Information about data processing

V2 (022024)

EBG MedAustron GmbH uses the onlyfy one service (by XING) to process job applications. This Privacy Policy will inform you about the processing of your data by the onlyfy one service and by EBG MedAustron GmbH.

Shared responsibility

With regard to interaction within the company account of EBG MedAustron GmbH, EBG MedAustron GmbH and New Work SE have shared responsibility pursuant to Article 26 GDPR, as they jointly determine the purposes and means of processing pursuant to Article 4 (7) GDPR. The current version of the agreement on shared responsibility pursuant to Article 26 GDPR, which New Work SE concludes with companies that use onlyfy one, can be viewed here https://www.xing.com/terms/onlyfy-one to gain information on the key aspects of the agreement.

Data processing by New Work SE

onlyfy one is part of the extensive XING service operated by New Work SE, which pursues the aim of improving and simplifying users’ working lives with a variety of applications (onlyfy one, as well as the XING social and jobs network, kununu, etc.), and creates a more fulfilling working world of work for individuals while boosting the performance of companies. As part of the extensive XING service, onlyfy one is an online platform on which or through which talent and companies meet.

With regard to data processing for which New Work SE is solely responsible or is responsible within the scope of the shared responsibility with EBG MedAustron GmbH, detailed information is available in the XING Privacy Policy at https://privacy.xing.com/en/privacy-policy. You will also find contact details for New Work SE, as well as for the New Work SE data protection officer there.

Job applications with onlyfy one

When submitting an application, you enter into a user relationship with New Work SE for the purpose of processing applications. In addition, you will receive support and New Work SE can present you with other opportunities in support of your career. A public profile will not be automatically created for you on the XING social and jobs network. The legal basis for New Work SE processing your data is, in particular, Article 6 (1)(b) GDPR (processing necessary for the performance of a contract).

Pausing your online application

You can pause the creation of your online application at any time and continue at a later point. Cookies are used for this purpose. The data you provide to create the user account, as well as any uploaded documents, are recorded in the company account of EBG MedAustron GmbH in onlyfy one. The data remains recorded even if an application is paused and/or not completed. In this case, your application is flagged as incomplete and the data remains visible to EBG MedAustron GmbH only.

Visibility of your data

The data you have provided as part of the online application can be read, edited, or updated in your candidate profile at any time.

Notes on the special functions of onlyfy one

Calendar function

If the calendar function is used, your data is processed during and for the purpose of setting appointments within the application process. The legal basis is Article 6 (1)(f) GDPR. The calendar function is provided by an IT service provider (Cronofy Ltd., United Kingdom). The United Kingdom is classified as a secure third country based on the adequacy decision of the European Commission. Further information on data protection at Cronofy is available here: https://www.cronofy.com/gdpr/ and https://docs.cronofy.com/policies/privacy-notice/

WhatsApp application

If you use the apply using WhatsApp function, your consent, which can be withdrawn at any time, forms the legal basis for communication (Article 6 (1)(a) GDPR). When applying via WhatsApp, all required applicant information is requested during a WhatsApp chat. The data is then sent directly to onlyfy one through a service provider, and is processed further there as part of and for the purpose of the normal application process.

The apply via WhatsApp function is provided by an IT service provider (PitchYou) that can gain access to your data for this purpose. More information is available here: https://www.pitchyou.de/en/pitchyou-gdpr. Candidate data from apply via WhatsApp are transferred to onlyfy one via an interface. Immediately after this transfer, candidate data are deleted from the apply via WhatsApp infrastructure in PitchYou. Further processing then takes place exclusively in onlyfy one.

Please note that you use your personal WhatsApp account for applications, and therefore we cannot rule out that messages will be transferred, to the USA in particular. WhatsApp data protection information, such as its processing or exercising of data protection rights with regard to WhatsApp is available here: https://www.whatsapp.com/legal/privacy-policy-eea.

Subject to your consent, your application will be sent from WhatsApp via the PitchYou infrastructure to onlyfy one. You have the right to withdraw your consent to this at any time. Either way, your application data will be deleted from the PitchYou infrastructure once transferred to onlyfy one, meaning that PitchYou will not process your data any further.

