MTG Wien und Pulse Dynamics Ltd (both papimi Headquarters) applaud the General Data Protection Regulation. The success of our company is based on our customers’ and colleagues’ trust in our ability to deliver first-class quality. We are aware of our responsibility when processing personal data and therefore undertake to fully comply with data protection law within the scope of our social responsibility. Respecting the personal rights and privacy of each individual is our topmost priority when handling personal data.

We act in accordance with the principles of data security, lawfulness, transparency, purpose and storage limit. In accordance with the information requirements incumbent on contracting entities, we kindly ask you to take note of the following communication:

General data processing within the scope of the agreement/contractual relationship

We collect and process personal data exclusively for the purposes that were defined before the data was collected. We only process personal data that is required to process our services and manage information subscribers, interested parties, partners in discussion, customers, users and workshop, seminar and event participants. This is only the case for as long as the service is being performed or for as long as we are obliged to do so by legal provisions.

All personal data is processed in strict compliance with the applicable data protection regulations. We do not publish personal data without consent or pass it on to third parties without authorization.

The data is processed and transmitted for the purpose of settling payments and ensuring compliance with recording, disclosure and reporting obligations to the extent required by laws or standards of collective legal provisions or contractual obligations, including electronically created and archived text documents (e.g. correspondence) in these matters. Without this data, we cannot conclude or perform an agreement/contract with you. This also applies to all voluntary social benefits as well as to external training and development offers. The relevant data in each individual case is transmitted to the following areas based on the legal provisions or the contractual agreement:

    1. Manufacturer’s plant/medical technical device file
    2. Processors (e.g. authorised service providers)
    3. Employees representing the company and acting as the point of contact
    4. Supervisory bodies and entities
    5. Tax office or customs office
    6. Local authorities and district administrative authorities in administrative police matters
    7. Legal interest groups
    8. Training and development providers
    9. Legal representatives
    10. Courts
    11. Debtors of the data subject as well as other parties involved in any associated legal proceedings, including voluntary wage assignments for outstanding debt
    12. Banks involved in making the payment to the data subject/collection from the data subject or to third parties
    13. Insurance institutions within the scope of an existing group policy or individual insurance policy

Processing purpose

We collect and process the personal data of information subscribers, interested parties, partners in discussion, customers, users and workshop, seminar and event participants as well as financial data for the purpose of providing individual-related category management, support and information. We store the personal data for the duration of the contractual relationship or for as long as any claims still exist in relation to it.

Case histories, disease symptoms and patient data submitted to us are processed in line with, and according to, the strict requirements of the Medical Devices Act.The processing of this data is necessary for reasons of public interest in the area of public health, in particular to ensure high standards of quality and safety of health care and of medicinal products and medical devices (article 9 (2)(i) GDPR).

Data security measures

The personal data that we process is stored and secured with particular care both on a technical and on an organisational level. It is protected against accidental or illicit destruction and loss, and we ensure that it is used in a lawful manner and protected from unauthorised access.
Based on a contractual agreement with us, all our Processors have undertaken to also take all technical and organisational measures to ensure secure processing. This is regularly checked by our Controller.

Data storage

We would like to point out that, for the purpose of simplifying the purchasing process and for the subsequent contract processing by the online store operator within the scope of cookies, the subscriber’s IP data is stored along with the purchaser’s name, address and account or credit card number.
We also store the following data for the purpose of contract processing:

  • Tax identification number
  • Line of business
  • Specialist category/discipline.


The data that you provide is required to perform a contract or to take pre-contractual measures. Without this data, we cannot conclude a contract with you. Data is not transferred to third parties with the exception of transmitting credit card data to the processing bank institute/payment service provider for the purpose of debiting the purchase price, to transport/shipping companies commissioned by us to prepare the goods and to our tax adviser to fulfil our tax obligations.

After cancellation of the purchasing process, the data stored with us will be erased. In the event that a contract is concluded, all data arising from the contractual relationship will be stored until expiry of the tax retention period (7 years) for the purchase of a medical device, in compliance with the Medical Devices Act (MPG), throughout the duration of operation of the device.

The name, address, purchased goods and purchase date data will also be stored until expiry of the product liability period (10 years). The data is processed based on the legal provisions of article 96 (3) of the Telecommunications Act (TKG) as well as article 6 (1)(a) (consent) and/or (b) (necessary for performance of the contract) GDPR.


