This Protection of Personal Data document is written in English and Czech. In any case of a dispute, the Czech language version takes precedence over the English language version.
Tento dokument o Ochraně Osobních Údajů je napsán v angličtině a češtině. V každém případě má česká jazyková verze přednost před anglickou jazykovou verzí.
English Language – Anglicky
PROTECTION OF PERSONAL DATA
● Make it easier for you to understand what data we store and how we work with it
● They give you more control over your data
● Provide you with a detailed explanation of your rights as a user.
mySASY a.s. Mozolky 2569/54, Žabovřesky, 616 00 Brno, Czech Republic (hereinafter “mySASY”), e-mail address: email@example.com (hereinafter referred to as “e-mail address”) handles your personal information when you use our applications mySASYtraining and MyAge.health (hereinafter referred to as “applications”) or websites (hereinafter referred to as “websites” and together with applications “products”). The processing of your personal data is regulated in particular by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46 / EC (General Data Protection Regulation) (hereinafter “GDPR”)
In general, mySASY is the manager of personal data. You can contact us by e-mail at the address given.
2.2 Commissioner for Personal Data Protection
You can contact our Privacy & Personal Data Officer at the given e-mail address. If you have any questions regarding the processing of your personal data, please do not hesitate to contact him.
3.1 In General
mySASY processes certain data, including personal data, that you make available to us as a user of the products, for example through the use of our products, and which are provided to us by other persons (hereinafter “data”).
3.2 Categories of personal data
These are the categories of personal information we may collect directly or indirectly from you:
Identification data – includes: name (first name, surname), date of birth, e-mail address, gender, telephone number, region of occurrence and use of applications, profile photo, unique consumer identification number (including mySASY membership number), social media identifiers and the information passed to us through your Facebook or Google account and the gift card codes assigned to you. We use them to verify your identity.
Contact information – includes: phone number, shipping and billing address, email address, Messenger ID, social media descriptor, any other communication channel you have used to contact us to obtain additional information. We use them for different reasons according to the purpose.
Size information – includes: height, weight, we use them to operate our products and to make calculations and recommendations that will fit you.
Purchase information – includes: payment provider, duration of registration with mySASY, price, currency, VAT (according to country information). We use payment providers to process payments. Although we do not store credit card information ourselves, we do store the payment identification number provided by the appropriate provider (e.g. Apple, Google, PayPal) and which may be assigned to you. We use this to process your payments.
Behavior and profile information – includes: mySASY’s shopping history, shopping preferences, in-store interactions, product reviews, social media interactions with us, and any other information we have about you that helps us get to know you better as a consumer, including “community information”. We use them to get to know you better as a consumer and to send you marketing messages only with those products and services that we think may be of interest to you.
Community information – includes: information about mySASY community followers, information you provide when participating in various mySASY events and groups / communities either as a coach, team member, participant or promoter of our events, including for example: pictures, videos, your team, interests and preferences, your opinions, rankings, attendance at events, groups you have joined, and registration information. We use community information to run our products, organize events and communities, and connect you with other members within our communities.
Social media information – includes: information obtained through your interactions with us on various social media channels such as Facebook, Instagram, Google, etc., including: any publicly available social media information such as your social media management, social media interactions, and public posts, your likes and other reactions, your social media links, your photos that are public or that you send us by mentioning us or following our social media posts using “handles” or “hashtags”. We obtain this information from a social media network (e.g. Facebook, Snapchat, Instagram, etc.) directly or indirectly through independent agencies with which we have a contract.
Device Information – includes: information about your device or browser that will give us an idea of your behavior when viewing or using the device. Device information is collected through our applications and browser information is collected through our cookies, tags and pixels. This is often required for network security. These include, for example, IP address, date and time of visit, how long you stayed on our website, amount of data transferred, recommended URL (if you went to our site from another site or advertisement), pages visited on our website, type of your browser (including browser software language and version) and add-ons, device identifier and properties, device type, version, operating system.
Activity information – includes: activity data (e.g., activity start and end time, activity type, sports category), sensor data (this includes, but is not limited to: goal target, duration, distance, and calories), and other information about your fitness application. We use them to run our products so we can improve your performance goals and user experience and determine which products might be best for you based on your activity.
Information on preferences – includes: preferred language, place of registration, units (distance, weight, temperature), personal goals and motivations (e.g. how much to run per year, target weight), information about the training plan (e.g. start date, training plan, related fitness activities) and your reviews of mySASY products. We use them for your convenience when visiting or shopping on our websites and in applications.
