Privacy policy – HeartBeat.bio

I. Privacy Policy of HeartBeat.bio AG

HeartBeat.bio AG is pleased that you are visiting our website. The protection of your personal data and information by which you may be identified is very important to us. This is why we undertake to process your data only on the basis of the statutory provisions (General Data Protection Regulation (GDPR), the Austrian Data Protection Act (DSG) and the Austrian Telecommunications Act (TKG 2003)). We would therefore like to take this opportunity to inform you about the personal data we collect when you visit our website or when you correspond with us and for what purposes it will be used.

As amendments to the law or changes to our internal processes may require adaptations to be made to this Privacy Policy, we kindly ask you to read through this Privacy Policy on a regular basis. This Privacy Policy may be retrieved at any time from Privacy Policy, saved and printed out.

Clause 1 Controller; Applicability

The controller as defined in the GDPR and other national data protection laws of the Member States or other data protection provisions is:

HeartBeat.bio AG
Vienna Biocenter 6
Dr. Bohr Gasse 7
1030 Vienna

Business Register Number 547992x
Email: office@heartbeat.bio

This Privacy Policy applies to the online offer of HeartBeat.bio AG, which is retrievable under the domain heartbeat.bio and other subdomains (hereinafter referred to as „our Website“) as well to all correspondence with us. For more detailed information on HeartBeat.bio AG please see imprint.

Clause 2 What is personal data?

Personal data means all information relating to an identified or identifiable natural person. This includes, without limitation, information such as your name, your age, your address, your telephone number, your date of birth, your email address or your IP address. Information on the basis of which we are unable to establish a link to your person (or only through unreasonable effort), e.g. due to anonymisation of the information, is no personal data. Processing of personal data (such as collection, retrieval, use, storage or transmission) always requires a statutory basis or your consent.

Clause 3 Data processing on our Website

Provision and use of the website

(a) Extent and purpose of data processing

As a matter of principle, we collect and use our users’ personal data only to the extent that this is necessary to provide an operable website and our contents or services and information. When retrieving and using our Website we collect the personal data that your browser automatically transmits to our server. This information is temporarily stored in a so-called log file.

The following information is collected without any action from you and will be stored until it is automatically erased:

IP address of the retrieving computer;
date and time of access;
name and URL of the file retrieved;
transmitted data volume;
notification of successful retrieval;
website from which our Website is accessed (referrer URL);
browser used, including version and the operating system of your computer, and the name of your access provider.

We process the above-mentioned data for the following purposes:

ensuring an uninterrupted connection to the website;
ensuring secure and comfortable use of our Website;
preventing and penalizing abuse and attempted abuse;

(b) Legal basis

Art. 6 (1) (f) GDPR is the legal basis for the data processing listed under (a). Processing of the data stated is necessary for the provision of a website and enabling secure and comfortable use as well as for preventing abuse, and thus serves to safeguard a legitimate interest of our company. Moreover, there are no superior interests of the website user that would outweigh the interest of the website operator.

As soon as the stated data is no longer necessary for displaying the website it will be erased. Collection of data for provision of the website and storage of data in log files is mandatory for operation of the website. Accordingly, the user has no possibility to object. Data will be stored for longer in specific cases where this is prescribed by law or this is necessary for the establishment, exercise or defense of legal claims.

Contact

(a) Nature and extent of data processing

Our Website offers you the opportunity to contact us by means of a web-based form [https://heartbeat.bio/contact] or by e-mail.

If you contact us, the following personal data regarding yourself will be processed:

Name
Email address
Subject
Message
Date/Time

These data is necessary for the purpose of processing your request. If this is not necessary to process your request or explicitly requested by you, none of your personal data will be passed on to third parties when you contact us.

(b) Legal basis

The data processing described above for the purposes of making contact is done in accordance with Art. 6 (1) (b) GDPR because it is necessary to process your request. In addition, we and you have a legitimate interest in accordance with Art. 6 (1) (f) GDPR in processing your request.