Applicability of the Swiss Federal Data Protection Act (FADP)

The FADP applies to circumstances which have an impact on Switzerland, even if said circumstances are initiated outside of Switzerland. Correspondingly, this privacy policy applies to information in line with the EU GDPR and the FADP. Here, EU GDPR terminology is used in favour of FADP terminology. However, FADP terminology is used if the FADP applies and the terminology differs from EU GDPR terminology in a given language. The About this site section on XING contains the name and address of our representative in Switzerland.

Privacy Policy (Version: December 20, 2016)

    1. Controller and scope

1.1. The Controller within the meaning of § 4(4) of the Austrian Data Protection Act (DSG 2000), i.e. the party responsible for operation of this website and the data processing activities described below, is

   EBG MedAustron GmbH
   Companies’ register no. FN 291863k, DPR 4007878
   Marie Curie-Strasse 5
   A-2700 Wiener Neustadt
   (herinafter "we" or "us").

1.2. Our current Privacy Policy can be accessed under www.medaustron.at/en/privacy-policy. It only applies to our website and not to the websites of third parties. We also assume no responsibility or liability whatsoever for data processing, content, accuracy, and presentations on third-party websites.

1.3. Our Privacy Policy describes what personal data we will process for what purpose and how we will use personal information which is collected during your visit to our website or based on your contact with us if you use contact facilities offered on our website.

By transmitting your personal data and using our website, you confirm that you have read and understood this Privacy Policy.

1.4. With the processing of personal data, we are subject to current statutory provisions, most notably the Austrian Data Protection Act (DSG 2000) and the Austrian Telecommunications Act (TKG 2003). In particular, in accordance with our obligations, we have implemented appropriate and technically valid data security measures within the meaning of § 14 DSG to protect your data against accidental or illicit destruction or loss as well as unauthorized access, and to ensure that the data is used properly.

Our employees and the Processor engaged by us (see below, Point 4.8) are obliged to maintain confidentiality and to comply with the provisions of DSG 2000.


    1. Contact Form

2.1. You can write to us using our contact form. If you contact us in this manner, we will collect the data that you enter in the data fields provided in the contact form. We will require and will process this data in order to answer your enquiry, to provide you with the information you desire or to process and deal with any other specific query you have raised with us.

2.2. The data collected via the contact form will be processed solely for the purpose of dealing with your query(-ies); it will be stored and retained for as long as is necessary to deal with your query and deleted within a reasonable period following the last contact. The data will only be retained beyond that if such retention is necessary to satisfy statutory retention periods or you have agreed a longer retention with us. In such cases, the data will be deleted once the statutory or agreed retention period has expired (whichever expires later). In the event of legal disputes, we will retain the data until the corresponding legal dispute(s) has (have) ended if this data will be needed as evidence.


    1. Contact by email or telephone

3.1. If you contact us by email or telephone, we will collect and process the data that you communicate to us by email or telephone. In any case, if you contact us by email we will process the sender’s name and email address as appearing in the email header or in the body of the email; we will also process the content of the message and any attachments. We will require and will process this data in order to answer your enquiry, to provide you with the information you desire or to process and deal with any other specific query you have raised with us.

3.2. The data that you transmit to us in this manner will be processed solely for the purpose of dealing with your query(-ies); it will be stored and retained for as long as is necessary to deal with your query and deleted within a reasonable period following the last contact. The data will only be retained beyond that if such retention is necessary to satisfy statutory retention periods or you have agreed a longer retention with us. In such cases, the data will be deleted once the statutory or agreed retention period has expired (whichever expires later). In the event of legal disputes, we will retain the data until the corresponding legal dispute(s) has (have) ended if this data will be needed as evidence.


    1. Online application portal

4.1. We offer you the opportunity to apply for vacancies or to send us an unsolicited application via our online application tool. If you wish to use this facility, please set up a user account. We will record and process the data requested and entered by you in the registration form. This data is required so that we can provide you with this service and so that you can use this service.

4.2. After setting up your user account, you can complete your application by entering further data and information concerning your CV and your skills or other additional information. You can also upload a profile picture and application documents (e.g. certificates and references).

