Privacy Policy

The controller responsible for data processing on this website is:

SIFo GmbH
Bärenweg 11
6410 Telfs
Austria
VAT ID: ATU75541326

E-mail: office@sifo-medical.com 
Phone: +43 512 411027

For any privacy-related inquiries, please contact us at the email above.

3.1 Browsing Data (Technically Necessary Data)

When you access our website, our servers automatically collect technical information required for the operation and security of the website. This includes in particular:

• IP address or domain name of the device used
• URI addresses (Uniform Resource Identifier) of requested resources
• Date and time of the request
• Method used to transmit the request
• Size of the file sent in response
• HTTP status code of the server response (e.g., success, error)
• Operating system, browser type, and version

These data are not collected to identify individual users but may, under certain circumstances, be linked to a person. Purpose: Technical operation, security, and stability of the website; creation of anonymized usage statistics. Legal basis: Legitimate interest (Art. 6 (1)(f) GDPR). Retention period: Server log files are deleted after no more than 14 days.

3.2 Data Provided Voluntarily by the User

• Contact Form & E-Mail: When you contact us via the contact form or by E-Mail, we process the data you provide (name, E-Mail address, message content) in order to handle your inquiry. Legal basis: Performance of a contract / pre-contractual measures (Art. 6 (1)(b) GDPR). Retention period: 1 year after completion of the inquiry.
• Newsletter: We process your E-Mail address for the purpose of sending our newsletter. You have the option of voluntarily providing additional data (first name, last name, telephone number, company, position in the company, country, and topics that are of particular interest to you). Registration is carried out using the double opt-in procedure. Consent can be withdrawn at any time. Legal basis: Consent (Art. 6 (1)(a) GDPR). Retention period: Until consent is withdrawn.
• Online Shop (Digital Products): When registering and placing an order, we process your name, E-Mail address, billing and, if applicable, delivery address as well as payment information to fulfill the contract and comply with statutory retention obligations. Legal basis: Contract fulfilment / pre-contractual measures (Article 6(1)(b) GDPR), Legal obligation (Article 6(1)(c) GDPR. Retention period: Contract and order data: 7 years (statutory retention period)

3.3 Marketing, Tracking, and Web Analytics Data

We use - exclusively based on your consent provided via the consent banner - tools for analyzing user behavior, measuring reach, and conversion tracking. These currently include:

• Google Analytics 4 & Google Ads (Google Ireland Ltd., Ireland / Google LLC, USA) – user behavior analysis, conversion tracking, remarketing. Processed data: shortened IP addresses, cookie IDs, device and browser information, interactions on our website, and, where applicable, hashed E-Mail addresses. Legal basis: Your consent (Art. 6(1)(a) GDPR). Transfer mechanism: EU-U.S. Data Privacy Framework or Standard Contractual Clauses. Retention period: According to the provider’s specifications or until you withdraw your consent. Withdrawal: You may withdraw your consent at any time via the “Cookie Settings” link in the footer of our website.
• SalesViewer® (SalesViewer® GmbH, Germany) – analysis of user interactions to identify and evaluate company visits to our website. Use of SalesViewer® Technology: This website uses SalesViewer® technology from SalesViewer® GmbH on the basis of the website operator’s legitimate interests (Section 6 paragraph 1 lit.f GDPR) in order to collect and save data on marketing, market research and optimisation purposes. In order to do this, a javascript based code, which serves to capture company-related data and according website usage. The data captured using this technology are encrypted in a non-retrievable one-way function (so-called hashing). The data is immediately pseudonymised and is not used to identify website visitors personally. The data stored by Salesviewer® will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them. The data recording and storage can be repealed at any time with immediate effect for the future, by clicking on https://www.salesviewer.com/opt-out in order to prevent SalesViewer® from recording your data. In this case, an opt-out cookie for this website is saved on your device. If you delete the cookies in the browser, you will need to click on this link again.
• LinkedIn Insight Tag: We use the “LinkedIn Insight Tag” on our website, a service provided by LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland. The Insight Tag helps us analyze how visitors interact with our website after clicking on a LinkedIn advertisement (“conversion tracking”). It also enables us to build audiences for LinkedIn advertising campaigns (“retargeting”) and to optimize the performance of our ads. The Insight Tag processes the following data, among others: IP address (shortened or hashed), Device and browser information, URL, referrer URL, timestamp, Interactions on our website (e.g., page views, clicks, form submissions), LinkedIn cookie ID (if present). Processing takes place solely based on your consent pursuant to Art. 6(1)(a) GDPR and applicable ePrivacy requirements. Without your explicit consent, the Insight Tag is not activated. LinkedIn may transfer personal data to the United States. Such transfers are based on Standard Contractual Clauses (SCCs) under Art. 46 GDPR to ensure an adequate level of data protection. Data collected via the Insight Tag is typically deleted or anonymised after 180 days. Further information on LinkedIn’s data processing can be found at: https://www.linkedin.com/legal/privacy-policy – You may opt out of LinkedIn advertising cookies at any time using: https://www.linkedin.com/psettings/guest-controls/retargeting-opt-out

4.1 Essential Service Providers (always required)

We use the following external services, with data processing agreements in place in accordance with Article 28 GDPR:

