Skip to Content

Privacy Policy

BEXAMED AUSTRIA GmbH (as of: 18.05.2026)


1. General Information

The protection of your personal data is very important to us. We process your personal data confidentially and exclusively on the basis of legal provisions, in particular the General Data Protection Regulation of the European Union, the GDPR, the Austrian Data Protection Act, DSG, as well as the Telecommunications Act 2021, TKG 2021.

This privacy policy informs you about which personal data we process in the context of using our website, for what purposes this processing takes place, on what legal basis it is based, how long data is stored, and what rights you have as a data subject.

Personal data is any information relating to an identified or identifiable natural person, for example, name, address, email address, telephone number, IP address, or usage data.

2. Controller

The controller within the meaning of the GDPR is:

BEXAMED AUSTRIA GmbH

 Stuck 192

 A-6621 Bichlbach

Austria

Email: office@bexamed.at

Website: www.bexamed.at

Company registration number: 650340h

Commercial court: Innsbruck


3. Principles of Data Processing

We process personal data only to the extent that this is legally permissible. In doing so, we particularly observe the following principles:

  • Processing in good faith, legality and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality
  • Accountability

The processing of personal data occurs particularly when at least one of the following legal bases is fulfilled:

  • Art. 6 para. 1 lit. a GDPR: Consent
  • Art. 6 para. 1 lit. b GDPR: Contract fulfilment or pre-contractual measures
  • Art. 6 para. 1 lit. c GDPR: Legal obligation
  • Art. 6 para. 1 lit. f GDPR: Legitimate interest

Insofar as special categories of personal data within the meaning of Art. 9 GDPR are processed, this only occurs if there is a corresponding legal basis or explicit consent.

4. Website hosting and platform Odoo

Our website is operated with Odoo , a business application and website platform of:

Odoo S.A.

Chaussée de Namur 40

1367 Grand-Rosière

Belgium

Odoo provides technical infrastructure and software functions for the operation of the website. In this context, personal data may be processed, particularly technical access data, contact form data, order data, communication data, customer accounts, session data and cookie information.

Odoo acts, insofar as Odoo processes personal data on our behalf, as a processor within the meaning of Art. 28 GDPR. Odoo provides information and agreements regarding GDPR compliance, including a Data Processing Agreement.

A contract for data processing has been or will be concluded with Odoo, as far as this is required under Art. 28 GDPR.

The legal bases for processing are depending on the purpose:

  • Art. 6 para. 1 lit. b GDPR, insofar as the processing is necessary for the performance of a contract or for the implementation of pre-contractual measures
  • Art. 6 para. 1 lit. c GDPR, insofar as there are legal retention or proof obligations
  • Art. 6 para. 1 lit. f GDPR, insofar as the processing is necessary for the secure and efficient operation of our website
  • Art. 6 para. 1 lit. a GDPR, insofar as consent is required, particularly for optional cookies, analysis or marketing services

5. Collection of access data and server log files

When visiting our website, information is automatically collected by the web server and stored in so-called server log files. In particular, the following data may be processed:

  • visited page or file
  • date and time of access
  • amount of data transferred
  • referrer URL, i.e. the previously visited page
  • browser type and browser version
  • operating system used
  • hostname of the accessing device
  • IP address, shortened or anonymised where possible
  • status codes and technical error messages

The processing is carried out for the following purposes:

  • Provision of the website
  • Ensuring technical functionality
  • Ensuring system security
  • Detection and prevention of attacks
  • Error analysis
  • Technical optimisation of the website

The legal basis is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the secure, stable, and error-free operation of our website.

Server log data will generally be deleted no later than 14 days unless longer storage is required in individual cases for the clarification of security incidents, abuse, or technical disruptions.

6. Cookies and similar technologies

6.1 General information on cookies

Our website uses cookies and similar technologies. Cookies are small text files that are stored on your device when you visit our website. They can be used to provide technical functions, ensure security, store user settings, analyse the use of the website, or support marketing measures.

Some cookies are technically necessary for the website to function properly. Other cookies, particularly analysis, marketing, or tracking cookies, are only set if you have previously given your consent.