As soon as your request has been processed and the related facts and circumstances have been exhaustively clarified the personal data processed via the contact form will be erased. In the case of follow-up requests this data will be stored by us for six (6) months before it is erased. Data may be stored for longer in specific cases where this is prescribed by law or necessary for other purposes.

Application form

(a) Extent and purpose of data processing

Our Website offers you the opportunity to send us a job application by means of a web-based form Career. In the case of applications that we receive electronically via the application form we will process the data transmitted by you (name, email address and all personal data provided by you as part of your application) for the purpose of processing your application. As part of the same processing may be done by a processor instructed by us. In that case the basis of processing is a contract concluded between us and the relevant processor, by means of which is it ensured that processing is done in accordance with the requirements of data protection law.

In the case that we employ you, you will be informed separately about the processing of your personal data as part of your employment relationship.

(b) Legal basis

The data processing described above is done for performance of the contract and/or implementation of pre-contractual measures as defined in Art. 6 (1) (b) GDPR and, in the case that we may keep your application documents to reconsider them later, on the basis of your consent as defined in Art. 6 (1) (a) GDPR.

As a rule, we will store the data that you provide us with as part of your application for a maximum period of eight (8) months. If you have expressly agreed to us keeping your application documents to reconsider them later, we will store such data until the withdrawal of your consent.

Clause 4 Disclosure of data to third parties

We will only disclose your data to third parties if:

you have given us your express consent pursuant to Art. 6 (1) (a) GDPR;
that is permitted by law and necessary pursuant to Art (6) (1) (b) GDPR for fulfilling a (pre-)contractual relationship with you;
there is a statutory obligation to disclose data pursuant to Art. 6 (1) (c) GDPR;
if disclosure of such data is necessary for safeguarding legitimate interests of the company and for the establishment, exercise or defense of legal claims, and there is no reason to assume that you have an interest in non-disclosure of the data that merits protection.

Where applicable, data processors, which process your data only on our behalf, have access to your data for the following purposes:

IT Management, Services and Support (currently net4biz GmbH, Dr.-Bohr-Gasse 7, A-1030 Vienna)

Webhosting and website operation (currently Thomas Kogler webSOLUTION, Peter Rosegger Straße 37a, A-8053 Graz)

In principle, no personal data will be disclosed to third parties outside of the European Union or the European Economic Area. However, in case this is necessary, appropriate safeguards according to Art 45 or 46 GDPR are implemented (such as an adequacy decision or the conclusion of Standard Contractual Clauses).

Clause 5 Use of cookies

(a) Nature and extent of data processing

We use cookies on our website. Cookies are small files that are sent by us to your device’s browser and stored there when you visit our Website.

Some features of our website cannot be offered without the use of technically necessary cookies. Other cookies enable us to carry out various analyses. Cookies, for example, are able to recognize the browser used by you if you visit our Website again. With the help of cookies, we are able, among other things, to make our internet offering to you friendlier and more effective by, for example, understanding your use of our Website and identifying your preferred settings (e.g. country and language settings). If third parties process information via cookies, such information will be collected directly via your browser. Cookies cause no damage to your device. They can execute no programs and contain no viruses. Different types of cookies are used on our Website, the type and functions of which are described in more detail below.

We use persistent cookies on our Website. Persistent cookies are cookies which are stored in your browser for a prolonged period of time and send information to us. The relevant storage period depends on the cookie. You can delete persistent cookies yourself in your browser settings.

Required cookies. These cookies are required for technical reasons so that you can visit our Website and use the features offered by us.

Performance cookies. With the help of these cookies we are able to analyse website use and improve the performance and functionality of our Website. For example, information is collected on how our Website is used by visitors, which sites are retrieved most frequently and whether error messages are displayed on certain pages.

In addition, these cookies contribute to secure use of the website is in accordance with the requirements.

More details on the cookies used on this Website are stated in cookie banner displayed at your first visit of the Website and which can be accessed at any time by clicking on the circular symbol in the left corner of the Website and every subsite.

(b) Legal basis

Due to the purposes described (cf. Clause 5a) the legal basis for processing personal data by using cookies is Art. 6 (1) (f) GDPR. If you have given us your consent to the use of cookies on the basis of a cookie banner displayed on the website, the lawfulness of such use is governed by Art. 6 (1) (a) GDPR as well.

