Data protection policy
Information on the processing of your personal data in accordance with Article 13 of the GDPR
1. General
We are delighted that you have visited our website. Protecting your personal data is very important to us. We strictly adhere to the legal provisions of the EU General Data Protection Regulation, the Austrian Data Protection Act, and other applicable legal provisions on the protection, lawful handling, and confidentiality of personal data. Below, we would like to inform you about how your data is processed in connection with your visit to and use of our website.
2. Responsible party within the meaning of the GDPR/contact details
Wiener Medizinische Akademie GmbH
Alser Str. 4, 1090 Vienna, Austria
Email: office@wma.co.at
Phone: +43 1 405 138316
Web: www.wma.co.at
A data protection officer pursuant to Art. 37 GDPR has not been appointed.
3. Purposes of data processing and legal basis
General website visits:
When you visit our website, we collect and store access data in log files (so-called log files or access logs) to ensure the long-term functionality and availability of the website. In this context, we process the following data and information:
IP address
Date and time of access
Websites from which you access our site (referrer URL)
Operating system
Name of the Internet service provider
Product and version information of the browser used
Amount of data transferred, loading time
The legal basis for data processing is our legitimate interest pursuant to Art. 6 (1) (f) GDPR. This lies in ensuring the functionality, security, and accessibility of the website for all visitors to the site, and, where applicable, in the collection, defense, and assertion of legal claims.
You have the right to object to this data processing (right of data subjects to object to data processing in the legitimate interest pursuant to Art. 21 (1) GDPR). In this case, we will only process your data if there are compelling legitimate grounds on our part for further processing.
It is not possible to directly infer your identity from the information. The data will be automatically deleted once the aforementioned purposes have been achieved.
We do not use cookies or similar technologies on our website. This means that your personal data will not be processed in this way (e.g., no data will be passed on to third parties for analysis and tracking purposes).
Contact form:
We provide a contact form on our website to make it easy for you to get in touch with us. To use this form, please provide us with the information requested so that we can process or respond to your inquiry.
We process your personal data on the legal basis of legitimate interest pursuant to Art. 6 (1) (f) GDPR (provision of low-threshold electronic contact and communication options) and, where applicable, contract fulfillment pursuant to Art. 6 (1) (b) GDPR (contract, pre-contractual relationship). The data and information provided via the contact form will be used by us exclusively for the purpose of responding to your inquiry or contacting you. As an alternative to using the contact form, you can also contact us via the email address provided, by phone, or by post.
You have the right to object to data processing based on legitimate interest (right to object pursuant to Art. 21 (1) GDPR). In this case, we will only process your data if there are compelling legitimate reasons on our part for further processing.
Membership in the WMA Association:
The personal data provided in the membership application will be processed by the association exclusively for the purpose of processing your application, deciding on your admission and, in the event of admission, implementing and administering your membership (legal basis: Art. 6 (1) (b) GDPR). Beyond that, processing will only take place to the extent necessary to fulfill legal obligations (Art. 6 (1) (c) GDPR) or based on the legitimate interests of the association (Art. 6 (1) (f) GDPR, e.g., for internal communication or the organization of association activities). As part of membership, the association sends a regular newsletter exclusively to members. This contains information about the association’s own events, projects, and topics related to the association’s purpose. You can unsubscribe from the newsletter at any time without affecting your membership. Your data will only be processed internally by the association and will not be passed on to third parties unless there is a legal obligation to do so. Data is only stored for as long as is necessary for the purposes mentioned. You have the right to information, correction, deletion, or restriction of the processing of your personal data at any time, as well as the right to data portability and the right to lodge a complaint with the data protection authority.
Event Registrations
When registering for events (e.g. information sessions, congresses, training courses, seminars, or workshops) that we organize or administer, we process the personal data you provide for the purpose of handling your registration, implementing the event, and managing the associated administrative and organizational processes.
