I. General & Overview
1. this privacy notice describes how your personal data is processed by medudoc when you use our services (including our website and social media presence) or communicate with us.
2. the data protection notice provides information in particular about who is responsible for the data processing, which categories of personal data are processed and for what purposes and on what legal basis this is done; furthermore, to which recipients personal data may be transmitted, for how long it is stored and what your rights are as a person affected by the data processing.
3. personal data is processed in accordance with the applicable statutory provisions, in particular in compliance with the European General Data Protection Regulation (GDPR), the Data Protection Act (DSG) and the Telecommunications Act (TKG).
II Controller responsible for data processing
1. responsible for data processing is
medudoc gmbh
FN 666372i, Landesgericht Salzburg
Salzburger Straße 24a
A-5550 Radstadt
(hereinafter simply “medudoc” or “we” or “us”)
2. if you have any questions about the processing and protection of your personal data, or if you wish to exercise any of your rights under the GDPR, you can contact us at the above postal address and by email at dpo@medudoc.com.
III Categories of personal data processed
1st website
When you access our website via the web browser on your device, we process the following personal data:
- IP address of your end device;
- Name and version of your web browser;
- Date, time of access and address (URL) of our website or individual pages of this website;
- Date and time of access to the website from which you accessed our website, including its address (referrer URL);
2. medudoc platform
If you use our medudoc platform (the “SaaS Services“), the provisions of the data processing agreement concluded between you and us, which forms an integral part of our GTC and comes into force at the same time as these GTC, apply without the need for a separate declaration. In the context of the provision of SaaS services by medudoc, you are responsible for the processing of the personal data processed by you in the SaaS services and we act as your processor. You will find all information on how we process personal data on your behalf as part of the provision of SaaS services in the processor agreement.
3. cookies
3.1 General information
Our website uses so-called cookies. These are small text files that are transmitted from our website to your browser and stored on your device until you delete them. Cookies may contain personal data. Some cookies are technically necessary to ensure the functionality of the website (the “technically necessary cookies“). Others merely help us to make the website user-friendly and to determine the effectiveness of our online advertising (the “technically non-essentialcookies“). Before using technically non-essential cookies, we must obtain your consent, which you can withdraw at any time. If you wish to give or withdraw consent, you can do so at any time via our cookie settings. Alternatively, you can use your browser settings to specify cookie settings for all websites.
3.2 Technically necessary cookies
Google Tag Manager
This website uses the Google Tag Manager of the service provider Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland (Google), for the efficient integration and management of various tools on our website on the legal basis of Art. 6 para. 1 lit. f GDPR (legitimate interest).
Google Tag Manager is a tool that enables us to integrate tracking or statistical tools and other technologies on our website. The Google Tag Manager itself does not create any user profiles, does not store any cookies and does not carry out any independent analyses. It is only used to manage and display the tools integrated via it. However, the Google Tag Manager records your IP address. It is possible that Google may also use the IP address collected via our website for its own purposes or for the purposes of other Google customers (e.g. to display individualized third-party advertisements). Such further processing of the data and the processing of the data after it has been transmitted by us to Google is carried out by Google as the sole controller under data protection law. In this context, Google may store data about you in the USA. The European Court of Justice has ruled that the USA is a country with an inadequate level of data protection. In this context, there is a particular risk that your data will be processed by American institutions/authorities for control and monitoring purposes without you having sufficient legal recourse against this.
3.3 Technically non-essential cookies
HubSpot
We use HubSpot on our website, a tool from the service provider HubSpot, Inc, 25 First St 2nd Floor Cambridge, MA, USA (Hubspot). HubSpot has a registered office at 1 Sir John Rogerson’s Quay, Dublin 2, Ireland. We use HubSpot for digital marketing on the legal basis of Art. 6 para. 1 lit. a GDPR (consent).
HubSpot also processes data in the USA, among other places. The European Court of Justice has determined that the USA is a country with an inadequate level of data protection. In this context, there is a particular risk that your data will be processed by American institutions/authorities for control and monitoring purposes without you having sufficient legal recourse against this.
You can find out more about the data processed through the use of HubSpot in the HubSpot Privacy Policy at https://legal.hubspot.com/de/privacy-policy.