Your cookie preferences and your consent can be edited at any time via the cookie banner, displayed at your first visit of the Website and which can be accessed again by clicking on the circular symbol in the left corner of the Website and every subsite.

As soon as the data transmitted to via the cookies is no longer necessary for achieving the purposes described above, such information will be erased. Details on the storage period of every cookie can be found in the cookie details in the cookie banner, displayed at your first visit of the Website and which can be accessed again by clicking on the circular symbol in the left corner of the Website and every subsite. Data will be stored for longer in specific cases where this is prescribed by law.

(d) Configuration of browser settings

Most browsers are configured to accept cookies by default. However, you can configure your relevant browser so that it will only accept specific cookies or no cookies at all. We would like to point out that you may not be able to use all of the features of our website anymore if cookies on our Website are disabled in your browser settings. You may also delete cookies stored earlier in your browser and view the storage period via your browser settings. In addition it is also possible to configure your browser in such a way that it will notify you before cookies are stored. As different browsers may differ in their functionality, we would kindly ask you to to use the help menu of your browser for configuration options.

Clause 6 Tracking and analysis tools

We use tracking and analysis tools to ensure continuous optimisation and designing of our website to the users‘ needs. With the help of tracking measures, we may also statistically record the use of our Website by visitors and further develop our online offer for you using the knowledge gained as a result. The use of the tracking and analysis tools described below is justified by your consent in accordance with Art. 6 (1) (a) GDPR, which you have given in the cookie banner.

Your consent can be edited at any time via the cookie banner, displayed at your first visit of the Website and which can be accessed again by clicking on the circular symbol in the left corner of the Website and every subsite.

The following description of the tracking and analysis tools used by us shows the relevant purposes of processing and the data processed.

Google Analytics

This website uses Google Analytics, a web analysis service provided by Google Ireland Limited, Google Building, Gordon House, 4 Barrow St., Dublin, D04 E5W5, Ireland („Google“). Google Analytics uses cookies which enable an analysis of your use of Our Website. We process your data on the basis of your consent in accordance with Art. 6 (1) (a) GDPR, which you have given in the cookie banner.

Information created by the cookies, such as, e.g. on the time, location and frequency of your use of this website, will normally be transmitted to and stored on a server of Google in the USA.

We only implement Google Analytics using active IP anonymisation. That means that your IP address is truncated/anonymised by Google as soon as Google receives your IP address.

Google will use the information generated by cookies on behalf of the operator of the website to evaluate your use of the website, to compile reports on website activities and to render other services related to use of the website and the internet to the website operator. When doing so pseudonymised user profiles of the users may be created using the data. The IP address that is transmitted by your browser by means of Google Analytics will not be merged with other Google data by Google.

In general, you may prevent storing of cookies by adjusting your browser software settings accordingly. Please be informed, however, that in that case you may not be able to use all of the website’s features in full.

It cannot be excluded that the cookies set by Google Analytics will record other personal data in addition to the IP address. In order to prevent information on your use of the website from being recorded by Google Analytics and transmitted to Google Analytics you can download and install a plug-in for your browser via the following link:

http://tools.google.com/dlpage/gaoptout?hl=en

This plug-in prevents information on your visit to this website from being transmitted to Google Analytics. Other analysis is not prevented by this plug-in.

For more detailed information on use of data for advertising purposes by Google and on settings and objection options we are taking the liberty of providing you with the following links to the Google website:

Use of data by Google when using websites or apps of our partners: https://www.google.com/intl/en/policies/privacy/partners
Use of data for advertising purposes http://www.google.com/policies/technologies/ads/
Manage the information Google uses to show you ads: http://www.google.com/settings/ads
Determine what advertising Google shows you: http://www.google.com/ads/preferences

Data collected by Google Analytics will be transmitted to a third country (USA). The legal basis for such transmission of data is your express consent as defined in Art. 49 (1) (a) in conjunction with Art. 6 (1) (a) GDPR. There is currently no level of data protection in the USA which corresponds with that of the EU.

