MTG Wien und Pulse Dynamics Ltd (both papimi Headquarters) applaud the General Data Protection Regulation. The success of our company is based on our customers’ and colleagues’ trust in our ability to deliver first-class quality. We are aware of our responsibility when processing personal data and therefore undertake to fully comply with data protection law within the scope of our social responsibility. Respecting the personal rights and privacy of each individual is our topmost priority when handling personal data.
We act in accordance with the principles of data security, lawfulness, transparency, purpose and storage limit. In accordance with the information requirements incumbent on contracting entities, we kindly ask you to take note of the following communication:
We collect and process personal data exclusively for the purposes that were defined before the data was collected. We only process personal data that is required to process our services and manage information subscribers, interested parties, partners in discussion, customers, users and workshop, seminar and event participants. This is only the case for as long as the service is being performed or for as long as we are obliged to do so by legal provisions.
All personal data is processed in strict compliance with the applicable data protection regulations. We do not publish personal data without consent or pass it on to third parties without authorization.
The data is processed and transmitted for the purpose of settling payments and ensuring compliance with recording, disclosure and reporting obligations to the extent required by laws or standards of collective legal provisions or contractual obligations, including electronically created and archived text documents (e.g. correspondence) in these matters. Without this data, we cannot conclude or perform an agreement/contract with you. This also applies to all voluntary social benefits as well as to external training and development offers. The relevant data in each individual case is transmitted to the following areas based on the legal provisions or the contractual agreement:
We collect and process the personal data of information subscribers, interested parties, partners in discussion, customers, users and workshop, seminar and event participants as well as financial data for the purpose of providing individual-related category management, support and information. We store the personal data for the duration of the contractual relationship or for as long as any claims still exist in relation to it.
Case histories, disease symptoms and patient data submitted to us are processed in line with, and according to, the strict requirements of the Medical Devices Act.The processing of this data is necessary for reasons of public interest in the area of public health, in particular to ensure high standards of quality and safety of health care and of medicinal products and medical devices (article 9 (2)(i) GDPR).
The personal data that we process is stored and secured with particular care both on a technical and on an organisational level. It is protected against accidental or illicit destruction and loss, and we ensure that it is used in a lawful manner and protected from unauthorised access.
Based on a contractual agreement with us, all our Processors have undertaken to also take all technical and organisational measures to ensure secure processing. This is regularly checked by our Controller.
We would like to point out that, for the purpose of simplifying the purchasing process and for the subsequent contract processing by the online store operator within the scope of cookies, the subscriber’s IP data is stored along with the purchaser’s name, address and account or credit card number.
We also store the following data for the purpose of contract processing:
The data that you provide is required to perform a contract or to take pre-contractual measures. Without this data, we cannot conclude a contract with you. Data is not transferred to third parties with the exception of transmitting credit card data to the processing bank institute/payment service provider for the purpose of debiting the purchase price, to transport/shipping companies commissioned by us to prepare the goods and to our tax adviser to fulfil our tax obligations.
After cancellation of the purchasing process, the data stored with us will be erased. In the event that a contract is concluded, all data arising from the contractual relationship will be stored until expiry of the tax retention period (7 years) for the purchase of a medical device, in compliance with the Medical Devices Act (MPG), throughout the duration of operation of the device.
The name, address, purchased goods and purchase date data will also be stored until expiry of the product liability period (10 years). The data is processed based on the legal provisions of article 96 (3) of the Telecommunications Act (TKG) as well as article 6 (1)(a) (consent) and/or (b) (necessary for performance of the contract) GDPR.
Order data processing takes place if a Processor is commissioned to process personal data without being given responsibility for the associated business process. In these cases, we conclude an order data processing agreement with the external Processor. In doing so, we retain full responsibility for the correct performance of the data processing operations under data protection law. The Processor may only process personal data within the scope of the Controller’s instructions.
