Privacy Policy for SOT Cloud

Effective Date: August 18, 2025
Last Updated: August 18, 2025

1. Introduction

SOT Medical Systems (“we,” “our,” or “us”) is committed to protecting your privacy and ensuring the confidentiality of your personal data.

This Privacy Policy describes how we collect, use, store, and protect information when you use our cloud-based medical measurement platform and related services (together, the “Service”). It also explains your rights under the General Data Protection Regulation (GDPR) and how you can exercise them.

2. Data Controller

Sonotechnik Austria Angio Experience GmbH
Alte Hollenburger Str. 4
9161, Maria Rain
Austria

Email: office@sot-medical.com
Phone: +43 4227 84991

3. Information We Collect

3.1 Personal Data You Provide

  • Account Information: Name, email address, password, and role information
  • Profile Information: Professional credentials, organization details, and contact information
  • Authentication Data: Two-factor authentication details and login credentials
  • Communication Data: Messages, support requests, and feedback you send to us

3.2 Anonymized Measurement & Device Data

  • Device Information: Serial numbers, firmware versions, and device configurations
  • System Data: Software versions, operating system information, and technical specifications

3.3 Automatically Collected Data

  • Usage Data: Login times, feature usage, and system interactions
  • Technical Data: IP addresses, browser type, device identifiers, and cookies
  • Performance Data: System performance metrics and error logs

4. Legal Basis for Processing

We process personal data in accordance with GDPR based on:

  • Contract Performance: To provide the Service and fulfill contractual obligations
  • Legitimate Interests: To improve services, ensure security, and prevent fraud
  • Legal Obligations: To comply with applicable laws and regulations
  • Consent: For specific processing activities requiring explicit consent

5. How We Use Your Information

5.1 Service Provision

  • Operate and maintain the SOT Cloud platform
  • Manage accounts, roles, and access permissions
  • Deliver customer support and technical assistance

5.2 Service Improvement

  • Analyze usage to optimize features and usability
  • Develop new functionalities and enhancements
  • Monitor system performance and reliability
  • Support research and development

5.3 Security and Compliance

  • Ensure platform and data security
  • Detect, prevent, and investigate fraud or misuse
  • Comply with regulatory obligations
  • Maintain audit logs and compliance documentation

6. Data Sharing & International Transfers

  • Service Providers: We may share limited data with trusted hosting, analytics, and support providers.
  • Legal Authorities: We may disclose data when required by law, regulation, or legal process.
  • International Transfers: If data is transferred outside the European Economic Area (EEA), it is safeguarded with appropriate safeguards (e.g., Standard Contractual Clauses).

We do not sell or rent your personal data to third parties.

7. Data Security

We apply technical and organizational measures to protect your data, including:

  • Encryption: Data encrypted in transit and at rest
  • Access Controls: Role-based permissions and multi-factor authentication
  • Network Security: Firewalls, intrusion detection, and secure architecture
  • Monitoring & Audits: Regular vulnerability testing and security reviews
  • Employee Awareness: Data protection and security training
  • Incident Response: Documented procedures for rapid handling of security incidents

8. Data Retention

  • Account & User Data: Retained for the duration of the commercial relationship plus 7 years for compliance purposes
  • Measurement Data: Retained as agreed with customers or as required by law
  • Backups: Stored only as needed for disaster recovery

Upon termination or deletion requests, we:

  • Delete or anonymize personal data unless retention is legally required
  • Confirm data deletion upon request

9. Your Rights (GDPR)

As a data subject, you have the following rights:

  • Access: Request a copy of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure (“Right to be Forgotten”): Request deletion of your data where legally permissible
  • Restriction: Request limitation of processing in certain cases
  • Data Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests or direct marketing
  • Withdraw Consent: Revoke consent at any time for activities requiring it

To exercise your rights, contact us using the details below.

10. Contact Information

For questions, concerns, or data requests:

Data Protection Inquiries
Email: office@sot-medical.com
Phone: +43 4227 84991

Postal Address
Sonotechnik Austria Angio Experience GmbH
Alte Hollenburger Str. 4
9161, Maria Rain
Austria

For more details, visit our general Privacy Policy.