DE EN

Privacy Policy

Data Controller

gsoond gmbh, Arndtweg 5, 4020 Linz, Austria. Contact for data protection matters: impressum@gsoond.com.

Purpose of Data Processing

We process personal data submitted through forms (e.g. contact and appointment requests) for the purpose of carrying out our business activities and fulfilling the related statutory and contractual requirements.

Server Logs (IP Address)

When you visit our website, information is automatically stored on the web server. This includes the browser used, the operating system used, the page from which you accessed our website, the IP address, the time of access, and other information. In our view, this data is pseudonymised and cannot be attributed to a specific person without additional data sources. We do not evaluate this data unless the website is used unlawfully.

Cookies

This website itself does not set its own analytics or marketing cookies. Cookies are small text files that are sent when you visit a website and are temporarily stored on the user's device. When the corresponding server is accessed again, the browser sends the previously received cookie back to the server. If embedded third-party content (see "External Services" below) sets its own cookies, you can prevent this through the corresponding settings in your internet browser (e.g. Chrome, Firefox, Safari).

External Services & Third-Party Providers

AI-supported features (SHE asks, protein/fibre calculator): When you ask a question or upload a photo/text for analysis, this information is transmitted to OpenAI, L.L.C. (USA) for processing. We do not permanently store your request with personal reference; processing takes place statelessly for each individual request.

External appointment booking: The "Book an appointment" button links to the external booking platform Latido (patient.latido.at). When making a booking, Latido's privacy policy applies; the data you enter there (e.g. name, contact details, requested appointment) is transmitted directly to Latido.

YouTube video embedding: Our "About us" page embeds a YouTube video. When this page is loaded, a connection is established to servers of YouTube/Google LLC (USA), through which your IP address is transmitted and cookies may be set. Further information: Google's privacy policy at policies.google.com/privacy.

Social media links: We link to our profiles on YouTube and Instagram and display preview images (thumbnails) of our public posts there. When these preview images are loaded, a connection is established to the servers of Google/YouTube or Meta (Instagram), through which your IP address is transmitted to these providers.

Contacting Us

If you contact us via a form on the website or by email, the data you provide will be stored by us for six months for the purpose of processing your request and in case of follow-up questions. We do not pass on this data without your consent.

Principles of Processing Personal Data

The processing of personal data is based on strict principles that regard the protection and security of the data, as well as the rights of the data subjects, as paramount.

Lawfulness and transparency: Data processing is carried out lawfully and in good faith. The data subject is informed at the time the data is collected about the intended processing and the handling of the data.

Purpose limitation: Data is collected and processed for specified, explicit and legitimate purposes. The data is not processed in a manner incompatible with these purposes.

Data minimisation: Only the data strictly necessary for the specified purposes is collected and processed. Where this is possible in order to achieve the purpose and the effort involved is reasonable, only anonymised data is processed.

Storage limitation and deletion: Personal data is deleted as soon as the purpose for which it was originally collected lapses and statutory retention periods do not prevent deletion. Where legitimate interests worthy of protection exist with regard to this data in an individual case, it will continue to be retained until such interest has been legally clarified.

Data security: Personal data is subject to data confidentiality. The data is treated confidentially and is protected by appropriate organisational and technical measures against unauthorised access, unlawful manipulation or disclosure, as well as against loss and destruction.

Factual accuracy: Personal data is kept accurate, complete and up to date. Appropriate measures are taken to correct outdated, incorrect or incomplete data.

Commitment to confidentiality: All our employees are contractually bound to confidentiality and are regularly instructed and trained on the secure handling of personal and other sensitive data.

Rights of Data Subjects

Every data subject whose personal data is processed by us may at any time invoke and exercise their own rights as a data subject. To exercise your rights as a data subject, you may contact us in writing at any time by email at impressum@gsoond.com.

Right of access: Data subjects may at any time request information about which personal data concerning them is being processed and for which purposes this processing is carried out.

Right to rectification: Data subjects have the right to demand the prompt correction of incorrect personal data concerning them.

Right to restriction: Data subjects have the right to restriction of processing where the accuracy of the data concerning them is contested, the processing is unlawful, the data is no longer needed for the processing, or the data subject has objected to the processing.

Right to object: Data subjects have the right to object at any time to the processing of personal data concerning them.

Right to data portability: Data subjects have the right to receive the personal data concerning them that they have provided to us in a structured, commonly used and machine-readable format. They also have the right to request that this data be transmitted to another controller, provided this is technically feasible. Portability applies only to personal data processed by automated means.

Erasure — right to be forgotten: The data subject has the right to demand the prompt deletion of personal data concerning them where the legal basis for processing the data is missing or no longer applies, where the data subject has objected to the processing, where the data processing is unlawful, and where no statutory retention periods prevent deletion. The exercise of data subject rights is only possible following unambiguous identification of the data subject. Data subjects also have the right to lodge a complaint with the data protection authority at any time.

Data Transfer

Personal data is transferred to recipients outside the company as well as to recipients in third countries only in accordance with applicable law and on a lawful basis, and with the highest regard for confidentiality and data security. We engage various data processors for certain processing activities (see "External Services" above). Where required, these processors are contractually bound to comply with applicable data protection provisions.