10€ on us with the Code "femPower" 🫶🏻 | minimum order value 50€

10€ on us with the Code "femPower" 🫶🏻 | minimum order value 50€

femSense privacy policy (GDPR)

Privacy Policy Website
Privacy Policy App

1. Introduction
This Privacy Policy describes how SteadySense GmbH (“SteadySense”, “we”, “us”) processes personal data when you visit our website www.femsense.com or make a purchase via our online shop.
This policy applies exclusively to interactions with the website and shop – not to the femSense App. For information on data processing in the femSense App, please refer to the separate App Privacy Policy.

2. Responsibility and Contact
SteadySense GmbH
Johann-Schreiner-Strasse 3
8074 Raaba-Grambach, Österreich
Tel: +43 316 232004
E-Mail: gdpr@steadysense.at | Website: www.steadysense.at

3. Categories of Data Processed
When visiting our website or using the shop, the following data may be processed:

Data Type

Description

Source

Access data

IP address, browser type/version, operating system, referring URL, time of access

Collected automatically

Order data

Full name, billing/delivery address, phone number, email address

Entered by you during the order process

Payment data

Payment method, transaction ID, amount (no full card details)

Processed by payment service providers (PayPal, Stripe)

Contact / support data

Information submitted via email or contact form

Provided voluntarily

Cookies and analytics data

Device information, session data, consent preferences

Collected automatically via tracking tools

4. Purpose and Legal Basis of Processing

Purpose

Legal Basis

Explanation

Processing orders and delivery

Art. 6(1)(b) GDPR

Performance of contract

Payment processing (PayPal, Stripe)

Art. 6(1)(b) GDPR

Performance of contract; providers’ own terms apply

Customer service and enquiries

Art. 6(1)(b) and (f) GDPR

Contract and legitimate interest

Newsletter delivery (Mailchimp)

Art. 6(1)(a) GDPR

Consent; withdrawable at any time

Website security and functionality

Art. 6(1)(f) GDPR

Legitimate interest

Legal obligations (taxes, accounting)

Art. 6(1)(c) GDPR

Austrian tax law (BAO, UGB)

Cookie-based analytics and advertising

Art. 6(1)(a) GDPR

Consent via cookie banner

5. Payment Processing

5.1 PayPal

PayPal (Europe) S.à r.l. et Cie, S.C.A. processes payment data as an independent controller. Processing is based on your consent pursuant to Art. 6(1)(a) GDPR. Some processing takes place in the USA on the basis of standard contractual clauses.

Privacy policy: https://www.paypal.com/de/webapps/mpp/ua/privacy-full

5.2 Stripe

Stripe, Inc. (Ireland, USA) processes credit card transactions on our website. Stripe enables online transactions without full credit card details being stored on our servers. Data transfer to the USA and Ireland is based on Art. 49(1)(a) GDPR (consent).

Privacy policy: https://stripe.com/de/privacy

6. Cookies and Tracking Technologies

6.1 Overview

Cookies are small text files stored on your device. We use them to operate the website, analyze visitor behavior (with your consent), and for marketing purposes (with your consent). A cookie banner appears on your first visit, through which you can manage your preferences. Consent can be withdrawn at any time via the cookie settings in the footer.

6.2 Cookie Categories

Category

Purpose

Legal Basis

Retention

Strictly necessary

Technical operation of the website and shop (shopping cart, payment flow, cookie settings)

Art. 6(1)(b)/(f) GDPR

Session

Functional cookies

Language settings, regional preferences

Art. 6(1)(a) GDPR

Up to 6 months

Analytics cookies

Anonymized analysis of website traffic

Art. 6(1)(a) GDPR

Up to 13 months

Marketing cookies

Remarketing and ad measurement

Art. 6(1)(a) GDPR

Up to 13 months

6.3 Full Cookie Overview

[borlabs-cookie type=”cookie-list”]

7. Newsletter (Mailchimp)

For sending our newsletter we use the Mailchimp service provided by The Rocket Science Group LLC, 512 Means Street Suite 404, Atlanta, GA 30318, USA. Upon registration, your email address and IP address are stored. Mailchimp uses so-called web beacons to evaluate whether and when the newsletter was opened and whether links were clicked.