Order data processing takes place if a Processor is commissioned to process personal data without being given responsibility for the associated business process. In these cases, we conclude an order data processing agreement with the external Processor. In doing so, we retain full responsibility for the correct performance of the data processing operations under data protection law. The Processor may only process personal data within the scope of the Controller’s instructions.

We only work together with Processors (e.g. IT companies, technical services, printing companies, transport companies or shipping agents) which provide sufficient guarantees that appropriate technical and organisational measures will be taken during processing in accordance with the requirements of the GDPR, and which ensure protection of the personal data. The processing of orders by a Processor takes place solely on the basis of a contract with us which precisely specifies the duration, nature and purpose of the processing operation. All Processors which process and verify personal data, regularly check that the provisions under data protection law are observed.

Data processing within the scope of our events

Within the context of the data processing operations in question, we process personal data in the following categories: name, address details, electronic contact data, bank details, attendance data, account data. This data is processed for the following purposes: invoicing, keeping address directories, lists of attendees, events administration, information. 
The legal basis of the processing is: the data subject’s consent, fulfilment of a contract concluded with the data subject, fulfilment of a legal obligation by the contracting entity, fulfilment of a task in the public interest by the contracting entity, legitimate prevailing interests of the contracting entity, the purposes of archive management, statistics or research.

The data has been made public by the data subject himself. If the provision of personal data for this data processing is stipulated by law, contractually required or necessary to conclude a contract, failure to provide the data by the data subject may mean that the contracting entity’s obligations towards you cannot be met.

The event participant agrees, for the respective event, to the publication of photos, videos and the like, on which he can be seen.
The event participant transfers an authorisation to use the work for copyrighted works arising in connection with the event to the event organiser for the purpose of general and public interest.

Case histories, disease symptoms and patient data submitted to us are processed in line with, and according to, the strict requirements of the Medical Devices Act. See also types of data and processing purpose. The processing of this data is necessary for reasons of public interest in the area of public health, in particular to ensure high standards of quality and safety of health care and of medicinal products and medical devices (article 9 (2)(i) GDPR).

  • Note on photos and/or film recordings – events
Important note:
During the events that we organise, photos and films (including sound) are recorded. If you do not wish to be photographed or filmed, you can talk directly to the photographer or camera operator.
  • Purpose: the recordings may be published on the intranet, online portal, social media channels of the Controller as well as on radio, TV and print media (including books).
  • Duration of the processing: the recordings are stored for 7 years and then erased.
  • Legal basis and legitimate interest: the processing takes place on the basis of the Controller’s legitimate interest to document the event that it is organising with imagery, and to report positively on the event to a wider public (article 6 (1)(f) GDPR).

Data processing within the scope of our website

The protection of your personal data is of primary concern to us. Therefore, we process your data exclusively on the basis of legal provisions (GDPR, TKG 2003). In this data protection information, we inform you about the most important aspects of data processing within the scope of our website.

When visiting our websites, your IP address and the start and end of the visit are recorded for the duration of the visit. This is required for technical reasons and represents a legitimate interest within the meaning of article 6 (1)(f) GDPR. Unless otherwise regulated in our privacy policy, we do not further process this data.


  • IP address of requesting computer
  • Date and time of access
  • Name and URL of data being requested
  • Transferred data volume
  • Notification of whether the request was successful
  • Identification data of the browser and operating system being used
  • Website from which the access takes place


Google Analytics – collection of data to improve the information and functionalities of the website as well as marketing
Google Maps – presentations of maps
Mailchimp – email transfer service
Google ReCaptcha – spam prevention service
This data is processed for the purpose of enabling the website to be used (establishing a connection), system security, technical administration of the network infrastructure and optimisation of the internet service.
Stripe – payment service provider (processing of credit card payments or instant bank transfers)

This privacy policy applies to the and websites of MTG-Wien and its subdomains. Individual sites may contain links to other providers within and outside of Austria to which the privacy policy does not apply. We do not assume liability for this content.
More concrete privacy policies for the spheres of action of international agencies are summarised on their websites.


Our website uses “cookies”. These are small text files which are stored on your device with the aid of the browser. They do not cause any damage.
We use cookies to structure our offer in a more user-friendly way. Some cookies remain stored on your device until you delete them. They enable us to recognise your browser the next time you visit us.
If you do not wish this to take place, you can adjust your browser settings so that it informs you about the placement of cookies and so that you only allow this in individual cases.
The disabling of cookies may restrict the functionality of our website.