The permissibility of setting and reading cookies in Austria is primarily governed by the GDPR and § 165 para. 3 TKG 2021. For non-essential cookies, consent is generally required.

You can manage, block or delete cookies through your browser settings. If you disable cookies, the functionality of our website may be limited.

6.2 Technically Required Cookies

Technically required cookies are necessary for our website to function. Without these cookies, certain features cannot be provided.

Purposes:

  • Provision of the website
  • Session management
  • Shopping cart function
  • Login and authentication functions
  • Protection against abuse
  • Website security
  • Storage of technically necessary settings

Examples:

  • session_id
  • Odoo session cookies
  • Security cookies
  • Shopping cart or checkout cookies

The legal basis is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in the technically secure and functional operation of the website. As far as § 165 para. 3 TKG 2021 is applicable, the storage or access occurs only to the extent that it is technically absolutely necessary to provide the service explicitly requested by the user.

6.3 Preference Cookies

Preference cookies store settings that you have made on our website.

Purposes:

  • Storage of language settings
  • Storage of regional settings
  • Improvement of user-friendliness

Examples:

  • frontend_lang
  • Odoo language or preference cookies

The legal basis is, insofar as these cookies are technically necessary, Art. 6 para. 1 lit. f GDPR. Insofar as they are not necessary, processing only takes place on the basis of your consent in accordance with Art. 6 para. 1 lit. a GDPR and § 165 para. 3 TKG 2021.

6.4 Interaction history cookies and campaign attribution

Our website may use cookies or similar technologies to capture interactions with the website or the origin of visitors.

Purposes:

  • Website optimisation
  • Campaign attribution
  • Evaluation of which campaigns or sources users arrive at our website
  • Improvement of marketing and communication measures
  • Live chat functionalities, if offered

Examples:

  • in_livechat_previous_operator
  • utm_campaign
  • utm_source
  • utm_medium

The legal basis is your consent in accordance with Art. 6 para. 1 lit. a GDPR and, where applicable, § 165 para. 3 TKG 2021.

You can revoke your consent at any time with effect for the future.

6.5 Analysis cookies

We may use analysis cookies to understand how visitors use our website. This allows us to improve our website, content, user guidance, and offers.

Purposes:

  • Statistical analysis of website usage
  • Measurement of page views
  • Recognition of frequently visited content
  • Technical and content optimisation of the website
  • Improvement of the user experience

Examples:

  • _ga
  • _gid
  • _gat
  • _gac_*
  • more Google Analytics cookies
  • _fbp
  • _fbc

The legal basis is your consent in accordance with Art. 6 para. 1 lit. a GDPR and, where applicable, § 165 para. 3 TKG 2021.

Analysis cookies are only set if you have previously consented.

6.6 Advertising and marketing cookies

We may use cookies and similar technologies to evaluate advertising measures, display relevant ads, and measure the effectiveness of advertising campaigns.

Purposes:

  • Conversion tracking
  • Campaign measurement
  • Remarketing
  • Evaluation of Meta, Facebook, and Instagram advertising campaigns
  • Delivery of relevant advertising
  • Measurement of advertising effectiveness

Examples:

  • __gads
  • __gac
  • _fbp
  • _fbc
  • Meta Pixel
  • Google marketing cookies
  • other tracking and marketing technologies

The legal basis is your consent in accordance with Art. 6 para. 1 lit. a GDPR and, where applicable, § 165 para. 3 TKG 2021.

Marketing cookies are only set if you have previously consented.

6.7 Meta Pixel / Meta Business Tools

Our website may use services from Meta, particularly Meta Pixel or similar Meta Business Tools.

Provider is:

Meta Platforms Ireland Limited

Merrion Road

Dublin 4

D04 X2K5

Ireland

In this context, the following data may be processed:

  • IP address
  • Browser information
  • Device information
  • Page views
  • Click behaviour
  • Referrer information
  • Campaign parameters
  • Conversion data
  • Cookie IDs
  • Interaction data with our ads

The provided source text specifically mentioned the following pixel ID:

Meta-MaestroDMX EU – Pixel ID: 2333481716831318

Purposes:

  • Analysis of the effectiveness of Facebook and Instagram advertising
  • Conversion tracking
  • Remarketing
  • Audience building
  • Campaign optimisation

The legal basis is your consent in accordance with Art. 6 para. 1 lit. a GDPR and, where applicable, § 165 para. 3 TKG 2021.

