SMFP Solutions Logo
Back to the homepage

Privacy Policy

Protecting your personal data is important to us. We process your data exclusively in accordance with applicable data protection laws, in particular the General Data Protection Regulation (GDPR) and the Austrian Telecommunications Act (TKG 2003).

Controller

SMFP Solutions OG
Baumgartnerstraße 2a/8
4061 Pasching
Austria
Email: office@smfp-solutions.com

Legal basis for processing

We process personal data on the following legal bases:

Art. 6(1)(b) GDPR (performance of a contract and pre-contractual measures, in particular handling inquiries and contracts),
Art. 6(1)(c) GDPR (compliance with a legal obligation, e.g., statutory retention obligations),
Art. 6(1)(f) GDPR (legitimate interests in providing a secure, stable and functional online service).

Contact (contact form and email)

If you contact us via the contact form or by email, we process the data you provide (e.g., name, email address, phone number, message) in order to handle your request.

Purpose: Responding to and processing your inquiry; initiating pre-contractual measures.
Legal basis: Art. 6(1)(b) GDPR.
Storage period: Until the request has been fully processed; thereafter only if required by statutory retention obligations or necessary to document/defend legal claims.

Server logs and hosting

This website is operated by us on our own server infrastructure within the European Union (no external website hosting provider). When you access the website, the server automatically processes log data (e.g., IP address, date and time of access, requested page/URL, referrer URL, browser type, operating system).

Purpose: Technical provision of the website, IT security, troubleshooting, detection of misuse and attacks.
Legal basis: Art. 6(1)(f) GDPR.
Storage period: Log data is generally stored for a limited period and then deleted or anonymised (typically up to 30 days), unless security-relevant incidents require longer retention.

1. General information on data processing

We only process personal data to the extent necessary for carrying out our business activities. This includes in particular:

  • handling inquiries
  • initiating and executing contractual relationships
  • providing user accounts and technical services
  • processing payments

Processing is limited to what is necessary and carried out in compliance with legal requirements.

2. User accounts and authentication

For certain services, creating a user account is required. In particular, the following data may be processed:

  • name or company name
  • contact details
  • access data (e.g., username, password hash)

For technical implementation of login, only strictly necessary cookies are used. These cookies serve authentication and session maintenance and are essential for operating the website.

3. Cookies

Our website generally does not use analytics, tracking, or marketing cookies. Web analytics using Google Analytics is carried out exclusively after explicit user consent. Otherwise, only technically necessary cookies are used, which are required for the secure operation of the website.

4. Payment processing via Stripe

For payment processing, we use the payment service provider:

Stripe Payments Europe Ltd.

1 Grand Canal Street Lower

Grand Canal Dock

Dublin, Ireland

As part of payment processing, personal data (e.g., name, billing details, payment amount and payment information) is transmitted directly to Stripe and processed there. Stripe acts as an independent controller under the GDPR.

Further information on Stripe’s data processing can be found at: https://stripe.com/at/privacy

We do not store full payment details (e.g., credit card information) on our systems.

5. Data security

To protect personal data, we implement appropriate technical and organizational security measures. Stored and transmitted data is protected using modern cryptographic methods.

6. Disclosure of data

Personal data is only disclosed to third parties if:

  • it is necessary to fulfill the contract
  • there is a legal obligation
  • the corresponding consent has been given

Data is not transferred to countries outside the European Union, except for the payment provider Stripe used for payment processing.

7. Storage duration

Personal data is stored only as long as necessary for the respective purposes or as long as statutory retention obligations exist. Once the purpose no longer applies or statutory periods expire, the data is deleted or anonymized.

8. Rights of data subjects

Under the GDPR, data subjects have the following rights in particular:

  • right of access
  • right to rectification
  • right to erasure
  • right to restriction of processing
  • right to data portability
  • right to object

Complaints may be submitted to the competent supervisory authority:

Österreichische Datenschutzbehörde

Barichgasse 40–42

1030 Wien

www.dsb.gv.at

Status: February 2026