Privacy policy

Last Updated: January 2026

1. General Information

We, Medexter Healthcare GmbH, take the protection of your personal data very seriously. We process your data in accordance with the applicable legal regulations, in particular the European General Data Protection Regulation (GDPR), the Austrian Data Protection Act (DSG), and the Telecommunications Act (TKG 2021).

Controller (Responsible for Data Processing):
Medexter Healthcare GmbH
Borschkegasse 7/5
1090 Vienna, Austria
E-Mail: shop@medexter.com
Phone: +43 1 968 03 24

2. Hosting & Infrastructure (Shopify)

Our store is hosted on Shopify Inc., Canada. They provide us with the online e-commerce platform that allows us to sell our products and services to you. Your data is stored through Shopify’s data storage, databases, and the general Shopify application on secure servers.

  • Provider: Shopify Inc., 151 O'Connor Street, Ground Floor, Ottawa, Ontario K2P 2L8, Canada.
  • Data Transfer: The EU Commission has determined that Canada offers an adequate level of data protection (Adequacy Decision). For data transfers to Shopify servers in the USA, Shopify relies on recognized transfer mechanisms (e.g., Standard Contractual Clauses) to ensure GDPR compliance.

3. Collection and Processing of Data

a) Visiting the Website (Log Files & Security) When you visit our website, technical data is automatically collected (e.g., IP address, browser type, time of access). This is necessary to display the website correctly and ensure security.

  • Spam Protection (hCaptcha): To protect our forms from spam and bots, we use hCaptcha provided by Intuition Machines, Inc. (USA). This service analyzes behavior (e.g., mouse movements) to distinguish humans from bots.
    • Legal basis: Art. 6 (1) (f) GDPR (Legitimate Interest in security).

b) Contract Fulfillment (Orders & Downloads) When you purchase software or services, we process the data you provide (Name, Billing Address, Email, Payment Information) to fulfill the contract, process the payment, and deliver the digital product (license keys/downloads).

  • Legal basis: Art. 6 (1) (b) GDPR (Performance of a Contract).
  • Retention: We are required by Austrian tax and commercial law to retain contract and invoice data for 7 years.

c) VAT Validation (Exemptify) To check whether you are eligible for tax-exempt intra-community delivery (B2B), we use the app "Exemptify", provided by Daxanema (Hong Kong). If you enter a VAT ID (UID), this ID and your IP address are transmitted to Daxanema and validated against the official EU database (VIES/MIAS).

  • Legal basis: Art. 6 (1) (b) GDPR (Contract Fulfillment) and Art. 6 (1) (f) GDPR (Fraud prevention).
  • Data Transfer: Data is processed on servers of Daxanema. As the provider is based in Hong Kong (a third country), we rely on Standard Contractual Clauses (SCCs) to ensure an adequate level of data protection.

d) Contact & Newsletter If you contact us, we process your data to handle your request (Art. 6 (1) (b) GDPR).

Newsletter Subscription: If you subscribe to our newsletter, we use the personal data you provide solely to deliver the newsletter to you. We store this data until you unsubscribe.

Technical Providers (Newsletter): To send our newsletter, we use the services SendBlaster and TurboSMTP, provided by eDisplay Srl (Viale del lavoro 53, 08023, Fonni, Italy). Please note that their parent company, Delivery Tech Corp. (4411 Morena Blvd #105, San Diego, CA 92117, USA), is located in a third country.

  • Legal Basis: Art. 6 (1) (a) GDPR (Consent).
  • Data Transfer: Data may be processed in the USA. We rely on the EU-US Data Privacy Framework (Adequacy Decision) as well as standard contractual clauses (SCCs) to ensure a safe data transfer.

Revocation: You can revoke your consent at any time via the "Unsubscribe" link included in every newsletter or via this link. Please be aware that we will not be able to inform you about our news if you choose to unsubscribe.

4. Payment Providers

We do not store your full credit card or bank details ourselves. Payments are processed via external service providers.

  • PayPal: If you pay via PayPal, data is transmitted to PayPal (Europe) S.à r.l. et Cie, S.C.A. (Luxembourg). Note: PayPal acts as an independent controller; please refer to their privacy policy.
  • Shopify Payments / Credit Cards: Processed securely via Shopify’s payment gateway partners.

5. Cookies & Analytics

We use cookies to make our website user-friendly.

  • Essential Cookies: Necessary for the shop to function (e.g., cart, checkout).
  • Analytics (Google Analytics 4): Only used if you give your explicit consent via our Cookie Banner. Provider: Google Ireland Ltd. (Irland/USA). We use IP anonymization.
  • Consent Management: We use Cookiebot (Usercentrics A/S, Denmark) to manage and store your consent choices legally.

Detailed Cookie Declaration: For a complete list of all cookies used on this website and to change or withdraw your consent at any time, please view our detailed Cookie Declaration by clicking on the hovering cookiebot logo in the bottom left corner of our website.

6. Your Rights

Under the GDPR, you have the right to access, rectify, erase, restrict processing, and object to the processing of your data, as well as the right to data portability. To exercise these rights, please contact us at: datenschutz@medexter.com.

If you believe that the processing violates data protection law, you have the right to lodge a complaint with the Austrian Data Protection Authority (Österreichische Datenschutzbehörde; Barichgasse 40-42, 1030 Vienna).