Privacy Policy

The controller responsible for data processing on this website is:

SIFo GmbH
Bärenweg 11
6410 Telfs
Austria
VAT ID: ATU75541326

E-mail: office@sifo-medical.com 
Phone: +436707718313

For any privacy-related inquiries, please contact us at the email above.

3.1 Browsing Data (Technically Necessary Data)

When you access our website, our servers automatically collect technical information required for the operation and security of the website. This includes in particular:

• IP address or domain name of the device used
• URI addresses (Uniform Resource Identifier) of requested resources
• Date and time of the request
• Method used to transmit the request
• Size of the file sent in response
• HTTP status code of the server response (e.g., success, error)
• Operating system, browser type, and version

These data are not collected for the purpose of identifying individual users but may, under certain circumstances, be linked to individuals.

Purpose: Technical operation, security, and stability of the website, compilation of anonymised usage statistics.
Legal basis: Legitimate interest (Article 6(1)(f) GDPR).
Retention period: Server log files are deleted after no more than 14 days.

3.2 Data Provided Voluntarily by the User

• Contact Form & E-Mail: When you contact us via the contact form or by e-mail, we process the data you provide (name, e-mail address, message content) to handle your enquiry. Legal basis: Contract fulfilment / pre-contractual measures (Article 6(1)(b) GDPR). Retention period: Enquiries via e-mail/contact form: 1 year after processing has been completed
• Newsletter: For the purpose of sending our newsletter, we process your e-mail address and, where provided, additional personal details such as your date of birth or profession. Subscription is via double opt-in, and you may withdraw your consent at any time. Legal basis: Consent (Article 6(1)(a) GDPR, e.g., for newsletters). Retention period: until consent is withdrawn.
• Online Shop (Digital Products): When you register and place orders, we process your name, e-mail address, billing and (where applicable) shipping address, as well as payment information for contract fulfilment and to comply with statutory retention obligations. Legal basis: Contract fulfilment / pre-contractual measures (Article 6(1)(b) GDPR), Legal obligation (Article 6(1)(c) GDPR. Retention period: Contract and order data: 7 years (statutory retention period)

3.3 Marketing, Tracking, and Web Analytics Data

We use - exclusively based on your consent provided via the consent banner - tools for analyzing user behavior, measuring reach, and conversion tracking. These currently include:

• Google Analytics 4 & Google Ads (Google Ireland Ltd., Ireland / Google LLC, USA) – user behavior analysis, conversion tracking, remarketing. Processed data: shortened IP addresses, cookie IDs, device and browser information, interactions on our website, and, where applicable, hashed email addresses. Legal basis: Your consent (Art. 6(1)(a) GDPR). Transfer mechanism: EU-U.S. Data Privacy Framework or Standard Contractual Clauses. Retention period: According to the provider’s specifications or until you withdraw your consent. Withdrawal: You may withdraw your consent at any time via the “Cookie Settings” link in the footer of our website.

• SalesViewer® (SalesViewer® GmbH, Germany) – analysis of user interactions to identify and evaluate company visits to our website. Use of SalesViewer® Technology: This website uses SalesViewer® technology from SalesViewer® GmbH on the basis of the website operator’s legitimate interests (Section 6 paragraph 1 lit.f GDPR) in order to collect and save data on marketing, market research and optimisation purposes. In order to do this, a javascript based code, which serves to capture company-related data and according website usage. The data captured using this technology are encrypted in a non-retrievable one-way function (so-called hashing). The data is immediately pseudonymised and is not used to identify website visitors personally. The data stored by Salesviewer® will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them. The data recording and storage can be repealed at any time with immediate effect for the future, by clicking on https://www.salesviewer.com/opt-out in order to prevent SalesViewer® from recording your data. In this case, an opt-out cookie for this website is saved on your device. If you delete the cookies in the browser, you will need to click on this link again.

4.1 Essential Service Providers (always required)

We use the following external services, with data processing agreements in place in accordance with Article 28 GDPR:

• Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany (server provider, hosted in the EU). For more information, see Hetzner’s privacy policy: https://docs.hetzner.com/de/general/general-terms-and-conditions/data-privacy-faq/

• Matomo, InnoCraft Ltd., 150 Willis Street, 6011 Wellington, New Zealand (web analytics; EU hosting via Hetzner, Germany) – Used to analyze user behavior on our website to optimize content, structure, and usability. IP addresses are stored in an anonymized form, preventing any direct personal identification. All data is processed exclusively on servers located within the European Union.
  Data processing is based on Art. 6 (1) (f) GDPR (legitimate interest). If consent is provided via the cookie banner, processing is carried out under Art. 6 (1) (a) GDPR. For more information, please refer to Matomo’s Privacy Policy: https://matomo.org/privacy-policy/