3.3 Data from other entities
Registration via Facebook or GoogleIf you register your mySASY account via the social network, we will receive the following information:
3.3.1. Facebook Inc. (1601 South California Avenue, Palo Alto, CA 94304, USA, hereinafter referred to as “Facebook” ): First name and surname, e-mail address, gender, date of birth, profile photo;
3.3.2. Google Inc. (1600 Amphitheater Parkway, Mountain View, CA 94043, USA, hereinafter referred to as “Google” ): First and last name, email address, gender, date of birth, profile photo;
3.3.3. Apple Inc. (1 Infinite Loop, Cupertino, CA 95014 , USA, hereinafter “Apple” ): First and last name, email address, gender, date of birth, profile photo.
Import fitness activity information from linked accounts
In general. We offer automatic import of fitness activity information from other platforms such as Strava.com, Garmin, Nokia Health (Withings) and Fitbit. To import this data, you must explicitly agree in advance to link your account on these platforms to your mySASY account.
Apple HealthKit. We use the Apple HealthKit framework (more information here), which provides a central repository of health and fitness data on iPhones and Apple Watch, and – with the express consent of the user – allows applications to communicate with the HealthKit store and access and share data. We process the following data obtained through the HealthKit interface and the Apple CoreMotion application (more information can be found here) for the purposes described below and with the express consent of the user: steps, calories, distance, duration and heart rate. New data properties can be added to the HealthKit interface, which will be included in the product and you must agree with it. mySASY and mySASY analytics service providers can analyze engagement data for research purposes to provide a personalized experience and motivation for healthy habits. mySASY does not use information obtained through the HealthKit interface for advertising or similar services. You can always deny mySASY access to your data by changing your mobile device settings.
Google Fit. We use the Fit SDK from Google (more information can be found here), ie an open platform that allows users to control their fitness data. We process the following data obtained through the Google Fit SDK for the purposes described below and with the express consent of the user: steps, calories, distance, duration and heart rate. New data properties can be added to the Google Fit interface, which will be included in the product and you must agree with them.
3.4 Use of the Service
Firebase and Google Analytics for Mobile
In general. We use Firebase from Google (more information here) and Google Analytics for Mobile (more information here) for iOS and Android applications . User data is transmitted to Google in an anonymized form. Our Mobile Analytics applications use mobile ID, including Google Advertising ID (“GAID”) and ID for Advertising for iOS (“IDFA”), as well as cookie-like technologies. Purpose. We use Firebase and Google Analytics to analyze and continually improve the use of our products. With statistics, we are able to improve our services and make them more attractive to users. The basis for data processing is our legitimate interests.
Event tracking in mySASY
When you use our products, we collect information about certain events (eg opening an application, starting a sports activity, visiting our website) and sending it to our servers. This allows us to analyze and continuously improve the use of our products.
We use Facebook Analytics for iOS and Android applications (more information can be found here). This allows us to track and analyze which marketing channels or resources in conjunction with Facebook produce the best results to direct users to download products and to help us understand how users use our application. For this purpose, Facebook Analytics processes mobile identifiers, such as IDFA, GAID or similar mobile identifiers. More information about Facebook Analytics can be found here. The basis for data processing is our legitimate interests.
For iOS and Android applications, we use Rollbar.com application tools, which allow us to get more technical information about application crashes and crashes. Reports obtained by Rollbar.com are anonymous, so they are not associated with a specific user profile. They contain information about the type of operating system of the mobile device, the time of the event, the type and brand of the mobile device and its basic settings.
We use Smartlook.com to record user behavior while using mySASY mobile and web applications. These are image records stored on the provider’s server, which are not linked to the profile of the registered user and are therefore anonymous from this point of view.Smartlook also allows us to track usage statistics for some application features in aggregate form.
3.5 Cookies and similar technologies
4.1. Operation of products
mySASY processes your data to provide you with a seamless user experience when using the products.Provision of services. Operation of products and provision of services, including
4.1.1. account access verification;
4.1.2. monitoring and displaying your health and fitness activities;
4.1.3. displaying training progress and statistics
Global authentication data for all mySASY platforms. We know you don’t like to remember usernames and passwords, and you don’t like re-registering. To enable our users to log in to all platforms, portals, services, communities and applications operated by or on behalf of mySASY personal data managers (which includes applications and services) (“mySASY platforms”) using a single set of credentials (“mySASY login”), We store your mySASY login on the mySASY global authentication platform. If you use mySASY login to access any mySASY platform, we will use a token to verify your identity from the mySASY global authentication platform. This also ensures the security of our network and domain. The basis for data processing is our legitimate interests. Customer support. In order for us to investigate, respond to requests and resolve complaints and problem services, such as contacting you with a question you have submitted to our customer service team.
