Information on data protection
The following information applies to the use of the medikit web interface and the medikit app, collectively referred to as the platform.
Which of my data are processed?
The platform stores some basic data in a structured way within the framework of the user profile. In addition to this, further content can be added voluntarily. This information can all be changed or deleted at any time via the account settings. In order to provide the platform, some technical data is automatically collected. In detail:
- Full name
- Position in company and affiliation to departments within the company
- Professional contact details
- Date and time of last access
Voluntary profile data:
- Profile picture/photo
- Date of birth
- IP address (Internet access ID) from which access to the platform takes place
- Browser and devices
- Volume of data sent
- Correspondence (text from messages, deliveries, comments etc.)
Why is the data processed - and is that even allowed?
The platform provides tools for optimising in-house communication, knowledge management and operational improvement. Your employer has decided to use these features.
For this to work both in terms of content and technology, the processing of the above information is necessary.
This also implies the lawfulness of the processing of the data - as an employer or contracting party it is permissible to process this information in the context of the contractual activity.
Who sees the data?
Each account is active in one or more networks. The basic data as well as some voluntary profile data are visible to all users in them. The visibility of the profile picture can be set
in the account settings. Correspondence and the content of posts are visible to the individually defined recipients and recipient groups.
Due to hotelkit GmbH’s role as a technical service provider for the provision of the platform, individual hotelkit employees may receive information in the context of support inquiries or during the initial setup of the platform.
Beyond this, the information provided will not be passed on to anyone else.
Who is responsible for data processing - and who can I contact?
hotelkit GmbH has been commissioned by your employer to provide the platform on your employer’s behalf. For general questions about the "why" and "for what reason", or to safeguard your
rights as a data subject, please contact your employer.
Technical processing is carried out by hotelkit GmbH, Strubergasse 26, 5020 Salzburg (Austria) - for specific technical questions, we can be reached at the following email address:
How secure is my data with hotelkit?
hotelkit GmbH takes extensive technical and organisational measures to protect the security of your data. This includes protection against intentional manipulation, loss, or destruction, and protection against access by unauthorised third parties. These measures are constantly reviewed, compared with current standards and regularly improved.
What are my rights?
The General Data Protection Regulation (GDPR) grants extensive rights to "data subjects affected by processing". These include:
- Right to information - on request you will receive extensive information about the processing of your data, including what data is stored, when the data is deleted, the origin of the data and much more (Art. 15 GDPR).
- Right to rectification - incorrect personal data must of course be corrected (Art. 16 GDPR)
- Right to erasure ("to be forgotten") - if the storage and processing is not necessary, then you can request its erasure (Art. 17 GDPR)
- Right to restriction of processing - in special cases such as unlawful processing or litigation, the information stored may be 'frozen' and temporarily suspended (Art. 18 GDPR)
- Right to transfer - personal data must be provided in machine-readable format if requested (Art. 20 GDPR)
- Right of revocation - once given, consent can be revoked at any time (Art. 7 para. 3 GDPR)
- Right to lodge a complaint - if you do not feel lawfully treated, you can lodge a complaint with the data protection supervisory authority at any time (Art. 77 GDPR)