Clause 7 Font Awesome

We use so-called web fonts provided by Font Awesome, Fonticons Inc., 6 Porter Road, Apartment 3R, Cambridge, MA 02140, USA for the uniform display of fonts. For that purpose connection data and browser data are transmitted to the Font Awesome servers. This data is only processed for the period required for the selection and transmission of the fonts.

The legal basis for this data processing is the legitimate interest as defined in Art. 6 (1) (f) GDPR. This results from the absolute technical necessity of Font Awesome for uniform provision of our Website retrieved by you.

Clause 8 Hyperlinks

Our Website contains so-called hyperlinks to websites of other providers. By activating such hyperlinks, you will be forwarded directly from our Website to the website of other providers. You will see this, among other things, by the change of the URL which is displayed in your browser. We are unable to accept any responsibility for the confidential handling of your data on these third-party websites as we have no influence on their compliance with data protection provisions. For information on how personal data is dealt with by those companies please see their websites directly.

Clause 9 Rights of data subjects

As a data subject of processing of personal data, the following rights apply to you according to the GDPR if the legal requirements are met.

Pursuant to Art. 15 GDPR you may request information on your personal data processed by us. In particular, you may request information on the purposes of processing, the categories of personal data, the categories of recipients to whom your data has been or will be disclosed, the planned storage period, the existence of a right to rectification, erasure, restriction of processing or objection, the existence of a right to lodge a complaint, the origin of your data, if and when it has not been collected by us, on transmission to third countries or international organizations and the existence of automated decision-making, including profiling and, where applicable, meaningful information on the specifics thereof.
Pursuant to Art. 16 GDPR you may without undue delay obtain the rectification of inaccurate personal data stored by us or completion of the same.
Pursuant to Art. 17 GDPR you may obtain erasure of your personal data stored by us, unless processing is necessary for exercising the right of freedom of expression and information, for compliance with a legal obligation, for reasons of public interest or for the establishment, exercise or defense of legal claims.
Pursuant to Art. 18 GDPR you may obtain restriction of processing of your personal data to the extent that you contest the accuracy of the data, processing is unlawful, we no longer need the data and you object to erasure of the same because you need the data for the establishment, exercise or defense of legal claims. You are also entitled to your right pursuant to Art. 18 GDPR if you have objected to processing as defined in Art. 21 GDPR.
Pursuant to Art. 20 GDPR you may request that you receive the personal data that you have provided to us in a structured, commonly used and machine-readable format, or to have the same transmitted to another controller.
Pursuant to Art. 7 (3) GDPR you may withdraw consent which you have given to us at any time by sending an email to the HeartBeat.bio AG email address stated above. As a consequence, we will no longer be allowed to process data on the basis of such consent in future.
Pursuant to Art. 77 GDPR you have the right to lodge a complaint with a supervisory authority if you consider that the processing of your data violates data protection law or that your rights under data protection law have been infringed in any other way. Usually, you can contact the supervisory authority of your usual place of residence, your place of work or the registered office of our company. For Austria this is the Data Protection Authority (Datenschutzbehörde).

Clause 10 Right to object

When processing your personal data on the basis of legitimate interests as defined in Art. 6 (1) (f) GDPR you have the right pursuant to Art. 21 GDPR to object to the processing of your personal data on grounds relating to your personal situation or if the objection relates to direct marketing. In the case of direct marketing you have a general right to object, which we will implement without you stating a special situation.

Clause 11 Data security and security measures

We undertake to treat your personal data as confidential. In order to avoid manipulating or loss or abuse of your data stored by us we have implemented comprehensive technical and organizational measures which are regularly checked and adjusted according to the state of the art. We would like to point out, however, that, due to the nature of the internet, data protection regulations and the security measures stated above may not be observed by other persons who are not within our sphere of responsibility or our institutions. In particular, data which is transmitted in an unencrypted form, e.g. by email, may be read by third parties. We have no technical influence on such issues. It is the responsibility of you as the user to protect the data provided against abuse through encryption or in any other way.

(Last updated: December, 2023)