4.2. Business needs
We process your data to manage our business needs.
Performance. We process data to monitor, analyze and improve the use of our products and to protect the security or integrity of products and their performance and functionality. For example, we analyze user behavior and examine how you use our products.
Research and Development. We process data, including public feedback, to conduct research to further develop our products, to offer you and others a better, more intuitive and personalized experience, and to support user growth and engagement with products.
Marketing in general. We process data for the delivery of (customized) marketing materials about mySASY products and online services.
Marketing via email / push messages. with your consent, mySASY will send you marketing emails or push messages with information on fitness and health topics and mySASY products.
We would like to inform you that we assess your user behavior when reading e-mails using so-called web beacons or tracking pixels. The information created in this way will then be combined with the information obtained in section 3.2 Categories of personal data, your e-mail address and personal ID. With the data combined in this way, we can create a user profile that allows us to personalize our marketing emails / push messages. We collect information about your clicks on our emails, which you click on, and combine this with your actions in the product.
We store and use personal data for the purposes of e-mail marketing or marketing on the mySASY website. You can revoke your consent to marketing emails and push messages at any time by clicking on the link at the end of the email or by changing your device settings for push messages. We store tracking data for as long as you have subscribed to our marketing emails.
Targeted messages on a third-party advertising platform.
mySASY uses third party advertising platforms, such as (but not limited to) Facebook, Google, YouTube, Instagram, Twitter, Snapchat, Pinterest to send messages that are targeted to you based on your behavior and browsing patterns, at certain times and locations, to increase the effectiveness of our advertising campaigns. mySASY uses third-party solutions such as Google Audience and Facebook Audience (but not exclusively) to help better target our campaigns and messages to our consumers. Your personal data (see 3.2 Personal Data Categories) is shared with third-party advertising platforms, which will try to compare your profile in their database and determine the optimal time and place (eg the page you are viewing) to display mySASY ads. We also need to analyze the necessary information to understand the effect of our campaigns. Even if you do not agree that we use and share your personal information for this purpose, you will still see random mySASY ads on other platforms.
You can learn more about how our advertising partners help us achieve this goal on their website:
Adform Publisher Policies: https://site.adform.com/policies/policies-and-guidelines/publisher-policies/
Scope of the principles of personal data protection Seznam.cz: : https://o.seznam.cz/ochrana-udaju/
Facebook Custom Audience Terms: https://www.facebook.com/legal/terms/customaudience
Facebook Lookalike Target Groups: https://www.facebook.com/business/help/164749007013531
Google Ads Policy: https://support.google.com/adspolicy/answer/6020956
Google Personalized Advertising: https://support.google.com/adspolicy/answer/143465
The basis for processing your individual data is your consent to marketing. You can log out at any time in the privacy settings. After you log out, it may take a few days for you to be removed from all audiences.
4.3. Compliance and enforcement
Following the regulations. We process your data in compliance with our obligations and all applicable laws and regulations.
5.1 In General
We share data with third parties
● if necessary for the purposes,
● based on the requirements of state authorities,
● based on a court decision,
● if required by law,
● if necessary for the investigation or defense of claims or allegations made by third parties,
● to exercise or protect the rights and security of mySASY, our members, employees, or
● if you have (explicitly) agreed to this in advance.
We strive to notify you of legal requests for your information whenever it is in our opinion, unless prohibited by law or court order, or unless it is an urgent request. We may object to such claims if we believe that such claims are excessive, indeterminate, or without proper authorization. Special categories of personal information, such as heart rate information, will never be shared with advertisers or similar companies.
5.2 Our services
Profile. All profiles are set to private, so they are not shared with other users.
Heart rate monitoring. Health information collected and stored by the application is not shared with other users.
HealthKit. If the registered user expressly agrees, mySASY may share the registered user data obtained through the HealthKit interface with a third party for medical research.
5.3 Services you can use
mySASY allows you to connect to third party services. For example, it allows you to link other accounts to a profile or share activities.
Health and fitness services. mySASY transfers your information to other health and fitness services, such as Apple HealthKit, Google Fit, only with your explicit consent to the transfer when you connect to those services.
