Get In Touch

Privacy Policy

1. Overview

Data protection is a particularly high priority for the management of codis GmbH (“we”, “us”). This Website Data Protection Statement explains the nature, scope, and purposes of personal data processing in connection with our website and informs data subjects about their rights under the General Data Protection Regulation (GDPR).
Internet-based data transmissions may have security vulnerabilities. We protect your data through appropriate technical and organisational measures; however, absolute protection cannot be guaranteed. You may contact us using alternative means (e.g., telephone) if you prefer not to use electronic communication.

Regulatory Requirements:

2. Relevant Persons

2.1 Controller

codis GmbH
Location: Saporoshjestraße 3, 4030 Linz
Phone Number: +43 50369-555
E-Mail Adress: office@codis-health.com

2.2 Data Protection Officer (DPO)

We have appointed a Data Protection Officer (DPO). You can reach the DPO at: office@codis-health.com.

3. Processing Activities on the Website

When you visit our website, we may process personal data in the following contexts:
  • Server log data (e.g., IP address, time of access) for website delivery and security.
  • Communication data if you contact us (e.g., by email or via a contact form, if available).
  • Newsletter data if you subscribe (if a newsletter is maybe offered).
  • Application data if you submit an application (e.g., by email or via a form, if available).
We do not intentionally process special categories of personal data (Art 9 GDPR) through the website unless you provide such information voluntarily (e.g., in a free-text message). Please avoid sending sensitive health data through the website unless explicitly requested and necessary.

4. Server Log Files (Website Access Data)

4.1 What Data we process

Each time you access our website, the web server may automatically collect and store data in server log files, such as:
  • browser type and version
  • operating system
  • referrer URL
  • subpages accessed
  • date and time of access
  • IP address
  • internet service provider
  • similar technical data  needed for operation and security

4.2 Purposes

  • delivering website content correctly
  • ensuring stability and security (e.g., detecting and preventing attacks)
  • troubleshooting and error analysis
  • improving our website (aggregated/anonymous analysis where feasible)

4.3 Legal Basis

The processing is based on Art 6 GDPR (legitimate interests) in operating a secure and functional website.

4.4 Storage Period

Server log data are stored for a limited period necessary for the purposes above and may be retained longer if needed to investigate security incidents.

5. Contacting Us (E-Mail / Contact Form)

5.1 What Data we process

If you contact us, we process the data you provide (e.g., name, email address, message content) and metadata required to handle the communication.

5.2 Purposes

  • responding to inquiries
  • initiating or performing pre-contractual measures and contracts
  • documentation of communication where necessary (e.g., compliance, proof of communication)

5.3 Legal Basis

  • Art 6 (1) (b) GDPR if the inquiry is related to pre-contractual measures or a contract
  • Art 6 (1) (f) GDPR for general inquiries (legitimate interest in responding and documenting business
    communications)

5.4 Storage Period

Communication data are stored as long as necessary to process the request and thereafter in accordance with statutory retention periods and internal retention policies.

6. Cookies and Similar Technologies

Our website may use cookies or similar technologies that are technically necessary for website operation and security.
  • Necessary cookies: processed based on Art 6 (1) (f) GDPR (legitimate interest in providing a functional
    website) or where applicable relevant national rules.
  • Optional cookies (e.g., analytics/marketing): processed only based on consent (Art 6 (1) (a) GDPR) via a
    cookie banner/consent tool, if such cookies are used.
You can manage cookie settings via the website’s consent settings (if available) and your browser settings

7. Recipients and Processors

We may share personal data with:
  • IT service providers and hosting providers (processors)
  • professional advisors (e.g., legal, audit) where necessary
  • authorities and courts where legally required
Processors act under our instructions and are bound by appropriate contractual arrangements.

8. International Transfers (Third Countries)

If we use service providers that process personal data outside the EU/EEA, we ensure appropriate safeguards (e.g., adequacy decisions or standard contractual clauses) as required by GDPR.

9. Storage Period / Deletion

We process and store personal data only for as long as necessary for the respective purpose or as required by statutory retention obligations. After the purpose ceases to apply and retention obligations expire, data are deleted or anonymised.

10. Rights of Data Subjects

You have the following rights where the legal requirements are met:
  • right of access (Art 15 GDPR)
  • right to rectification (Art 16 GDPR)
  • right to erasure (Art 17 GDPR)
  • right to restriction of processing (Art 18 GDPR)
  • right to data portability (Art 20 GDPR)
  • right to object (Art 21 GDPR)
  • right to withdraw consent at any time (Art 7(3) GDPR) (without affecting the lawfulness of processing before withdrawal)
You also have the right to lodge a complaint with a supervisory authority, in particular in the Member State of your habitual residence, place of work, or place of the alleged infringement. To exercise your rights, please contact us or the DPO using the contact details above.
Providing personal data is generally not required to use the website. However, certain services (e.g., contacting us) require specific data (e.g., an email address). If you do not provide the required data, we may be unable to provide the requested service.

12. Security (TLS/HTTPS)

We use TLS encryption (HTTPS) to protect data transmitted between your browser and our website.

13. Automated Decision-Making / Profiling

We do not use automated decision-making or profiling within the meaning of Art 22 GDPR in connection with the website.

14. Updates to this Statement

We may remind/update this statement to reflect legal, technical, or organisational changes. The version published on the website at the time of your visit applies.