Disclaimer The English version is a translation of the original in German for information purposes only. In case of a discrepancy, the German original will prevail.
Version 2.2 – October 2024
We as Lumetry Diagnostics GmbH (hereinafter “we”, “us”) and operator of the website www.lumetry-diagnostics.com take the protection of your data seriously.
With the following data protection policy we inform you about the type, scope, purpose, duration and legal basis of the processing of your personal data on our website www.lumetry-diagnostics.com (hereinafter the “website”). Please note that we may update this data protection policy as necessary.
Our data protection policy is structured as follows:
- Information about us as controllers
- Information about our data protection officer
- Your rights (data subject rights)
- Processing of personal data when using our website
1. Controller
In the following we inform you about the collection of personal data when using our app. Personal data is all data that can be related to you personally, e.g. B. name, address, e-mail addresses, user behavior.
Responsible for the processing of personal data within the meaning of the General Data Protection Regulation (GDPR) is:
Lumetry Diagnostics GmbH
Nikolaiplatz 48020 Graz
Email: contact@lumetry.at
2. Data Protection Officer
Lumetry Diagnostics GmbH has appointed a certified data protection officer.
Name: Andreas Nagler- Ruhry
Email: datenschutz@lumetry.at
3. Your Rights (data subject rights)
You have the following rights towards us with regard to your personal data:
Right to access: You can request confirmation at any time as to whether data relating to you is being processed, information about the scope, origin, recipients of the stored data and the purpose for which it was stored, as well as copies of the data. (Art 15 GDPR)
Right to rectification: You can request that incorrect or incomplete personal data concerning you be corrected or completed. (Art 16 GDPR)
Right to erasure: You can request immediate deletion of your personal data at any time. Please note that legal retention periods may prevent deletion. (Art 17 GDPR)
Right to restrict processing: You can request that the processing of your personal data be restricted if one of the following conditions is met (Art 18 GDPR):
- You contest the accuracy of the personal data (the restriction is for a period that enables us to verify the accuracy of the personal data).
- The processing is unlawful and you refuse to delete your personal data.
- The data is no longer required for the purposes of processing, but you need it to assert, exercise or defend legal claims.
- You have lodged an objection to the processing (see right of objection) and the weighing of interests within the framework of the objection procedure has not yet been completed.
Right to data portability: You can receive the personal data that you have provided to us in a structured, common and machine-readable format, provided that the processing is carried out using automated procedures and is based on consent or a contract. (Art 20 GDPR)
Right to withdraw consent: You can withdraw your consent to the processing of personal data at any time. Please note that with the revocation, the use of the affected services is no longer possible. This does not affect the lawfulness of the processing of your personal data up until the point at which the revocation was received. (Art 7 GDPR)
Right to object: You have the right, for reasons arising from your particular situation, to object at any time to the processing of your personal data, which is based on Art 6 Para 1 lit f GDPR (data processing on the basis of a legitimate interest), to object. (Art 21 GDPR)
If you file an objection, we will no longer process your personal data unless we can demonstrate compelling legitimate grounds for processing that outweigh your interests, rights and freedoms, or the processing serves to assert, exercise or defend legal claims.
If we process personal data in order to operate direct advertising, you have the right to object to this at any time.
Right to complain: If you believe that the processing of your personal data violates data protection regulations, you can lodge a complaint with the supervisory authority responsible for Lumetry Diagnostics GmbH. (Art 77 GDPR)
Austrian Data Protection Authority
Wickenburggasse 8-10
1080 Vienna
Email: dsb@dsb.gv.at
4. Processing of personal data when using our website
4.1 Server log files
We, the website operator, automatically collect and store information in so-called server log files, which your browser automatically transmits to us. These are
- Browser type and browser version
- Operating system used
- Source/reference from which you came to the page (URL)
- Host name of the accessing computer
- Time of the server enquiry
- IP address
This data is not merged with other data sources.
This data is collected on the basis of Art 6 Para 1 lit f GDPR. The website operator has a legitimate interest in the technically error-free presentation and optimisation of its website – the server log files must be recorded for this purpose. The data is deleted after 30 days.
4.2 Contact
When you contact us via the contact form or email, your name and email address and any other personal information you voluntarily provide will be stored by us. Providing the data is necessary for processing and answering your request. It is not necessary to provide special categories of data (e.g. health data) when contacting us.
The legal basis for this processing relates to our legitimate interest in accordance with Art 6 Para 1 lit f GDPR and, depending on the content, on pre-contractual measures in accordance with Art 6 Para 1 lit b GDPR. We store this data for as long as it is necessary to be able to respond to your request, but no longer than six months after the last contact.
5. Social Media
5.1 Links on the website
On our website, we use icons for social networks such as LinkedIn and Meta (Facebook, Instagram) to link to our profiles on these networks. These icons are merely links to the respective social networks and are not used to automatically collect or share personal data of our visitors. Please note that we do not use social media plugins, but only icons that provide a simple link to our profiles. If you click on these icons, you will leave our website and be redirected to the corresponding social media site. Please note that by registering with these social media sites, you are subject to their terms and conditions and privacy policies.
5.2 LinkedIn
We operate a company page on the LinkedIn platform of LinkedIn Corporation, 1000 W Maude Ave, Sunnyvale, CA, USA, to publish and distribute information about our company and our product. We also post photos of events and similar.
The legal basis for this processing is our legitimate interest pursuant to Art 6 Para 1 lit f GDPR.
5.3 Meta
We also operate company pages on the social media platforms Facebook and Instagram of Meta Platforms, Inc., Willow Road 1601 94025 Menlo Park, CA, USA, to inform our target group about our company and our product and to recruit study participants. Facebook and Instagram users can follow our company page. We process the first and last names of followers. Images of third parties are not published without their consent. Personal information such as names are not published. We do not use Facebook and Instagram for data processing, but only to provide information. If you are already registered with Facebook or Instagram and follow our page, you have agreed to the use of the data by the operator Meta.
The legal basis for this processing is our legitimate interest pursuant to Art 6 Para 1 lit f GDPR.
6. Possible recipients
External service providers who may receive personal data are used to provide the services on our website.
6.1 Website hosting
Anexia (ANEXIA Internetdienstleistungs GmbH, Feldkirchner Straße 140, 9020 Klagenfurt, Austria) for hosting our website with a storage location in Austria. An order processing contract has been concluded with Anexia .
6.2 Email
If you contact us by email, we store it in the Microsoft 365 Exchange email service provided by Microsoft (Microsoft Corporation, One Microsoft Way Redmond, WA 98052-6399, USA) with a storage location in the EU. However, it cannot be ruled out that data will also be transferred to the USA.
The European Commission has not issued any so-called adequacy decisions for the USA. We make sure that data protection is still sufficiently guaranteed. For this we use the standard contractual clauses of the European Commission and implement additional technical and organizational measures. The standard contractual clauses for third-country transfers can be found at https://eur-lex.europa.eu/legal-content/de/TXT/?uri=CELEX%3A32021D0914
For more information, see Microsoft’s data protection policy at privacy.microsoft.com/de-de/privacystatement .