5.4 Services providers
Service providers. We share information with others who help us offer and improve our products (eg maintenance, analysis, audit, payments, fraud detection, marketing and development). Service Providers will have access to your information to a reasonable extent to enable them to perform these tasks on our behalf and may not disclose or use it for any other purpose. We use processors such as Adjust, Google, Facebook, Microsoft Azure, Rollbar.com, Smartlook.com, Amazon Web Services, Inc.
5.5 3rd parties with access to your data
As mentioned in sections 5.1 to 5.4, your personal information may be provided to various organizations. For additional information on the categories of your personal data that may be provided to various 3. parties, please see section Third Party Cookies within this document.
5.6 Data sales
We do not sell any of your personal data to third parties.
6.1 Archiving time
We need to keep your data for the entire period when you have an account with us. If you are an EU user and stop using our services without requesting the deletion of your data, we will continue to store it indefinitely from your last interaction with any mySASY contact point. Furthermore, we only store data if this is required by law (due to warranty, restrictions or archiving time) or otherwise required.
6.2 Delete account
If you choose to delete your account, all personal information mySASY about you will be anonymized.The request for removal does not concern data the storage of which is required by law, for example for accounting purposes.
7.1 Exercise your rights
To exercise your rights as defined in sections 7.2 to 7.8, please send the request by e-mail to our e-mail address or by post to our postal address.
7.2 Withdrawal of consent
You can revoke the consent – in cases where consent to the processing is necessary – for future processing of the data at any time. However, this does not affect the lawfulness of the processing of data on the basis of a pre-appeal consent. In certain cases, we may continue to process your data even after the consent has been withdrawn, if we have a different legal basis or if the withdrawal of the consent has been limited to certain procedural activities.
7.3 Right of access
You have the right to (i) confirm whether or not we are processing your data and, if so, (ii) more specific data information. More specific information concerns, inter alia, the purposes of the processing, the categories of data, the potential recipients or the length of storage.
7.4 Right to redress
You have the right to obtain from us the correction of inaccurate data concerning you. If the data processed by us is incorrect, we will correct it without delay and we will inform you about this correction. Please note that (i) you can correct many of your data in the settings and (ii) it is not technically possible for us to correct all types of data in the product.
7.5 Right to delete
You have the right to delete the data we hold about you. If you decide to do so, please contact us via e-mail. As a security precaution, we will send you an email to confirm the removal. After this confirmation, we will delete your data. Please note that data may still be stored on your phone after you delete your account.
7.6 Right to restrict processing
You have the right to obtain from us restrictions on the processing of your data in the following cases:
7.6.1. make a request under paragraph 7.4 if required;
7.6.2. in your opinion, the processing of your data is illegal, but you are against deleting the data;
7.6.3. you require information on the filing, enforcement or defense of legal claims; or
7.6.4. you have objected to the processing pursuant to paragraph 7.8.
7.7 Right to data portability
You have the right to (i) obtain a copy of your data in a structured, commonly used and machine-readable format and (ii) pass this data on to another supervisory authority without our permission. You can request a copy of your details by e-mail to your e-mail address or by post to our postal address.
7.8 Right to object
You have the right at any time to object to the processing of data for which our legitimate interests have a legal basis, including profiling under these provisions. You also have the right to object to the processing of data for direct marketing purposes.
7.9 Right to file a complain
You have the right to complain to the local supervisory authority if you think that the processing of data violates the relevant law.
8.1 Support in the law
Under data protection laws, we are permitted to collect and process your data if we have legal support for processing. The lawfulness of data processing is based on:
8.1.1. your (express) consent in cases where you have given your (express) consent to processing;
Our legitimate interests include protecting you, mySASY or others from security threats or fraud in accordance with all applicable laws, managing and improving our business (eg customer service, reporting) including possible corporate transactions (eg mergers and acquisitions), enabling users Share and connect through your fitness experiences and express yourself to fitness and health.
8.2 Security precautions
We are firmly committed to protecting your data and to take appropriate technical and organizational security measures to protect against any unauthorized or illegal treatment and against unintentional loss, destruction or damage. These security measures are constantly being revised to keep pace with the latest technological innovations.
9.1 In General
We regularly review and update our privacy policies to reflect changes in day-to-day business operations. You can always check the date of the privacy notice to see when we made the latest changes. We’ll let you know if we make significant changes that you need to know about.
