Select Page




We are committed to protecting your privacy. We created this Privacy Policy (“Policy”) to give you confidence as you visit and use the rewellio website and mobile application, and any other related services provided by us (collectively, the “Service”). This Policy covers how we collect, use, store, and share your information when you use our Service. The provisions of our Terms of Use [link einfügen] apply to this Policy as well. All references to “we”, “us”, “our”, or “rewellio” refer to Rewellio GmbH, an Austrian limited liability company with its registered seat in Bad Ischl, registered under company register number 466473s of the regional court Wels, Jainzentalstraße 8/19,4820 Bad Ischl. We are “controller” in accordance with Art. 4 of the EU General Data Protection Regulation (hereinafter referred to “GDPR”). All references to “you”, “your”, “user”, “Therapist”, and “Patient” shall have the meanings ascribed to them in our Terms of Use. Any capitalized terms not defined herein shall have the definition ascribed or attributed thereto in ourTerms of Use.Do not hesitate to contact us at if you have any questions or want to discuss this Policy.



Required Information You Voluntarily Provide Us. 

When you sign up for an account through the Service, you will be required to provide us with various information that is, or may be, considered personally identifiable information.

For Patients, this information may include: 

–      your first and last name; 

–      your telephone number;

–      your date of birth;

–      your sex;

–      your preferred language;

–      your email address;

–      your physical or mailing address; 

–      your therapist / therapy institution and

–      certain medical information, including any diagnosis you have been given and any existing course of therapy to treat such diagnosis.

For Therapists, this information may include:

–      your first and last name and name of the therapy institution you work at; 

–      your address;

–      your telephone number;

–      your date of birth;

–      your preferred language; and

–      your email address.

The collection and processing of this data is necessary in order to provide the Service. We will automatically delete this information if the collection and processing is not necessary anymore in order to provide the Service. The collection of data is based on on Art. 6 para 1 lit b GDPR (necessary for the performance of a contract).

Information We Collect With Your Permission as You Use the Service.

In addition to the information you voluntarily provide us, if Patient gives his or her permission, we will collect certain of Patient’s medical information relating to Patient’s use of the Service (referred to herein and in the Terms of Use as the “Data”), including signals from the Patient’s brain to the Patient’s hand, and Patient’s improvement over time as a result of using the Service. In particular, the exercise and the time of exercising is collected, as well as the analysis of the exercise (e.g. scored points, number of repetitions etc.) and the moves of the Patients and reaction time. Data may be collected from either Patients or Therapists, and is collected for the purpose of providing and improving the Service. While the Data is provided to us only with your permission, some aspects of the Service may not be available if you choose not to provide us with the Data. 

We will automatically delete this information if the collection and processing is not necessary anymore in order to provide the Service.The collection of data is based on on Art. 6 para 1 lit a GDPR (prior given consent).

How We Use Your Information

We use this information for the purposes described in this Policy and in our Terms of Use andin furtherance of providing you with the core aspects of the Service. Additionally, by registering for an account via the Service, you agree that we may use this information, including your email address, to send to you information regarding Updates to the Service, problems with the Service, and any other communications pertaining to the functionality of the Service.


We use cookies to remember you as a user of the Service and to streamline the functionality of the Service. These are first party cookies, not third party cookies, meaning that the cookies are only used to track your activity on the Service, and not on third party sites or services. 

We automatically collect certain information about you as you use the Service, including, without limitation, through cookies on the rewellio website and in-app tracking when you use our App. This may include information about the way you use the Services, the parts of our Services you use and third party apps or websites you visit when you leave our Services.

We will collect this data in order to:
– be able to provide our website and our app and in order to improve and develop our website and app;
– create a user analysis;
– identify, prevent and investigate attacks on our website and our app; and
– reply to your requests.

The data processed by cookies are necessary for the mentioned purposes of the legitimate interests pursued by us or third parties according to Art. 6 para 1 lit f GDPR. 

Other Anonymous Data We Collect. 

