Version dated February 28, 2026
This Privacy Policy explains how personal data is processed when using the SonoFUN database at database.sonofun.live. It covers the website, registration and user accounts, payment processing, communication, analytics, and the technical operation of the platform.
The SonoFUN database is offered by Carl&Mahren GbR, Böblingerstrasse 19, 70178 Stuttgart, email: info@carlmahren.com, and by Dr. med. Michael Höpfner, Gesellschaft für innovative Sonographie (GefiS), Schanzenstr. 35, 34130 Kassel, email: m_hoepfner@hotmail.com.
Depending on the specific processing activity, Carl&Mahren and Dr. Höpfner / GefiS act in their respective areas of responsibility. Carl&Mahren is primarily responsible for the technical operation of the website and platform, hosting-related processes, account-related product functions, and technical support workflows. Dr. Höpfner / GefiS is primarily responsible for the medical-editorial offering, content-related communication, and contractual matters relating to the professional content offering.
If you have questions about data protection, you may contact either of the addresses above. Requests will be handled by the party responsible for the relevant processing activity.
When you use the platform, we may process in particular account data, contact data, contract and billing data, communication content, login and usage data, technical log data, and cookie or device-related identifiers.
We process this data in order to provide the website and platform, create and manage user accounts, enable logins, provide medical learning content, process payments and subscriptions, respond to inquiries, send transactional emails, improve the service, secure the platform, and comply with legal obligations.
When the website is accessed, technical data transmitted by your browser or device may be processed, for example IP address, date and time of the request, requested URL, referrer, browser information, device information, and status codes.
This processing is required to provide the website, maintain stability and security, detect misuse, and troubleshoot technical issues. The legal basis is Article 6(1)(f) GDPR, based on our legitimate interest in secure and reliable platform operation, and where the processing is necessary to provide contractual or pre-contractual services, Article 6(1)(b) GDPR.
If you register for the SonoFUN database, we process the data required to create and maintain your account, such as first name, last name, email address, password data in protected form, redeemed codes, account status, and usage-related account information.
We also process data relating to your use of the platform where needed to provide the service, such as progress information, activated access rights, and technical identifiers connected to your account. The legal basis is Article 6(1)(b) GDPR.
For paid offerings, payment and subscription processing takes place through Stripe. In this context, data such as email address, billing-related metadata, payment status, customer IDs, and subscription information may be processed.
Payment data is processed to conclude and perform the contract, manage subscriptions, detect payment issues, and fulfill statutory retention duties. The legal basis is Article 6(1)(b) GDPR and, where applicable, Article 6(1)(c) GDPR.
We send transactional emails such as account activation messages, password reset messages, and support-related notifications. For this purpose, contact data and message-related metadata may be processed.
If you opt in to newsletter or update emails, your email address and related subscription information may be processed for those communications. The legal basis is Article 6(1)(a) GDPR for optional newsletter communications and Article 6(1)(b) GDPR or Article 6(1)(f) GDPR for transactional and support-related communication.
We use technically necessary cookies and similar technologies to provide core website and platform functions, including language selection, session-related behavior, login-related functions, and embedded payment processes.
We also use analytics and product-improvement tools, including Plausible and PostHog, to understand how the platform is used, improve functionality, and identify technical problems. Depending on the specific implementation and legal requirement, processing is based on Article 6(1)(f) GDPR or on your consent under Article 6(1)(a) GDPR.
We use external service providers where necessary for hosting, infrastructure, payment processing, email delivery, analytics, and technical operation. Based on the currently used services, this may include hosting and server infrastructure providers, Stripe for payments, Loops for email delivery and contact automation, Plausible for web analytics, and PostHog for product analytics.
Personal data is only disclosed to recipients insofar as this is necessary for the relevant purpose, legally permitted, or required by law. Service providers are engaged under data-processing agreements where required.
Some service providers may process data outside the EU/EEA or may involve group companies or subprocessors in third countries. Where this happens, data is transferred only on the basis of an adequacy decision, standard contractual clauses, or another lawful transfer mechanism.
We store personal data only for as long as necessary for the stated purposes, for the duration of the user or contractual relationship, or for as long as statutory retention obligations apply. Thereafter, data is deleted or restricted unless further storage is legally required or justified.
As a data subject, you have rights under the GDPR. These include, in particular, rights of access, rectification, erasure, restriction of processing, data portability, objection, and withdrawal of consent with future effect.
You also have the right to lodge a complaint with a supervisory authority, in particular in the member state of your habitual residence, your place of work, or the place of the alleged infringement.
For privacy-related inquiries, requests, or objections, you can contact Carl&Mahren at info@carlmahren.com or Dr. Michael Höpfner / GefiS at m_hoepfner@hotmail.com.
We may update this Privacy Policy where legal requirements, platform functions, or service providers change. The current version published on the website applies.