Privacy Policy

The controller responsible for data processing on this website is:

SIFo GmbH
Bärenweg 11
6410 Telfs
Austria
VAT ID: ATU75541326

E-mail: office@sifo-medical.com 
Phone: +436707718313

For any privacy-related inquiries, please contact us at the email above.

Browsing Data

When you access our website, our servers automatically collect technical information required for the operation and security of the website. This includes in particular:

• IP address or domain name of the device used
• URI addresses (Uniform Resource Identifier) of requested resources
• Date and time of the request
• Method used to transmit the request
• Size of the file sent in response
• HTTP status code of the server response (e.g., success, error)
• Operating system, browser type, and version

These data are not collected for the purpose of identifying individual users but may, under certain circumstances, be linked to individuals.

Purpose: Technical operation, security, and stability of the website, compilation of anonymised usage statistics.
Legal basis: Legitimate interest (Article 6(1)(f) GDPR).
Retention period: Server log files are deleted after no more than 14 days.

Data Provided Voluntarily by the User

• Contact Form & E-Mail: When you contact us via the contact form or by e-mail, we process the data you provide (name, e-mail address, message content) to handle your enquiry. Legal basis: Contract fulfilment / pre-contractual measures (Article 6(1)(b) GDPR). Retention period: Enquiries via e-mail/contact form: 1 year after processing has been completed
• Newsletter: For the purpose of sending our newsletter, we process your e-mail address and, where provided, additional personal details such as your date of birth or profession. Subscription is via double opt-in, and you may withdraw your consent at any time. Legal basis: Consent (Article 6(1)(a) GDPR, e.g., for newsletters). Retention period: until consent is withdrawn.
• Online Shop (Digital Products): When you register and place orders, we process your name, e-mail address, billing and (where applicable) shipping address, as well as payment information for contract fulfilment and to comply with statutory retention obligations. Legal basis: Contract fulfilment / pre-contractual measures (Article 6(1)(b) GDPR), Legal obligation (Article 6(1)(c) GDPR. Retention period: Contract and order data: 7 years (statutory retention period)

Our website does not use any third-party cookies for analytics, tracking, or marketing purposes. We use the SalesViewer® technology based on legitimate interest (Art. 6 (1)(f) GDPR), which does not set cookies and works without storing personal identifiers on your device. Any technically necessary session cookies (e.g., for shop login) are used solely to provide website functionality and are automatically deleted at the end of the session. Website usage analysis is otherwise carried out exclusively on our own servers without the use of cookies.

We analyse website usage exclusively with analytics tools hosted on servers provided by Hetzner Online GmbH (Germany). No data are transmitted to third parties. The following data may be collected: pages visited, time of access, browser type/version, operating system, referrer URL, and truncated IP addresses. Analysis is performed exclusively in anonymised form.

Legal basis: Legitimate interest (Article 6(1)(f) GDPR) in optimising our website.
Retention period: 14 days.

We use the following external services, with data processing agreements in place in accordance with Article 28 GDPR:

• Cloudflare, Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA – Content Delivery Network & security services; data transfer based on participation in the EU-U.S. Data Privacy Framework. Privacy policy: https://www.cloudflare.com/privacypolicy/

• Odoo, Rue du Laid Burniat 5, 1348 Louvain-la-Neuve, Belgium (ERP/CRM, hosted in the EU). For more information, see Odoo’s privacy policy: https://www.odoo.com/de_DE/gdpr

• Mailchimp / Intuit Inc., 2700 Coast Avenue, Mountain View, CA 94043, USA (newsletter distribution; USA) – data transfer based on participation in the EU-U.S. Data Privacy Framework. Privacy policy: https://www.intuit.com/privacy/statement/

• Stripe, Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin 2, Ireland – payment processing; data processing within the EU and, if applicable, transfer to Stripe Inc., 354 Oyster Point Blvd, South San Francisco, CA 94080, USA. Data transfer based on the EU-U.S. Data Privacy Framework. Privacy policy: https://stripe.com/privacy

Data transfers to third countries occur only under the conditions of Articles 44 et seq. GDPR.

This website uses SalesViewer® technology from SalesViewer® GmbH on the basis of the website operator’s legitimate interests (Section 6 paragraph 1 lit.f GDPR) in order to collect and save data on marketing, market research and optimisation purposes.

In order to do this, a javascript based code, which serves to capture company-related data and according website usage. The data captured using this technology are encrypted in a non-retrievable one-way function (so-called hashing). The data is immediately pseudonymised and is not used to identify website visitors personally.

The data stored by Salesviewer® will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them.

The data recording and storage can be repealed at any time with immediate effect for the future, by clicking on https://www.salesviewer.com/opt-out in order to prevent SalesViewer® from recording your data. In this case, an opt-out cookie for this website is saved on your device. If you delete the cookies in the browser, you will need to click on this link again.

For scheduling appointments, we use the service Calendly, provided by Calendly LLC, 271 17th St NW, Atlanta, GA 30363, USA.
When you book an appointment using the provided link, the data you enter (such as your name, e-mail address, and any additional details) will be transmitted to Calendly in order to arrange the appointment.

The legal basis for this processing is Article 6(1)(b) GDPR (performance of pre-contractual measures).
Data transfers to the USA are carried out on the basis of Standard Contractual Clauses in accordance with Article 46 GDPR and/or participation in the EU-U.S. Data Privacy Framework, where applicable.

Further information can be found in Calendly’s Privacy Policy: https://calendly.com/privacy.

You have the following rights regarding your personal data:

• Access (Art. 15 GDPR)
• Rectification (Art. 16 GDPR)
• Erasure ("Right to be forgotten") (Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Objection to processing (Art. 21 GDPR)
• Withdrawal of consent at any time (Art. 7(3) GDPR)

Requests should be sent by e-mail to office@sifo-medical.com or by post to the address above.

You also have the right to lodge a complaint with the Austrian Data Protection Authority:
Barichgasse 40–42, 1030 Vienna, Austria
Website: www.dsb.gv.at

We implement appropriate technical and organizational security measures to protect your data from unauthorized access, alteration, or disclosure – including encryption, role-based access control, and secure hosting environments.