Data Protection Regulation
Privacy Policy – SteadyTemp Website and Shop
1. Introduction
This Privacy Policy describes how SteadySense GmbH (“SteadySense”, “we”, “us”) processes personal data when you visit our website https://www.steadytemp.health or make a purchase via our online shop at https://shop.steadytemp.health (“Shop”).
This policy applies only to website and shop interactions — not to our SteadyTemp Apps (SteadyTemp App or SteadyTemp Professional App). For information on the SteadyTemp Apps, please see the respective App Privacy Policies.
2. Controller and Contact
SteadySense GmbH
Johann-Schreiner-Strasse 3,
8074 Raaba-Grambach, Austria
Tel: +43 316 232004
E-Mail: gdpr@steadysense.at
Website: https://www.steadysense.at
3. Categories of Data Processed
| Data type | What we process | How we get it |
|---|---|---|
| Access data | IP address, browser type/version, operating system, referring URL, time of access | Collected automatically when you use the site |
| Order data | Full name, billing/shipping address, phone number, email address | Entered by you during checkout |
| Payment data | Payment method, transaction ID, payment status | Processed by SumUp Limited (our payment provider) |
| Support / contact data | Information you submit via email or contact form | Provided voluntarily by you |
| Cookies & analytics data | Device information, session data, consent preferences | Collected automatically via SumUp and cookie tools |
When you use our website or shop, we may process:
| Data Type | Description | Source |
|---|---|---|
| Access Data | IP address, browser type/version, operating system, referring URL, time of access | Automatically collected |
| Order Data | Full name, billing/shipping address, phone number, email address | Entered by you during checkout |
| Payment Data | Payment method, transaction ID, status | Processed by SumUp Limited, our payment provider |
| Support or Contact Data | Information you submit via email or contact form | Provided voluntarily |
| Cookies and Analytics Data | Device information, session data, consent preferences | Collected automatically via SumUp and cookie tools |
We do not require registration or creation of a customer account to complete purchases.
4. Purpose and Legal Basis
| Purpose | Legal Basis | Explanation |
|---|---|---|
| Processing orders and delivering products | Art. 6(1)(b) GDPR | Necessary for performance of the purchase contract |
| Communicating order status, invoices, and shipping updates | Art. 6(1)(b) GDPR | Contractual necessity |
| Payment processing via SumUp | Art. 6(1)(b) GDPR | Contract performance; see also SumUp’s Privacy Policy |
| Providing customer service or responding to requests | Art. 6(1)(b) and/or (f) GDPR | Legitimate interest in user communication |
| Website security and functionality | Art. 6(1)(f) GDPR | Legitimate interest in safe operations |
| Fulfilling legal obligations (e.g., tax, accounting) | Art. 6(1)(c) GDPR | Legal requirement under Austrian tax law |
| Cookie-based analytics and performance tracking | Art. 6(1)(a) GDPR | Consent via cookie banner |
5. Payment Processing (SumUp)
All online payments are processed securely by SumUp Limited, 16–20 Shorts Gardens, London WC2H 9US, United Kingdom. SumUp acts as an independent controller for payment transactions.
During checkout, necessary payment details (method, amount, transaction reference) are transmitted to SumUp over encrypted HTTPS connections. We do not receive or store your full credit card or bank information.
For more details see: https://www.sumup.com/en-gb/privacy/
6. Cookies and Tracking Technologies
6.1 Overview
Cookies are small text files placed on your device. We use them to ensure our website and shop function properly, to improve usability, and—if you consent—to analyze aggregated visitor behavior.
6.2 Types of Cookies Used
| Category | Purpose | Examples | Legal Basis | Retention |
|---|---|---|---|---|
| Essential Cookies | Required for website and checkout operation (cart, payment flow, cookie preferences) | _sumup_session, session_id, cookie_consent_status | Art. 6(1)(b) | Session / until browser closed |
| Functional Cookies | Remember preferences such as language or region | locale_pref | Art. 6(1)(a) | Up to 6 months |
| Analytics Cookies | Measure site traffic and improve performance (anonymized) | _ga, _gid, _gat | Art. 6(1)(a) | 13 months (max) |
| Marketing Cookies | Only used if SumUp or Google Ads remarketing is enabled | _gcl_au | Art. 6(1)(a) | 13 months (max) |
6.3 Cookie Consent and Withdrawal
When you first visit the site, a cookie banner appears. You can:
- Accept all cookies
- Reject non-essential cookies
- Choose specific categories
Your consent choices are stored locally and can be changed anytime under “Cookie Settings” in the footer.
