Limitation of Liability
Despite careful monitoring of contents, we do not assume any liability for the contents of external links. The operators of pages are solely responsible for the content of the linked pages. Errors excepted.
1. PURPOSE OF POLICY
Policy as well. All references to “we”, “us”, “our”, or “rewellio” refer to Rewellio GmbH, an Austrian limited
liability company with its registered seat in Bad Ischl, registered under company register number 466473s
of the regional court Wels, Jainzentalstraße 8/19,4820 Bad Ischl. We are “controller” in accordance with
Art. 4 of the EU General Data Protection Regulation (hereinafter referred to “GDPR”). All references to
“you”, “your”, “user”, “Therapist”, and “Patient” shall have the meanings ascribed to them in our Terms of
Use. Any capitalized terms not defined herein shall have the definition ascribed or attributed thereto in
discuss this Policy.
2. INFORMATION WE COLLECT AND HOW WE USE IT
Required Information You Voluntarily Provide Us.
When you sign up for an account through the Service, you will be required to provide us with various
information that is, or may be, considered personally identifiable information.
For Patients, this information may include:
– your first and last name;
– your telephone number;
– your date of birth;
– your sex;
– your preferred language;
– your email address;
– your physical or mailing address;
– your therapist / therapy institution and
– certain medical information, including any diagnosis you have been given and any existing course of
therapy to treat such diagnosis.
For Therapists, this information may include:
– your first and last name and name of the therapy institution you work at;
– your address;
– your telephone number;
– your date of birth;
– your preferred language; and
– your email address.
The collection and processing of this data is necessary in order to provide the Service. We will
automatically delete this information if the collection and processing is not necessary anymore in order to
provide the Service. The collection of data is based on on Art. 6 para 1 lit b GDPR (necessary for the
performance of a contract).
Information We Collect With Your Permission as You Use the Service.
In addition to the information you voluntarily provide us, if Patient gives his or her permission, we will
collect certain of Patient’s medical information relating to Patient’s use of the Service (referred to herein
Patient’s improvement over time as a result of using the Service. In particular, the exercise and the time of
exercising is collected, as well as the analysis of the exercise (e.g. scored points, number of repetitions etc.)
and the moves of the Patients and reaction time. Data may be collected from either Patients or Therapists,
and is collected for the purpose of providing and improving the Service. While the Data is provided to us
only with your permission, some aspects of the Service may not be available if you choose not to provide
us with the Data.
We will automatically delete this information if the collection and processing is not necessary anymore in
order to provide the Service.The collection of data is based on on Art. 6 para 1 lit a GDPR (prior given
How We Use Your Information
of providing you with the core aspects of the Service. Additionally, by registering for an account via the
Service, you agree that we may use this information, including your email address, to send to you
information regarding Updates to the Service, problems with the Service, and any other communications
pertaining to the functionality of the Service.
These are first party cookies, not third party cookies, meaning that the cookies are only used to track your
activity on the Service, and not on third party sites or services.
We automatically collect certain information about you as you use the Service, including, without
limitation, through cookies on the rewellio website and in-app tracking when you use our App. This may
include information about the way you use the Services, the parts of our Services you use and third party
apps or websites you visit when you leave our Services.
We will collect this data in order to:
– be able to provide our website and our app and in order to improve and develop our website and app;
– create a user analysis;
– identify, prevent and investigate attacks on our website and our app; and
– reply to your requests.
The data processed by cookies are necessary for the mentioned purposes of the legitimate interests
pursued by us or third parties according to Art. 6 para 1 lit f GDPR.
Other Anonymous Data We Collect.
On our website we use Google Analytics, which is a web analysis service of Google Inc., 1600 Amphitheatre
Parkway, Mountain View, California, 94043 USA (hereinafter referred to as “Google”). Google Analytics uses
cookies, which are text files placed on your computer, to help the website analyze how users use the site.
