Privacy Policy

Last updated: 12.01.2026

The protection of your personal data is of particular importance to us. This Privacy Policy explains how STEM Cell Vienna processes personal data in accordance with the General Data Protection Regulation (GDPR) and applicable Austrian data protection laws.

1. Data Controller

Regenerative Medical Association

Gölsdorfgasse 4, 1010 Vienna, Austria

Email: contact@stemcellvienna.com

Phone: (+43) 676 433 6625

Website: www.stemcellvienna.com

2. Scope of Application

This Privacy Policy applies to the processing of personal data through our website and all related online services, including contact forms, medical evaluation forms, and technical tracking systems.

3. Hosting & Server Log Files

Our website is hosted by:

World4You Internet Services GmbH (Austria)

When you visit our website, the hosting provider automatically collects and stores the following information in server log files:

• IP address

• Date and time of access

• Browser type and version

• Operating system

• Referrer URL

This data is processed solely to ensure system security, stability, and technical optimization.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest).

4. Cookies & Consent Management

We use cookies to ensure proper website functionality and to analyze user behavior.

Cookie Consent Tool: CookieYes
When you first visit our website, you are asked for consent to store cookies. Your consent preferences are stored and can be modified at any time.

Legal basis: Art. 6(1)(a) GDPR (consent), Art. 6(1)(f) GDPR (technical necessity)

5. Web Analytics & Advertising Tools

Google Analytics 4 (GA4)

Used to analyze website usage behavior. Data is processed in anonymized form where possible.

Google Tag Manager (GTM)

Used for managing tracking scripts. GTM itself does not store personal data.

Google Ads (Conversion Tracking)

Used to measure advertising effectiveness.

Meta (Facebook) Pixel

Used for remarketing and tracking user interaction with advertisements.

Data may be transferred to servers outside the EU (USA). Google and Meta are certified under applicable data transfer safeguards such as Standard Contractual Clauses (SCCs).

TikTok Pixel

Used for tracking user interactions with advertisements and measuring campaign performance.

Legal basis: Art. 6(1)(a) GDPR (consent)

6. Contact Forms & Medical Evaluation Forms

Our website provides multiple forms through which users may submit:

• Contact inquiries

• Appointment or consultation requests

• Medical history and diagnostic documents

• Medical images or reports

Processed Data May Include:

• Name, email, phone number

• Health and medical information

• Uploaded medical files

Purpose of Processing:

• Responding to inquiries

• Evaluating medical cases

• Preparing treatment recommendations

• Communication related to medical services

Legal basis:

• Art. 6(1)(b) GDPR (pre-contractual processing)

• Art. 9(2)(a) GDPR (explicit consent for health data)

Medical data is treated with strict confidentiality and processed exclusively by authorized medical professionals.

7. Email Communication

All email communication is handled via Microsoft Outlook. Personal data transmitted by email is processed solely for communication purposes and stored securely according to applicable legal retention requirements.

8. Third-Party Content & External Services

Google Maps

Used to display location data on our website. When accessed, your IP address may be transmitted to Google.

Embedded Media & Social Media

Our website may contain content from external platforms such as YouTube or social media services, which may process personal data independently.

Legal basis: Art. 6(1)(a) GDPR (consent)

9. Data Retention Periods

In the absence of specific statutory obligations, the following retention periods apply:

• General contact inquiries: up to 3 years

• Medical evaluation data: according to applicable medical documentation obligations (minimum 10 years)

• Technical server logs: up to 30 days

• Marketing and analytics data: according to tool-provider standards or until consent is withdrawn

Data is deleted as soon as the purpose of processing no longer applies or legal obligations expire.

10. Data Transfers Outside the EU

Some service providers (Google, Meta) may process data in third countries, particularly the United States. These transfers are safeguarded through Standard Contractual Clauses (SCCs) approved by the European Commission.

11. Your Rights Under GDPR

You have the right to:

• Access your personal data (Art. 15 GDPR)

• Rectification of inaccurate data (Art. 16 GDPR)

• Erasure (“Right to be forgotten”) (Art. 17 GDPR)

• Restriction of processing (Art. 18 GDPR)

• Data portability (Art. 20 GDPR)

• Objection to data processing (Art. 21 GDPR)

• Withdrawal of consent at any time (Art. 7 GDPR)

Requests can be sent to: contact@stemcellvienna.com

12. Right to Lodge a Complaint

You have the right to lodge a complaint with the competent supervisory authority:

Austrian Data Protection Authority (Datenschutzbehörde)
Barichgasse 40–42
1030 Vienna, Austria
www.dsb.gv.at

13. Data Security

We apply appropriate technical and organizational security measures to protect your personal and medical data against manipulation, loss, unauthorized access, and disclosure.

14. Changes to This Privacy Policy

We reserve the right to modify this Privacy Policy to ensure legal compliance. The current valid version is always available on our website.