Web analysis

Our website uses functions of the Google web analysis service (Google Analytics, Google Tag Manager, Google Search Console, ReCaptcha & Google Maps),
Address: Google Ireland Limited (“Google”), Gordon House, Barrow Street, Dublin 4, Ireland.
For this purpose, cookies are used which enable an analysis of the way in which your users use the website. The information generated in this way is transferred to the provider’s server where it is stored. You can prevent this by setting up your browser so that cookies are not stored.
We have concluded an order data processing contract with the provider to this effect.
Your IP address is recorded but immediately pseudonymised (e.g. by deleting the last 8 bits). This makes only approximate localisation possible.
The data is processed based on the legal provisions of article 96 (3) TKG as well as article 6 (1)(a) (consent) and/or (f) (legitimate interest) GDPR.
What concerns us within the meaning of the GDPR (legitimate interest) is the improvement of our offer and our internet presence. As the privacy of our users is important to us, user data is pseudonymised. User data is stored for a period of 26 months.

Embedded content from other websites

Contributions on this website may contain embedded content (e.g. videos, images, contributions, etc.). Embedded content from other websites behaves exactly as if the visitor had visited the other websites.
These websites may collect data about you, use cookies, embed additional third party tracking services and record your interaction with this embedded content, including your interaction with the embedded content if you have an account and are registered on this website.

Adobe Typekit Web Fonts

To provide a uniform presentation, our website uses certain fonts known as “Web Fonts” from Adobe Typekit. The provider is Adobe Systems Incorporated, 345 Park Avenue, San Jose, CA 95110-2704, USA (Adobe).
When viewing our sites, your browser loads the necessary fonts directly from Adobe in order to be able to display them correctly on your device. In the process, your browser establishes a connection with Adobe’s servers in the USA. In this way, Adobe becomes aware that our website was accessed via your IP address. According to Adobe, no cookies are stored during the provision of fonts.
The use of Adobe Typekit Web Fonts is required to guarantee a uniform typography on our website and ensure improved loading times. This represents a legitimate interest within the meaning of article 6 (1)(f) GDPR.
You can find more information about Adobe Typekit Web Fonts at:
Adobe’s privacy policy can be found at:

Objection to the collection of data

If you do not consent to the storage and use of your data, you can disable storage and use here. If you do so, an opt-out cookie will be stored in your browser to prevent usage data from being stored. If you delete your cookies, this will result, for example, in the opt-out cookies being deleted too. You will then have to re-enable the opt-out when you visit our website again.

Data processing within the scope of the papimi Experts area

We process personal data which falls into the following categories:

  • Name/company/practice
  • Job/job titles
  • Business address and other addresses of the customer
  • Contact details (phone number(s), fax number, email address(es), etc.)
  • Order data
  • Customer service enquiries


You have voluntarily provided us with your data and we process this data based on your consent for the following purposes:

  • Customer support (service, support, assistance, etc.)
  • Delivery of branded marketing materials (for your practice)
  • For your own advertising purposes, for example, sending offers, advertising brochures and newsletters (in paper and electronic format) as well as for the purpose of referring to the existing or previous business relationship with the customer (reference information).
  • You can withdraw this consent at any time. The consequence of withdrawal is that we will no longer process your data for the above-mentioned purpose from this point in time onwards. However, please note that, in the event of withdrawal, we will no longer be able to fulfil the contractual relationship with you. For withdrawal, please contact:
  • The data that you have already provided is further required to perform a contract or to take pre-contractual measures. Without this data, we cannot conclude or perform the contract with you.
  • We retain your login data for as long as your user profile is active. Following a request to disable/delete the profile, your data will be erased within a period of six months.Cookies
    We do not use any marketing or tracking cookies within the scope of papimi.experts. To process this data, we call upon Processors where necessary to perform the respective service. All Processors are bound by contract to handle your data confidentially and only to process it within the scope of our commissioning. We use the following Processors:
  • (US company with server hosting in the EU)
  • Mailgun (email service provider via a EU server)
  • AWARE GmbH (production of printed forms when ordering “Marketing Box”)
    No storage or further processing of your data takes place beyond this.