Depending on the type of event, the following data may be processed:
- First name and last name
- Title, professional role, and organization
- Contact details (e-mail address, and, where applicable, telephone number)
- Billing and payment information
- Participation data (e.g. attendance, registered sessions or bookings)
- Data required for the issuance of training or continuing education certificates, if applicable
The processing of your personal data is based on Article 6(1)(b) GDPR (performance of a contract or pre‑contractual measures). Where processing is required to comply with legal obligations (e.g. record‑keeping requirements), it is based on Article 6(1)(c) GDPR. Additionally, processing may occur on the basis of our legitimate interests under Article 6(1)(f) GDPR (e.g. post‑event organization, quality assurance).
Your data will only be shared to the extent necessary for the organization and execution of the event (e.g. with speakers, technical service providers, or billing entities) or where a legal obligation to do so exists. No further transfer of your personal data to third parties takes place.
Your personal data will be stored only for as long as necessary to hold the event and to fulfil legal record‑keeping and documentation obligations.
You have the right to access, rectification, erasure, and restriction of processing of your personal data, as well as the right to data portability and the right to lodge a complaint with the competent supervisory authority.
Name Badges, Attendance Lists, and Certificates
As part of event management, we process participants’ personal data to prepare name badges, maintain attendance or participant lists, and—where applicable—to issue confirmations of participation or certificates.
This processing is based on Article 6(1)(b) GDPR (performance of a contract), as these activities are necessary for the proper execution of the event and to fulfil contractual or organizational obligations. Where legal documentation or verification duties exist (e.g. for certified training), processing is based on Article 6(1)(c) GDPR.
The personal data processed for these purposes are used exclusively for the stated objectives and retained only as long as necessary for the event and for compliance with legal retention requirements.
Photographic and Video Documentation at Events
During our events, photographs and, where applicable, video recordings may be taken that show participants. These recordings serve the purpose of documenting the event, reporting on it, and—where expressly indicated—public relations, in particular publication on our website or in other association‑ or event‑related media.
Processing is carried out on the basis of our legitimate interests pursuant to Article 6(1)(f) GDPR, which consist in documenting and presenting our activities and promoting the objectives of the association or event.
We take care to respect the legitimate interests of data subjects. Individual photos of persons are published only if there are no overriding legitimate interests of the persons concerned. Participants have the right to object to the processing of their personal data in the form of photographs or video recordings (Article 21 GDPR). In such cases, we will refrain from using or publishing the corresponding images unless compelling legitimate grounds exist for doing so. Objections can be made on site to the event organizers or subsequently via the contact details provided.
Submission for the WMA Research Proposal Development Fund
In connection with the submission of applications for research funding under the WMA Research Proposal Development Fund, we process personal data exclusively for the purpose of evaluating, administering, and managing funding applications.
Only members of the Vienna Medical Academy (WMA) are eligible to apply for this funding programme.
The following personal data may be processed in the course of application submission:
- Name, academic title, professional position, and contact details
- Institutional affiliation and confirmation of WMA membership
- Project title, abstract, and requested funding amount
- Budget plan and project duration
- Any additional information or documents provided by the applicant as part of the submission
The processing of personal data is based on Article 6(1)(b) GDPR (performance of a contract or pre‑contractual measures) and, where applicable, on Article 6(1)(f) GDPR (legitimate interest in the proper assessment, approval, and administration of funding applications).
In case of a positive funding decision, personal data will also be processed for the administration, disbursement, and financial verification of the awarded funding. Data will be stored only as long as necessary to fulfil legal retention and reporting obligations.
Personal data may be shared with third parties only to the extent necessary for the evaluation, administration, or audit of the funding application (e.g. external reviewers, auditors, or financial control authorities), or where there is a legal obligation to do so.
Applicants have the right to access, rectification, erasure, restriction of processing, and data portability, as well as the right to object to processing based on legitimate interests (Article 21 GDPR). They also have the right to lodge a complaint with the competent data protection authority.