4.3. We will not yet have access to the data you have entered/uploaded. It is only once you click on the "Abschließen" button that you will transmit/send the entered data to us. [The same applies to data updated or amended by you (see Point 4.7); this too will not be transmitted to us until you have completed the action chosen and performed by you.]

4.4. We will process and use the data received from you solely for assessing whether your profile matches an advertised vacancy or whether we can offer you a job that suits your profile. In addition, we will process your data for the purposes of further implementation and management of the application process and for the initiation of any employment relationship with us. We will not pass your application/documents on to third parties.

4.5. For as long as you keep your user account active, the data that you have entered in your user account and which has been transmitted to us pursuant to Point 4.3 will remain stored in your user account and we will process it for the purpose described in Point 4.4 . This means that we will keep your application profile on file so that we can contact you if we have a vacancy to fill and your profile matches it.

If you do not want us to keep your application profile on file or to contact you, please delete your user account (see Point 4.7). [Your data will also be deleted from our system simultaneously and we will then no longer be able to take it into consideration for future job advertisements. If application processes have already been initiated at the time of the deletion, we will continue these with your consent and store the data required for them for the duration of the application process; such data will be deleted within a reasonable period following the conclusion of the application process. The data will only be retained beyond that if such retention is necessary to satisfy statutory retention periods. In this case, the data will be deleted after the statutory retention periods expire. In the event of legal disputes, we will retain the data until the corresponding legal dispute(s) has (have) ended if this data will be needed as evidence.]

4.6. Your username and your personal password will ensure that you alone have access to your user account and can make changes there (supplementing, correcting, and deleting data), including deleting the entire user account. Your password will not be accessible to us either.

4.7. You will be able to edit, amend, update or delete individual data or the entire user account at any time by logging into your user account and performing the desired action directly in the user account. If you have any questions, please do not hesitate to contact us via jobs@medaustron.at.]

4.8. The online application portal is operated on our behalf by Prescreen GmbH (the “Processor”). The Processor is subject to the obligations under § 11 DSG 2000. In particular, the Processor is obliged to use the data exclusively within the framework of the orders issued by us and to release it solely to us; in any case, it is prohibited from transmitting the data used or from using it for its own purposes without a corresponding order from us.


    1. Therapy inquiry – health data (online portal)

5.1. Our experts will be happy to analyze your therapy inquiry. Please send us your therapy inquiry exclusively via the online portal we have set up for this purpose.

5.2. If you wish to use this facility, please set up a user account. We will record and process the data requested and entered by you in the registration form. This data is required so that we can provide you with this service and so that you can use this service. Once you have set up your user account, you will be able to complete your therapy enquiry by entering further data/findings and information. It is only once you click on the “Submit” button that you will transmit/send the entered data to us.

5.3. All data that you send to us as part of your therapy enquiry, especially health data (e.g. information about your physical or mental health, treatments to date, and medical history), will be processed solely by our experts, who are subject to a corresponding confidentiality obligation, and exclusively for answering your therapy enquiry.

5.4. The data that you have sent to us by clicking on “Submit” will be processed by us for the purpose of answering your enquiry and will be deleted within a reasonable period after dealing with the enquiry; it will only be retained beyond that if such retention is necessary to satisfy statutory retention periods. In all cases, the data will be deleted after the statutory retention periods expire. In the event of legal disputes, we will retain the data until the corresponding legal dispute(s) has (have) ended if this data will be needed as evidence.

5.5. It will be possible for you to view your enquiry, plus the data that you have transmitted to us by clicking on the “Absenden” button, in your user account, but you will not be able to delete or edit it independently; if you wish to delete/amend this enquiry plus the data transmitted with it after sending your enquiry but before it has been dealt with, please send us an email to patient@medaustron.at. You can edit the user account as such by logging into your user account and clicking there on “Benutzereinstellungen”. If you have any questions, please do not hesitate to contact us at patient@medaustron.at.

Please also note that we will interpret the unsolicited transmission of health data as your explicit consent that we may process this data for the purposes of dealing with and answering your therapy inquiry.

