Privacy policy

The following information provides a simple overview of what happens to your personal data when you visit this website. Personal data is any data that can be used to identify you personally.
Detailed information on data protection can be found in the Privacy Policy set out below this text.

Data processing on this website is carried out by the joint controllers within the meaning of Article 26 GDPR:
Dr. Alma Kamenica
Specialist in Dermatology and Venereology
Ausstellungsstraße 7/4
1020 Vienna, Austria
Email: hautgesundheit@kamenica.at
Dr. Amra Kamenica
Specialist in Dentistry, Oral and Maxillofacial Medicine
Ausstellungsstraße 7/4
1020 Vienna, Austria
Email: zahngesundheit@kamenica.at
The internally agreed allocation of responsibilities between the controllers does not affect the rights of data subjects. Data subjects may exercise their rights under the GDPR with either of the above controllers.

Your data is collected, on the one hand, when you provide it to us. This may occur, for example, in the context of an email inquiry or via forwarding to online appointment booking with external providers.

Other data is collected automatically by our IT systems or based on your consent when you visit the website. This primarily includes technical data (e.g., internet browser, operating system, or time of page access). The collection of this data occurs automatically as soon as you enter this website.

Some of the data is collected to ensure the website is provided without errors.

Other data may – after your consent – be used to analyze your user behavior and for statistical evaluation of page views and interactions (e.g., clicks on appointment buttons).

You have the right at any time to receive information free of charge about the origin, recipients, and purpose of your stored personal data.

You also have the right to request the correction or deletion of this data.

If you have given consent to data processing, you may withdraw this consent at any time with effect for the future.

Furthermore, under certain circumstances you have the right to request the restriction of the processing of your personal data.

In addition, you have the right to lodge a complaint with the competent supervisory authority.

For this and for further questions about data protection, you may contact us at any time using the contact details provided in the Legal Notice (Impressum).

When you visit this website, your browsing behavior may be statistically evaluated.

This is done in particular using the following analytics and marketing tools:

• Google Analytics 4

• Meta Pixel

These tools are used exclusively on the basis of your consent.

Detailed information on this can be found in the following Privacy Policy.

This website is hosted by an external service provider (“host”). The host is:
World4You Internet Services GmbH
Hafenstraße 47–51
4020 Linz
Austria
The server locations are within the European Union (Austria).
The personal data collected on this website is stored on the host’s servers. This may include in particular IP addresses, meta and communication data, website access data, and other data generated via a website.
The use of the host is in the interest of secure, fast, and efficient provision of our online offering by a professional provider (Article 6(1)(f) GDPR).
Our host processes your data only to the extent necessary to fulfill its service obligations and in accordance with our instructions.
To ensure GDPR-compliant processing, we have concluded a data processing agreement with the host pursuant to Article 28 GDPR.

The protection of your personal data is a particular concern to us. We process your personal data confidentially and in accordance with statutory data protection regulations, in particular the General Data Protection Regulation (GDPR) and the Austrian Data Protection Act (DSG).
When you use this website, various personal data are collected. Personal data are data by which you can be personally identified.
This Privacy Policy explains what data we collect, for what purpose this occurs, and on what legal basis processing takes place.
We note that data transmission over the internet (e.g., when communicating by email) may have security vulnerabilities. Complete protection of data against access by third parties is not technically possible.

The joint controllers within the meaning of the GDPR are the persons named in Section 1.
The controllers jointly decide on the purposes and means of processing personal data (e.g., IP addresses, usage data, or contact data).

If we obtain the data subject’s consent for processing operations, Article 6(1)(a) GDPR serves as the legal basis.
When processing personal data that is necessary for the performance of a contract or for the implementation of pre-contractual measures, Article 6(1)(b) GDPR serves as the legal basis.
If processing personal data is necessary for compliance with a legal obligation, Article 6(1)(c) GDPR serves as the legal basis.
If processing is necessary to safeguard a legitimate interest and the interests, fundamental rights and freedoms of the data subject do not override it, Article 6(1)(f) GDPR serves as the legal basis.

Many data processing operations are only possible with your explicit consent.
You may withdraw previously given consent at any time with effect for the future. The legality of processing carried out up to the withdrawal remains unaffected.

If data processing is based on Article 6(1)(e) or (f) GDPR, you have the right to object to the processing of your personal data at any time for reasons arising from your particular situation.
If personal data is processed for direct marketing, you have the right to object at any time to the processing for the purposes of such advertising.

In the event of breaches of data protection law, you have the right to lodge a complaint with the competent supervisory authority.
The competent supervisory authority in Austria is:
Austrian Data Protection Authority (Österreichische Datenschutzbehörde)
Barichgasse 40–42
1030 Vienna
www.dsb.gv.at

In the event of breaches of data protection law, you have the right to lodge a complaint with the competent supervisory authority.
The competent supervisory authority in Austria is:
Austrian Data Protection Authority (Österreichische Datenschutzbehörde)
Barichgasse 40–42
1030 Vienna
www.dsb.gv.at

You have the right to receive data that we process automatically on the basis of your consent or in fulfillment of a contract in a commonly used, machine-readable format or to have it transmitted to a third party.

