Privacy Policy
Transmission of medical information
Medical documents and reports may be shared, depending on the situation, by post, via secure online platforms, or by transport-encrypted email.
For particularly sensitive or extensive information, postal delivery or another secure method may be preferred.
Video
Video consultations at Moleküli are conducted via an encrypted video platform hosted in the European Union. Currently, this is Fairmeeting, which is based on Jitsi technology.
This platform is only used for the live consultation itself. No video or audio recordings are made unless this has been explicitly agreed in advance.
In order to establish the connection, the platform may process limited technical data, such as your IP address, browser/device information and access time.
Private room names and additional security features, such as passwords or waiting rooms, may be used to protect access to the consultation.
The platform does not use third-party advertising or tracking cookies. Any local storage that is technically necessary (for example, to remember settings or rooms that have been visited previously) remains on your own device and is not used by Moleküli for advertising or profiling purposes.
Hosting
This website is hosted in the EU via Cloud86.
Email communication is used where appropriate. Where possible, transport encryption is used. Please note that ordinary email may still involve some residual risk compared with postal mail or dedicated secure systems.
1. Controller
This website and the related medical services are operated by:
Dr Helena Magrath, MSc, PhD
Clinical Geneticist
Moleküli
1220 Wien, Ziegelhofstrasse 72/50
helena@molekuli.com
If you have any questions about this Privacy Policy or about the processing of your personal data, you can contact me at the email address above.
2. What data I process and why
a) When you visit the website
When you visit this website, the hosting provider may automatically process certain technical data, including:
- IP address
- date and time of access
- browser type and device information
- requested pages and files
- technical log data needed for secure operation
This is necessary to make the website available, to maintain technical security, and to detect misuse or malfunction.
Legal basis: Article 6(1)(f) GDPR (legitimate interest in operating a secure and functional website).
This website is hosted in the EU via Cloud86.
⸻
b) Cookies and local storage
This website does not use third-party advertising or tracking cookies.
Technically necessary cookies or local browser storage may be used where required for the functioning of the website or connected services. If you click through to an external booking service or another third-party platform, that provider may apply its own cookie and privacy settings.
Legal basis: Article 6(1)(f) GDPR (legitimate interest in providing a functional website).
⸻
c) When you contact Moleküli
If you contact Moleküli by email or via a contact form, I may process the information you provide, for example:
- name
- email address
- phone number (if provided)
- preferred language
- the content of your message
- any documents or reports you choose to send
This data is processed in order to respond to your enquiry, assess whether a consultation is appropriate, and communicate with you.
- Legal basis:
- Article 6(1)(b) GDPR (steps prior to entering into a contract)
- Article 6(1)(f) GDPR (legitimate interest in responding to enquiries)
- where health data is involved: Article 9(2)(h) GDPR (health care / medical diagnosis)
⸻
d) During a consultation
If you book a consultation, I process the personal and medical information needed to provide genetic counselling and clinical assessment. This may include:
- contact details
- date of birth
- family history
- medical history
- previous diagnoses
- laboratory reports
- genetic findings
- information relevant to reproductive planning or inherited risk
This data is used solely for medical assessment, counselling, documentation, and communication in connection with your care.
Legal basis:
- Article 6(1)(b) GDPR
- Article 9(2)(h) GDPR
⸻
e) Video consultations
Video consultations at Moleküli are conducted via an encrypted video platform hosted in the European Union (currently Fairmeeting, based on Jitsi technology).
The platform is used only for the live consultation itself. No video or audio recordings are made unless this has been explicitly agreed in advance.
To establish the connection, the platform may process limited technical data such as:
- IP address
- browser and device information
- time of access
- room access information needed for the consultation
Private room names and, where appropriate, additional security features such as passwords or a waiting room / lobby may be used to protect access to the consultation.
The platform does not use third-party advertising or tracking cookies. Any technically necessary local storage (for example, to remember settings or previously visited rooms) remains on your own device and is not used by Moleküli for advertising or profiling purposes.
