Data protection declaration
As of May 29, 2020
Data protection is a matter of trust and your trust is important to us. We respect your private and personal sphere. The protection and the legally compliant collection, processing and use of your personal data is important to us.
So that you feel safe when visiting our website and using our services, we observe all legal provisions when processing your personal data and even go beyond them. Find out in what form we collect and use your data.
1. Responsible authority
Autonom Health Gesundheitsbildungs GmbH
3400 Klosterneuburg, Austria
Tel.: +43 699 122 000 01
Hereafter referred to as Autonom Health.
2. Data protection officer
3. Collection, processing and use of personal data
3.1 Analysis Portal
The analysis portal is the central element of our service. It is used to process our customers’ health data. We do not use any third-party cookies or tracking here. Cookies are only used in the analysis portal to guarantee the functionality of the portal. This means that no personal data is saved.
We treat the data that you provide us for analysis with great care. Your data will never be passed on to third parties. We only use this to e.g. calculate comparative values and thereby continuously improve the informative value of our analyzes. Only so-called “aggregated” and no personal data are used for this.
Private individuals who have a private account with independently uploaded measurements have the option of granting HRV professionals an access to their measurements and analyzes on request. However, this only takes place at the request and active consent of the individual private person.
3.2 Customer Account
We only use our own cookies on our website to improve functionality.
We use Google Analytics to collect statistical data. The IP is shortened here before being transmitted to Google and thereby anonymized.
We have implemented an opt-in for all other third-party tracking cookies, i.e. when visiting the website, you can choose whether these tracking pixels are loaded at all. In our case, this concerns Facebook and Twitter cookies.
3.3 accounts.autonomhealth.com – Single-Sign-On
You can register for both the portal and the community via our single sign-on page We only process your data if it is necessary for functionality. No cookies and scripts from third parties are executed here.
The Community uses Google Maps to represent our partners geographically. For technical reasons, your IP address and your browser information will be sent to Google when you access this page.
The activities during a measurement documented by you in our activities app are uploaded to our HRV analysis portal via an encrypted SSL connection and linked to the uploaded data of the respective measurement in your account.
When you access a website or a service, your browser automatically transmits usage data and stores it in so-called “server log files”. The date, time, name of the accessed page, IP address, referrer URL, the amount of data transferred, and the data of the browser used (type and version) are stored in these log files.
Server log files are analyzed to find errors and to improve server capacities. A compilation or analysis of personal data does not take place.
You can subscribe to our newsletter on our homepage and when you register in the analysis portal.
With our newsletter, interested parties receive regular information on our developments and news about HRV. We take great care not to inundate you with emails. We take great care not to inundate you with emails.
We handle all information conscientiously and strictly in accordance with the applicable rules and laws. This means that data (e.g. name, address, telephone number, e-mail, etc.) may be used to send event and topic-related information based on the information, seminar visits and interests.
We only send newsletters after registering for the newsletter via our homepage or email, after consent when registering in the analysis portal or to existing customers. If someone no longer wants to receive a newsletter, there is the option of unsubscribing from the newsletter at any time using the unsubscribe link in the footer of each newsletter.
The contradiction can also be sent at any time to our contact address from point 1 “Responsible authority” by post or e-mail.
4. Customer Account
If you have a customer account for this service or website, it is password-protected. In this so-called “account”, data such as orders or customer data can be viewed and changed. You undertake to treat your personal access data confidentially and not to make it available to unauthorized third parties. We cannot assume any liability for improperly used passwords unless we are responsible for the abuse.
We collect, save and process your data for the entire processing of any purchases, for our services, technical administration and our own marketing purposes. Your personal data will only be passed on to third parties if this is necessary for the purpose of contract processing or billing or if you have given your prior consent and only to the extent that the data is necessary for third parties. If there are exceptions to this, they are mentioned below in this text.
The data passed on may only be used by service providers to fulfill their task. Any other use of the information is not permitted. We have legally binding contracts with all service providers cooperating with us for this obligation.
Your personal data will be deleted after you have made use of your right to delete, if the data is no longer required to fulfill the purpose for which it was saved and if the deletion does not violate any applicable law or the deletion would be inadmissible.