Google Analytics
We use the basic version of Google Analytics, a web analysis service from Google, on the legal basis of Art. 6 para. 1 lit. a GDPR (consent) for the purpose of the needs-based design and continuous optimization of our website.
Google Analytics uses cookies that enable your use of the website to be analyzed. Google Analytics collects data on the device or browser, IP addresses and website or app activities. Your IP address is only recorded by Google on our website in abbreviated form, which ensures anonymization and does not allow any conclusions to be drawn about your identity (so-called IP masking). Google will use this information on our behalf to evaluate your use of the website and to compile reports on website activity. Google processes the data collected through the use of the basic version of Google Analytics exclusively on our instructions and for our purposes.
Insofar as data collected via Google Analytics is used for Google advertising technologies (e.g. Google Remarketing) and in this case also processed by Google for its own purposes and/or the purposes of third parties, such processing will only take place if you have given your consent to the use of such advertising technology on our website. Such further processing of the data as well as the processing of the data after its transmission by us to Google is carried out by Google as the sole controller under data protection law. In this context, Google may store data about you in the USA. The European Court of Justice has ruled that the USA is a country with an inadequate level of data protection. In this context, there is a particular risk that your data will be processed by American institutions/authorities for control and monitoring purposes without you having sufficient legal recourse against this.
You can use the browser add-on to deactivate Google Analytics JavaScript (ga.js, analytics.js, dc.js) to prevent Google Analytics from using your data. You can download and install the browser add-on at https://tools.google.com/dlpage/gaoptout?hl=de. Please note that this add-on only deactivates data collection by Google Analytics.
You can find out more about Google Analytics at http://www.google.com/analytics/terms/de.html and at https://support.google.com/analytics/answer/6004245?hl=de.
We have also activated the functions for advertising reports in Google Analytics. The reports on demographic characteristics and interests contain information on age, gender and interests. This allows us to get a better picture of our users without being able to assign this data to individual persons. You can find out more about the advertising functions at https://support.google.com/analytics/answer/3450482?hl=de_AT&utm_id=ad.
You can stop using these functions under “Settings for advertising” at https://adssettings.google.com/authenticated using the checkbox.
Google Ads (Google AdWords) conversion tracking
We also use Google Ads (formerly Google AdWords) as an online marketing measure to advertise our products and services. In this way, we want to make more people aware of the high quality of our offers on the Internet. As part of our advertising measures with Google Ads, we use Google’s conversion tracking on our website on the legal basis of Art. 6 para. 1 lit. a GDPR (consent).
With the help of this tracking tool, we can better adapt our advertising offer to your interests and needs.
You have the option of not participating in Google Ads conversion tracking. If you deactivate the Google conversion tracking cookie via your browser, you block conversion tracking. In this case, you will not be included in the statistics of the tracking tool. You can change the cookie settings in your browser at any time. This works slightly differently for each browser.
If you generally do not want to allow cookies, you can set up your web browser so that it always informs you when a cookie is to be set. This allows you to decide for each individual cookie whether or not to allow it. Downloading and installing this browser plug-in at https://support.google.com/ads/answer/7395996 will also deactivate all “advertising cookies”. Please note that by deactivating these cookies, you cannot completely prevent advertisements, but can only prevent personalized advertising.
Google remarketing
We also use the Google Remarketing service as part of Google Ads. Google Remarketing is an online advertising program from Google on the legal basis of Art. 6 para. 1 lit. a GDPR (consent).
With the remarketing function, we can present you with advertisements based on your interests on other websites within the Google advertising network. For this purpose, your surfing behavior on our website is analyzed, e.g. which offers you have viewed. This enables us to show you personalized advertising on the online search engine Google itself, so-called “Google ads”, and on other websites even after you have visited our website. For this purpose, Google stores a cookie in your browser when you visit Google services or websites in the Google advertising network. Your visits are recorded via this cookie. The cookie is used to uniquely identify your web browser and not to identify you personally.
In addition, we transmit your e-mail address stored in your customer account to Google as a hash value, provided that we recognize you when you are logged in and you give your consent to this data transmission via the cookie banner solution used on this website. The hash value of the e-mail address is used by Google exclusively to recognize your website visit as part of the display of personalized advertisements. The same applies to the transmission/use of your IP address and your user agent.