On our website we use Google Analytics, which is a web analysis service of Google Inc., 1600 Amphitheatre Parkway, Mountain View, California, 94043 USA (hereinafter referred to as “Google”). Google Analytics uses cookies, which are text files placed on your computer, to help the website analyze how users use the site. The information generated by the cookie about your use of the website (including your IP address) will be transmitted to and stored by Google on servers in the United States. In case of activation of the IP anonymization, Google will truncate/anonymize the last octet of the IP address for Member States of the European Union as well as for other parties to the Agreement on the European Economic Area. Only in exceptional cases, the full IP address is sent to and shortened by Google servers in the USA. On behalf of the website provider Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity for website operators and providing other services relating to website activity and internet usage to the website provider. Google will not associate your IP address with any other data held by Google. You may refuse the use of cookies by selecting the appropriate settings on your browser. However, we point out that if you do this, you may not be able to use the full functionality of this website. Furthermore you can prevent Google’s collection and use of data (cookies and IP address) by downloading and installing the browser plug-in available under

On our mobile app we use Unity3d Analytics, which is a service by Unity Technologies, 30 3rd Street, San Francisco, California, 94103, USA (hereinafter referred to “Unity”). Unity has collected device information, like IP address and device identifiers, as well as events completed or actions taken within the app, including level, number of credits, time it took you to earn them, metadata about in-app communications and the value and details of purchases. Using Unity systems, we have ongoing access to this data. This collection and use of data makes it possible for your experience to operate as expected by permitting you to do things like redeem rewards you have earned or return to where you left off in a rehab session. Other Unity customers may have access to aggregated reports about activity in general across a number of activities. These reports are based, in part, on your activities, but do not specifically identify you or your device. The reports described in this paragraph help us make decisions on optimal methods to run the app we have made for you. For example, we may need to know the types of devices running the app to determine how to support updates on an ongoing basis. Some data collected by Unity Analytics may be used by Unity Ads for personalized advertising. If you are in the EU and do not wish to be targeted in this manner, the first Unity ad you see in an app explains how you can opt-out of data collection in that particular app. You can opt-out then or at any time by clicking or tapping the “ℹ” button (or Data Privacy icon) on any ad you see (the “ℹ” button or Data Privacy icon will also allow you to access the data that is collected about you in that particular app). Also, you may see certain “brand” advertising within the Unity ad network (a brand ad is advertising for products that are not games, such as ads for an airline travel deal or a soft drink). Unity gets these ads from third-party networks. Unity does not permit these third parties to add your app usage to their marketing database, except for a few exceptions, which Unity specifically lists in the Advertising Choices section of their Privacy Policy ( The small subset of third parties listed are clearly noted as being permitted by Unity’s contracts to use the fact that you use the particular Service in their future targeting of ads to you for other non-Unity parties. The remaining parties listed have been clearly noted as not permitted to maintain data about the ad they served you through the Unity network for future use. Please note that if you have told Unity not to target you or you have exercised choices directly with these third parties, this information will not be maintained or used by Unity or these third parties. Please note that if you have elected to not have your data collected by Unity, Unity does not send your advertising identifier to any third party, and you will receive only contextual advertising inside our network. You may also visit the third parties listed in Unity’s Privacy Policy (at the links provided) to see the types of data that these parties have about you based on your device’s advertising identifier. Please review the section “What are my privacy choices for advertising?” to learn more about how to exercise choice with regard to personalized ads.

The data processed by third party services are necessary for the mentioned purposes of the legitimate interests pursued by us or third parties according to Art. 6 para 1 lit f GDPR. 

Do Not Track Signals.

To the extent that we receive any Do-Not-Track signals, we will not comply with them.



Information Shared By You Through The Service

.Patients may share their personal information, including the Data, with Therapists. Likewise, Therapists may share their personal information with Patients. 

Our Personnel.

To be able to effectively provide you with the Service, and to improve the functionality of the Service, we may disclose your information to our personnel, including our employees, contractors, agents and vendors, to the extent that such persons or entities have a need-to-know such information in furtherance of the Service. In the event we charge a Subscription Fee, we may also share information with our vendor who provides payment processing.

Sale of Company or Assets. 

In the event that we sell all or substantially all of our company or its assets, including the user information collected through our Service, we may transfer your information to the acquiring company. However, we will notify you before we do so.

Other Third Parties.

