Data protection is particularly important to us. We therefore process your data exclusively on the basis of the statutory provisions (within the meaning of the General Data Protection Regulation - GDPR, the Data Protection Act, the Health Telematics Act - GtelG and other relevant legal provisions).

In accordance with Art. 13 GDPR, we would like to inform you with this privacy policy about the most important aspects of data processing and in particular about the type, scope and purpose of the personal data processed by us. Furthermore, data subjects are informed about the rights to which they are entitled.

Definitions

Our privacy policy is based on terms used by the European legislator for the adoption of the General Data Protection Regulation (GDPR). Our privacy policy aims to be easy to read and understand for everyone. To ensure this, we would like to briefly explain the most important terms in advance. 

1. Personal data
   Personal data means any information relating to an identified or identifiable natural person (hereinafter referred to as "data subject"). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name. In short, personal data is information that can be linked to a natural person.
2. Person concerned
   Data subject is any identified or identifiable natural person whose personal data is processed by the controller responsible for the processing.
3. Processing
   Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
4. Person responsible
   The controller responsible for the processing of personal data is the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.
5. Processor
   Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
6. Receiver
   Recipient is a natural or legal person, public authority, agency or another body, to which the personal data are disclosed, whether a third party or not.
7. Consent
   Consent is any freely given indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.

Information on the data controllers responsible for data processing within the meaning of Art. 4 Z7 GDPR

• Responsible for the operation of the website and all related processing activities:

Sailing Ambulance SAR e.U.; Brückenkopf 8; 8130 Frohnleiten; office@sailingambulance.comTel: +436643404951

• Responsible for the processing of patient data when utilising a service from SailingAmbulance:

The doctor responsible for counselling and treatment. You will be provided with the relevant contact details during the booking process.

Medical management data: Dr Andrea Passini, MSc; Hauptplatz 7 8130 Frohnleiten; ordination@passini.at; +4331263700606

With regard to the processing of your patient data, Sailing Ambulance is responsible within the meaning of Art 26 GDPR together We are responsible for the processing of your data together with the doctor consulting you via our platform.

This concerns the following processing activities:

• Data processing when carrying out online counselling or online treatment
• Documentation and subsequent storage of patient data in the digital medical record
• any other data processing within the scope of the telemedical consultation or treatment on the basis of the consultation or treatment contract concluded with the doctor

The categories of jointly processed data are as follows:

• Personal patient master data (such as: name, date of birth, address, national insurance number, gender, etc.)
• Personal basic health data about the person (such as: home medication, previous illnesses, allergies...)
• Treatment data provided by the patient through the upload options on our website (such as patient findings from other healthcare providers...)
• Content saved by the Sailing Ambulance consultant doctor in the digital medical file (such as: prescriptions, findings, referrals, doctor's letters...)

Sailing Ambulance is responsible for the following processing activities independent responsible:

• general operation of the website and general processing of user data, e.g. in server log files, cookies and similar technologies; in particular also answering contact enquiries that do not involve the processing of health data or are not related to a specific treatment and can generally be answered independently by SailingAmbulance (e.g. general questions about our website and our offers), as well as the newsletter service;
• Collection and further processing of data from doctors as part of the cooperation with the Sailing Ambulance or non-binding information to interested doctors on request;
• Cooperation with processors and controllers who provide services within the framework of the platform.

Sailing Ambulance and the consulting doctor have concluded an agreement in accordance with Art 26 GDPR with regard to joint responsibility, which regulates this data processing and the respective obligations of the parties in this regard:

In principle, Sailing Ambulance as the operator of the website primarily assumes the fulfilment of data protection obligations in the joint processing activities and acts as a central point of contact for you to exercise your rights as a data subject

We therefore ask you, as the person concerned, to prioritise your concerns to the Sailing Ambulance. We will forward any requests to your consultant doctor if this is specifically necessary, or we will coordinate with them accordingly. However, you are free to exercise your rights arising from the processing of your data with any controller at any time.

Data processing operations

Website users:

Which data are processed by us: Categories of personal data

Our website collects a range of general data and information each time it is accessed by a data subject or an automated system. This general data and information is stored in the server log files. 

We collect the following personal data when you use our website:

• Time at which our website was accessed (request to the host provider's server)
• URL of the website from which you accessed our website
• the operating system you are using
• Type and version of the browser you are using
• the country from which you are accessing our website
• Device information: brand, type, screen resolution
• Pages visited on the Sailing Ambulance website, including time and duration of visit
• the name of the retrieved file and the time of retrieval
• Certain cookies that are described in more detail in this privacy policy

The data of the server log files are stored separately from all personal data provided by a data subject.

