The Institute for Medical Informatics, Statistics and Documentation of the Medical University of Graz has developed
our Services, and does not apply to online websites or services that we do not own or control.
understand your privacy choices when you use our Sites and Services. The meaning of some (capitalized) terms used throughout
For further questions on data protection aspects, please refer to the section Contact for Data Protection Issues.
What Personal Data Do We Collect?
We collect Personal Data about you when you visit our Sites or use our Services, including the following:
- Registration and use information: When you register to use our Services by establishing an account, we will
collect the Personal Data necessary to provide the requested Services. Depending on the Services selected, it may be
necessary to provide name, address, phone number, email address and other identification information in order to
set up an account. We may require you to provide us with additional Personal Data as you use our Services.
- Action information: When you access our Sites or use our Services, we collect information about the
actions performed and other information related to the actions, such as Device Information and Technical Usage Data.
- Other data collected: We may collect additional information from or about you when you communicate with us,
contact our Customer Support team or participate in a survey.
Why Do We Retain Personal Data?
We retain Personal Data in an identifiable format for the least amount of time necessary to fulfill our legal or
regulatory obligations and for our business purposes. If an account has been deactivated, we can take measures to
continue using data in anonymous form.
How Do We Process Personal Data?
We may Process your Personal Data for the following reasons, which are permitted under the data protection laws
of the European Union:
- To operate the Sites and provide the Services, including to:
- authenticate access to an account,
- manage the association of user accounts to different trials,
- communicate with Users regarding their account and our Services, for example, to respond to questions
you have directed to our Customer Support team.
- To manage our business needs, such as billing, monitoring, analyzing and improving the performance and functionality
of Sites and Services. For example, we analyze user behavior and the use of our Services.
- For our legitimate interests, including to enforce the Terms and Conditions of our Sites and Services.
When is Personal Data Shared?
For business reasons, we may share Personal Data with third parties if such disclosure is legally permissible or
necessary. This applies in particular in the following cases:
- if we are obliged to comply with the law, legal process or regulations, for example in the context of criminal prosecution, a court order or other legal processes, if the Medical University of Graz is affected;
- if we believe that the disclosure of Personal Data is necessary and appropriate to prevent physical damage or financial loss or to support the investigation of a possible or actual illegal activity;
- to investigate violations of the terms or other legal provisions applicable to our Services or to enforce these legal instruments;
- to protect our assets, services and legal rights;
- to our banking partners;
- to credit reporting and collection agencies, and
- to support our audit, compliance and corporate management functions.
In addition, we may share aggregated statistical information with third parties to understand how, when and why
Users access our Sites and use our Services. Users cannot be personally identified with this data. The data
does not contain any information on the use of the Sites or Services by identifiable individuals. We do not
share Personal Data with third parties for their marketing activities without the consent of the respective persons.
How are Cookies and Tracking Technologies Used?
collectively referred to as "Cookies") to identify you as a User. Some aspects and functions of our Sites and
Services are only available using Cookies. If you deactivate or reject Cookies, the use of the Sites and services
may be restricted or may no longer be possible.
Do Not Track (DNT) is an optional browser setting that allows you to express your preferences regarding
tracking by advertisers and other third parties. We do not respond to DNT signals.
What Privacy Choices Are Available To You?
Many of your choices may be explained at the time when using the Site or registering for or using a Service. You may be
provided with instructions as you navigate through the Site or Service.
- Choices relating to registration and account information: If you have an Account, you generally may review and
edit Personal Data by logging in and updating the information directly or by contacting us. If you do not have an account
or if you have questions about account information or other Personal Data, please contact us.
- Choices relating to the collection of Personal Data: You may refuse to provide Personal Data when it is requested
by the Services. In this case, however, certain or all Services may be unavailable to you.
- Choices relating to communication: We will send messages to you that are required or necessary for all customers
of our Services, notifications that contain important information, and other messages that you request from us.
You may not opt out of receiving some of these communications.
- Choices relating to Cookies: You have several options to manage your Cookie settings. Depending on the browser or
Internet device, you can delete, deactivate or block certain Cookies or tracking technologies. You can use these options;
however, this may prevent you from using basic functions of our Sites or Services. Further information can be found at
What Are Your Rights?
Subject to limitations set out in the European GDPR, you have certain rights in respect of your Personal Data. In particular,
you have a right of access, rectification, restriction, opposition, erasure, and data portability. Please contact us if you
wish to exercise these rights; credible proof of your identity must be provided.
If you have an account with one of our Services, you can usually check and edit personal information in that account by
logging in and directly updating the information.
How Do We Protect Personal Data?
We maintain organizational, physical, technical and administrative security measures designed to provide reasonable protection
for Personal Data against loss, misuse, unauthorized access, disclosure, and alteration.
The security measures include firewalls, data encryption, physical access restrictions to our data centers, and authorization
controls for access to data. While we are dedicated to securing our systems and Services, you are responsible for
securing and maintaining the privacy of your password(s) and account registration information and verifying that the Personal Data
we maintain about you is accurate and current.
the handling of Personal Data. Our Data Protection Officer can be reached at
If you are not satisfied with the way in which we address your concerns, you have the right to lodge a complaint with
the supervisory authority for data protection in your country.
The revised version is effective from the date of publication.
If the revised version includes a substantial change, we will provide you with 14 days prior notice by posting notice
of the change on our Sites. We also may notify Users of the change using email or other means.
- Device Information means data that can be automatically collected from any device used to access the Site or Services.
Such information may include, but is not limited to, the device type; the device's network connections; the device's name;
the device's IP address; information about the web browser and internet connection used to access the Site or Services.
- Personal Data means information that can be associated with an identified or directly or indirectly identifiable natural person.
Personal Data can include, but is not limited to, name, postal address (including billing and shipping addresses), telephone number,
email address, payment card number, other financial account information, account number, date of birth, and government-issued
credentials (e.g., driver's license number, national ID, passport number).
- Services means any products, services, content, features, technologies, or functions, and all related websites,
applications and services offered to you by the Institute for Medical Informatics, Statistics and Documentation of the
Medical University of Graz with an account.
- Sites means the websites, mobile apps, official social media platforms, or other online properties through which
the Institute for Medical Informatics, Statistics and Documentation of the Medical University of Graz offers the Services and
- Technical Usage Data means information collected from the User's phone, computer or other device that is used to access
the Sites or Service. Technical Usage Data tells us how Users use our Sites and Services, such as what they have searched for and
viewed on the websites and the way they use the Services, including the IP address, statistics regarding how pages are loaded or
viewed, the websites visited before coming to the websites and other usage and browsing information collected through cookies.
- User means an individual who uses the Services or accesses the Sites and has established a relationship with us (for example,
by opening an account and agreeing to the Terms & Conditions) or otherwise uses the Services.