Social media platforms

We conduct events on social media platforms in order to communicate with you and inform you about our activities.
The processing of your personal data takes place on the basis of our legitimate interest to be able to fully and reliably inform you in a place where you like to communicate. This takes place in accordance with article 6 (1)(f) GDPR. For all detailed information (opt-out, privacy policy), please contact the operator of the social media platforms directly:

  • Facebook
    Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland. The Facebook website is operated based on an agreement on the joint processing of personal data. Here, you can find information about:
  • Page Insights Data:
  • Opt-out: und
  • Data privacy:
  • Cookies:
  • Twitter
    Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA. Here, you can find information about:
  • Opt-out:
  • Data privacy:
  • Instagram
    Instagram Inc., 1601 Willow Road, Menlo Park, CA, 94025, USA. Here, you can find information about opt-out and data privacy:
  • LinkedIn
    LinkedIn Corporation, ATTN: Copyright Agent, Legal Department, 1000 West Maude Avenue, Sunnyvale, CA 94085, USA. Here, you can find information about:
    Data privacy:


You can subscribe to our newsletter via our website. For this, we require your email address and a declaration from you that you agree to receive the newsletter.
As soon as you subscribe to the newsletter, we will send you a confirmation email with a link to confirm your subscription.
You can cancel your subscription to the newsletter at any time. To do so, click on the Unsubscribe button directly in the email OR send your cancellation request to the following email address:

We will then immediately erase your data in connection with the distribution of the newsletter. This withdrawal of consent does not affect the legality of the processing carried out on the basis of consent until withdrawal.

papimi Finder

We collect and process the contact details of our service partners in order to make the interconnection of demand and supply available (papimi Finder) or to provide you with information in a targeted manner. This includes voluntarily provided information about fields of interest, subject specification/discipline, contact details, location/business address and similar.

The data is processed based on the legal basis of the express consent of the respective service partner. This consent can be withdrawn at any time.

Data Protection Officer (DPO)

The Data Protection Officer works in close collaboration with the top organisational level and is the first point of contact for questions concerning data protection and data security. They come together at regular intervals to deal with questions of data security and data protection.
Where necessary, the DPO works with the supervisory authority and is the point of contact for the supervisory authority for questions relating to the processing of personal data, including prior consultation. Data subjects can consult the Data Protection Officer for all questions relating to the processing of their personal data and the exercise of their rights.

We ensure that the Data Protection Officer acts independently in the fulfilment of his tasks and not upon any instructions. The contact details of our Data Protection Officer can be found in the contact information at the end of the privacy policy.

Obligation to inform

In the event of a personal data breach, we are obliged to immediately inform the data protection authorities of said breach. If the breach is likely to adversely affect the privacy of persons or the personal data itself, the data protection authorities may – having considered the likely adverse effects of the breach – require us to notify the data subject thereof.

Information on the rights of data subjects

As the data subject, you have a right to be informed about the personal data that we store about you, a right to rectify inaccurate data, a right to restriction, a right to withdraw consent to the processing of your data and a right to erasure. In order to exercise these rights, you must prove your identity in a suitable manner.
Our information office will make our statements about the origin, all possible recipients or groups of recipients of transmissions, the purpose for which the data is used and the legal basis thereof available in a generally understandable form. At your request, the names and addresses of Processors are also made known.
As the requester of the information, you must cooperate to a reasonable extent in the information procedure in order to avoid the Controller having to make an unjustified and disproportionate effort.

Within a month of receipt of your request, we will provide the information or explain in writing why it cannot be provided or not provided in full.
For information about your personal data or its rectification or erasure, or if you have further questions about the use of the personal data that you have provided us with, please contact our Data Protection Officer. You can find the DPO’s contact details at the end of this privacy statement.

In sum, you have the right to be informed, the right to rectification, erasure, restriction and transfer of data, the right to withdraw your consent, and the right to object with regard to the data that we store about you. If you believe that the processing of your data violates data protection law or that your data protection rights have been violated in any other way, you can file a complaint with us at or with the data protection authorities (

Changes to this privacy policy

As this information is subject to the current legal situation and as our services are constantly being further developed, we reserve the right to change this data policy accordingly in the future. We recommend that you read this data policy regularly in order to remain updated about the protection of the personal data that we collect.

Controller within the meaning of article 13 (1)(a) GDPR

Papimi Headquarters Vienna
MTG – Medizinisch technische Geräte GmbH
Landstraßer Hauptstraße 146/11/B1, 1030 Vienna, Austria
Tel.: +43 1 597 92 52 0

Data Protection Officer: Dino W. Gump,