 The server hosts or IT service providers we use have been contractually obliged to process the data only to the extent of the service provision and to treat it confidentially. (Art 28 GDPR)

How long we store your data: Storage periods

Your personal data will be stored for the duration of the entire business relationship (from the initiation to the execution and termination of a contract) and beyond in accordance with the statutory retention and documentation obligations. These result, among other things, from: the Austrian Commercial Code (UGB), the Federal Fiscal Code (BAO), the General Civil Code (ABGB). If an assignment is not carried out, the stored personal data will be processed for a maximum of one year to determine conflicts of interest in future assignments. The legal basis for this is based on the fulfilment of the contract pursuant to Art 6 para 1 lit b (... "necessary for the fulfilment of the contract") or on our legitimate interests pursuant to Art 6 para 1 lit f GDPR in the case of a recurring assignment on your part, not to have to collect it again for the requirements of the best possible customer service. the following reasons lead to an extension of the retention or storage period:

• Existence of an active registration with our services, additionally booked (paid) services, communication with us regarding concluded contracts, etc.
• The type of data has an influence on the retention period, especially as we are legally obliged to keep contract documents and invoices for 7 years as part of our service provision.

Who else processes your data besides us? Processors and recipients of data transfers

Processors commissioned by us (in particular IT service providers and recipients of transmissions) will receive your data if they require it for the purpose of fulfilling the contract. The processors used are contractually obliged to process your data only within the scope of the service provision and to treat it confidentially.

Our processors are:

• IT service provider for the operation of our servers (Hetzner Online GmbH)

Industriestr. 25, 91710 Gunzenhausen, Germany)

Contact form:

Type of data processing:

In the context of data transmission to SailingAmbulance via an analogue data form (e.g. at trade fairs) or a data form provided on the website, the information you provide will be processed depending on your details for processing the contact request, inclusion in the customer file for long-term customers including creation of the personal user account or processing your request. The same applies mutatis mutandis to contacting us via one of the contact options listed in this privacy policy or on our website in the legal notice.

The purpose of this data processing is to enable us to communicate with users of the website and (potential) patients. We answer your enquiries on the basis of your consent (Art 6 para 1 lit a GDPR).

How long we store your data: Storage periods

We will delete your enquiry(s) and your contact details if your enquiry has been conclusively answered and you do not send us any follow-up enquiries or we need to process the data for other purposes (e.g.: enquiry for inclusion in the customer file as a long-term customer) within fourteen (14) days.

Newsletter

Type and scope of data processing:

The e-mail address you provide is used for the purpose of sending the newsletter. We process your name, your e-mail address, the time of registration and your IP address. The purpose of sending the newsletter is to provide further information on similar products and services of the company. The newsletter is sent exclusively in compliance with the statutory provisions of the Telecommunications Act (TKG) and we use the above-mentioned data exclusively for the provision of the requested information and offers.

 The processing of this data is covered by the consent given when registering for our newsletter. You can revoke your consent to the storage of the data, the e-mail address and its use for sending the newsletter at any time, for example via the "Unsubscribe" link in the newsletter.

 We use the so-called double opt-in procedure to ensure that the newsletter is sent by mutual agreement. This involves the potential recipient being added to a mailing list. The user then receives a confirmation e-mail to confirm the registration in a legally secure manner. The address is only actively added to the mailing list if the confirmation is received.

 How long we store your data: Storage periods

If you revoke your consent in accordance with Art. 7 para. 3 GDPR, your personal data will be deleted from the newsletter distribution list immediately. 

Users who utilise the services of Sailing Ambulance (referral to patients)

User account: Type and scope of data processing

You must create a user account on our platform in order to make full use of our services. All you need to do is provide us with your e-mail address and your name. Any further data will only be collected in the course of a later online consultation or online treatment. Accordingly, your user account may subsequently be enriched with your health data, which we collect on a separate basis in the course of any utilisation of our range of services.

The purpose of this is to process your login data and manage your user account for the purpose of providing a secure and personalised account that acts as a repository of services obtained via the platform for consulting physicians. The processing is based on our legitimate interest in the secure and needs-based processing of the services offered and on the legitimate interest of the consulting physicians in a secure complete solution for the simple provision of their medical services and simultaneous fulfilment of their medical obligations (Art 6 para 1 lit f GDPR).