Data transmission to Meta companies outside the European Union or the European Economic Area cannot be ruled out. If data is transmitted to third countries, this is done on the basis of the relevant data protection transfer mechanisms, in particular an adequacy decision, the EU-U.S. Data Privacy Framework, where applicable, or EU standard contractual clauses.

6.8 Google Analytics

Our website may use Google Analytics, a web analytics service of:

Google Ireland Limited

Gordon House

Barrow Street

Dublin 4

Ireland

Google Analytics uses cookies and similar technologies to analyse the use of our website. In this context, the following data may be processed:

  • IP address, shortened or anonymised where possible
  • Device information
  • Browser information
  • Operating system
  • Referrer URL
  • Page views
  • Duration of stay
  • Click behaviour
  • Approximate location information
  • Usage and event data

Google Analytics is only used if you have previously given your consent.

The legal basis is Art. 6 para. 1 lit. a GDPR and, where applicable, § 165 para. 3 TKG 2021.

We use Google Analytics, as far as technically available, with IP anonymisation enabled. This means your IP address is truncated within the European Union or the European Economic Area before being transmitted to the USA. Only in exceptional cases can the full IP address be transferred to Google servers and truncated there.

Google may also process data in the USA. Google LLC is listed in the EU-U.S. Data Privacy Framework. Google also provides information about the data transfer frameworks used by Google.

You can withdraw your consent at any time via our cookie consent tool.

6.9 Google Ads, Conversion Tracking and Remarketing

Our website may use Google Ads, Conversion Tracking and Remarketing features.

Provider is:

Google Ireland Limited

Gordon House

Barrow Street

Dublin 4

Ireland

Purposes:

  • Measurement of advertising campaigns
  • Collection of conversions
  • Evaluation of the effectiveness of ads
  • Remarketing
  • Delivery of interest-based advertising
  • Optimisation of ads

In this context, the following data may be processed:

  • IP address
  • Cookie IDs
  • Device and browser information
  • Click data
  • Conversion data
  • Referrer information
  • Campaign parameters
  • Usage data

Examples of cookies:

  • __gads
  • __gac
  • _gac_*
  • further Google marketing cookies

The legal basis is your consent in accordance with Art. 6 para. 1 lit. a GDPR and, where applicable, § 165 para. 3 TKG 2021.

6.10 Third-party providers for tracking, market analysis and campaign support

Some tracking and market analysis activities may be supported by external service providers. The following provider was mentioned in the provided source text:

KamBe Holding UG

 Herkulan-Schwaiger-Gasse 16

 82467, Oberammergau

 Germany

E-mail: info@kambe.eu

Insofar as KamBe Holding UG or comparable service providers process personal data on our behalf, this is done on the basis of a contract for data processing or another suitable data protection contractual relationship.

Purposes:

  • Market analysis
  • Campaign analysis
  • Tracking support
  • Advertising evaluation
  • Technical support for marketing measures

In this context, personal data may be transferred to a third country outside the European Union or the European Economic Area. Canada has a partially adequate level of data protection in terms of an adequacy decision by the European Commission, provided that the conditions are met. Otherwise, a transfer will only take place on the basis of suitable guarantees, in particular EU standard contractual clauses, or explicit consent.

The legal basis is, unless otherwise stated, your consent in accordance with Art. 6 para. 1 lit. a GDPR.

7. Cookie consent and withdrawal

When you first visit our website, a cookie consent banner will be displayed to you. Through this banner, you can decide whether to allow only technically necessary cookies or to additionally consent to optional cookies and services.

Optional cookies and comparable technologies, particularly for analysis, marketing, interaction tracking, remarketing, and external content, will only be set if you have explicitly consented beforehand.

You can withdraw or change your consent at any time with effect for the future. To do this, you can revisit the settings in the cookie banner or use your browser settings.