It is possible that Google may also use the data collected via our website about your usage behavior for its own purposes or for the purposes of other Google customers (e.g. to display individualized third-party advertisements). Such further processing of the data and the processing of the data after it has been transmitted by us to Google is carried out by Google as the sole controller under data protection law. In this context, Google may store data about you in the USA. The European Court of Justice has ruled that the USA is a country with an inadequate level of data protection. In this context, there is a particular risk that your data will be processed by American institutions/authorities for control and monitoring purposes without you having sufficient legal recourse against this.
Microsoft Advertising
Our website uses the Microsoft Advertising service, an online advertising program from Microsoft Ireland Operations Limited (One Microsoft Place, South County Business Park, Leopardstown, Dublin 18, D18 P521 (“Microsoft”), on the legal basis of Art. 6 para. 1 lit. a GDPR (consent).
We use Universal Event Tracking (UET) within the Microsoft Advertising service, which collects and stores data on this website for marketing and optimization purposes. For this purpose, your surfing behavior on our website is analyzed, e.g. which offers you have viewed. Microsoft stores a cookie in your web browser for this purpose. Your visits are recorded via this cookie. The cookie is used to uniquely identify your web browser and not to identify you personally.
Microsoft processes the data collected about you on this website as the sole controller under data protection law. In this context, it is possible that your data may be transferred by Microsoft to the USA. The European Court of Justice has ruled that the USA is a country with an inadequate level of data protection. In this context, there is a particular risk that your data may be processed by American institutions/authorities for control and monitoring purposes without you having sufficient legal recourse against this.
You can find more information about Microsoft’s privacy policy at: https://privacy.microsoft.com/de-DE/privacystatement. Here you can also assert your data subject rights against Microsoft (e.g. right to erasure).
You can deactivate the use of cookies by Microsoft at any time via the cookie banner solution used on this website by deselecting the category “Cookies for marketing purposes” and thus revoke the consent given to us for the use of the Microsoft Advertising service or refuse consent to the use of Microsoft Retargeting by following the link below: http://choice.microsoft.com/de-DE/opt-out.
On our website, we use social media plug-ins of the social media network LinkedIn of the service provider LinkedIn Corporation, 2029 Stierlin Court, Mountain View, CA 94043, USA (“LinkedIn”). For the European Economic Area and Switzerland, the LinkedIn subsidiary LinkedIn Ireland Unlimited Company, Wilton Place in Dublin is responsible for data processing. We use LinkedIn on the legal basis of Art. 6 para. 1 lit. a GDPR (consent).
The social plug-ins can be feeds, content sharing or links to our LinkedIn page. The social plug-ins are clearly marked with the familiar LinkedIn logo and allow, for example, interesting content to be shared directly via our website.
By embedding such plug-ins, data can be sent to LinkedIn, stored and processed there. In this privacy policy, we want to inform you what data is involved, how the network uses this data and how you can manage or prevent data storage.
You have the right to access and delete your personal data at any time. You can manage, change and delete your data in your LinkedIn account. You can also request a copy of your personal data from LinkedIn. To access the account data in your LinkedIn profile: Click on your profile icon on LinkedIn and select the “Settings and privacy” section. Now click on “Privacy” and then on “Change” in the section “How LinkedIn uses your data”. In just a short time, you can download selected data about your web activity and your account history.
You also have the option in your web browser to prevent data processing by LinkedIn. As mentioned above, LinkedIn stores most of the data via cookies that are set in your browser. You can manage, deactivate or delete these cookies. Depending on which browser you have, the management works slightly differently.
At https://www.linkedin.com/legal/privacy-policy you can find out more about the data processing of the social media network LinkedIn.
