Privacy Policy
Information on the Processing of Personal Data pursuant to Article 13 of Regulation (EU) 2016/679 (GDPR)
Last Update: September 2025
Preamble
Protecting your personal data is important to us.
This Privacy Policy explains how SIFo GmbH processes your personal data when you use our website, register an account, or make use of our services. This policy does not apply to external websites that you may access via links on our site.
By using our website (e.g., subscribing to the newsletter, completing the contact form, registering in the online shop), you acknowledge the information provided here and – where required – consent to the processing of your personal data. Consent is valid only if given by an adult or by a minor who is at least 16 years old (Article 8(1) and (2) GDPR). The terms used are not gender-specific.
Controller Information
The controller responsible for data processing on this website is:
SIFo GmbH
Bärenweg 11
6410 Telfs
Austria
VAT ID: ATU75541326
E-mail: office@sifo-medical.com
Phone: +436707718313
For any privacy-related inquiries, please contact us at the email above.
Categories of Personal Data
Browsing Data
When you access our website, our servers automatically collect technical information required for the operation and security of the website. This includes in particular:
- IP address or domain name of the device used
- URI addresses (Uniform Resource Identifier) of requested resources
- Date and time of the request
- Method used to transmit the request
- Size of the file sent in response
- HTTP status code of the server response (e.g., success, error)
- Operating system, browser type, and version
These data are not collected for the purpose of identifying individual users but may, under certain circumstances, be linked to individuals.
Purpose: Technical operation, security, and stability of the website, compilation of anonymised usage statistics.
Legal basis: Legitimate interest (Article 6(1)(f) GDPR).
Retention period: Server log files are deleted after no more than 14 days.
Data Provided Voluntarily by the User
- Contact Form & E-Mail: When you contact us via the contact form or by e-mail, we process the data you provide (name, e-mail address, message content) to handle your enquiry. Legal basis: Contract fulfilment / pre-contractual measures (Article 6(1)(b) GDPR). Retention period: Enquiries via e-mail/contact form: 1 year after processing has been completed
- Newsletter: For the purpose of sending our newsletter, we process your e-mail address and, where provided, additional personal details such as your date of birth or profession. Subscription is via double opt-in, and you may withdraw your consent at any time. Legal basis: Consent (Article 6(1)(a) GDPR, e.g., for newsletters). Retention period: until consent is withdrawn.
- Online Shop (Digital Products): When you register and place orders, we process your name, e-mail address, billing and (where applicable) shipping address, as well as payment information for contract fulfilment and to comply with statutory retention obligations. Legal basis: Contract fulfilment / pre-contractual measures (Article 6(1)(b) GDPR), Legal obligation (Article 6(1)(c) GDPR. Retention period: Contract and order data: 7 years (statutory retention period)
Cookies
Our website does not use any third-party cookies for analytics, tracking, or marketing purposes. We use the SalesViewer® technology based on legitimate interest (Art. 6 (1)(f) GDPR), which does not set cookies and works without storing personal identifiers on your device. Any technically necessary session cookies (e.g., for shop login) are used solely to provide website functionality and are automatically deleted at the end of the session. Website usage analysis is otherwise carried out exclusively on our own servers without the use of cookies.
Web Analytics (Self-Hosted on Hetzner Servers)
We analyse website usage exclusively with analytics tools hosted on servers provided by Hetzner Online GmbH (Germany). No data are transmitted to third parties. The following data may be collected: pages visited, time of access, browser type/version, operating system, referrer URL, and truncated IP addresses. Analysis is performed exclusively in anonymised form.
Legal basis: Legitimate interest (Article 6(1)(f) GDPR) in optimising our website.
Retention period: 14 days.
Third-Party Services and Data Transfers
We use the following external services, with data processing agreements in place in accordance with Article 28 GDPR:
-
Cloudflare, Cloudflare, Inc., 101 Townsend St., San Francisco, CA 94107, USA – Content Delivery Network & security services; data transfer based on participation in the EU-U.S. Data Privacy Framework. Privacy policy: https://www.cloudflare.com/privacypolicy/
-
Odoo, Rue du Laid Burniat 5, 1348 Louvain-la-Neuve, Belgium (ERP/CRM, hosted in the EU). For more information, see Odoo’s privacy policy: https://www.odoo.com/de_DE/gdpr
-
Mailchimp / Intuit Inc., 2700 Coast Avenue, Mountain View, CA 94043, USA (newsletter distribution; USA) – data transfer based on participation in the EU-U.S. Data Privacy Framework. Privacy policy: https://www.intuit.com/privacy/statement/
-
Stripe, Stripe Payments Europe Ltd., 1 Grand Canal Street Lower, Grand Canal Dock, Dublin 2, Ireland – payment processing; data processing within the EU and, if applicable, transfer to Stripe Inc., 354 Oyster Point Blvd, South San Francisco, CA 94080, USA. Data transfer based on the EU-U.S. Data Privacy Framework. Privacy policy: https://stripe.com/privacy
Data transfers to third countries occur only under the conditions of Articles 44 et seq. GDPR.
Use of SalesViewer® technology
This website uses SalesViewer® technology from SalesViewer® GmbH on the basis of the website operator’s legitimate interests (Section 6 paragraph 1 lit.f GDPR) in order to collect and save data on marketing, market research and optimisation purposes.
In order to do this, a javascript based code, which serves to capture company-related data and according website usage. The data captured using this technology are encrypted in a non-retrievable one-way function (so-called hashing). The data is immediately pseudonymised and is not used to identify website visitors personally.
The data stored by Salesviewer® will be deleted as soon as they are no longer required for their intended purpose and there are no legal obligations to retain them.
The data recording and storage can be repealed at any time with immediate effect for the future, by clicking on https://www.salesviewer.com/opt-out in order to prevent SalesViewer® from recording your data. In this case, an opt-out cookie for this website is saved on your device. If you delete the cookies in the browser, you will need to click on this link again.
Appointment Scheduling via Calendly
For scheduling appointments, we use the service Calendly, provided by Calendly LLC, 271 17th St NW, Atlanta, GA 30363, USA.
When you book an appointment using the provided link, the data you enter (such as your name, e-mail address, and any additional details) will be transmitted to Calendly in order to arrange the appointment.
The legal basis for this processing is Article 6(1)(b) GDPR (performance of pre-contractual measures).
Data transfers to the USA are carried out on the basis of Standard Contractual Clauses in accordance with Article 46 GDPR and/or participation in the EU-U.S. Data Privacy Framework, where applicable.
Further information can be found in Calendly’s Privacy Policy: https://calendly.com/privacy.
Your Rights under the GDPR
You have the following rights regarding your personal data:
- Access (Art. 15 GDPR)
- Rectification (Art. 16 GDPR)
- Erasure ("Right to be forgotten") (Art. 17 GDPR)
- Restriction of processing (Art. 18 GDPR)
- Data portability (Art. 20 GDPR)
- Objection to processing (Art. 21 GDPR)
- Withdrawal of consent at any time (Art. 7(3) GDPR)
Requests should be sent by e-mail to office@sifo-medical.com or by post to the address above.
You also have the right to lodge a complaint with the Austrian Data Protection Authority:
Barichgasse 40–42, 1030 Vienna, Austria
Website: www.dsb.gv.at
Changes to this Privacy Policy
We reserve the right to update this privacy policy to reflect changes in our data processing activities. The current version is always available at www.sifo-medical.com/en/privacy-policy.