4. Automated decision-making and profiling
We do not use profiling measures or automated decision-making.
5. Data transfer and recipients
As a rule, we only pass on data collected based on your use of our website to the extent that this is absolutely necessary to fulfill the purposes outlined above (operation and maintenance of the website via external service providers, data transfer to email providers for the purpose of communication). However, we may also be legally or officially obliged to pass on data to third parties (e.g., data transfer to law enforcement authorities).
In all cases of data transfer, we take care to transmit only the information that is absolutely necessary and comply with the data protection requirements for data transfer (e.g., strict binding instructions for processors via Art. 28 contracts, obligation of secrecy and confidentiality, obligation to fully comply with a sufficient level of protection in the processing of personal data).
6. Data retention period
Your data will only be stored for as long as is technically and organizationally necessary to achieve the purposes set out above and to fulfill our legal obligations. We retain log file data for a period of 6 months. Where applicable, we also store your personal data for specific periods on the legal basis of legitimate interest. When determining the periods, we take care not to violate your rights and freedoms. If data storage is no longer necessary, we will delete your data immediately.
7. Rights of data subjects / Your rights to protect your personal data
You have a number of rights with regard to your personal data processed by us. You can exercise all of these rights free of charge and informally (by email, telephone, or post), if necessary after proving your identity, using the contact details provided. Your rights in detail:
Right to information: You can request information about the data we process at any time without formalities. In this case, we will inform you in writing about the data we have stored about you, the purposes for which we use it, the categories of recipients to whom we pass it on, and how long we intend to store it. We will comply with your request for information immediately, but at the latest within one month.
Right to erasure: You have the right to request the erasure of your data processed by us at any time without formal notice. We will comply with this request if your data is no longer necessary for the purpose for which it was collected, if you revoke any consent you may have given, in the event of unlawful data processing, or if the erasure is necessary to fulfill a legal obligation.
Right to correction: If we mistakenly process incorrect or incomplete data about you, we will of course correct it. To do so, simply send us an informal request.
Right to restriction of processing: If it is not possible to delete your data or you do not wish this to be done, but you do not consent to the use of the data beyond its storage, we are obliged to restrict the further processing of your personal data at your request.
Right to data portability: Upon your informal request, we will provide you with the data we have stored about you, which we have received on the basis of a contract or your consent, free of charge in a commonly used file format. You can use this data for your own purposes and pass it on to future contractual partners. If you wish and it is technically feasible, we will also transfer your data directly to a recipient specified by you. In this case, we will inform you once the transfer has been completed. We will comply with your request immediately, at the latest within one month.
Right to revoke consent: You can revoke your consent to data processing at any time with effect for the future, in which case we will cease data processing. The legality of the data processing carried out up to that point is not affected by the revocation of consent.
Right to object: If we process your data on the basis of our legitimate interest, you have the right under the General Data Protection Regulation to object to the further processing of your data. If you exercise this right, we will no longer process your data for the purpose to which you have objected, unless there are legitimate reasons on our part for further processing that outweigh your interests, rights, and freedoms, or the processing serves to assert, exercise, or defend legal claims.
8. Right to lodge a complaint
The EU General Data Protection Regulation and the Austrian Data Protection Act guarantee you the above rights in the area of data protection. If you believe that we have violated any of these rights, you have the option of lodging a complaint with a data protection supervisory authority. The supervisory authority in Austria is the Austrian Data Protection Authority, Barichgasse 40-42, 1030 Vienna.
9. Data security
We take all necessary and appropriate technical and organizational security measures to protect your personal data from loss and misuse. Your data is stored in a secure, state-of-the-art operating environment.
Access to our website is secured via HTTPS. This means that communication between your device and our servers is encrypted.
10. Miscellaneous
We expressly reserve the right to make future changes or adjustments to the privacy policy. If you have any questions or suggestions, please contact us using the contact details provided.
Status of the privacy policy: 07/2025