We nevertheless request that you confirm this consent when you register for the online portal by checking the provided checkbox "I agree that the health data enclosed with my therapy inquiry may be processed by the experts at EBG MedAustron GmbH for the purposes of dealing with and answering my therapy inquiry within the meaning of Point 5 of the Privacy Policy".

You may withdraw your consent at any time by sending an email to patient@medaustron.at; however, if you do so, it may no longer be possible for us to deal with and answer your inquiry.


    1. Use of the website

6.1. Please note that you can access and use our website without registering or setting up a user account.


    1. Cookies

7.1. A cookie is a short alphanumeric text that is stored on your device and can be retrieved later. A general distinction is made between

7.1.1. Session cookies, which are deleted automatically when you close your browser;

7.1.2. Persistent cookies, which remain stored on your device until a set expiration date;

7.1.3. First-party cookies, which are used by or for us as the operator of this website; and

7.1.4. Third-party cookies, which are installed neither by nor for us but by or for a third party.


7.2. Essential cookies

Our website uses cookies so that we can provide you with services and features that optimize and personalize the appearance of the website and make it more user-friendly. For example, cookies are essential for ensuring that you do not have to log in again each time you navigate within your user account.

The following cookies are essential for enabling you to use our website meaningfully or according to your configured settings:

 Type, designation Description Expiration date 
 SSESS authentication cookies [random name with the characters a-z, 0-9 and -] First-party session cookies for identifying the user after he/she has logged in so that he/she can use various content or features which he/she has permission to access: access to various content of the user account Deleted when you close your browser 
       
 Cookies for adapting the user interface
  • has_js
  • Drupal.tableDrag.showWeight (only for logged-in users)
  • text_resize
  • text_resize_line_height
  • highContrastActivated
 one of these settings on our website 25 days 
       
 Cookie consent cookie
  • medaustron_cookiecontrol
  • ccShowCookieIcon
 First-party persistent cookie for storing your decision regarding cookie placement by our website. This cookie is only installed if you tick the corresponding box “Do not ask me again” in our cookie consent tool. 3 months 
       
 Piwik deactivation cookie [piwik_ignore] First-party persistent cookie for storing your decision regarding the opt-out from tracking by our website (see below for details, Point 8.3.3) This cookie is only installed if you activate the checkbox provided in Point 8.3.3. 2 years 
       
 Prescreen session cookie PHPSESSID This cookie is used to identify the user during the use of Prescreen. The cookie is absolutely essential for correct functionality. The cookie loses its validity when you close the browser. 
       

You can specify via your browser settings whether or not to allow cookies. If you deactivate cookies completely, even essential cookies will be rejected. This may mean that it will not be possible to display or execute certain features on our website properly. This may restrict your ability to use this website and have an adverse effect on its appearance and your user experience.


7.3. Non-essential cookies

In addition, cookies are used that are not strictly essential for the functionality of the website or for the services requested by you as the user:

 Type, designation Description Expiration date 
 PIWIK tracking cookie 1 _pk_id.[0-9].[a-z][0-9][0-9] Persistent tracking cookies which Piwik (see below, Point 8) installs for tracking for the purpose of a statistical analysis of the visitor traffic to our website. 7 days 
       
 PIWIK tracking cookie 2 _pk_ref.[0-9].[a-z][0-9][0-9]) Persistent tracking cookies which Piwik (see below, Point 8) installs for tracking for the purpose of a statistical analysis of the visitor traffic to our website. 7 days 
       
 PIWIK tracking cookie 3 _pk_ses.[0-9].[a-z][0-9][0-9] [Session tracking cookies which Piwik (see below, Point 8) installs for tracking for the purpose of a statistical analysis of the visitor traffic to our website.] At the end of the session 
       
 Prescreen persistent cookie _ga This cookie is used to record applicants' patterns of usage. 24 months 
       
 Prescreen persistent cookie _gat This cookie is used to record applicants’ patterns of usage. 24 months 
       
 Prescreen persistent cookie REMEMBERME This cookie is used to recover an expired session. 2 weeks 
       

Our website has been configured in such a way that non-essential cookies are not stored as standard until after you have given your explicit consent. You can consent to the storage of these cookies by clicking to the right of the "Cookies are off" bar in the "Cookie Control" tool placed on the left edge of the screen.
You can change this setting again by clearing your browser’s cache.