The information generated by the cookie about your use of the website (including your IP address) will be
transmitted to and stored by Google on servers in the United States. In case of activation of the IP
anonymization, Google will truncate/anonymize the last octet of the IP address for Member States of the
European Union as well as for other parties to the Agreement on the European Economic Area. Only in
exceptional cases, the full IP address is sent to and shortened by Google servers in the USA. On behalf of
the website provider Google will use this information for the purpose of evaluating your use of the website,
compiling reports on website activity for website operators and providing other services relating to
website activity and internet usage to the website provider. Google will not associate your IP address with
your browser. However, we point out that if you do this, you may not be able to use the full functionality of
this website. Furthermore you can prevent Google’s collection and use of data (cookies and IP address) by
downloading and installing the browser plug-in available under
On our mobile app we use Unity3d Analytics, which is a service by Unity Technologies, 30 3rd Street, San
Francisco, California, 94103, USA (hereinafter referred to “Unity”). Unity has collected device information,
like IP address and device identifiers, as well as events completed or actions taken within the app,
including level, number of credits, time it took you to earn them, metadata about in-app communications
and the value and details of purchases. Using Unity systems, we have ongoing access to this data. This
collection and use of data makes it possible for your experience to operate as expected by permitting you
to do things like redeem rewards you have earned or return to where you left off in a rehab session. Other
Unity customers may have access to aggregated reports about activity in general across a number of
activities. These reports are based, in part, on your activities, but do not specifically identify you or your
device. The reports described in this paragraph help us make decisions on optimal methods to run the app
we have made for you. For example, we may need to know the types of devices running the app to
determine how to support updates on an ongoing basis. Some data collected by Unity Analytics may be
used by Unity Ads for personalized advertising. If you are in the EU and do not wish to be targeted in this
manner, the first Unity ad you see in an app explains how you can opt-out of data collection in that
particular app. You can opt-out then or at any time by clicking or tapping the “ℹ” button (or Data Privacy
icon) on any ad you see (the “ℹ” button or Data Privacy icon will also allow you to access the data that is
collected about you in that particular app). Also, you may see certain “brand” advertising within the Unity
ad network (a brand ad is advertising for products that are not games, such as ads for an airline travel deal
or a soft drink). Unity gets these ads from third-party networks. Unity does not permit these third parties to
add your app usage to their marketing database, except for a few exceptions, which Unity specifically lists
092055). The small subset of third parties listed are clearly noted as being permitted by Unity’s contracts to
use the fact that you use the particular Service in their future targeting of ads to you for other non-Unity
parties. The remaining parties listed have been clearly noted as not permitted to maintain data about the
ad they served you through the Unity network for future use. Please note that if you have told Unity not to
target you or you have exercised choices directly with these third parties, this information will not be
maintained or used by Unity or these third parties. Please note that if you have elected to not have your
data collected by Unity, Unity does not send your advertising identifier to any third party, and you will
receive only contextual advertising inside our network. You may also visit the third parties listed in Unity’s
92055 (at the links provided) to see the types of data that these parties have about you based on your
device’s advertising identifier. Please review the section “What are my privacy choices for advertising?”
92055 to learn more about how to exercise choice with regard to personalized ads.
The data processed by third party services are necessary for the mentioned purposes of the legitimate
interests pursued by us or third parties according to Art. 6 para 1 lit f GDPR.
Do Not Track Signals.
To the extent that we receive any Do-Not-Track signals, we will not comply with them.
3. HOW WE SHARE YOUR INFORMATION
Information Shared By You Through The Service
.Patients may share their personal information, including the Data, with Therapists. Likewise, Therapists
may share their personal information with Patients.
To be able to effectively provide you with the Service, and to improve the functionality of the Service, we
may disclose your information to our personnel, including our employees, contractors, agents and
vendors, to the extent that such persons or entities have a need-to-know such information in furtherance
of the Service. In the event we charge a Subscription Fee, we may also share information with our vendor
who provides payment processing.
Sale of Company or Assets.
In the event that we sell all or substantially all of our company or its assets, including the user information
collected through our Service, we may transfer your information to the acquiring company. However, we
will notify you before we do so.
Other Third Parties.
In addition to our practices described above and in accordance with Art. 6 GDPR, we may only share your
a. you have given consent to the disclosure of your personal data for one or more specific purposes;
b. disclosure is necessary for the performance of a contract to which you are party or in order to take steps
at your request prior to entering into a contract;
c. disclosure is necessary for compliance with a legal obligation to which we are subject;
d. disclosure is necessary in order to protect your vital interests or of another natural person;
e. disclosure is necessary for the performance of a task carried out in the public interest or in the exercise
of official authority vested in us;
f. disclosure is necessary for the purposes of the legitimate interests pursued by us or by a third party,
except where such interests are overridden by the interests or fundamental rights and freedoms of you
which require protection of personal data.