Legal basis:
- Article 6(1)(b) GDPR
- Article 9(2)(h) GDPR
⸻
f) Genetic testing and partner laboratories
If genetic testing is organised through Moleküli, relevant personal and medical data may be shared with an external laboratory, currently Blueprint Genetics in Finland (EU).
This may include, where necessary:
- name or patient identifier
- date of birth
- contact information needed for kit delivery
- clinical indication / phenotype
- family history
- test-related sample information
Only the data required for the requested testing and reporting are shared.
Legal basis:
- Article 6(1)(b) GDPR
- Article 9(2)(h) GDPR
⸻
g) Booking and payments
Appointments may be booked via an external booking system (currently Setmore). Payment may be processed through PayPal or another payment provider integrated with the booking system.
In this context, the following data may be processed:
- name
- email address
- appointment type
- booking time
- payment status
- transaction-related information
Moleküli itself does not store your card details. Payment data is handled by the payment provider according to that provider’s own systems and privacy terms.
If you use external booking or payment pages, those providers may process your personal data under their own privacy notices and contractual safeguards.
Legal basis:
- Article 6(1)(b) GDPR
- Article 6(1)(f) GDPR
⸻
h) Email and document transmission
Medical documents and reports may be shared, depending on the situation:
- by post
- via secure online platforms
- or by transport-encrypted email where appropriate
For particularly sensitive or extensive information, postal delivery or another secure method may be preferred.
Please note that ordinary email, even where transport encryption is used, may still involve some residual risk compared with postal mail or dedicated secure systems.
Legal basis:
- Article 6(1)(b) GDPR
- Article 9(2)(h) GDPR
⸻
i) Audio recordings (only with explicit consent)
By default, no video or audio recordings of consultations are made at Moleküli.
In individual cases, an audio recording may be agreed in advance in order to support accurate documentation (for example, to prepare a detailed consultation letter). In such cases:
- the recording is stored only locally on my own encrypted computer
- it is not transferred to any third-party transcription or cloud service
- and it is deleted once the necessary notes and reports have been completed
Any recording will only be made with your explicit consent, and you may withdraw that consent for future recordings at any time.
Legal basis:
- Article 6(1)(a) GDPR (consent)
- Article 9(2)(a) GDPR (explicit consent for special category data)
3. Recipients of personal data
Your data may be shared only where necessary with:
- hosting providers
- the video consultation provider
- partner laboratories
- booking and payment providers
- tax / accounting support, where legally required
- legal advisers, where necessary to protect legal rights
- postal or courier services, where needed for test kit delivery or documents
I do not sell personal data, and I do not use your consultation data for advertising or profiling.
4. International transfers
Moleküli aims to use providers hosted in the EU wherever possible.
Where external service providers process limited data outside the EEA (for example certain booking or payment services), this will only take place in accordance with the safeguards provided for under the GDPR, such as appropriate contractual protections or the provider’s approved transfer mechanisms.
5. Data retention
Personal and medical data are stored only for as long as necessary for the relevant purpose and in accordance with applicable legal obligations.
In particular:
- medical records are retained for the period required under Austrian medical law
- tax and accounting records are retained for the period required under Austrian tax law
- technical log data is retained only as long as necessary for secure operation and troubleshooting
- agreed local audio recordings are deleted once the necessary notes and reports have been completed.
6. Your rights
Under the GDPR, you have the right to:
- access your personal data
- request correction of inaccurate data
- request deletion of data where legally possible
- request restriction of processing
- object to processing where applicable
- receive your data in a portable format where applicable
- withdraw consent at any time, where processing is based on consent
- lodge a complaint with a supervisory authority
If you wish to exercise any of these rights, please contact me at helena@molekuli.com.
7. Supervisory authority
If you believe that your data has been processed unlawfully, you may lodge a complaint with the competent data protection authority.
For Austria, this is generally:
Österreichische Datenschutzbehörde
Barichgasse 40-42
1030 Wien
Austria
https://dsb.gv.at/