In the event of breaches of data protection law, you have the right to lodge a complaint with the competent supervisory authority.
The competent supervisory authority in Austria is:
Austrian Data Protection Authority (Österreichische Datenschutzbehörde)
Barichgasse 40–42
1030 Vienna
www.dsb.gv.at

The use of contact data published as part of the legal notice obligation for the transmission of advertising that has not been expressly requested is hereby objected to.

Our websites use so-called “cookies”. Cookies are small text files stored on your device and do not cause any harm.
Cookies may be stored temporarily for the duration of a session (session cookies) or permanently (persistent cookies). Session cookies are automatically deleted at the end of your visit. Persistent cookies remain stored on your device until you delete them or your browser deletes them automatically.
Cookies have different functions. Many cookies are technically necessary, because certain website functions would not work properly without them.
Other cookies serve to analyze user behavior or to statistically evaluate interactions (e.g., clicks on appointment buttons).
Technically necessary cookies are stored on the basis of Article 6(1)(f) GDPR.
Analytics and marketing cookies are set exclusively on the basis of your consent pursuant to Article 6(1)(a) GDPR. Consent can be withdrawn at any time.
An overview of the cookies used and their storage duration can be found in our consent management tool.
You can configure your browser so that you are informed about the setting of cookies and allow cookies only in individual cases, exclude cookies generally, or activate automatic deletion of cookies when closing the browser. If cookies are disabled, the functionality of this website may be restricted.

To manage the cookies and similar technologies used and to document your consent, we use the consent management tool “Cookiebot”.
The provider is Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark.
Cookiebot stores your consent or your withdrawal of consent for certain cookie categories. In particular, the following data are processed:
• IP address (in anonymized form)
• Date and time of consent
• Browser information
• URL of the visited page
• Your individual cookie settings
This data is stored to ensure legally required documentation of your consent pursuant to Article 7(1) GDPR.
Processing is based on Article 6(1)(c) GDPR (legal obligation) and Article 6(1)(f) GDPR (legitimate interest in legally compliant consent management).
A data processing agreement pursuant to Article 28 GDPR has been concluded with the provider.

The provider of the pages automatically collects and stores information in so-called server log files that your browser automatically transmits to us.
These include in particular:
• Browser type and browser version
• Operating system used
• Referrer URL
• Hostname of the accessing device
• Date and time of the server request
• IP address
This data is not merged with other data sources.
The collection of this data is based on Article 6(1)(f) GDPR.
Our legitimate interest lies in the technically error-free presentation, security, and optimization of our website.

If you contact us by email or telephone, your inquiry including all personal data arising from it (e.g., name, email address, telephone number, content of the inquiry) will be stored and processed by us for the purpose of handling your request.

Processing of this data is based on Article 6(1)(b) GDPR insofar as your request is related to initiating or performing a contract.

In all other cases, processing is based on our legitimate interest in effectively processing inquiries addressed to us (Article 6(1)(f) GDPR).

Your data will be deleted as soon as your request has been conclusively handled and no statutory retention obligations conflict with deletion.

This website uses Google Analytics 4, a web analytics service provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland.
Google Analytics uses technologies that enable analysis of the use of the website (e.g., cookies or similar technologies).
The information collected by Google Analytics about your use of this website is generally transmitted to and stored on Google servers.
The IP address is shortened by Google before storage. This rules out direct personal identification.
Google Signals is disabled. No personalized advertising functions are used.
The retention period for collected usage data is 2 months.
No health data, form content, or appointment booking details are transmitted to Google.
The use of Google Analytics is exclusively based on your consent pursuant to Article 6(1)(a) GDPR.
You can withdraw your consent at any time via the consent management tool.
Further information on Google’s data processing can be found in Google’s Privacy Policy.

This website uses the Meta Pixel provided by Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
The Meta Pixel enables us to statistically evaluate the behavior of website visitors, in particular with regard to:
• Page views
• Clicks on appointment buttons
The collected data may be processed by Meta under its own data protection responsibility.
Advanced Matching is not activated.
No email addresses, telephone numbers, health data, or content from appointment booking forms are transmitted to Meta.
Processing is exclusively based on your consent pursuant to Article 6(1)(a) GDPR.
You can withdraw your consent at any time via the consent management tool.
Further information on Meta’s data processing can be found in Meta’s Privacy Policy.

