Privacy Policy

Last Updated: March 8, 2025

1. Introduction

This Privacy Policy explains how Stem Cell Leads, operated by Performance Marketing Group Limited ("we," "us," or "our"), collects, uses, shares, and protects your personal information when you visit our website, use our services, or interact with us in any way.

Performance Marketing Group Limited is incorporated in the Isle of Man with registered address: 4 Christian Road, Douglas, Isle of Man, IM1 2SD.

Important Note: Stem Cell Leads does not diagnose or treat anyone or provide medical advice. Our service is limited to connecting visitors with clinics that may provide such services. 

This Privacy Policy is designed to comply with the European Union's General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and other applicable privacy laws.

2. Information We Collect

2.1 Categories of Personal Information

We may collect the following categories of personal information:

Identity Data:
- First name and last name
- Date of birth
- Gender

Contact Data:
- Email address
- Telephone numbers
- Postal address

Health Data:
- Information about medical conditions
- Treatment history
- Symptoms
- Health insurance information

Technical Data:
- Internet Protocol (IP) address
- Session and click IDs
- Browser type and version
- Time zone setting and location
- Browser plug-in types and versions
- Operating system and platform
- Device information

Usage Data:
- Information about how you use our website and services
- Pages you visit
- Time spent on pages
- Click patterns
- Form submissions
- Phone call recordings

Marketing and Communications Data:
- Your preferences in receiving marketing from us
- Your communication preferences

2.2 Sources of Personal Information

We collect personal information from the following sources:

- Direct interactions: Information you provide when filling in forms on our website, calling us, creating an account, subscribing to our services, requesting information, or otherwise corresponding with us.
- Automated technologies: As you interact with our website, we automatically collect Technical Data about your equipment, browsing actions, and patterns using cookies, server logs, and other similar technologies.
- Third parties: We may receive personal information about you from various third parties, including analytics providers, advertising networks, data enrichment services and search information providers.

2.3 Call Recording

For quality assurance and training purposes, we may record telephone conversations with our representatives where permitted by applicable laws. US call recording laws vary by state - some states require consent from all parties to a call ('two-party consent states') while others require consent from only one party. You will be notified at the beginning of the call if recording is taking place, and continuing with the call after this notification constitutes your consent to recording.

3. How We Use Your Information

3.1 Purposes for Processing

We use your personal information for the following purposes:

- To provide and maintain our services
- To connect you with appropriate healthcare providers
- To process and fulfill your requests
- To communicate with you about our services
- To personalize your experience on our website
- To improve our website, products, and services
- To measure the effectiveness of our marketing campaigns
- To protect our rights, property, or safety
- To comply with legal obligations

3.2 Legal Bases for Processing (GDPR)

Under the GDPR, we process your personal information based on one or more of the following legal bases:

- Consent: You have given clear consent for us to process your personal information for a specific purpose.
- Contract: Processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
- Legal Obligation: Processing is necessary for compliance with a legal obligation to which we are subject.
- Legitimate Interests: Processing is necessary for our legitimate interests or those of a third party, provided those interests are not overridden by your rights and freedoms. Our legitimate interests include:
  • Improving and personalizing our services
  • Understanding how users interact with our website
  • Preventing fraud and ensuring network security
  • Direct marketing of our services to existing customers
  • Business development and market research
  • Maintaining records of communications for quality assurance
  • Managing our relationship with healthcare providers and service partners

3.3 Special Categories of Data

For health-related data and other special categories of personal information, we will only process such data when:
- You have given explicit consent;
- Processing is necessary to connect you with appropriate licensed healthcare providers;
- Processing is necessary to respond to your inquiries; or
- Processing is necessary for reasons of substantial public interest.

We collect and process this information solely for the purpose of connecting you with appropriate clinics and not for providing medical diagnosis, treatment, or advice.

To protect your sensitive health information, we implement additional safeguards including:
- Restricted access controls so only authorized personnel can access your health information
- Encryption of data both during transmission and at rest
- Regular staff training on handling sensitive information
- Prompt deletion of information when no longer needed for the purposes collected
- Contractual requirements for service providers receiving your information to maintain appropriate security measures

HIPAA Notice: While we collect certain health-related information to connect you with appropriate clinics, Stem Cell Leads is not a covered entity under the Health Insurance Portability and Accountability Act (HIPAA). However, the healthcare providers we connect you with may be HIPAA-covered entities. Once your information is shared with these providers, it may be protected under HIPAA and subject to their Notice of Privacy Practices.

4. Cookies and Similar Technologies

4.1 What Are Cookies

Cookies are small data files that are placed on your device when you visit our website. We use cookies and similar technologies to identify your browser or device, collect information about your use of our website, and enable certain features of our website.