User account: How long we store your data: Storage periods

We generally store your data for the duration of your user account. If you decide to delete your user account with us, which can be requested at any time, your login data will be deleted within fourteen (14) days.

If your user account has been enriched with your health data after using our range of services, we will store your corresponding patient documentation with regard to a specific consultation or treatment utilised for the duration of the statutory retention periods. Longer storage periods may also arise due to pending legal claims.

If your user account has already been enriched with health data, we will consider a request to delete your user account as a revocation of your consent to the processing of health data and will also transfer your digital medical file to the respective consulting physicians before it is completely deleted so that they can continue to fulfil their medical storage and documentation obligations. The same applies mutatis mutandis in the event of deletion of the user account by Sailing Ambulance in accordance with the provisions of the platform's General Terms and Conditions of Business and Use.

Online medical counselling or online treatment: type and scope of data processing

The creation of a user account is required for online medical counselling or online treatment. Patients can also be added to the customer file as long-term customers on request.

When booking online medical counselling or online treatment, you can provide the consulting doctor with certain data in advance to enable the doctor to make an initial assessment of your problem. These are

• General data (e.g. name, date of birth, address, gender, e-mail address)
• Basic health data (medication, previous illnesses)
• a description of your request

Following this initial data collection, you will receive a link to the e-mail address you provided, which your doctor will use to contact you at the booked appointment.

In this regard, the user is identified by the doctor responsible. In the first few minutes of the video consultation, the doctor will then assess your personal situation based on the information provided and by asking specific questions. During the video consultation, your consulting doctor may collect further data about your state of health, tailored to your personal needs, so that he/she can provide you with competent treatment and issue you with a report tailored to your needs.

At the end of the video call, you will receive the invoice from the consulting doctor, as well as medical recommendations and the doctor's letter in your user account. The digital medical file is subject to the strictest confidentiality and can only be viewed by you and your consulting doctor. Sailing Ambulance only has theoretical access as an administrator within the scope of managing the platform.

The processing of your (health) data by the consulting doctor is necessary so that he can carry out the online consultation or treatment and is therefore necessary for the fulfilment of the consultation or treatment contract concluded with him (Art. 9 para. 2 lit. h GDPR in conjunction with Art. 6 para. 1 lit. b GDPR). However, for the processing of your (health) data by Sailing Ambulance and the transfer to your digital medical record in the user account, we (additionally) require your express consent (Art 9 para 2 lit a GDPR in conjunction with Art 6 para 1 lit a GDPR), which we obtain before collecting your data by means of a corresponding checkbox.

Online medical counselling or online treatment: How long we store your data: Storage periods

See storage periods user account:

We generally store your data for the duration of your user account. If you decide to delete your user account with us, which can be requested at any time, your login data will be deleted within fourteen (14) days.

If your user account has been enriched with your health data after using our range of services, we will store your corresponding patient documentation with regard to a specific consultation or treatment utilised for the duration of the statutory retention periods. Longer storage periods may also arise due to pending legal claims.

If your user account has already been enriched with health data, we will consider a request to delete your user account as a revocation of your consent to the processing of health data and will also transfer your digital medical file to the respective consulting physicians before it is completely deleted so that they can continue to fulfil their medical storage and documentation obligations. The same applies mutatis mutandis in the event of deletion of the user account by Sailing Ambulance in accordance with the provisions of the platform's General Terms and Conditions of Business and Use.

Physician data

Type and scope of data processing:

The personal and training data provided will be processed for the purpose of submitting offers of employment and for carrying out admission procedures and after the contract between the respective doctor and Sailing Ambulance has been signed. In addition, a doctor's account is created, which is required for the admission and implementation of the activity as a cooperation partner and in which the doctor can, among other things, announce your contact times when you are available for online counselling or online treatment.

The basis for data processing is Art. 6 para. 1 lit. b GDPR (implementation of pre-contractual measures upon request and subsequent fulfilment of the contract). Sailing Ambulance bases the enrichment of the doctor's account with data on the respective aggregated earnings on the overriding legitimate interests (Art 6 para 1 lit f GDPR) of making it easier for doctors to use the platform in the best possible way by providing a state-of-the-art service; this pursues the purpose of supporting them in the exercise of the cooperation partnership through a transparent presentation of data that may be relevant to the doctors.

How long we store your data: Storage periods

The data collected in this regard will be stored by us for the duration of the cooperation and deleted within six (6) months after any termination. If a cooperation is not realised, your data will be deleted within 14 days.