Appointments can be booked on our website via external booking platforms.
Appointment booking is carried out via the following providers:
• Latido (for dermatology services – Dr. Alma Kamenica)
• Rodent Dental (for dental services – Dr. Amra Kamenica)
When you click an appointment button, you leave our website and are redirected to the respective external booking platform.
In the context of appointment booking, the following personal data may be collected in particular:
• Name
• Email address
• Telephone number
• Date of birth
• Insurance number
• Reason for treatment
With Latido, the creation of a user account is required.
Processing of this data is carried out by the respective platform operators under their own responsibility under data protection law. Processing of this data within our website infrastructure does not take place. The privacy policies of the respective providers apply.
No transfer of health data via the analytics or marketing tools of this website takes place.
Processing in the context of appointment booking is based on Article 6(1)(b) GDPR (implementation of pre-contractual measures).

This website is based on the content management system WordPress and uses the following extensions:
• Avada Theme / Avada Builder / Avada Core (display and design of the website)
• Advanced Custom Fields PRO (content management)
• LiteSpeed Cache (performance optimization)
• Polylang (multilingual functionality)
• Disable REST API / Disable XML-RPC (security measures)
• WP Updates Notifier (administrative update management)
These plugins serve exclusively the technical provision, structuring, performance optimization, and safeguarding of the website.
These plugins do not independently transfer personal data to external providers.

This website includes a feed from the social network Instagram.
The provider is Meta Platforms Ireland Limited, 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland.
The Instagram feed is loaded only after your explicit consent via the consent management tool (Cookiebot).
Only after you give consent is a connection established to Meta’s servers. In particular, the following personal data may be processed:
• IP address
• Browser type and browser version
• Operating system
• Date and time of page access
• Referrer URL
This may result in the transfer of personal data to third countries (in particular the USA).
The legal basis for embedding the Instagram feed is your consent pursuant to Article 6(1)(a) GDPR.
Without your consent, no connection to Meta’s servers is established.
Further information on Instagram’s data processing can be found in Meta’s Privacy Policy.

When using certain analytics and marketing tools (e.g., Google Analytics 4, Meta Pixel, Instagram content), personal data may be transferred to recipients in third countries outside the European Union, in particular to the United States of America.
Where data is transferred to the USA, it is based on appropriate safeguards pursuant to Articles 44 et seq. GDPR. These include in particular:
• the conclusion of EU Standard Contractual Clauses pursuant to Article 46 GDPR, and
• participation of the respective providers in the EU–US Data Privacy Framework, provided that corresponding certification exists.
It cannot be ruled out that government authorities in third countries may, under certain conditions, obtain access to transferred data.
The transfer of data occurs exclusively on the basis of your consent pursuant to Article 6(1)(a) GDPR, unless another legal basis applies.
Further information on data processing by the respective providers can be found in their privacy policies.

Unless a more specific storage period has been stated within this Privacy Policy, personal data remains with us until the purpose for data processing no longer applies.
Server log files are stored for a limited period for security reasons and to ensure trouble-free operation of the website and are then automatically deleted.
Data collected via analytics tools (e.g., Google Analytics 4) is stored according to the settings stored there. The retention period is 2 months.

Personal data transmitted in the course of contact via email remains with us until your request has been conclusively handled and no statutory retention obligations conflict with deletion.
Data collected in the course of online appointment booking is processed exclusively by the respective external booking platforms. The storage duration is governed by the data protection provisions applicable there.
If statutory retention periods exist (e.g., under tax or professional regulations), storage takes place in accordance with these statutory requirements.

Within the scope of applicable legal provisions, you have the right at any time to:

You have the right to request information as to whether and which personal data we process about you.

You have the right to request immediate rectification of inaccurate personal data or completion of your stored personal data.

You have the right to request deletion of your personal data, provided that no statutory retention obligations or other legal reasons prevent deletion.

You have the right to request restriction of processing of your personal data, provided that the legal requirements are met.

You have the right to receive data processed automatically based on your consent or for contract performance in a commonly used, machine-readable format or to request transfer to another controller.

You may withdraw previously given consent at any time with effect for the future. The legality of processing carried out up to the withdrawal remains unaffected.

If your personal data is processed based on Article 6(1)(f) GDPR, you have the right to object at any time, for reasons arising from your particular situation, to the processing of your personal data.
If personal data is processed for direct marketing purposes, you have the right to object at any time to processing for the purposes of such advertising.
Right to lodge a complaint with the supervisory authority (Article 77 GDPR)
You have the right to lodge a complaint with a data protection supervisory authority. In Austria, this is in particular:
Austrian Data Protection Authority (Österreichische Datenschutzbehörde)
Barichgasse 40–42
1030 Vienna
Austria

We take appropriate technical and organizational measures (TOMs) to protect your personal data against loss, destruction, manipulation, and unauthorized access by third parties.
Our security measures are continuously adapted in line with technological developments.
Data transmission between your browser and our website is generally encrypted using SSL/TLS technology.
Nevertheless, we point out that data transmission over the internet (e.g., when communicating by email) may have security vulnerabilities. Complete protection of data against access by third parties is not possible.