5. Professionals & Partner
Certified HRV professionals and partners are health care providers who use our services for their clients and patients. We are legally obliged to conclude a contract with every owner of a partner account.
As a “data processor”, an HRV professional or partner is the owner and user of a partner account. He/She is also the point of contact for all of his clients’ concerns regarding their HRV measurements.
In this case, we act as the “controller” because we have “actual power” over the data as we have built and managed the system.
“The person responsible” is the “master of the data processing” and is responsible for making decisions about the purposes and means of the specific processing activity. The decision is not to be understood in the sense of a conscious cognitive process, but in the sense of a determination or, more precisely, a legal or actual influence on this determination. A question that is often easier to answer in practice for assessing the role as a controller is who has the decision-making authority to end the specific data processing. Only those who, with their legal or actual influence, can stop the data processing at any time can be responsible.” (Fritz, Gernot. ABGRENZUNGSSCHWIERIGKEITEN BEI DER DATENSCHUTZRECHTLICHEN ROLLENVERTEILUNG NACH DER DS-GVO (DIFFICULTIES IN THE DIFFERENTIAL DATA PROTECTION ROLES ACCORDING TO THE GDPR) from Gernot Fritz).
The contact person for safeguarding the rights of data subjects is the above-mentioned responsible authority or our data protection officer.
The partners and professionals are obliged to inform their clients or patients about the data processing, to obtain their consent and to document it.
6. Server Locations
The servers for our applications are located in Germany and Vienna.
7. Competitions, Market and Opinion Research
If you take part in competitions, your data will be stored for the purpose of notifying the winners. For details, please refer to the conditions of participation for the respective competition.
In the case of market and opinion research, your data will only be saved in anonymised form for statistical analysis. The data obtained will not be passed on to third parties or only with your permission in each case.
You can contradict to this point at any time. The contradiction can be sent at any time to our contact address from point 1 “Responsible authority” by post or e-mail.
Accepting cookies is a prerequisite for using our services and websites. We would like to point out that by rejecting cookies, certain services on the website will not function as required.
8.1 Which cookies are used by Autonom Health?
In addition to the cookies for the functionality of our websites and services, we use Google Analytics to create usage statistics. The IP addresses are anonymized before being transmitted to Google. The other marketing cookies from Twitter and Facebook are only loaded if you consent to their use. When you visit the website for the first time, a banner is loaded that asks for your settings and saves them for later visits.
8.2 Deactivation of Google Analytics
Google Analytics is a service from:
1600 Amphitheatre Parkway
CA 94043, USA
If you want to deactivate Google Analytics, you can download and install the browser plug-in offered by Google: http://tools.google.com/dlpage/gaoptout?hl=de
More information about Google Analytics und data protection: http://www.google.com/intl/de/policies/privacy/.
8.3 Facebook - optional
We use plugins from the social network facebook.com.
Data protection declaration: https://www.facebook.com/about/privacy/
8.4 Twitter - optional
We use plugins from the social network Twitter.
Data protection declaration: https://twitter.com/privacy
8.5 Stripe - optional
We use Stripe to process all payments in the analysis portal and in the webshop.
Data protection declaration: https://stripe.com/at/guides/general-data-protection-regulation
9. Secure data transfer
In order to improve your protection, data transfers to our services and website take place exclusively via Secure Socket Layer (SSL).
10. Affected Rights
10.1 Right to transparency
Data protection is a matter of trust and your trust is important to us. We respect your private and personal sphere. The protection and the legally compliant collection, processing and use of your personal data is important to us. This data protection declaration is intended to provide this information.
10.2 The right to deletion / to be forgotten
We do not delete your data ourselves, because we want to give you access to old measurements even after years in order to enable a comparison. Your HRV analyzes are available for as long as you want. However, you can have your data deleted at any time. To do this, contact the responsible authority mentioned above.
10.3 Right to rectification
You have the right to have incorrect data corrected. You can change most of your data yourself in your account on the HRV analysis portal. You can also contact the address above in this regard.
10.4 Right to data portability
You have the right to “take” your data with you. In our case, this concerns your raw HRV data.
11. Complaints Office
If you have a complaint that you cannot solve with us, you are free to contact the Austrian data protection authority:
Austrian Data Protection Authority
1030 Vienna, Austria
Tel.: +43 1 521 52-25 69