The revocation does not affect the lawfulness of the processing that has taken place up to the revocation based on your consent.

8. Order and Contract Processing

When you order products from us, request a quote, conclude a contract, or communicate with us about services, we process personal data that is necessary for the initiation, execution, and processing of the contract.

In this context, the following data may be processed:

  • Name
  • Company
  • Address
  • Delivery Address
  • Billing Address
  • Email Address
  • Phone Number
  • Customer Number
  • Order Data
  • Contract Data
  • Payment Data
  • Bank Details, if required
  • VAT Number for Companies
  • Communication Data
  • Delivery and Shipping Information
  • Complaint and Service Data

Purposes:

  • Processing of Inquiries
  • Quote Creation
  • Contract Conclusion
  • Contract Execution
  • Order Processing
  • Delivery
  • Invoicing
  • Payment Processing
  • Customer Service
  • Complaint Processing
  • Fulfilment of Legal Retention Obligations

The legal basis is Article 6(1)(b) GDPR, insofar as the processing is necessary for the performance of a contract or for the implementation of pre-contractual measures. Insofar as there are legal obligations, particularly tax and corporate law retention obligations, the legal basis is Article 6(1)(c) GDPR. Furthermore, Article 6(1)(f) GDPR may be relevant, insofar as we have a legitimate interest in efficient business processing, legal enforcement, or defence against claims.

9. Payment Processing

If you purchase paid services or products through our website, payment data may be processed and transmitted to payment service providers.

In this context, the following data may be processed:

  • Name
  • Billing Address
  • Payment Amount
  • Payment Reference
  • Payment Status
  • Bank details, credit card information or other payment data, depending on the chosen payment method
  • Transaction Data

The transmission only takes place to the extent necessary for payment processing.

The legal basis is Article 6(1)(b) GDPR. Insofar as there are legal retention obligations, the legal basis is Article 6(1)(c) GDPR.

Specific payment providers, if used, must be included in this privacy policy, for example PayPal, Stripe, Mollie, Klarna, bank transfer or credit card providers.

10. Shipping and Delivery

For the delivery of products, personal data may be transmitted to shipping, logistics or delivery service providers.

In this context, the following data may be processed:

  • Name
  • Delivery Address
  • Phone number, if required for delivery
  • Email address, if required for shipment information
  • Order Data
  • Tracking Number
  • Delivery status

The purpose is the delivery of ordered products and information about the shipping status.

The legal basis is Art. 6 para. 1 lit. b GDPR. Insofar as a telephone number or email address is only passed on to shipping service providers with your consent, the legal basis is Art. 6 para. 1 lit. a GDPR.

11. Trade in medical devices and product-related communication

BEXAMED AUSTRIA GmbH is active in the field of trade in medical devices. In the context of product-related communication, personal data may be processed, for example, when you submit inquiries about medical devices, orders, complaints, warranty or service cases, follow-up questions regarding application or safety information.

In this context, the following data may be processed:

  • Name
  • Contact details
  • Company or organisation
  • Function or department
  • Product information
  • Order and delivery data
  • Communication content
  • Complaint or service data
  • Information related to recalls, safety information or vigilance cases

Please do not send us health data, diagnoses, treatment data or other special categories of personal data via contact forms or general communication channels unless this is expressly necessary.

If you voluntarily provide us with special categories of personal data within the meaning of Art. 9 GDPR, such as health data in connection with an inquiry, we will only process this to the extent necessary to handle your inquiry and provided there is a legal basis, your explicit consent, or another permission under Art. 9 GDPR.

Purposes:

  • Processing of product-related inquiries
  • Customer Service
  • Complaint Processing
  • Warranty and guarantee
  • Fulfilment of legal obligations in connection with medical devices
  • Product safety
  • Traceability
  • Communication regarding safety information, recalls or corrective actions

Legal bases may vary depending on the case, Art. 6 para. 1 lit. b GDPR, Art. 6 para. 1 lit. c GDPR, Art. 6 para. 1 lit. f GDPR as well as, in the case of special categories of personal data, Art. 9 GDPR.

