability and resilience of the system, control procedures to ensure the security of the processing and personnel (training) measures.
5. Your rights
In principle you have the following rights:
- Right to information pursuant to Art. 15 DSGVO
- Right to rectification pursuant to Art. 16 DSGVO
- Right to cancellation ("right to be forgotten") pursuant to Art. 17 DSGVO
- Right to limitation of processing according to Art. 18 DSGVO
- Right to data transferability pursuant to Art. 20 DSGVO
- Right to appeal pursuant to Art. 21 DSGVO
The following limitation of the rights of data subjects is provided for by law:
In fulfilment of the tasks pursuant to § 6a GESG, the rights and obligations pursuant to Art. 13, 14, 18 and 21 of the Basic Data Protection Ordinance are excluded by law with regard to the processing of personal data pursuant to Art. 9 Para. 7.
Insofar as the personal reference is indispensable for achieving the purpose for which personal data are further processed for scientific or historical research purposes, the rights of data subjects under Article 15 (right of access), Article 16 (right of rectification), Article 18 (right to limitation of processing) and Article 21 (right of opposition) may be excluded from the BASG if these rights would render the achievement of the specific purposes impossible or seriously impair them.
6. Storage of data
In principle, personal data is deleted or pseudonymised in accordance with a deletion concept after fulfilment of the purpose or end of the statutory retention period.
The obligation to delete does not apply if processing is necessary for the following purposes:
- On the exercise of freedom of expression and information,
- For the fulfilment of a legal obligation
- For reasons of public interest in the field of public health pursuant to Art. 9 para. 2 lit h and i and Art. 9 para. 3 DSGVO
- For archival purposes in the public interest, scientific or historical research purposes or for statistical purposes pursuant to Art. 89 para. 1 DSGVO, insofar as the law referred to in para. 1 presumably makes it impossible or seriously impairs the attainment of the objectives of this Agreement, or
- For the assertion, exercise or defence of legal claims.
7. Contact possibility
If you contact us via form on the website or via e-mail, the data you provide will be stored and processed for the purpose of processing your enquiry and in the event of follow-up questions. We do not pass on this data without your consent.
Questions regarding data protection can be directed to email@example.com .
Our website uses so-called cookies. These are small text files that are stored on your terminal device with the help of the browser. They're not doing any harm.
If you do not wish this, you can set your browser so that it informs you about the setting of cookies and you only allow this in individual cases.
If cookies are deactivated, the functionality of our website may be restricted.
These cookies are required for the basic functions of the site to work correctly.
Cookie Manager To show/hide the cookie consent message.
Cookie name: supi
Term: 1 year
Cookie name: SERVERID
Runtime: end of session
Cookies for statistics
Statistics cookies anonymize your data and use it. This information helps us learn how visitors use our website. Matomo
Cookie name: _pk_ses (persistent cookie, lifetime: 30 min (is automatically extended)); _pk_id (persistent cookie, lifetime 1 year), MATOMO_SESSID
9. Web analysis
Our website uses functions of the Matomo web analysis tool. Cookies are used for this purpose, which enable an analysis of the use of the website by your users. The information generated in this way is transferred to the provider's server and stored there.
You can prevent this by setting your browser so that no cookies are stored or by clicking on the link below.
You have the option to subscribe to our newsletter via our website. For this we need your e-mail address and your consent that you agree to receive the newsletter. The consent is ensured by the registration for the newsletter dispatch by means of the double-opt-in procedure and is logged for evidence purposes. The data you provide will only be processed for the purpose of sending the newsletter.
As soon as you have registered for the newsletter, we will send you a confirmation e-mail with a link to confirm your registration.
You can cancel your subscription to the newsletter at any time. For this purpose, an informal unsubscription is required. The revocation of consent does not affect the lawfulness of the processing carried out on the basis of the consent until the revocation.