The controller responsible for data processing on this website is:

SIFo GmbH
Bärenweg 11
6410 Telfs
Austria
VAT ID: ATU75541326

E-mail: office@sifo-medical.com 
Phone: +436707718313

For any privacy-related inquiries, please contact us at the email above.

Browsing Data

When you access our website, our servers automatically collect technical information required for the operation and security of the website. This includes in particular:

• IP address or domain name of the device used
• URI addresses (Uniform Resource Identifier) of requested resources
• Date and time of the request
• Method used to transmit the request
• Size of the file sent in response
• HTTP status code of the server response (e.g., success, error)
• Operating system, browser type, and version

These data are not collected for the purpose of identifying individual users but may, under certain circumstances, be linked to individuals.

Purpose: Technical operation, security, and stability of the website, compilation of anonymised usage statistics.
Legal basis: Legitimate interest (Article 6(1)(f) GDPR).
Retention period: Server log files are deleted after no more than 15 days.

Data Provided Voluntarily by the User

• Contact Form & E-Mail: When you contact us via the contact form or by e-mail, we process the data you provide (name, e-mail address, message content) to handle your enquiry. Legal basis: Contract fulfilment / pre-contractual measures (Article 6(1)(b) GDPR). Retention period: Enquiries via e-mail/contact form: 1 year after processing has been completed
• Newsletter: For the purpose of sending our newsletter, we process your e-mail address and, where provided, additional personal details such as your date of birth or profession. Subscription is via double opt-in, and you may withdraw your consent at any time. Legal basis: Consent (Article 6(1)(a) GDPR, e.g., for newsletters). Retention period: until consent is withdrawn.
• Online Shop (Digital Products): When you register and place orders, we process your name, e-mail address, billing and (where applicable) shipping address, as well as payment information for contract fulfilment and to comply with statutory retention obligations. Legal basis: Contract fulfilment / pre-contractual measures (Article 6(1)(b) GDPR), Legal obligation (Article 6(1)(c) GDPR. Retention period: Contract and order data: 7 years (statutory retention period)

Our website does not use any third-party cookies for analytics, tracking, or marketing purposes. Any technically necessary session cookies (e.g., for logging into the shop) are used solely to provide the website’s functionality and are automatically deleted at the end of the session.
Website usage analysis is carried out exclusively on our own servers without the use of cookies for this purpose.

We analyse website usage exclusively with analytics tools hosted on servers provided by Hetzner Online GmbH (Germany). No data are transmitted to third parties. The following data may be collected: pages visited, time of access, browser type/version, operating system, referrer URL, and truncated IP addresses. Analysis is performed exclusively in anonymised form.

Legal basis: Legitimate interest (Article 6(1)(f) GDPR) in optimising our website.
Retention period: 15 days.

We use the following external services, with data processing agreements in place in accordance with Article 28 GDPR:

• Mailchimp (newsletter distribution; USA) – data transfer based on Standard Contractual Clauses (SCCs) or participation in the EU-U.S. Data Privacy Framework
• Odoo (ERP/CRM, hosted in the EU)

Data transfers to third countries occur only under the conditions of Articles 44 et seq. GDPR.

For scheduling appointments, we use the service Calendly, provided by Calendly LLC, 271 17th St NW, Atlanta, GA 30363, USA.
When you book an appointment using the provided link, the data you enter (such as your name, e-mail address, and any additional details) will be transmitted to Calendly in order to arrange the appointment.

The legal basis for this processing is Article 6(1)(b) GDPR (performance of pre-contractual measures).
Data transfers to the USA are carried out on the basis of Standard Contractual Clauses in accordance with Article 46 GDPR and/or participation in the EU-U.S. Data Privacy Framework, where applicable.
Further information can be found in Calendly’s Privacy Policy: https://calendly.com/privacy.

You have the following rights regarding your personal data:

• Access (Art. 15 GDPR)
• Rectification (Art. 16 GDPR)
• Erasure ("Right to be forgotten") (Art. 17 GDPR)
• Restriction of processing (Art. 18 GDPR)
• Data portability (Art. 20 GDPR)
• Objection to processing (Art. 21 GDPR)
• Withdrawal of consent at any time (Art. 7(3) GDPR)

Requests should be sent by e-mail to office@sifo-medical.com or by post to the address above.

You also have the right to lodge a complaint with the Austrian Data Protection Authority:
Barichgasse 40–42, 1030 Vienna, Austria
Website: www.dsb.gv.at

We implement appropriate technical and organizational security measures to protect your data from unauthorized access, alteration, or disclosure – including encryption, role-based access control, and secure hosting environments.