12. Contact form and email contact

If you contact us via a contact form, by email, by phone or in any other way, we process the data you provide.

In this context, the following data may be processed:

  • Name
  • Company
  • Email Address
  • Phone Number
  • Address
  • Content of your inquiry
  • Time of contact
  • Technical metadata of the communication
  • Any attachments or other information you provide

Purposes:

  • Processing of your inquiry
  • Communication with you
  • Customer Service
  • Quote Creation
  • Documentation of the communication
  • Legal enforcement or legal defence, if necessary

The legal basis is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in processing and responding to your inquiry.

If your inquiry is aimed at concluding a contract or concerns an existing contract, the additional legal basis is Art. 6 para. 1 lit. b GDPR.

13. Customer account

If the creation of a customer account is possible on our website, we process the necessary data.

In this context, the following data may be processed:

  • Name
  • Email Address
  • Password in encrypted form
  • Billing and delivery addresses
  • Order history
  • Customer Number
  • Account settings
  • Login times
  • technical session data

Purposes:

  • Provision of the customer account
  • Management of orders
  • faster order processing
  • Provision of invoices and order history
  • Security of the customer account

The legal basis is Art. 6 para. 1 lit. b GDPR, insofar as the customer account is used for the execution of contracts or pre-contractual measures. Otherwise, the legal basis is Art. 6 para. 1 lit. f GDPR, insofar as we have a legitimate interest in user-friendly and secure customer management.

14. Newsletter

If you subscribe to our newsletter, we process your email address as well as, if applicable, your name, your company, and other voluntary information.

Purposes:

  • Sending newsletters
  • Information about products, services, offers, and news
  • Documentation of your consent
  • Proof of registration
  • Management of unsubscriptions

The legal basis is your consent in accordance with Art. 6 para. 1 lit. a GDPR.

The registration for the newsletter takes place, as far as technically set up, in the double opt-in procedure. After registration, you will receive an email in which you must confirm your registration.

You can revoke your consent at any time with effect for the future, for example via the unsubscribe link in the newsletter or by contacting us.

The revocation does not affect the lawfulness of the processing that has taken place until the revocation.

15. Comments and Contributions

As far as our website provides a comment function, rating function or the possibility to publish contributions, we process the data you enter.

In this context, the following data may be processed:

  • Name or Pseudonym
  • E-mail address, if required
  • Content of the comment or contribution
  • Time of publication
  • IP address, shortened where possible
  • technical metadata

Purposes:

  • Publication and management of comments or contributions
  • Prevention of abuse
  • Protection against unlawful content
  • Proof and legal defence in the event of claims

The legal basis is Art. 6 para. 1 lit. f GDPR. Our legitimate interest lies in providing interactive functions, preventing abuse and legal protection.

16. Social Media Presences

We may operate our own company presences on social networks and platforms, for example on:

  • Facebook
  • Instagram
  • LinkedIn
  • YouTube
  • X / Twitter

If you visit our social media pages or interact with us through these platforms, personal data may be processed by us and by the respective platform operator.

In this context, the following data may be processed:

  • Profile information
  • Username
  • Comments
  • Messages
  • Interactions
  • Likes
  • Shared content
  • Statistical information
  • Technical usage data

Purposes:

  • Corporate Communication
  • Public Relations
  • Customer Communication
  • Marketing
  • Evaluation of Reach
  • Processing of Inquiries

The legal basis is Article 6(1)(f) GDPR. Our legitimate interest lies in communication with customers, prospects, and business partners, as well as in the representation of our company.

Where consent is required, the legal basis is Article 6(1)(a) GDPR.

Please note that when using social networks, personal data may also be processed outside the European Union or the European Economic Area. The data processing by the respective platform operators is subject to their privacy information.

17. Social Media Plugins and External Content

Our website may incorporate external content or plugins from third parties, particularly from:

  • Meta, Facebook, and Instagram
  • X / Twitter
  • YouTube
  • Google Maps
  • Google Fonts, if loaded externally
  • other third parties

When such content is activated or loaded, personal data, particularly your IP address, browser information, device information, and usage data, may be transmitted to the respective provider.