4.2 Types of Cookies We Use

- Essential Cookies: Necessary for the operation of our website.
- Analytical/Performance Cookies: Allow us to recognize and count the number of visitors and see how visitors move around our website.
- Functionality Cookies: Used to recognize you when you return to our website.
- Targeting Cookies: Record your visit to our website, the pages you have visited, and the links you have followed.

4.3 Third-Party Cookies

We use various third-party tools that may set cookies on your device, including:

- Google Analytics
- Google Tag Manager
- Google Ads
- Microsoft Ads
- Facebook/Instagram Ads
- X.com (Twitter) Ads
- YouTube Ads
- Mixpanel
- Segment
- AdRoll
- Pinterest Ads

4.4 Managing Cookies

You can set your browser to refuse all or some browser cookies or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly.

5. Data Sharing and Disclosures

5.1 Categories of Recipients

We may share your personal information with the following categories of recipients:

- Healthcare Providers: To facilitate connections with medical facilities, clinics, licensed healthcare providers and doctors.
- Service Providers: Companies that provide services on our behalf, such as website hosting, IT services, customer service, and marketing assistance.
- Marketing Partners: Companies that help us deliver advertising and marketing campaigns.
- Affiliates: We may share information with our parent company, subsidiaries, and affiliates.
- Legal Authorities: We may disclose your information to comply with the law, enforce our policies, or protect our or others' rights, property, or safety.

5.2 Specific Third Parties

The specific third-party tools we currently use that may receive your data include:
- Facebook and Instagram (Meta Platforms, Inc.)
- X.com (formerly Twitter)
- Google (including but not limited to Google Tag Manager, YouTube, Google Ads, Google Analytics)
- Microsoft Ads
- Databox
- VWO
- Hubspot CRM
- Go High Level CRM
- Swipepages
- Typeform
- Calendly
- Mixpanel
- Segment
- Convertbox
- Adroll Advertising
- Pinterest
- Retreaver Call Tracking

5.3 International Transfers

We may transfer your personal information to countries outside the European Economic Area (EEA), UK, or your country of residence. When we do, we ensure a similar degree of protection by implementing at least one of these safeguards:

- Using appropriate Standard Contractual Clauses in our agreements with third parties
- Transferring to countries with an adequacy decision from the relevant data protection authorities
- For transfers to non-adequate jurisdictions, implementing appropriate supplementary technical, contractual, and organizational measures

Given that our company is based in the Isle of Man, we apply these safeguards consistently for all international data transfers.

You can request further information about the specific safeguards applied to the export of your personal information by contacting us using the details in Section 12.

5.4 Third-Party Payment Processors

When you make payments through our website or services, we use third-party payment processors who collect, use, and process your payment information in accordance with their privacy policies.

We do not store your complete payment account details on our servers. Instead, we only retain limited information as necessary to help with identification and to assist with any payment issues.

The payment processors we work with adhere to industry-standard security protocols. We recommend that you review the privacy policy of our payment processors for more information about their data handling practices.

6. Data Retention

We will only retain your personal information for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information, and whether we can achieve those purposes through other means, and the applicable legal requirements.

7. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information. These may include:

7.1 For European Union and UK Residents (GDPR)

- Right to Access: The right to request a copy of your personal information.
- Right to Rectification: The right to request correction of any inaccurate personal information.
- Right to Erasure: The right to request deletion of your personal information in certain circumstances.
- Right to Restrict Processing: The right to request the restriction of processing of your personal information.
- Right to Data Portability: The right to request the transfer of your personal information to you or a third party.
- Right to Object: The right to object to processing of your personal information based on legitimate interests or direct marketing.
- Rights Related to Automated Decision-Making: The right not to be subject to a decision based solely on automated processing.

7.2 For California Residents (CCPA/CPRA)

- Right to Know: The right to request information about the personal information we collect about you and how we use and disclose that information.
- Right to Delete: The right to request the deletion of your personal information, subject to certain exceptions.
- Right to Correct: The right to request correction of inaccurate personal information.
- Right to Opt-Out of Sales/Sharing: The right to opt-out of the sale or sharing of your personal information for cross-context behavioral advertising.
- Right to Limit Use and Disclosure of Sensitive Personal Information: The right to limit the use and disclosure of sensitive personal information.
- Right to Non-Discrimination: The right not to be discriminated against for exercising your CCPA rights.

7.3 How to Exercise Your Rights

To exercise any of the above rights, please contact us using the contact information provided in Section 12. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal information (or to exercise any of your other rights).

8. Children's Privacy

Our services are not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that a child has provided us with personal information, we will take steps to delete such information. If you become aware that a child has provided us with personal information, please contact us.

9. Data Security

We have implemented appropriate technical and organizational measures to protect your personal information from accidental loss, unauthorized access, use, alteration, and disclosure. However, the transmission of information via the internet is not completely secure. While we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our website.