Statutory retention and documentation obligations

In principle, your personal data will not be stored for longer than is absolutely necessary. Nevertheless, we cannot delete certain data processed by you immediately due to legal requirements. This concerns data relating to the billing of services provided via the platform, which must be retained by us - and, if applicable, by consulting physicians - on the basis of retention and documentation periods under tax and company law, among other things.

If you make use of online counselling or online treatment provided by the consulting doctor, your data will be entered in the digital medical file available in your user account. For the storage periods, see user account.

Your billing data will be processed by Sailing Ambulance or the consulting doctor on the basis of Art. 6 para. 1 lit c GDPR (legal obligation). The processing of your data on this basis serves the purpose of fulfilling relevant legal obligations.

The independent storage of your patient documentation by the consulting doctor after deletion from your user account in accordance with point 2.2.1 (c) is carried out for the purpose of preventive healthcare in accordance with Art 9 para 2 lit h GDPR (contract with healthcare professionals) in conjunction with Art 6 para 1 lit c GDPR (legal obligation) in conjunction with Section 51 para 3 of the Austrian Medical Practitioners Act.

How long we store your data: Storage periods

Your billing data will generally be stored for a period of seven (7) years due to retention and documentation periods under tax and company law. If the data is relevant for pending (tax) proceedings, it may be stored for a longer period.

After leaving your user account, your health data will continue to be processed and stored by the respective consulting doctor on the basis of the retention and documentation obligations under medical law. In this respect, your data will generally be stored for a total period of ten (10) years, whereby the duration of storage in the user account must be included in this period accordingly.

Deviating storage periods for certain data may result from other legal requirements.

Storage and tracking technologies

Use of cookies

We would like to point out that we only use technical cookies. We do NOT use cookies for analytical marketing purposes. Cookies are text files that are stored on a computer system via an internet browser.

 When using or setting cookies that contain personal data or affect privacy, we obtain your consent in advance, namely through your active behaviour by continuing to navigate through and via our cookie banner on the website after being informed about the purposes of the cookies used and thus giving your consent to the setting of cookies.

 Cookies are only used or set without your prior consent in cases where the sole purpose is the technical execution of the transmission of a message via a communication network or if this is absolutely necessary so that we can provide the service that you have expressly requested. In these cases, you can prevent the use or setting of cookies by changing your browser settings accordingly.

 Cookies contain a so-called cookie ID. A cookie ID is a unique identifier for the cookie. It consists of a character string through which websites and servers can be assigned to the specific internet browser in which the cookie was stored. This enables the websites and servers visited to distinguish the individual browser of the data subject from other Internet browsers that contain other cookies. A specific internet browser can be recognised and identified via the unique cookie ID.

 You can prevent the setting of cookies by our website at any time by means of a corresponding setting of the Internet browser used and thus permanently object to the setting of cookies. You can also delete cookies that have already been set at any time via an Internet browser or other software programmes. This is possible in all common Internet browsers.

 The legal basis for the setting of technical cookies is based on Art. 6 para. 1 f GDPR (legitimate interest). The purpose is to provide our users with the best and most secure service.

 We would like to expressly point out that we only use cookies in accordance with EU and Austrian law (Art. 5 Para. 3 E-Privacy Directive and § 96 Para. 3 TKG).

Use of technical cookies

We use various services for our website that also set cookies. These are the following technical cookies:

Use of third-party cookies

We use various services for our website that also set cookies.

 Statistics: Google Analytics

Information on Google services 

We use various services of Google Ireland Limited ("Google"), Gordon House, Barrow Street, Dublin 4, Ireland on our website.

By integrating Google services, Google may collect and process information (including personal data). It cannot be ruled out that Google may also transmit the information to a server in a third country.

Further information can be found under the following link: https://www.google.de/policies/privacy/frameworks/

We expressly point out that we cannot influence which data Google actually collects and processes. However, Google states that the following information (including personal data) may be processed:

• Log data (in particular the IP address)
• Location-related information
• Unique application numbers
• Cookies and similar technologies

Further detailed information can be found under the following link: https://policies.google.com/privacy/update?hl=de#infocollect

If you are logged into your Google account, Google may add the processed information to your account depending on your account settings and treat it as personal data, see in particular https://www.google.de/policies/privacy/partners/ .

Google states the following, among other things:

"We may combine personal data from one service with information and personal data from other Google services. This makes it easier for you to share content with friends and acquaintances, for example. Depending on your account settings, your activities on other websites and in apps may be linked to your personal data in order to improve Google's services and the advertising displayed by Google." (https://www.google.com/intl/de/policies/privacy/index.html)

You can prevent this data from being added directly by logging out of your Google account or by making the appropriate account settings in your Google account. Furthermore, you can prevent the installation of cookies - if Google sets any - by making the appropriate settings in your browser; however, we would like to point out that in this case you may not be able to use all functions of this website to their full extent.