4. detailed overview
Necessary cookies are absolutely essential for the website to function properly. Without them, the website cannot function as intended and these cookies do not store any personal data.
| Cookie | Duration | Description |
|---|---|---|
| __cf_bm | 1 hour | Cloudflare sets the cookie to support Cloudflare Bot Management. |
| _GRECAPTCHA | 6 months | The “Google Recaptcha” service sets this cookie to identify bots and protect the website from malicious spam attacks. |
| rc::a | Never expires | This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks. |
| rc::f | Never expires | This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks. |
| wpEmojiSettingsSupports | Session | WordPress sets this cookie when a user interacts with emojis on a WordPress site. It helps determine if the user’s browser can display emojis properly. |
| rc::b | Session | This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks. |
| rc::c | Session | This cookie is set by the Google recaptcha service to identify bots to protect the website against malicious spam attacks. |
| VISITOR_PRIVACY_METADATA | 6 months | YouTube sets this cookie to store the user’s cookie consent state for the current domain. |
Functional cookies assist in performing certain functions, such as sharing the content of the website on social media platforms, collecting feedback and other third-party functions.
| Cookie | Duration | Description |
|---|---|---|
| wp-wpml_current_language | Session | The multilingual WordPress plugin sets this cookie to save the current language/language settings. |
| VISITOR_INFO1_LIVE | 6 months | YouTube sets this cookie to measure bandwidth and determine whether the user is receiving the new or the old player interface. |
| yt-remote-connected-devices | Never expires | YouTube sets this cookie to store the user’s video preferences using embedded YouTube videos. |
| ytidb::LAST_RESULT_ENTRY_KEY | Never expires | The cookie ytidb::LAST_RESULT_ENTRY_KEY is used by YouTube to store the last search result entry that was clicked by the user. This information is used to improve the user experience by providing more relevant search results in the future. |
| yt-remote-device-id | Never expires | YouTube sets this cookie to store the user’s video preferences using embedded YouTube videos. |
| yt-remote-session-name | Session | The yt-remote-session-name cookie is used by YouTube to store the user’s video player preferences using embedded YouTube video. |
| yt-remote-fast-check-period | Session | The yt-remote-fast-check-period cookie is used by YouTube to store the user’s video player preferences for embedded YouTube videos. |
| yt-remote-session-app | Session | The yt-remote-session-app cookie is used by YouTube to store user preferences and information about the interface of the embedded YouTube video player. |
| yt-remote-cast-available | Session | The yt-remote-cast-available cookie is used to store the user’s preferences regarding whether casting is available on their YouTube video player. |
| yt-remote-cast-installed | Session | The yt-remote-cast-installed cookie is used to store the user’s video player preferences using embedded YouTube video. |
Analysis cookies are used to understand how visitors interact with the website. These cookies are used to make statements about the number of visitors, bounce rate, origin of visitors, etc.
| Cookie | Duration | Description |
|---|---|---|
| _ga_* | 1 year 1 month 4 days | Google Analytics sets this cookie to store and count page views. |
| _ga | 1 year 1 month 4 days | Google Analytics sets this cookie to calculate visitor, session and campaign data and to track website usage for the website analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize individual visitors. |
| YSC | Session | Youtube sets this cookie to track the views of embedded videos on Youtube pages. |
Advertising cookies are used to deliver tailored advertising to visitors based on the pages they have previously visited and to analyze the effectiveness of advertising campaigns.
| Cookie | Duration | Description |
|---|---|---|
| _gcl_au | 3 months | Google Tag Manager sets the cookie to test the advertising effectiveness of websites that use its services. |
Other uncategorized cookies are those that are analyzed and have not yet been categorized.
| Cookie | Duration | Description |
|---|---|---|
| __Secure-ROLLOUT_TOKEN | 6 months | Description is currently not available. |
| __Secure-YEC | past | Description is currently not available. |
| __Secure-YNID | 6 months | Description is currently not available. |
5. contact and inquiries
If you contact us via a contact form provided on the website, via e-mail, by post or telephone or send us inquiries, we will process the personal data you provide, such as your name, address, e-mail address, telephone number, etc.
6. newsletters, webinars and white papers
6.1 If you register for our newsletter, sign up for one of our webinars or download one of our white papers, we will process the personal data you provide, such as your name, email address, name of your organization, etc.
6.2 You can unsubscribe from receiving a newsletter or participating in a webinar at any time. You will find detailed information on this in the footer of each newsletter or in the respective registration confirmation.
IV. Purposes & legal bases of data processing
1. the personal data mentioned under III 1 are processed by us for the purpose of the secure operation of our website on the legal basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR).