Consent to receive the newsletter can be withdrawn at any time – either via the unsubscribe link in the newsletter or by email to gdpr@steadysense.at. Legal basis: Art. 6(1)(a) GDPR (consent).

8. Social Media Marketing (Facebook Events)

As part of our social media marketing strategy, SteadySense uses the following Facebook Events: App installation, app launch, registration, selection of the family planning or cycle tracker feature, patch order.

The femSense website uses analytics tools to optimize the performance of the offering and increase its value to the user.

9. Data recipients

Category

Recipient

Purpose

Payment processing

PayPal (Luxembourg/USA), Stripe (Ireland/USA)

Secure transaction processing

Web analytics

Google Ireland Ltd. (Analytics, AdSense, Campaign Manager)

Usage analysis and ad measurement

User behavior

Hotjar Limited (EU)

Analysis of click paths and session behavior

Social media marketing

Meta Platforms Ireland Ltd., TikTok Technology Ltd.

Conversion tracking and remarketing

Newsletter

The Rocket Science Group LLC (Mailchimp, USA)

Email delivery

Shipping service providers

Austrian Post / DHL / UPS / DPD / FedEx (as applicable)

Product delivery

Accounting

Authorized external accountant

Financial accounting

All partners are contractually bound in accordance with Art. 28 GDPR. The collected data is not sold or shared with uninvolved third parties without justification.

10. Retention Periods

Data Type

Retention Period

Basis

Order and invoice data

7 years

§ 132 BAO, § 212 UGB

Payment data

7 years

Tax and commercial law

Customer correspondence / support

Up to 24 months after resolution

Legitimate interest

Newsletter / marketing data

Until withdrawal of consent

Art. 7(3) GDPR

Cookie and analytics data

Up to 13 months (depending on cookie)

Automatic expiry

Server and security logs

90 days

Technical necessity

Test subject registrations

24 months

Art. 6(1)(b) GDPR

11. Rights of Data Subjects

You have the following rights under the GDPR:

  • Access to your stored data (Art. 15 GDPR)
  • Rectification of inaccurate data (Art. 16 GDPR)
  • Right to erasure (Art. 17 GDPR)
  • Right to restriction of processing (Art. 18 GDPR)
  • Right to data portability (Art. 20 GDPR)
  • Objection to processing (Art. 21 GDPR)
  • Withdrawal of granted consents (Art. 7(3) GDPR)

To exercise your rights, please contact: gdpr@steadysense.at

Right to lodge a complaint with the supervisory authority: Austrian Data Protection Authority, Wickenburggasse 8–10, 1080 Vienna | dsb@dsb.gv.at

12. International Data Transfers

Some of the services we use (e.g., Stripe, Mailchimp, TikTok) transfer data to third countries outside the European Economic Area (EEA), particularly to the USA. These transfers are safeguarded by:

  • Standard Contractual Clauses (SCCs) of the EU Commission
  • EU-US Data Privacy Framework (DPF), where the provider is certified

Where no adequacy decision by the EU Commission exists and no standard contractual clauses are used (e.g., for certain third-party cookies), the transfer is based on your consent pursuant to Art. 49(1)(a) GDPR. We point out that in third countries such as the USA, a level of data protection comparable to that of the EU may not be guaranteed.

13. Data Security

SteadySense has implemented technical and organizational measures to protect your data, including:

  • SSL/TLS encryption for all website traffic
  • Secure payment processing via PCI-DSS compliant providers
  • Confidentiality obligations for all employees
  • Regular review of IT infrastructureRegelmäßige Überprüfung der IT-Infrastruktur

SteadySense does not store full credit card or bank details.

14. Changes to This Policy

We may update this Privacy Policy as needed. The current version is available on our website at all times.

© 2026 SteadySense GmbH – All rights reserved.
As of: March 2026