You can find out how to delete cookies in the most common browsers here:

• Google Chrome: Website
• Mozilla Firefox: Website
• Apple Safari: Website
• Microsoft Internet Explorer: Website

You can find more information in Google's privacy policy, which you can access here: https://www.google.com/policies/privacy/

You can find information on Google's privacy settings at the following link: https://privacy.google.com/take-control.html

 
Application and use of Google Analytics (with anonymisation function)

The data controller has integrated the Google Analytics component (with anonymisation function) on this website. Google Analytics is a web analytics service. Web analysis is the collection, collation and evaluation of data about the behaviour of visitors to websites. Among other things, a web analysis service collects data on which website a data subject came to a website from, which subpages of the website were accessed or how often and for how long a subpage was viewed. Web analysis is mainly used to optimise a website and for the cost-benefit analysis of internet advertising.

We use the addition "_gat._anonymiseIp" for web analysis via Google Analytics. This addition is used by Google to shorten and anonymise the IP address of the data subject's Internet connection if our website is accessed from a member state of the European Union or from another state party to the Agreement on the European Economic Area.

The purpose of the Google Analytics component is to analyse the flow of visitors to our website. Among other things, Google uses the data and information obtained to analyse the use of our website, to compile online reports for us that show the activities on our website, and to provide other services in connection with the use of our website.

Google Analytics places a cookie on the data subject's IT system. What cookies are has already been explained above. By setting the cookie, Google is enabled to analyse the use of our website. Each time one of the individual pages of this website is accessed, which is operated by the data controller and on which a Google Analytics component has been integrated, the Internet browser on the information technology system of the data subject is automatically prompted by the respective Google Analytics component to transmit data to Google for the purpose of online analysis.

As part of this technical process, Google obtains knowledge of personal data, such as the IP address of the data subject, which Google uses, among other things, to trace the origin of visitors and clicks and subsequently to enable commission settlements.

Cookies are used to store personal information, such as the access time, the location from which access was made and the frequency of visits to our website by the data subject. Each time our website is visited, this personal data, including the IP address of the internet connection used by the data subject, is transmitted to Google in the United States of America. This personal data is stored by Google in the United States of America. Google may pass on this personal data collected via the technical process to third parties.

The data subject may, as stated above, prevent the setting of cookies through our website at any time by means of a corresponding adjustment of the web browser used and thus permanently deny the setting of cookies. Such a setting of the Internet browser used would also prevent Google from placing a cookie on the data subject's IT system. In addition, a cookie already set by Google Analytics can be deleted at any time via the Internet browser or other software programmes.

Furthermore, the data subject has the option of objecting to and preventing the collection of data generated by Google Analytics relating to the use of this website and the processing of this data by Google. To do this, the data subject must download and install a browser add-on from the link https://tools.google.com/dlpage/gaoptout. This browser add-on informs Google Analytics via JavaScript that no data and information about visits to websites may be transmitted to Google Analytics. The installation of the browser add-on is recognised by Google as an objection. If the data subject's IT system is deleted, formatted or reinstalled at a later date, the data subject must reinstall the browser add-on in order to deactivate Google Analytics. If the browser add-on is uninstalled or deactivated by the data subject or another person who is attributable to their sphere of control, it is possible to reinstall or reactivate the browser add-on.

Further information and the applicable data protection regulations can be found under the following links:

https://www.google.de/intl/de/policies/privacy/

https://www.google.com/analytics/terms/de.html

https://www.google.com/intl/de_de/analytics/

FRIENDLY CAPTCHA (BOT/SPAM PROTECTION)

Our website uses the "Friendly Captcha" service (www.friendlycaptcha.com).

This service is provided by Friendly Captcha GmbH, Am Anger 3-5, 82237 Wörthsee, Germany.

Friendly Captcha is an innovative, data protection-friendly protection solution to make it more difficult for automated programmes and scripts (so-called "bots") to use our website.

 For this purpose, we have integrated a programme code from Friendly Captcha into our website (e.g. for contact forms) so that the visitor's end device can establish a connection to the Friendly Captcha servers in order to receive a calculation task from Friendly Captcha. The visitor's end device solves the calculation task, which requires certain system resources, and sends the calculation result to our web server. This contacts the Friendly Captcha server via an interface and receives a response as to whether the puzzle has been solved correctly by the end device. Depending on the result, we can add security rules to requests via our website and, for example, process or reject them.