In addition to our practices described above and in accordance with Art. 6 GDPR, we may only share your information if 

a. you have given consent to the disclosure of your personal data for one or more specific purposes;
b. disclosure is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract;
c. disclosure is necessary for compliance with a legal obligation to which we are subject;
d. disclosure is necessary in order to protect your vital interests or of another natural person;
e. disclosure is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
f. disclosure is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of you which require protection of personal data.

We will notify you prior to disclosing your information pursuant to this section.

Aggregated and Anonymized Information.

At times, we may share Patients’ aggregated and anonymized information with third parties.  



Storage, Modifications, and Retention of Your Information. 

We use state-of-the-art administrative, technical, personnel and physical measures to safeguard your personal information against loss, theft or unauthorized use, disclosure or modification. 

We will securely store your personally identifiable information on third-party servers, and will do so for as long as it is needed to provide the Service. Your personal data may be transferred to our service providers located in the United States. We only use US service providers who are participants in the EU – US Privacy Shield, or who have entered into standard contractual clauses with us, or who otherwise qualify under the GDPR to receive transfers of personal data. Currently, we use servers of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399,USA, which is participant in the EU – US Privacy Shield and has entered into standard contractual clauses with us.

We may not know if you have stopped using the Service so we encourage you to contact us if you are no longer using the Service. You can change some of your information through the account settings provided on the Service. If required by applicable law, we may retain your information for such period as may be required by such law. To continue to provide an effective service, we may store non-personally identifiable information perpetually and may anonymize your personally identifiable information and store that anonymized information perpetually. Additionally, we use third party services and do not control their practices related to storage and retention of your information.


We use reasonable efforts to secure your information and to attempt to prevent the loss, misuse, and alteration of the information that we obtain from you. For example, we have implemented a strict data security policy, we train our personnel on privacy issues, we communicate only via https, and we review the privacy practices of new products and services that we integrate into our Service. Relatedly, we require our personnel to sign confidentiality agreements that extend to your personal information. In addition, we store your personal information in locked rooms. We also use reasonable technical safeguards such as secure hosting provided by industry leading third party vendors, to secure your personal information. However, loss, misuse, and alteration may occur despite our efforts to protect your information. We are not responsible to our users or to any third party due to any such loss, misuse, or alteration.

Rights of the User.

At any time, you have the right 

•           to request information as to which of your data we process (Art. 15 GDPR), 
•           to request the rectification or erasure of your data (Art. 16 and Art. 17 GDPR),
•           to restrict the processing of your data (Art. 18 GDPR),
•           to request the transmission of your data (Art. 20 GDPR),
•           to file a complaint with a supervisory authority, in particular the Austrian data protection authority ( or the data protection authority at your place of residence.

You can instruct us to stop processing your data at any time using the following e-mail address: Even if you have agreed to the processing of data in the past, you can revoke such consent at any time (Art. 21 GDPR).

Should you have questions concerning your personal data, please contact us using the following e-mail address:



From time to time, we may receive requests from government agencies to obtain information about our users. In handling such government requests, we greatly value the privacy of your information, however, we may turn over your information in accordance with such requests if we believe such action is warranted. We will notify you prior to disclosing your information pursuant to this section.



Our Service utilizes third party services as part of the functionality of the Service. We may share your information with third parties as explained in this Policy. We have no control over such third parties. We encourage you to review the privacy practices of such third parties. We make no guarantees about, and assume no responsibility for, the information, services, or data/privacy practices of third parties.



We reserve the right to change this Policy from time to time, with prior notice to you. If you continue to use the Service, you consent to the new Policy. We will always have the latest Policy posted on the Service.



If you have any questions or comments about this Policy or our Service, please feel free to contact us by email at



Controller according to Art. 4 GDPR:

Rewellio GmbH 

company register number 466473s of the regional court Wels, 

Technoparkstr. 3/16,4820 Bad Ischl



Mr. Georg Teufl


Data Protection Officer according to Art. 37 GDPR:

x-tention Informationstechnologie GmbH 
Römerstraße 80A, 4600 Wels, Austria 
tel +43 7242 2155-6171, fax +43 7242 2155-6305