• Hetzner Online GmbH, Industriestr. 25, 91710 Gunzenhausen, Germany (server provider, hosted in the EU). For more information, see Hetzner’s privacy policy: https://docs.hetzner.com/de/general/general-terms-and-conditions/data-privacy-faq/

• Matomo, InnoCraft Ltd., 150 Willis Street, 6011 Wellington, New Zealand (web analytics; EU hosting via Hetzner, Germany) – Used to analyze user behavior on our website to optimize content, structure, and usability. IP addresses are stored in an anonymized form, preventing any direct personal identification. All data is processed exclusively on servers located within the European Union. Data processing is based on Art. 6 (1) (f) GDPR (legitimate interest). If consent is provided via the cookie banner, processing is carried out under Art. 6 (1) (a) GDPR. For more information, please refer to Matomo’s Privacy Policy: https://matomo.org/privacy-policy/

• Cloudflare, Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA – Content Delivery Network & security services; data transfer based on participation in the EU-U.S. Data Privacy Framework. Privacy policy: https://www.cloudflare.com/privacypolicy/
• Odoo, Rue du Laid Burniat 5, 1348 Louvain-la-Neuve, Belgium (ERP/CRM, hosting & backups in the EU). We use the ERP/CRM platform Odoo S.A. (Belgium). Your data is stored, secured, and processed in EU data centers. Odoo keeps at least three redundant backups in geographically separated data centers. For existing customers, the full transition to EU-only backups will be completed by the end of Q2 2026; until then, one backup copy may still be stored in Canada (with adequate protection under the EU-U.S. Data Privacy Framework). Further information can be found in Odoo’s privacy policy: https://www.odoo.com/de_DE/gdpr.
• Stripe, Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin 2, Ireland – payment processing; data processing within the EU and, if applicable, transfer to Stripe Inc., 354 Oyster Point Blvd, South San Francisco, CA 94080, USA. Data transfer based on the EU-U.S. Data Privacy Framework. Privacy policy: https://stripe.com/privacy

4.2 Marketing and Tracking Services (only with consent)

We use the following analytics and marketing services solely on the basis of your consent (Art. 6(1)(a) GDPR):

• Google Ireland Ltd.,Gordon House, Barrow Street, Dublin 4, Ireland / Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043, USA(web analytics, conversion tracking, remarketing). Data transfers are based on the EU-U.S. Data Privacy Framework or Standard Contractual Clauses. Further information can be found in Google’s privacy policy: https://policies.google.com/privacy
• SalesViewer® GmbH,  Huestraße 30, 44787 Bochum, Germany (web analytics/tracking for the identification of company visits; data processing within the EU). Further information can be found in the SalesViewer privacy policy: https://www.salesviewer.com/en/privacy
• Mailchimp / Intuit Inc., 2700 Coast Avenue, Mountain View, CA 94043, USA (newsletter distribution; USA) – data transfer based on participation in the EU-U.S. Data Privacy Framework. Privacy policy: https://www.intuit.com/privacy/statement/
• WebinarJam, Genesis Digital LLC, 7660 Fay Avenue, #H184, La Jolla, CA 92037, USA (webinar platform; USA) Processing of registration data and facilitation of webinars. Data transfer based on the EU Standard Contractual Clauses pursuant to Art. 46 GDPR. For more information, please refer to the WebinarJam Privacy Policy: https://home.webinarjam.com/privacy/
• SendGrid, Twilio Inc., 101 Spear Street, Suite 500, San Francisco, CA 94105, USA (email delivery; USA) Used for sending transactional emails such as webinar confirmations and reminders. Data transfer based on participation in the EU-U.S. Data Privacy Framework and the EU Standard Contractual Clauses pursuant to Art. 46 GDPR. For more information, please refer to the Twilio Privacy Policy: https://www.twilio.com/legal/privacy

4.3 General Notes on Third-Country Transfers

Data transfers to countries outside the EU/EEA are carried out only under the conditions of Articles 44 et seq. GDPR.

For scheduling appointments, we use the service Calendly, provided by Calendly LLC, 271 17th St NW, Atlanta, GA 30363, USA. When you book an appointment using the provided link, the data you enter (such as your name, e-mail address, and any additional details) will be transmitted to Calendly in order to arrange the appointment. The legal basis for this processing is Article 6(1)(b) GDPR (performance of pre-contractual measures). Data transfers to the USA are carried out on the basis of Standard Contractual Clauses in accordance with Article 46 GDPR and/or participation in the EU-U.S. Data Privacy Framework, where applicable. Further information can be found in Calendly’s Privacy Policy: https://calendly.com/privacy.

You have the following rights regarding your personal data:

• Access (Art. 15 GDPR)
• Rectification (Art. 16 GDPR)
• Erasure ("Right to be forgotten") (Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Objection to processing (Art. 21 GDPR)
• Withdrawal of consent at any time (Art. 7(3) GDPR)

Requests should be sent by e-mail to office@sifo-medical.com or by post to the address above.

You also have the right to lodge a complaint with the Austrian Data Protection Authority: Barichgasse 40–42, 1030 Vienna, Austria
Website: www.dsb.gv.at

We implement appropriate technical and organizational security measures to protect your data from unauthorized access, alteration, or disclosure – including encryption, role-based access control, and secure hosting environments.