    1. Collection and analysis of statistical data

8.1. We use the web analytics service Piwik to collect and analyze statistical data regarding the use of our website: The program is installed on our server and also stores data exclusively on our own server in Austria (in-house solution). Therefore, the data remains under our control and management; it is not transmitted or handed over to an external web analytics provider.

8.2. Piwik attempts to recognize visitors to our website by tracking certain informaton, including the visitor’s IP address. More detailed information on the way in which Piwik works can be found here.

8.3. To protect your privacy we have implemented the following measures:

8.3.1 Activation of the "AnonymizeIP" plugin: This anonymizes the IP address of every visitor before it is stored; this is done by changing the last two octets of the IP address to "0". That makes it practically impossible to trace the IP address.

8.3.2. Logs that are more than 7 days old are deleted as standard.

8.3.3. Tracking opt-out:
You yourself can decide whether you wish to accept the tracking cookie installed by Piwik (see above, Point 7.3). If you reject cookies, this cookie will not be installed.

You can also object to tracking of other information as set out above (including the collection and analysis of your already anonymized IP address; see above, Point 8.3.1) by activating the checkbox below. A Piwik deactivation cookie will be stored as a result.

If you want to opt-out, please deactivate the following checkbox to store the Piwik deactivation cookie in your browser. You can change this setting again by re-activating the checkbox. Please note that the Piwik deactivation cookie will be deleted if you clear the cookies stored in your browser. In addition, you must perform the deactivation separately if you access our website from a different computer or a different web browser.

    1. Transmission

9.1. Data that we have acquired in a manner described in the preceding points will not be transmitted; this excludes situations in which you have explicitly asked us in writing to transmit your data or explicitly consented in writing to such a transmission.


    1. Your rights to information, correction, and deletion; right to object

10.1. We will be happy to provide you with information pursuant to § 26 DSG 2000 on whether we process data relating to you and, if applicable, what data. If you wish to receive information about your data, please send a written request for information to datenschutz@medaustron.at. Please enclose with your request for information a copy of an official photo ID to prove your identity.

The information will be provided free of charge if it concerns the current data files of a data application and if you have not made any previous requests in the current year relating to the same application area; in all other situations, a lump sum of EUR 18.89 may be charged pursuant to § 26(6) DSG 2000 for the reimbursement of costs; this figure may be deviated from if the actual costs incurred are higher.

Please note that you can only request information about your own data, not about the data of other people.


10.2. Under the provisions of DSG 2000, we are obliged to correct or delete any incorrect data or data processed in breach of the provisions of DSG 2000, and to do so on our own volition, as soon as we have become aware of the inaccuracy of the data or the inadmissibility of its processing or you have alerted us to this by means of a reasoned request. Should you be of the opinion that personal data processed by us is being processed incorrectly or in breach of the provisions of DSG 2000, please send your reasoned written request by email to datenschutz@medaustron.at. With regard to changing, supplementing, and deleting data in your user accounts, see above, Points 4.6, 4.7 and 5.5.

10.3. If you wish to make use of your right to object pursuant to § 28(1) DSG 2000, please send your reasoned objection by email to datenschutz@medaustron.at.


    1. Data relating to other people

11.1. If you transmit to us data relating to other people, please make sure that the respective person has agreed beforehand that you may pass on his/her personal data to us and that we may use it in accordance with our Privacy Policy.


    1. Amendments to the Privacy Policy

12.1. Our Privacy Policy will be updated to accommodate any changes in the law or significant changes to the functionality of our website; such amendments will have future effect. This Privacy Policy may therefore change over time. We recommend that you view and read our Privacy Policy whenever you visit our website or at regular intervals so that you are always informed about our current handling of your personal data.


    1. Queries, contact

13.1. If you have any queries concerning this Privacy Policy, please do not hesitate to contact us at datenschutz@medaustron.at.