Privacy Policy for business partners / B2B customers

Table of Contents

1. General

This Privacy Policy describes how Brainhero GmbH (hereinafter: “Brainhero”, “we”, “us”), Fuchsthallergasse 2/10, 1090 Vienna, processes your personal data in the context of initiating and conducting business.

Brainhero respects your privacy and is committed to protecting your personal data. We therefore comply with the applicable legal provisions on the protection and handling of personal data, in particular the General Data Protection Regulation (“GDPR”), the Austrian Data Protection Act (“DPA”) and the Austrian Telecommunications Act (“TKG”).

This privacy policy is intended to inform you in a precise, transparent, understandable and easily accessible form about how we process your personal data and to support data subjects in exercising their rights.

2. Data processed, purposes and legal basis

We process the following data for the purpose of initiating and fulfilling contracts relating to the medical products and services we offer:

  • General information and information by which you can be identified (e.g. first name, last name, gender, email and/or postal address, landline and/or mobile number, your specialisation if applicable);
  • Your function (e.g. title, position, name of the company you work for);
  • Records of appointments and their contents;
  • Data necessary for the performance of the contract (e.g. your order, your account details).

The data provided will be processed for the following purposes:

Contract initiation and performance: in order to be able to handle our obligations towards our contractual partners to our fullest satisfaction, we need the data (Art 6 para 1 lit b DSGVO).

Fulfilment of a legal obligation: Processing of the data may be necessary for the purpose of fulfilling various legal obligations resulting, for example, from the Federal Fiscal Code (BAO) or the Business Code (UGB) (Art 6 (1) (c) DSGVO).

We process the following data for business initiation and marketing measures:

  • General information and information by which you can be identified (e.g. name, gender, email and/or postal address, landline and/or mobile number, your specialisation if applicable);
  • Your function (e.g. title, position, name of the company you work for);
  • information about your responses and/or preferences in relation to our business relationship and the products and services we offer, including the specific types of communications, communication channels and frequency;
  • records of appointments and their content;
  • data you provide to us, for example, when you fill in forms, while you are participating in events or in a survey, or during a conversation.

The data provided will be processed for the following purposes:

Safeguarding legitimate interests: We process the data in order to adapt and personalise our advertising measures to your needs and to control our marketing and sales measures and to send you targeted information about our products and by post. The legal basis for this is our legitimate interests (Art 6 (1) f) DSGVO) in maintaining our business relationship with you and for information and marketing purposes.

Consent: If consent has been given for the processing of data, such as for the sending of direct marketing via electronic messages or for telephone calls for marketing purposes (§ 174 TKG), processing is carried out in accordance with the purposes set out in the declaration of consent and to the extent agreed therein (Art 6 para 1 lit a) DSGVO).

We collect the aforementioned data in part from yourself, from your employer, from publicly accessible sources (e.g. websites, Docfinder, social networks) or from third parties (such as address brokers).

3. Storage period

Storage period of personal data for contract initiation and contract execution: We store your personal data only as long as they are necessary for the fulfilment of our obligations towards you. The data necessary for the fulfilment of accounting obligations (§§ 190, 212 UGB) and tax law requirements (§ 132 BAO) are stored for seven years in any case. In addition, in individual cases, data will be stored for a longer period until the end of the business relationship or a legal dispute or until the expiry of the warranty and guarantee periods as well as the limitation periods in the event of the assertion of claims for damages.

Your personal data that is not related to a specific contractual relationship will be stored for a period of three years after your last interaction with us.

4. Transfer of your personal data

We transfer your personal data to the extent necessary to the following external service providers (processors) who assist us in providing our services. All our processors process your data only on our behalf and on the basis of our instructions so that we can provide you with our services. These are the following service providers:

  • IT service providers and/or providers of data hosting solutions or similar services; and
  • other service providers, tool providers and software solution providers who also assist us in providing our services and act on our behalf (including marketing tool providers, communication service providers).

We will also transfer your personal data to the following recipients (data controllers) to the extent necessary:

  • legal representatives in case of cause, courts as well as collection agencies and credit protection association (our legitimate interests).
  • Auditors, authorities, courts and other public bodies to the extent required by law (e.g. financial or data protection authorities).

Personal data will only be transferred to recipients in third countries outside the EEA area if an adequacy decision has been issued by the European Commission for these countries, we have provided suitable guarantees for the protection of personal data by concluding a legally binding document or you have explicitly given your consent iSd Art 49 (1) lit a DSGVO for individual cases.

5. Your data subject rights

You have the right to receive information in a clear, transparent and easily understandable way about how we process personal data and about your rights as a data subject (Art 12 ff GDPR):

You therefore have a right to information about the personal data we process about you. In addition, you have the right to have incorrect data corrected and your personal data deleted (right to be forgotten). Furthermore, you can revoke any consent you may have given at any time with effect for the future without giving reasons. You also have the right to restrict processing, to receive the data you have provided in a structured, common and machine-readable format (data portability) and the right of objection.

In order for us to be able to process your request regarding your above-mentioned rights, please send the request directly to us, e.g. by post or via E-mail:

Brainhero GmbH
Fuchsthallergasse 2/10
1090 Vienna


Tel: +43 (0) 1 997 42 94

You can contact our data protection officer Leopold Weninger at the following e-mail addresses: and

You also have the right to complain to the competent supervisory authority. In Austria, this is the Data Protection Authority, Barichgasse 40-42, 1030 Vienna.