External content will be loaded, as far as technically possible, only after your consent. Without your consent, this content will be blocked or only displayed in a privacy-friendly preview.

The legal basis is your consent in accordance with Art. 6 para. 1 lit. a GDPR and, where applicable, § 165 para. 3 TKG 2021.

18. YouTube

Our website may incorporate videos from YouTube.

Provider is:

Google Ireland Limited

Gordon House

Barrow Street

Dublin 4

Ireland

When loading YouTube videos, personal data may be transmitted to Google, in particular IP address, device information, browser data, usage data, and information about which page you have visited.

YouTube content is only loaded if you have consented, as far as technically possible.

The legal basis is Art. 6 para. 1 lit. a GDPR and, where applicable, § 165 para. 3 TKG 2021.

19. Google Maps

Our website may embed map material from Google Maps.

Provider is:

Google Ireland Limited

Gordon House

Barrow Street

Dublin 4

Ireland

When loading Google Maps, personal data may be transmitted to Google, in particular IP address, location data, if you share it, browser information, device information, and usage data.

Google Maps is only loaded if you have consented, as far as technically possible.

The legal basis is Art. 6 para. 1 lit. a GDPR and, where applicable, § 165 para. 3 TKG 2021.

20. Applications

If you apply to us, we process the application data you provide.

In this context, the following data may be processed:

  • Name
  • Contact details
  • Curriculum Vitae
  • Certificates
  • Qualifications
  • Work Experience
  • Photo, if provided
  • Cover Letter
  • Communication Data
  • Other application documents

Purposes:

  • Conducting the application process
  • Assessment of your suitability
  • Communication with you
  • Documentation of the selection process
  • Fulfilment of legal obligations
  • Assertion, exercise or defence of legal claims

The legal basis is Article 6(1)(b) GDPR, insofar as the processing is necessary for the performance of pre-contractual measures. Where legal obligations exist, the legal basis is Article 6(1)(c) GDPR. Where we store data for legal defence, the legal basis is Article 6(1)(f) GDPR.

Special categories of personal data are only processed when this is necessary or you voluntarily provide them and a corresponding legal basis exists.

21. Recipients of personal data

We only share personal data when this is legally permissible.

Recipients of personal data may include:

  • IT service providers
  • Hosting providers
  • Odoo as a platform and software provider
  • Payment service providers
  • Shipping and logistics service providers
  • Tax advisors
  • Auditors
  • Legal advisors
  • Authorities and courts
  • Banks
  • Marketing and analytics service providers, provided you have consented
  • Providers of external content, provided you have consented
  • Business partners, as far as this is necessary for the performance of the contract

Data sharing only occurs to the extent necessary to fulfill the stated purposes, a legal obligation exists, you have consented, or we have a legitimate interest.

22. Processors

We engage service providers who process personal data on our behalf. These service providers are carefully selected and contractually obligated.

Where necessary, we enter into contracts with processors in accordance with Art. 28 GDPR.

Processors may be used in particular in the following areas:

  • Hosting
  • Website operation
  • IT maintenance
  • Odoo platform
  • Email dispatch
  • Newsletter dispatch
  • Payment Processing
  • CRM
  • Accounting
  • Analysis and marketing, as far as permissible

23. Data transfer to third countries

A transfer of personal data to countries outside the European Union or the European Economic Area, so-called third countries, only takes place if this is legally permissible.

This may be particularly relevant when using the following services:

  • Google services
  • Meta services
  • YouTube
  • Google Maps
  • Limbic Media
  • other analysis, marketing or cloud service providers

A transfer to a third country only takes place if:

  • there is an adequacy decision by the European Commission,
  • appropriate safeguards pursuant to Art. 46 GDPR are in place, in particular EU standard contractual clauses,
  • there is explicit consent pursuant to Art. 49 para. 1 lit. a GDPR,
  • the transfer is necessary for the performance of a contract,
  • or there is another legal basis.

As far as service providers are certified under the EU-U.S. Data Privacy Framework, the transfer can be based on this adequacy framework. Google LLC is listed in the EU-U.S. Data Privacy Framework.