The data is used exclusively to protect against spam and bots as described above.

Friendly Captcha does not set or read any cookies on the visitor's end device.

IP addresses are only stored in hashed (one-way encrypted) form and do not allow us or Friendly Captcha to draw any conclusions about an individual person.

If personal data is collected, it will be deleted after 30 days at the latest.

 The legal basis for the processing is our legitimate interests in protecting our website from abusive access by bots, i.e. spam protection and protection against attacks (e.g. mass requests) in accordance with Art. 6 para. 1 lit f GDPR.

Further information on data protection when using Friendly Captcha can be found at https://friendlycaptcha.com/legal/privacy-end-users/.

Data security

The security of your personal data is of particular concern to us.

 Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the likelihood and severity of the risk to the rights and freedoms of natural persons, we implement appropriate technical and organisational measures in accordance with Art 32 GDPR.

With this in mind, the following measures, among others, are taken to protect your data and secure it against loss, destruction, access, modification and dissemination by unauthorised persons:

• Ensuring the confidentiality, integrity, availability and resilience of the systems and services related to processing;
• Ensuring rapid recovery of the availability of personal data in the event of a physical or technical incident;
• Implementation of procedures to regularly review, assess and evaluate the effectiveness of technical and organisational measures to ensure the security of processing
• Passwords are encrypted end-to-end
• No specific error messages are returned for incorrect login attempts
• Internet connections are made using a secure transmission protocol (https)
• A role and user authorisation concept is in place to prevent unauthorised access to information
• Our data centre is ISO/IEC 27001 certified

Please note that we accept no liability for the disclosure of information due to errors in data transmission not caused by us or attributable to us and/or unauthorised access by third parties (e.g. hacker attacks).

Transmission of personal data

Your data will be passed on within our company to persons or departments/offices that require them to fulfil contractual, legal and supervisory obligations as well as due to legitimate interests or processing activities based on your consent.

If there are legal obligations, we must transfer your personal data to public bodies and institutions.

In the context of contract fulfilment or in the context of the fulfilment of data applications based on a declaration of consent, it may also be necessary to pass on your personal data.

In addition, processors commissioned by us (in particular IT and tax consultants or mail providers) and our own controllers (payment service providers) will receive your data if they require the data to fulfil their respective services. All processors are contractually obliged to treat your data confidentially and to process it only within the scope of providing the service.

Some of the recipients mentioned above may be located outside Austria or process your personal data there. The level of data protection in other countries may not be the same as in Austria. However, we only transfer your personal data to countries for which the EU Commission has decided that they have an adequate level of data protection, or we take measures to ensure that all recipients have an adequate level of data protection.

Third-party provider

The website contains links to other websites over whose content Sailing Ambulance has no influence. Sailing Ambulance accepts no liability whatsoever for this content. The respective provider of the linked website is solely responsible for the content and accuracy of the information provided there.

What rights do you have as a data subject?

You have the right to information, correction of incorrect data, the right to restriction of processing and deletion of inadmissibly processed data as well as the right to data portability.

Furthermore, the GDPR also provides for a right to object to the processing of personal data if this is done to safeguard our overriding legitimate interests. If you have consented to the processing of your data, you can revoke this consent at any time. Please note that the rights under the General Data Protection Regulation may be subject to legal restrictions if the exercise of these rights would impair the fulfilment of legal obligations.

 You are entitled to exercise the following data subject rights in accordance with Art 15ff GDPR:

• Right to information in accordance with Art 15 GDPR
• Right to rectification pursuant to Art 16 GDPR
• Right to erasure pursuant to Art 17 GDPR
• Right to restriction of processing pursuant to Art 18 GDPR
• Right to data portability pursuant to Art. 20 GDPR
• Right to withdraw consent pursuant to Art 7 (3) GDPR
• Right to object pursuant to Art 21 GDPR

If you believe that your personal data is not being processed in accordance with the General Data Protection Regulation, you have the right to lodge a complaint with the competent supervisory authority, i.e. the Austrian Data Protection Authority (DPA).

 The contact details of the Austrian Data Protection Authority are as follows:

Address: Barichgasse 40-42, 1030 Vienna

E-mail: dsb@dsb.gv.at

To assert your rights under the General Data Protection Regulation, please contact us as follows:

• by e-mail at office@sailingambulance.at

Last update: 12/02/2023