For our US users, we implement data security practices that align with FTC guidelines and applicable state data breach notification laws. In the event of a data breach affecting US residents, we will provide notification in accordance with applicable state and federal requirements.

10. Do Not Track Signals

Some browsers have a "Do Not Track" feature that lets you tell websites that you do not want to have your online activities tracked. We currently do not respond to "Do Not Track" signals.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by an updated "Last Updated" date at the top of this Privacy Policy. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.

12. Contact Information

If you have any questions about this Privacy Policy or our privacy practices, please contact us at:

Performance Marketing Group Limited
4 Christian Road
Douglas, Isle of Man, IM1 2SD

Email: info@performancemarketinggroupltd.com
Phone: +1 (888) 665-2117

12.1 Data Protection Representative

For individuals in the European Union, our data protection representative can be contacted at:
info@performancemarketinggroupltd.com

12.2 Complaints

If you have a complaint about our handling of your personal information, please contact us first. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

13. Specific California Privacy Disclosures

13.1 California Shine the Light Law

California's "Shine the Light" law (Civil Code Section § 1798.83) permits users of our website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please contact us using the information in Section 12.

13.2. California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA) Disclosures

We have collected the following categories of personal information from consumers within the last twelve (12) months:
- Identifiers (such as name, address, email)
- Personal information categories listed in the California Customer Records statute
- Protected classification characteristics under California or federal law
- Commercial information
- Internet or other similar network activity
- Geolocation data
- Audio, electronic, visual information (including call recordings)
- Professional or employment-related information
- Inferences drawn from other personal information

13.2.1 Sale or Sharing of Personal Information

California law requires that we provide transparency about personal information we "sell" or "share" (as those terms are defined under California law). We may "share" certain personal information for cross-context behavioral advertising purposes with our marketing partners listed in Section 5.2. You have the right to opt out of this sharing.

13.2.2 Use of Sensitive Personal Information

We may use sensitive personal information (such as health information) for purposes specified in the CPRA regulations, including to provide the services you have requested and to ensure security and integrity.

13.2.3 Retention Periods

We retain the categories of personal information described in this Privacy Policy for as long as necessary to fulfill the purposes for which we collected it, as described in Section 6.

To opt out of the sharing of your personal information for cross-context behavioral advertising purposes, please visit our "Do Not Sell or Share My Personal Information" link on our homepage or contact us using the information in Section 12.

14. Additional US Privacy Considerations

14.1 CAN-SPAM Act Compliance
For US residents, we comply with the CAN-SPAM Act regarding commercial communications. All marketing emails sent by us include an unsubscribe option, and we honor opt-out requests promptly. We will not:

Use false or misleading subject lines or email addresses
Use harvested email addresses
Sell or transfer email addresses (except as permitted in this Privacy Policy)
Generate messages across multiple email accounts if the action is intended to deceive recipients
Include deceptive headers or routing information

For text messaging, we comply with the Telephone Consumer Protection Act (TCPA) and will only send SMS messages with your prior express consent.

14.2 State-Specific Privacy Rights
In addition to the California privacy rights detailed above, residents of other states may have additional rights under their state's privacy laws, including:

 - Virginia (Consumer Data Protection Act)
 - Colorado (Colorado Privacy Act)
 - Connecticut (Connecticut Data Privacy Act)
 - Utah (Utah Consumer Privacy Act)
 - Texas (Texas Data Privacy and Security Act)

These laws may provide you with rights to access, delete, correct, or opt out of the sale/sharing of your personal information. If you are a resident of one of these states, please contact us to exercise your rights using the contact information provided in Section 12.

15. SMS Terms

When opted-in, you will receive text messages (SMS/MMS) to your mobile number. These kinds of messages may include offers, coupons, or other information as well as replies to any questions or conversations you start.

You can opt-out of this service at any time. Just text “STOP” to the phone number. After you text “STOP” to us, we will send you an SMS reply to confirm that you have been unsubscribed. After this, you will no longer receive SMS messages from us. If you want to join again, just sign up as you did the first time or text “START,” and we will start sending SMS messages to you again.

If you are experiencing any issues, you can reply with the keyword HELP. Or, you can get help directly from us.
Carriers, such as AT&T, are not liable for delayed or undelivered messages.

Message and data rates may apply for any messages sent to you from us and to us from you. You should expect to receive from 1-20 messages per month from us. It may be more if we have a conversation by text.

If you have any questions about your text plan or data plan, please contact your wireless provider.

If you have any questions regarding privacy, please read our privacy policy on this page.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the "Last Updated" date.

17. Acceptance of These Terms

By using our website and services, you signify your acceptance of this Privacy Policy. If you do not agree to this Privacy Policy, please do not use our website or services.