DATA PROTECTION REGULATIONS acc. to EU-GDPR

1 General Regulations

Mondial Medica Reisebuero GesmbH reserves the right to amend the existing data protection regulations in strict accordance with prevailing legal norms at any time.

 

1.1 Personal Data:

Your voluntarily transmitted personal details (through submission in the online forms, by phone or mail, respectively sent by your group coordinator) will be collected, saved and processed in accordance with the most recent legislation on data protection (EU-GDPR 2018).

Flight bookings, additional bookings & hotel bookings:
Bookings via Mondial Medica Reisebuero GesmbH can only be carried out by collecting, saving and processing your personal data. This is solely for the purpose of organising and realising the event. Your data will only be passed on to third parties who are directly involved in running the event and if the organisational process makes it necessary – in accordance with your bookings (airline, hotel, transport companies, travel insurance, etc.).

1.2 Photos/Films:

By signing the contract, you grant permission to Mondial Medica Reisebuero GesmbH to use photos/films taken from you respectively your company presence by our official photographer (team) onsite during the meeting for marketing purposes (event reporting, promotion of follow-up events & self-marketing) for an indefinite period of time. If you do not want to have any photos/films published, taken of you, you may contact us at any time: datenschutz@mondial.at

1.3 Links to other websites:

Links provided by Mondial Medica Reisebuero GesmbH (program booklets, invitation management etc.) may contain links to other websites. Mondial Medica Reisebuero GesmbH is not responsible for the data you provide on other websites. Our partner companies are also bound to act according to EU-GDPR, the implementation however rests with each company individually. Our data protection guidelines are solely applicable to data controlled by us (Mondial Medica Reisebuero GesmbH).

 

2 Information Obligation acc. to Art. 12-14 EU-GDPR (EU-DSGVO)

We are pleased to provide you with all information on the type, purpose and scope of the processing activities of your personal data.

2.1 Controller:

Mondial Medica Reisebuero GesmbH, Waehringer Guertel 18-20, 1090 Vienna
T: +43 1 402 406 1-0
E-Mail: datenschutz@mondial.at
Responsible Manager: Birgit Ludwig
Data Protection Coordinator: Martin Wallner

2.2 Purposes of Processing:

Depending on the participant status and the bookings of the data subject, the data are processed for one or more of the purposes listed below.



Processing Purpose

Data Categories

Travel Bookings, Additional Bookings, Settlement and Controlling

name
contact data
address data/invoice data
credit card data
hotel
length of stay
contact person
frequent flyer number
travel data (only if necessary)
passport data (only if necessary)
special diet (sensitive data)

General Organisation /
Accounting

name
contact data
additional bookings
hotel booking data
bank data (only if necessary)
credit card data (only if necessary)

Marketing & Development

name
contact data
photos/films

 

2.3 Legal Basis for the data processing purposes:



Processing Purpose

Legal Basis

Travel Bookings, Additional Bookings, Settlement and Controlling

binding completion of the booking (flight, hotel, car rental, etc.)

written confirmation of the group coordinator that participant data may be used

binding booking of a travel insurance of the data subject – Mondial Medica Reisebuero GesmbH acts as intermediary only

consent of the data subject (sensitive data)

Marketing & Development

legitimate interest of the controller (see point 4.1)

 

2.4 Third Party Data Recipients – Categories:

The recipients only receive the data they require, not your full data record. Your data will only be forwarded if the organisational process makes it necessary – in accordance with your bookings – and if a legal basis exists.




Processing Purpose

Data Categories

Recipient Categories

Travel Bookings, Additional Bookings, Settlement and Controlling

name
contact data
address data/invoice data
credit card data
hotel
length of stay
contact person
frequent flyer number
travel data (only if necessary)
passport data (only if necessary)

flight companies, service providers (fulfillment agents)

special diet (sensitive data)

flight companies

General Organisation / Accounting

name
contact data
registration data
additional bookings
hotel booking data
bank data (if necessary)
credit card data (if necessary)

responsible authorities, bank, fiscal office, tax consultant, service providers (fulfillment agents)

Marketing

name
contact data

online mailing provider

 

2.5 Transfer to Third Country:

Due to the GDPR Art 49, 1b: The transfer of data to third countries is necessary for the performance of a contract/business relation between the data subject and the controller. Only data that is actually required for the specified purpose may be collected and processed.

2.6 Data Storage Period:

Credit card guarantees (such as for hotel bookings) are reviewable and saved encrypted until 2 weeks after event start and irrecoverably deleted thereafter.

Sensitive data (for example: special nutritional requirements), which are collected with the consent of the data subject, will be irrecoverably deleted after the end of the booking.

All other data are stored for 7 years, to meet the retention period according to the Austrian Value Added Tax Act 1994 (Umsatzsteuergesetz 1994).

 

3 Data Subject Rights

We hereby inform you about your rights according to EU-GDPR:

3.1 Data Subject Rights acc. to Art. 15-21 EU-GDPR:

Right of access by the data subject

Right to rectification

Right to erasure ‘right to be forgotten’

Right to restriction of processing

Right to data portability

Right to object (in case of legitimate interest of the controller)

Here you will find detailed descriptions:
http://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32016R0679...

© European Union, http://eur-lex.europa.eu/, 1998-2018'

3.2 Right to withdraw consent acc. to Art. 7 EU-GDPR:

We kindly ask you for different declarations of consent. These are queried within the booking/online booking process or directly inquired from the affected person/group coordinator/company representative. The declarations of consent are not compulsory according to the EU GDPR.
Each data subject has the right to withdraw his/her given consent(s) at any time. The withdrawal of the consent does not affect the legality of the processing carried out based on the declaration of consent until the withdrawal.

3.3 Right to lodge a complaint with a supervisory authority acc. to Art. 77 EU-DSGVO

Every data subject has the right to lodge a complaint with a supervisory authority, if the data subject considers that the processing of personal data relating to him/her infringes to the EU-GDPR.
 

 

4 Description of other Purposes

Legitimate Interests of the Controller acc. to Art. 6 (1) f) EU-GDPR

4.1 Advertising/Marketing:

Processing data of the data subject to inform him/her about the above-mentioned event, as well as future and topic-related events.