2 The purposes of the processing of personal data in the context of SaaS services provided by us are set out in our GTC and the processor contract, which also form the legal basis for this data processing.
3. the personal data mentioned under III 3.2 (technically necessary cookies) are processed by us for the purpose of the secure operation of our website on the legal basis of our legitimate interest (Art. 6 para. 1 lit. f GDPR). See also III 3.2. the personal data mentioned under III 3.3 (technically non-essential cookies) are processed by us for the purpose of optimizing our website or the user experience and our range of services as well as for statistical and marketing purposes on the legal basis of the consent you have given (Article 6 (1) (a) GDPR). See also under III 3.3.
4. the personal data mentioned under III 4 will be processed by us for the purpose of processing and responding to communications and inquiries of all kinds, including questions and orders regarding our products and services, applications as well as requests for information and other requests pursuant to Art. 15 et seq. GDPR; these processing operations are based either on the legal basis of the performance of a contract concluded with you or the implementation of pre-contractual measures or the fulfillment of our legal obligations under the GDPR and other regulations to which we are subject (Art. 6 para. 1 lit. b and c GDPR).
5. the personal data or categories of personal data mentioned under III 5 are used by us for the purpose of sending our newsletters and whitepapers or for organizing our webinars. This is done either on the legal basis of the consent you have given (Article 6 (1) (a) GDPR) or to fulfill a contract concluded with you or to carry out pre-contractual measures (Article 6 (1) (b) GDPR).
V. Recipients of personal data; transfer to third countries
1. for the purposes mentioned under IV, we transfer your personal data to affiliated companies and to the IT service providers we use (including the service providers of technically non-essential cookies mentioned under III 3.3, provided you have given your consent). Some of these recipients have their registered office or connections in countries outside the European Union or the Agreement on the European Economic Area (the“third countries“). The level of data protection in third countries may not correspond to that of the European Union. However, we only transfer personal data to recipients based in or connected to third countries for which the European Commission has decided that they have an adequate level of data protection, or we take additional measures to ensure an adequate level of data protection. If necessary, we conclude agreements with recipients in third countries on the protection of personal data, including the standard data protection clauses issued by the European Commission pursuant to Article 46(2)(c) GDPR. Detailed information on this is available on request at dpo@medudoc.om.
2. your personal data will only be transmitted to other recipients if and insofar as we are obliged to do so by law or by court or official order or if this is necessary in the event of security breaches (e.g. attacks on our website) or for legal or criminal prosecution.
VI Storage period
The personal data mentioned under III will be processed by us for as long as this is necessary to achieve the purposes mentioned under IV and is permitted under applicable law, unless statutory retention obligations or limitation periods for potential legal claims justify a longer retention period.
VII Rights of data subjects
1. you have the following rights under the GDPR:
- You have the right to obtain information about whether and which personal data we process about you and to whom we transfer this data.
- You have the right to request the rectification, restriction of processing or erasure of your personal data processed by us if you believe that it is inaccurate or incomplete or is being processed unlawfully in whole or in part.
- You have the right to object to the processing of your personal data processed by us on the legal basis of a legitimate interest if you believe that your interests outweigh ours.
- Under certain circumstances, you have the right to receive personal data provided by you in a structured, commonly used and machine-readable format and to have it transmitted to a third party designated by you.
- You have the right to withdraw your consent to the processing of personal data at any time with effect for the future. However, this does not affect the lawfulness of the data processing carried out on the basis of your consent until revocation.
- You have the right to lodge a complaint with the competent data protection authority.
2. if you wish to exercise any of the above rights, please contact dpo@medudoc.com.
VIII No obligation to provide personal data; no automated decision-making
1. the personal data mentioned under III 1 and III 3.1 are collected automatically when the website is accessed. Otherwise, you are under no legal or contractual obligation to provide us with personal data.
2. we do not carry out automated decision-making (including profiling) on the basis of personal data provided by you.
IX. Competent supervisory authority
Responsible is the
Austrian Data Protection Authority
Barichgasse 40-42
A-1030 Vienna
Phone: +43 1 52 152-0
E-mail: dsb@dsb.gv.at.
— Status November 2025