We only work together with Processors (e.g. IT companies, technical services, printing companies, transport companies or shipping agents) which provide sufficient guarantees that appropriate technical and organisational measures will be taken during processing in accordance with the requirements of the GDPR, and which ensure protection of the personal data. The processing of orders by a Processor takes place solely on the basis of a contract with us which precisely specifies the duration, nature and purpose of the processing operation. All Processors which process and verify personal data, regularly check that the provisions under data protection law are observed.
Within the context of the data processing operations in question, we process personal data in the following categories: name, address details, electronic contact data, bank details, attendance data, account data. This data is processed for the following purposes: invoicing, keeping address directories, lists of attendees, events administration, information. The legal basis of the processing is: the data subject’s consent, fulfilment of a contract concluded with the data subject, fulfilment of a legal obligation by the contracting entity, fulfilment of a task in the public interest by the contracting entity, legitimate prevailing interests of the contracting entity, the purposes of archive management, statistics or research.
The data has been made public by the data subject himself. If the provision of personal data for this data processing is stipulated by law, contractually required or necessary to conclude a contract, failure to provide the data by the data subject may mean that the contracting entity’s obligations towards you cannot be met.
The event participant agrees, for the respective event, to the publication of photos, videos and the like, on which he can be seen.
The event participant transfers an authorisation to use the work for copyrighted works arising in connection with the event to the event organiser for the purpose of general and public interest.
Case histories, disease symptoms and patient data submitted to us are processed in line with, and according to, the strict requirements of the Medical Devices Act. See also types of data and processing purpose. The processing of this data is necessary for reasons of public interest in the area of public health, in particular to ensure high standards of quality and safety of health care and of medicinal products and medical devices (article 9 (2)(i) GDPR).
The protection of your personal data is of primary concern to us. Therefore, we process your data exclusively on the basis of legal provisions (GDPR, TKG 2003). In this data protection information, we inform you about the most important aspects of data processing within the scope of our website.
Google Analytics – collection of data to improve the information and functionalities of the website as well as marketing
Google Maps – presentations of maps
Mailchimp – email transfer service
Google ReCaptcha – spam prevention service
This data is processed for the purpose of enabling the website to be used (establishing a connection), system security, technical administration of the network infrastructure and optimisation of the internet service.
Stripe – payment service provider (processing of credit card payments or instant bank transfers)
More concrete privacy policies for the spheres of action of international agencies are summarised on their websites.
Our website uses “cookies”. These are small text files which are stored on your device with the aid of the browser. They do not cause any damage.
If you do not wish this to take place, you can adjust your browser settings so that it informs you about the placement of cookies and so that you only allow this in individual cases.
The disabling of cookies may restrict the functionality of our website.
Our website uses functions of the Google web analysis service (Google Analytics, Google Tag Manager, Google Search Console, ReCaptcha & Google Maps),
Address: Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
For this purpose, cookies are used which enable an analysis of the way in which your users use the website. The information generated in this way is transferred to the provider’s server where it is stored. You can prevent this by setting up your browser so that cookies are not stored.
We have concluded an order data processing contract with the provider to this effect.
Your IP address is recorded but immediately pseudonymised (e.g. by deleting the last 8 bits). This makes only approximate localisation possible.
The data is processed based on the legal provisions of article 96 (3) TKG as well as article 6 (1)(a) (consent) and/or (f) (legitimate interest) GDPR.
What concerns us within the meaning of the GDPR (legitimate interest) is the improvement of our offer and our internet presence. As the privacy of our users is important to us, user data is pseudonymised. User data is stored for a period of 26 months.
Contributions on this website may contain embedded content (e.g. videos, images, contributions, etc.). Embedded content from other websites behaves exactly as if the visitor had visited the other websites.
To provide a uniform presentation, our website uses certain fonts known as “Web Fonts” from Adobe Typekit. The provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe).