We will notify you prior to disclosing your information pursuant to this section.
Aggregated and Anonymized Information.
At times, we may share Patients’ aggregated and anonymized information with third parties.
4. STORING YOUR INFORMATION
Storage, Modifications, and Retention of Your Information.
We use state-of-the-art administrative, technical, personnel and physical measures to safeguard your
personal information against loss, theft or unauthorized use, disclosure or modification.
We will securely store your personally identifiable information on third-party servers, and will do so for as
long as it is needed to provide the Service. Your personal data may be transferred to our service providers
located in the United States. We only use US service providers who are participants in the EU – US Privacy
Shield, or who have entered into standard contractual clauses with us, or who otherwise qualify under the
GDPR to receive transfers of personal data. Currently, we use servers of Microsoft Corporation, One
Microsoft Way, Redmond, WA 98052-6399,USA, which is participant in the EU – US Privacy Shield and has
entered into standard contractual clauses with us.
We may not know if you have stopped using the Service so we encourage you to contact us if you are no
longer using the Service. You can change some of your information through the account settings provided
on the Service. If required by applicable law, we may retain your information for such period as may be
required by such law. To continue to provide an effective service, we may store non-personally identifiable
information perpetually and may anonymize your personally identifiable information and store that
anonymized information perpetually. Additionally, we use third party services and do not control their
practices related to storage and retention of your information.
We use reasonable efforts to secure your information and to attempt to prevent the loss, misuse, and
alteration of the information that we obtain from you. For example, we have implemented a strict data
security policy, we train our personnel on privacy issues, we communicate only via https, and we review
the privacy practices of new products and services that we integrate into our Service. Relatedly, we require
our personnel to sign confidentiality agreements that extend to your personal information. In addition, we
store your personal information in locked rooms. We also use reasonable technical safeguards such as
secure hosting provided by industry leading third party vendors, to secure your personal information.
However, loss, misuse, and alteration may occur despite our efforts to protect your information. We are not
responsible to our users or to any third party due to any such loss, misuse, or alteration.
Rights of the User.
At any time, you have the right
• to request information as to which of your data we process (Art. 15 GDPR),
• to request the rectification or erasure of your data (Art. 16 and Art. 17 GDPR),
• to restrict the processing of your data (Art. 18 GDPR),
• to request the transmission of your data (Art. 20 GDPR),
• to file a complaint with a supervisory authority, in particular the Austrian data protection authority
(www.dsb.gv.at) or the data protection authority at your place of residence.
You can instruct us to stop processing your data at any time using the following e-mail address:
firstname.lastname@example.org. Even if you have agreed to the processing of data in the past, you can revoke such
consent at any time (Art. 21 GDPR).
Should you have questions concerning your personal data, please contact us using the following e-mail
5. GOVERNMENT REQUESTS
From time to time, we may receive requests from government agencies to obtain information about our
users. In handling such government requests, we greatly value the privacy of your information, however,
we may turn over your information in accordance with such requests if we believe such action is
warranted. We will notify you prior to disclosing your information pursuant to this section.
6. THIRD PARTY SERVICES AND PRACTICES ARE BEYOND
Our Service utilizes third party services as part of the functionality of the Service. We may share your
information with third parties as explained in this Policy. We have no control over such third parties. We
encourage you to review the privacy practices of such third parties. We make no guarantees about, and
assume no responsibility for, the information, services, or data/privacy practices of third parties.
7. CHANGES TO THIS POLICY
We reserve the right to change this Policy from time to time, with prior notice to you. If you continue to use
the Service, you consent to the new Policy. We will always have the latest Policy posted on the Service.
8. PLEASE REACH OUT TO US WITH ANY QUESTIONS OR
If you have any questions or comments about this Policy or our Service, please feel free to contact us by
email at email@example.com
9. CONTROLLER CONTACT DETAILS
Controller according to Art. 4 GDPR:
company register number 466473s of the regional court Wels,
Technoparkstr. 3/16,4820 Bad Ischl
Mr. Georg Teufl
Data Protection Officer according to Art. 37 GDPR:
x-tention Informationstechnologie GmbH
Römerstraße 80A, 4600 Wels, Austria
tel +43 7242 2155-6171, fax +43 7242 2155-6305