6.4 Third-Party Cookies and Analytics
Google Analytics (IP Anonymization Enabled)
Used to generate anonymized statistics on site usage. Google Ireland Ltd. processes this data on our behalf. Your IP address is truncated before processing. Consent: Art. 6(1)(a) GDPR. Opt-out anytime via cookie settings. Privacy info: https://policies.google.com/privacy
Firebase Analytics (optional)
We may use Firebase to monitor basic site performance (page views, load times). Data are aggregated and pseudonymized. Consent: Art. 6(1)(a) GDPR. Privacy info: https://firebase.google.com/support/privacy
6.5 Managing Cookies Manually
You can also delete or block cookies via your browser settings. However, this may prevent parts of the shop (e.g. checkout or payment) from working correctly.
7. Data Recipients
| Category | Recipient | Purpose |
|---|---|---|
| Payment Processing | SumUp Limited (UK) | Secure transaction processing |
| Web Hosting | [Insert hosting provider name, e.g. Netlify, AWS, or provider used by SumUp] | Hosting of website and shop |
| Shipping Providers | Austrian Post / DHL / UPS (as applicable) | Delivery of ordered products |
| Accounting Services | Authorized external accountant | Financial record-keeping |
| Analytics | SumUp (Performance Cookies) | Site usage analysis (anonymous) |
All partners are bound by contractual agreements under Art. 28 GDPR.
8. Data Retention and Storage Periods
We store personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, or as required by law. Once the retention period expires, the data are deleted or anonymized in accordance with data-minimization and storage-limitation principles (Art. 5(1)(c),(e) GDPR).
| Data Type | Purpose of Storage | Retention / Storage Period | Deletion Procedure |
|---|---|---|---|
| Order & Invoice Data | Fulfillment of contract, warranty, tax and accounting documentation | 7 years under Austrian Commercial and Tax Law (§ 132 BAO, § 212 UGB) | Automatic deletion or archiving after legal period |
| Payment Data | Transaction reference for refunds / audits | 7 years | Automatic deletion or archiving after legal period |
| Shipping Data | Product delivery and potential returns | 7 years | Erased together with order record |
| Customer Correspondence / Support Inquiries | Responding to questions, ensuring service quality | Up to 24 months after resolution | Manual deletion or automatic purge |
| Marketing / Newsletter Data | Sending newsletters or promotions | Until consent is withdrawn | Immediate suppression from mailing list |
| Cookie & Analytics Data | Site usage statistics and preferences | Up to 13 months (depending on cookie type) | Automatic expiration or user deletion |
| Server & Security Logs | System security and error diagnostics | 90 days | Automatic deletion from hosting infrastructure |
After expiration of the stated periods, personal data are securely erased or permanently anonymized.
9. Data Subject Rights
You have the right to:
- Access your data (Art. 15 GDPR);
- Rectify incorrect data (Art. 16);
- Request deletion (Art. 17);
- Restrict processing (Art. 18);
- Withdraw consent at any time (Art. 7(3));
- Lodge a complaint with a supervisory authority.
Contact: gdpr@steadysense.at
Supervisory Authority:
Austrian Data Protection Authority (DSB),
Wickenburggasse 8–10, 1080 Vienna, Austria
- E-mail: dsb@dsb.gv.at
10. International Data Transfers
Where services involve transfers to countries outside the European Economic Area (EEA) (e.g. UK or US), they are protected by:
- Adequacy Decision (for UK), or
- Standard Contractual Clauses (SCCs) for other third countries.
11. Security
We use state-of-the-art technical and organizational measures to protect your personal data, including:
- SSL/TLS encryption for all website traffic;
- Secure payment processing via PCI-DSS-certified provider (SumUp);
- Regular review of data security and hosting.
12. External Links
Our website may link to third-party pages (e.g., SteadyTemp apps, partner sites). We are not responsible for their privacy practices and encourage you to review their respective privacy policies.
13. Updates
We may update this Privacy Policy as necessary to reflect new legal or technical developments. The latest version is always available at: https://www.steadytemp.health/dataprotection
© 2025 SteadySense GmbH – All rights reserved.
- Last updated: 2025-11-18