24. Data security

We take appropriate technical and organisational measures to protect personal data against loss, misuse, unauthorised access, disclosure, alteration or destruction.

These include, in particular:

  • Access restrictions
  • Encryption, where appropriate
  • TLS-/SSL encryption of the website
  • secure passwords and authorisation concepts
  • regular updating of technical systems
  • logging of security-relevant processes
  • backup and recovery of data
  • contractual obligations of service providers

Please note that data transmission over the internet may have security vulnerabilities. Complete protection against access by third parties is not possible.

25. Storage duration

We only store personal data as long as necessary for the respective purposes or as required by legal retention obligations.

The storage duration is particularly determined by the following criteria:

  • duration of the contractual relationship
  • legal retention obligations
  • tax and corporate law obligations
  • warranty and limitation periods
  • proof obligations
  • legitimate interests in legal prosecution or defence
  • duration of your consent

Server log data will generally be deleted no later than 14 days unless longer storage is required for the clarification of security incidents.

Contract, invoice, and accounting data will be stored in accordance with legal retention obligations.

Data processed on the basis of your consent will be stored until your consent is revoked or the purpose of processing ceases, unless legal retention obligations oppose this.

26. Obligation to provide personal data

The provision of certain personal data may be necessary for the conclusion or execution of a contract. Without this data, we cannot provide certain services or can only provide them to a limited extent.

For the mere use of our website, there is generally no obligation to provide personal data, apart from technically required access data.

If you provide voluntary information, we will process it in accordance with the purposes described in this privacy policy.

27. Automated decision-making and profiling

Automated decision-making within the meaning of Art. 22 GDPR does not take place.

Profiling may occur as part of analysis and marketing services if you have consented to this. This profiling is particularly used for evaluating website usage, campaign performance, and interest-based advertising. It does not result in any legal effect or comparable significant impairment.

28. Your rights

You have the following rights under the GDPR:

28.1 Right to access

You have the right to request information about whether we process personal data about you. If this is the case, you have the right to access this data and further information in accordance with Art. 15 GDPR.

28.2 Right to rectification

You have the right to request the rectification of inaccurate personal data. You may also request the completion of incomplete personal data, Art. 16 GDPR.

28.3 Right to erasure

You have the right to request the deletion of your personal data, provided that the conditions of Art. 17 GDPR are met.

28.4 Right to restriction of processing

You have the right to request the restriction of the processing of your personal data, provided that the conditions of Art. 18 GDPR are met.

28.5 Right to data portability

You have the right to receive personal data that you have provided to us in a structured, commonly used, and machine-readable format or to request the transfer to another controller, provided that the conditions of Art. 20 GDPR are met.

28.6 Right to object

You have the right to object at any time to the processing of personal data concerning you on grounds relating to your particular situation, when the processing is based on Art. 6(1)(e) or (f) GDPR.

If personal data is processed for the purpose of direct marketing, you have the right to object at any time to the processing for the purpose of such marketing.

28.7 Right to withdraw consent

If the processing is based on your consent, you have the right to withdraw your consent at any time with effect for the future.

The withdrawal does not affect the lawfulness of the processing carried out until the withdrawal based on your consent.

28.8 Right to complain

You have the right to lodge a complaint with a data protection supervisory authority if you believe that the processing of your personal data violates the GDPR.

The competent authority for Austria is:

Austrian Data Protection Authority

Barichgasse 40–42

1030 Vienna

Austria

Telephone: +43 1 52 152-0

E-Mail: dsb@dsb.gv.at

Website: dsb.gv.at

The Austrian Data Protection Authority is the responsible national supervisory authority for data protection in Austria.

29. Exercising Your Rights

To exercise your rights, you can contact us at any time:

BEXAMED AUSTRIA GmbH

 Stuck 192

 A-6621 Bichlbach

Austria

Email: office@bexamed.at

Please note that we may need to verify your identity for data protection inquiries to ensure that personal data is not disclosed to unauthorised persons.

30. Changes to this Privacy Policy

We reserve the right to adjust this privacy policy if the legal situation, our website, our services, deployed technologies, or our data processing changes.

The current version published on our website applies.

Status: May 2026