When viewing our sites, your browser loads the necessary fonts directly from Adobe in order to be able to display them correctly on your device. In the process, your browser establishes a connection with Adobe’s servers in the USA. In this way, Adobe becomes aware that our website was accessed via your IP address. According to Adobe, no cookies are stored during the provision of fonts.
The use of Adobe Typekit Web Fonts is required to guarantee a uniform typography on our website and ensure improved loading times. This represents a legitimate interest within the meaning of article 6 (1)(f) GDPR.
You can find more information about Adobe Typekit Web Fonts at:
If you do not consent to the storage and use of your data, you can disable storage and use here. If you do so, an opt-out cookie will be stored in your browser to prevent usage data from being stored. If you delete your cookies, this will result, for example, in the opt-out cookies being deleted too. You will then have to re-enable the opt-out when you visit our website again.
We process personal data which falls into the following categories:
You have voluntarily provided us with your data and we process this data based on your consent for the following purposes:
We conduct events on social media platforms in order to communicate with you and inform you about our activities.
You can subscribe to our newsletter via our website. For this, we require your email address and a declaration from you that you agree to receive the newsletter.
As soon as you subscribe to the newsletter, we will send you a confirmation email with a link to confirm your subscription.
You can cancel your subscription to the newsletter at any time. To do so, click on the Unsubscribe button directly in the email OR send your cancellation request to the following email address: email@example.com.
We will then immediately erase your data in connection with the distribution of the newsletter. This withdrawal of consent does not affect the legality of the processing carried out on the basis of consent until withdrawal.
We collect and process the contact details of our service partners in order to make the interconnection of demand and supply available (papimi Finder) or to provide you with information in a targeted manner. This includes voluntarily provided information about fields of interest, subject specification/discipline, contact details, location/business address and similar.
The data is processed based on the legal basis of the express consent of the respective service partner. This consent can be withdrawn at any time.
The Data Protection Officer works in close collaboration with the top organisational level and is the first point of contact for questions concerning data protection and data security. They come together at regular intervals to deal with questions of data security and data protection.
Where necessary, the DPO works with the supervisory authority and is the point of contact for the supervisory authority for questions relating to the processing of personal data, including prior consultation. Data subjects can consult the Data Protection Officer for all questions relating to the processing of their personal data and the exercise of their rights.
In the event of a personal data breach, we are obliged to immediately inform the data protection authorities of said breach. If the breach is likely to adversely affect the privacy of persons or the personal data itself, the data protection authorities may – having considered the likely adverse effects of the breach – require us to notify the data subject thereof.
As the data subject, you have a right to be informed about the personal data that we store about you, a right to rectify inaccurate data, a right to restriction, a right to withdraw consent to the processing of your data and a right to erasure. In order to exercise these rights, you must prove your identity in a suitable manner.
Our information office will make our statements about the origin, all possible recipients or groups of recipients of transmissions, the purpose for which the data is used and the legal basis thereof available in a generally understandable form. At your request, the names and addresses of Processors are also made known.
As the requester of the information, you must cooperate to a reasonable extent in the information procedure in order to avoid the Controller having to make an unjustified and disproportionate effort.
Within a month of receipt of your request, we will provide the information or explain in writing why it cannot be provided or not provided in full.
For information about your personal data or its rectification or erasure, or if you have further questions about the use of the personal data that you have provided us with, please contact our Data Protection Officer. You can find the DPO’s contact details at the end of this privacy statement.
In sum, you have the right to be informed, the right to rectification, erasure, restriction and transfer of data, the right to withdraw your consent, and the right to object with regard to the data that we store about you. If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can file a complaint with us at firstname.lastname@example.org or with the data protection authorities (http://www.dsb.gv.at).
As this information is subject to the current legal situation and as our services are constantly being further developed, we reserve the right to change this data policy accordingly in the future. We recommend that you read this data policy regularly in order to remain updated about the protection of the personal data that we collect.
Data Protection Officer: Dino W. Gump, email@example.com