1. PURPOSE OF POLICY
2. INFORMATION WE COLLECT AND HOW WE USE IT
Required Information You Voluntarily Provide Us.
When you sign up for an account through the Service, you will be required to provide us with various information that is, or may be, considered personally identifiable information.
For Patients, this information may include:
– your first and last name;
– your telephone number;
– your date of birth;
– your sex;
– your preferred language;
– your email address;
– your physical or mailing address;
– your therapist / therapy institution and
– certain medical information, including any diagnosis you have been given and any existing course of therapy to treat such diagnosis.
For Therapists, this information may include:
– your first and last name and name of the therapy institution you work at;
– your address;
– your telephone number;
– your date of birth;
– your preferred language; and
– your email address.
The collection and processing of this data is necessary in order to provide the Service. We will automatically delete this information if the collection and processing is not necessary anymore in order to provide the Service. The collection of data is based on on Art. 6 para 1 lit b GDPR (necessary for the performance of a contract).
Information We Collect With Your Permission as You Use the Service.
We will automatically delete this information if the collection and processing is not necessary anymore in order to provide the Service.The collection of data is based on on Art. 6 para 1 lit a GDPR (prior given consent).
How We Use Your Information
We automatically collect certain information about you as you use the Service, including, without limitation, through cookies on the rewellio website and in-app tracking when you use our App. This may include information about the way you use the Services, the parts of our Services you use and third party apps or websites you visit when you leave our Services.
We will collect this data in order to:
– be able to provide our website and our app and in order to improve and develop our website and app;
– create a user analysis;
– identify, prevent and investigate attacks on our website and our app; and
– reply to your requests.
The data processed by cookies are necessary for the mentioned purposes of the legitimate interests pursued by us or third parties according to Art. 6 para 1 lit f GDPR.
Other Anonymous Data We Collect.
The data processed by third party services are necessary for the mentioned purposes of the legitimate interests pursued by us or third parties according to Art. 6 para 1 lit f GDPR.
Do Not Track Signals.
To the extent that we receive any Do-Not-Track signals, we will not comply with them.
3. HOW WE SHARE YOUR INFORMATION
Information Shared By You Through The Service
.Patients may share their personal information, including the Data, with Therapists. Likewise, Therapists may share their personal information with Patients.
To be able to effectively provide you with the Service, and to improve the functionality of the Service, we may disclose your information to our personnel, including our employees, contractors, agents and vendors, to the extent that such persons or entities have a need-to-know such information in furtherance of the Service. In the event we charge a Subscription Fee, we may also share information with our vendor who provides payment processing.
Sale of Company or Assets.
In the event that we sell all or substantially all of our company or its assets, including the user information collected through our Service, we may transfer your information to the acquiring company. However, we will notify you before we do so.
Other Third Parties.
In addition to our practices described above and in accordance with Art. 6 GDPR, we may only share your information if
a. you have given consent to the disclosure of your personal data for one or more specific purposes;
b. disclosure is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract;
c. disclosure is necessary for compliance with a legal obligation to which we are subject;
d. disclosure is necessary in order to protect your vital interests or of another natural person;
e. disclosure is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us;
f. disclosure is necessary for the purposes of the legitimate interests pursued by us or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of you which require protection of personal data.
We will notify you prior to disclosing your information pursuant to this section.
Aggregated and Anonymized Information.
At times, we may share Patients’ aggregated and anonymized information with third parties.
4. STORING YOUR INFORMATION
Storage, Modifications, and Retention of Your Information.
We use state-of-the-art administrative, technical, personnel and physical measures to safeguard your personal information against loss, theft or unauthorized use, disclosure or modification.
We will securely store your personally identifiable information on third-party servers, and will do so for as long as it is needed to provide the Service. Your personal data may be transferred to our service providers located in the United States. We only use US service providers who are participants in the EU – US Privacy Shield, or who have entered into standard contractual clauses with us, or who otherwise qualify under the GDPR to receive transfers of personal data. Currently, we use servers of Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399,USA, which is participant in the EU – US Privacy Shield and has entered into standard contractual clauses with us.
We may not know if you have stopped using the Service so we encourage you to contact us if you are no longer using the Service. You can change some of your information through the account settings provided on the Service. If required by applicable law, we may retain your information for such period as may be required by such law. To continue to provide an effective service, we may store non-personally identifiable information perpetually and may anonymize your personally identifiable information and store that anonymized information perpetually. Additionally, we use third party services and do not control their practices related to storage and retention of your information.
We use reasonable efforts to secure your information and to attempt to prevent the loss, misuse, and alteration of the information that we obtain from you. For example, we have implemented a strict data security policy, we train our personnel on privacy issues, we communicate only via https, and we review the privacy practices of new products and services that we integrate into our Service. Relatedly, we require our personnel to sign confidentiality agreements that extend to your personal information. In addition, we store your personal information in locked rooms. We also use reasonable technical safeguards such as secure hosting provided by industry leading third party vendors, to secure your personal information. However, loss, misuse, and alteration may occur despite our efforts to protect your information. We are not responsible to our users or to any third party due to any such loss, misuse, or alteration.
Rights of the User.
At any time, you have the right
• to request information as to which of your data we process (Art. 15 GDPR),
• to request the rectification or erasure of your data (Art. 16 and Art. 17 GDPR),
• to restrict the processing of your data (Art. 18 GDPR),
• to request the transmission of your data (Art. 20 GDPR),
• to file a complaint with a supervisory authority, in particular the Austrian data protection authority (www.dsb.gv.at) or the data protection authority at your place of residence.
You can instruct us to stop processing your data at any time using the following e-mail address: email@example.com. Even if you have agreed to the processing of data in the past, you can revoke such consent at any time (Art. 21 GDPR).
Should you have questions concerning your personal data, please contact us using the following e-mail address: firstname.lastname@example.org
5. GOVERNMENT REQUESTS
From time to time, we may receive requests from government agencies to obtain information about our users. In handling such government requests, we greatly value the privacy of your information, however, we may turn over your information in accordance with such requests if we believe such action is warranted. We will notify you prior to disclosing your information pursuant to this section.
6. THIRD PARTY SERVICES AND PRACTICES ARE BEYOND OUR CONTROL
Our Service utilizes third party services as part of the functionality of the Service. We may share your information with third parties as explained in this Policy. We have no control over such third parties. We encourage you to review the privacy practices of such third parties. We make no guarantees about, and assume no responsibility for, the information, services, or data/privacy practices of third parties.
7. CHANGES TO THIS POLICY
We reserve the right to change this Policy from time to time, with prior notice to you. If you continue to use the Service, you consent to the new Policy. We will always have the latest Policy posted on the Service.
8. PLEASE REACH OUT TO US WITH ANY QUESTIONS OR FEEDBACK
If you have any questions or comments about this Policy or our Service, please feel free to contact us by email at email@example.com
9. CONTROLLER CONTACT DETAILS
Controller according to Art. 4 GDPR:
company register number 466473s of the regional court Wels,
Technoparkstr. 3/16,4820 Bad Ischl
Mr. Georg Teufl
Data Protection Officer according to Art. 37 GDPR:
x-tention Informationstechnologie GmbH
Römerstraße 80A, 4600 Wels, Austria
tel +43 7242 2155-6171, fax +43 7242 2155-6305