Privacy information of emergo technologies GmbH (operating under the name 'nabu-med') in accordance with Articles 13 and 14 of the GDPR
A. Data Protection Information in Relation to the Business Relationship
Emergo Technologies GmbH places great importance on the protection of your personal data. This privacy policy informs you about how your data is processed in accordance with the General Data Protection Regulation (GDPR), the Data Protection Act (DSG), and other data protection regulations.
The data controller within the meaning of the General Data Protection Regulation is: emergo technologies GmbH Egger-Lienz-Straße 116 6020 Innsbruck Austria Email: office@emergo.dev Website: www.nabu-med.ai
We process your personal data obtained from you during our business relationship. Additionally, we process data acquired from publicly accessible sources (e.g., commercial register, association register, land registry, or media), from financial credit agencies and debt registers, or data that is lawfully transmitted to us by companies with which we maintain a long-term business relationship. Personal data includes your personal details and contact information (e.g., name, address, date of birth), telephone data, identification data, contract data, and billing data. Furthermore, it may also include transaction data, credit data, electronic log and identification data (e.g., cookies). Upon subscription, we also process your payment information (e.g., credit card details, bank account information), billing data (e.g., billing address), and details of the selected subscription (e.g., type, duration).
4.1. All rights to the software belong exclusively to the provider. The provider grants the customer the non-exclusive, non-transferable right for the duration of the contract to use the software, licensable in accordance with the acquired user licenses. The customer does not acquire any further rights to the software.
4.2. The software is provided to the customer by the provider at the output of the server where the software runs. The provider does not owe an internet connection between this point and the customer's IT systems, and it is not part of the contract.
We process your data only if at least one of the following legal bases is met: within the scope of your consent (Article 6 Paragraph 1 lit. a GDPR): You have expressly given us your consent to process your data for a specific purpose. Example: Subscription to our newsletter; Consent granted can be withdrawn at any time with future effect. To fulfill contractual obligations (Article 6 Paragraph 1 lit. b GDPR): The processing of your data is necessary to fulfill a contract or pre-contractual measures with you. This is the case, for example, when we enter into a service or purchase contract with you. To fulfill legal obligations (Article 6 Paragraph 1 lit. c GDPR): If there is a legal obligation for us, we process your data. For example, we are required to retain invoices for accounting purposes, which may contain personal data. To safeguard legitimate interests (Article 6 Paragraph 1 lit. f GDPR): If legitimate interests exist, we reserve the right to process personal data. Examples: to ensure IT security and IT operations, to manage and further develop our services, to perform credit checks (see below under point B), to assert, exercise or defend legal claims. Our legitimate interest lies particularly in ensuring the smooth, secure, and economical operation of our services as well as efficient communication with our customers and prospects.
Recipients may include: Internal departments: Employees responsible for handling your requests. External service providers: IT and hosting providers, payment service providers, credit agencies, newsletter services, and providers of analytics and marketing tools. Wix Payments as a payment service provider for processing subscription payments, as well as Google Ireland Limited for analyzing and optimizing our marketing activities. We have concluded data processing agreements (DPAs) with all service providers processing data on our behalf, in accordance with Article 28 of the GDPR. Authorities and public institutions: To fulfill legal obligations, such as the tax authorities. Lawyers and courts: For asserting or defending claims.
We retain your personal data for as long as necessary to provide our services, fulfil our legal and contractual obligations to you, resolve disputes, comply with statutory retention periods, or enforce our claims. Data related to subscriptions are stored for the duration of the subscription and in accordance with legal retention periods (e.g., 7 years under Austrian law).
You have the right to access, rectify, erase or restrict the processing of your stored data, a right to revoke consent, a right to object to processing, and a right to data portability, all in accordance with the provisions of data protection law. Complaints can be addressed to the competent data protection authority: https://www.dsb.gv.at/.
In certain cases, it may be necessary to transfer personal data to countries outside the European Economic Area (EEA) where different data protection standards apply. Such transfers are conducted exclusively in compliance with the GDPR requirements, particularly through: adequacy decisions by the European Commission (e.g., for countries with a recognised level of data protection), standard contractual clauses according to Art. 46 GDPR that ensure adequate protection, or other suitable safeguards such as certifications or binding corporate rules. Consent for data transfer is only sought if none of these safeguards are in place or in exceptional cases where the transfer is necessary. Examples of such transfers may occur when using cloud services or software providers whose servers are located outside the EU (e.g., in the USA). We ensure that your data is processed securely and in accordance with European data protection standards, even in these circumstances. This particularly pertains to the use of Google services (e.g., Google Analytics, Google Tag Manager, Google Ads), where data may be transferred to the USA. Standard contractual clauses are in place to ensure an adequate level of protection. We point out that in the USA, authorities (e.g., under the Cloud Act) may have access to data.
Automated decision-making as defined by Article 22 GDPR does not take place.
We inform you that the provision of personal data is partly required by law (e.g. tax regulations) or may also result from contractual obligations (e.g. details about the contractual partner). In some instances, it may be necessary for contract formation for an individual to provide us with personal data, which we subsequently need to process. For example, the individual is obligated to provide us with personal data when our company enters into a contract with them. Failure to provide personal data would result in the contract not being concluded with the individual.
B. Additional data protection information regarding the use of the website, tools and platforms, as well as for the newsletter dispatch
When you subscribe on our website, we process additional information necessary for the conclusion and management of the subscription. This includes your payment data (e.g., credit card information, bank details), billing information (e.g., billing address), and details about the selected subscription (e.g., type, duration). These data are transmitted to Stripe Payments as a payment service provider to facilitate the payment process. The processing is based on Article 6(1)(b) GDPR (fulfilment of the subscription contract) and Article 6(1)(c) GDPR (compliance with legal obligations, such as tax retention requirements).
We utilize various services from Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA, for email communication, appointment management, and conducting online meetings. This includes: Microsoft Exchange for managing our email traffic and ensuring secure communication, during which personal data such as email addresses, email content, and metadata (e.g., timestamps and IP addresses) may be processed. Microsoft Teams for online meetings and discussions, where user and communication data (e.g., name, email address, chat history, conversation content) may be processed as needed. Microsoft Bookings for appointment scheduling, with the tool being synchronized with our Microsoft Office 365 calendar to display the current availability of staff and facilitate appointment bookings. The processing of personal data is carried out in accordance with Article 6(1)(b) GDPR, where necessary for the fulfillment of a contract or pre-contractual measures (e.g., appointment bookings or business communication). Where processing is undertaken for efficient internal and external communication, we base it on our legitimate interest in accordance with Article 6(1)(f) GDPR. Further information about data processing by Microsoft can be found in Microsoft's privacy statement: Microsoft Privacy Policy.
We are active on various social media platforms, particularly Meta (Instagram, Facebook), TikTok, and LinkedIn, to engage with users and inform them about our services and updates. When using these platforms, the privacy policies of the respective providers apply, for which we may share responsibility concerning data processing (Art. 26 GDPR). We receive aggregated statistics from the operators (such as page views, interactions), which do not allow conclusions to be drawn about individual persons. We only process personal data if you directly interact with us (e.g., through comments, messages). This processing is based on our legitimate interest according to Art. 6 para. 1 lit. f GDPR, as we aim to optimize our online presence and communicate with clients, while your rights are maintained by the platform's functionalities (e.g., deletion of comments). You can object to the processing by emailing us at datenschutz@emergo.dev. For more information, please refer to the privacy statements of the platforms: - Meta (Facebook, Instagram) Privacy Policy - TikTok Privacy Policy - LinkedIn Privacy Policy