• Cloudflare, Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA – Content Delivery Network & security services; data transfer based on participation in the EU-U.S. Data Privacy Framework. Privacy policy: https://www.cloudflare.com/privacypolicy/
• Odoo, Rue du Laid Burniat 5, 1348 Louvain-la-Neuve, Belgium (ERP/CRM, hosting & backups in the EU). We use the ERP/CRM platform Odoo S.A. (Belgium). Your data is stored, secured, and processed in EU data centers. Odoo keeps at least three redundant backups in geographically separated data centers. For existing customers, the full transition to EU-only backups will be completed by the end of Q2 2026; until then, one backup copy may still be stored in Canada (with adequate protection under the EU-U.S. Data Privacy Framework). Further information can be found in Odoo’s privacy policy: https://www.odoo.com/de_DE/gdpr.
• Stripe, Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin 2, Ireland – payment processing; data processing within the EU and, if applicable, transfer to Stripe Inc., 354 Oyster Point Blvd, South San Francisco, CA 94080, USA. Data transfer based on the EU-U.S. Data Privacy Framework. Privacy policy: https://stripe.com/privacy

4.2 Marketing and Tracking Services (only with consent)

We use the following analytics and marketing services solely on the basis of your consent (Art. 6(1)(a) GDPR):

• Google Ireland Ltd.,Gordon House, Barrow Street, Dublin 4, Ireland / Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA(web analytics, conversion tracking, remarketing). Data transfers are based on the EU-U.S. Data Privacy Framework or Standard Contractual Clauses. Further information can be found in Google’s privacy policy: https://policies.google.com/privacy
• SalesViewer® GmbH,  Huestraße 30, 44787 Bochum, Germany (web analytics/tracking for the identification of company visits; data processing within the EU). Further information can be found in the SalesViewer privacy policy: https://www.salesviewer.com/en/privacy
• Mailchimp / Intuit Inc., 2700 Coast Avenue, Mountain View, CA 94043, USA (newsletter distribution; USA) – data transfer based on participation in the EU-U.S. Data Privacy Framework. Privacy policy: https://www.intuit.com/privacy/statement/
• WebinarJam, Genesis Digital LLC, 7660 Fay Avenue, #H184, La Jolla, CA 92037, USA (webinar platform; USA) Processing of registration data and facilitation of webinars. Data transfer based on the EU Standard Contractual Clauses pursuant to Art. 46 GDPR. For more information, please refer to the WebinarJam Privacy Policy: https://home.webinarjam.com/privacy/
• SendGrid, Twilio Inc., 101 Spear Street, Suite 500, San Francisco, CA 94105, USA (email delivery; USA) Used for sending transactional emails such as webinar confirmations and reminders. Data transfer based on participation in the EU-U.S. Data Privacy Framework and the EU Standard Contractual Clauses pursuant to Art. 46 GDPR. For more information, please refer to the Twilio Privacy Policy: https://www.twilio.com/legal/privacy

4.3 General Notes on Third-Country Transfers

Data transfers to countries outside the EU/EEA are carried out only under the conditions of Articles 44 et seq. GDPR.

For scheduling appointments, we use the service Calendly, provided by Calendly LLC, 271 17th St NW, Atlanta, GA 30363, USA.
When you book an appointment using the provided link, the data you enter (such as your name, e-mail address, and any additional details) will be transmitted to Calendly in order to arrange the appointment.

The legal basis for this processing is Article 6(1)(b) GDPR (performance of pre-contractual measures).
Data transfers to the USA are carried out on the basis of Standard Contractual Clauses in accordance with Article 46 GDPR and/or participation in the EU-U.S. Data Privacy Framework, where applicable.

Further information can be found in Calendly’s Privacy Policy: https://calendly.com/privacy.

You have the following rights regarding your personal data:

• Access (Art. 15 GDPR)
• Rectification (Art. 16 GDPR)
• Erasure ("Right to be forgotten") (Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Objection to processing (Art. 21 GDPR)
• Withdrawal of consent at any time (Art. 7(3) GDPR)

Requests should be sent by e-mail to office@sifo-medical.com or by post to the address above.

You also have the right to lodge a complaint with the Austrian Data Protection Authority:
Barichgasse 40–42, 1030 Vienna, Austria
Website: www.dsb.gv.at

We implement appropriate technical and organizational security measures to protect your data from unauthorized access, alteration, or disclosure – including encryption, role-based access control, and secure hosting environments.