9.2 Date of last update
Customer service questions:
Please send your questions, complaints and requests to the email address or postal address below:
779 00, Olomouc
Czech Office for Personal Data Protection
+420 234 665 800
Lt. Col. Sochora 27
170 00 Prague 7
11.1 What are cookies?
In this section, for simplicity, we use the term “cookies” as a common term for the cookies themselves, flash cookies (so-called local shared objects) and techniques of so-called web beacons.
11.2 What different types of cookies do we use?
There are several different types of cookies for different uses (see below for details). Some are only used to allow your visits to the mySASY website and to display certain functional elements. Others tell us about your browser experience, so if you have a problem displaying what you are looking for, they will give us an impetus to improve the quality and ensure the most pleasant visit in the future. There are also cookies tied to advertising purposes during your visits to the mySASY website and your future visits to other websites.
11.3 First-party and third-party cookie files
The cookies set by mySASY are called “first party cookies”. Cookies stored by parties other than us are “third party cookies” and allow these parties to collect information about you while you are using the mySASY website. The information they collect may be related to your personal information or may collect information (including personal information) about your online activities during the time spent on various sites and when using other online services. Such information may be used by such parties to offer you advertising (interest-oriented, or behavioral advertising) or other targeted content, depending on your interests. We have no influence on the tracking technologies of these third parties or how they can be used. If you have any questions regarding advertising and other targeted content, you will need to contact the appropriate provider directly. You can find an up-to-date list of third-party cookies, including the purpose of such cookies and the possibility of revoking your consent to them, in the Third-party cookies section.
11.4 Various types of cookies
Below you can see an overview of the different types of cookies we use and why:
11.4.1 Cookies required
They are essential and help you navigate and navigate the website and display certain functional elements. These cookies are necessary to ensure the key functionality of the site, for example when logging in to your account. No consent is required to use the necessary cookies.
11.4.2 Functional and analytical cookies
are used for performance measurement and analysis. It is used to improve the mySASY website and to display relevant content for you. To ensure this, we collect information about your browsing and your interaction with the mySASY website. We place these cookies either by ourselves or by a third party on our behalf.
11.4.3 Cookies for advertising and social media
● help us in marketing activities. These cookies allow us to share information with the advertiser with us, for example, about what you like, so that the ads that are displayed to you correspond to your preferences (sometimes also referred to as “targeted cookies”).
● help us understand the behavior of our visitors. This allows us to continually improve our services to make their use more convenient and enjoyable, as well as to improve our marketing communications (sometimes referred to as “performance cookies”).
● allow you to express yourself on social networks. These cookies allow you to share your activities and content (eg blog posts) on social media, connect with us through social media channels and share opinions with others (sometimes also referred to as “interactive cookies”).
11.5 What to do if you don’t like cookies?
You can change your browser settings and delete certain cookies or disable their storage on your computer or mobile device. In this case, however, we cannot guarantee the use of the full range of product features. Information on how to set cookies should be available in the “Help” section of your browser. Here you can see which procedure applies to your browser:
● Internet Explorer: https://support.microsoft.com/help/17442/windows-internet-explorer-delete-manage-cookies
●Mozilla Firefox: http://support.mozilla.com/en-US/kb/Cookies
●Google Chrome: http://www.google.com/support/chrome/bin/answer.py?hl=cs&answer=95647
●Adobe (Flash cookies): http://www.adobe.com/privacy/policies/flash-player.html
Please note that you can also visit http://www.aboutads.info/choices or http://www.youronlinechoices.eu/ to learn more about the possibilities of withdrawal of consent to certain activities targeted advertising offered by a third party with which we cooperate. You will need to visit this website from any browser and device for which you wish to revoke your consent. Because revocation tools may depend on cookies, you may need to revisit those pages after deleting your cookies and reset your preferences.
11.6 Google analytics
Withdrawal of consent. You can disable the collection of data related to your use of the products (including your IP address) through cookies, as well as the processing of this data by Google, by downloading and installing the following plugin for your browser.: https://tools.google.com/dlpage/gaoptout?hl=cs.
IP anonymization. The products use Google Analytics in conjunction with the “_anonymizeIP ()” anonymization option. This means that IP addresses are processed in an abbreviated form to prevent the transmission of any personal data. Therefore, any connection to a specific person is excluded in advance, while personal data is deleted immediately.
Purpose. We use Google Analytics to analyze and continuously improve the use of our products. Based on statistics, we are able to improve our services and increase their interest to users. In special cases where personal information is transferred to the US, Google is certified by the EU-US Privacy Shield. The reason for processing personal data is our legitimate interests.
11.7 Google doubleclick for publishers
Further processing. Due to the marketing tools you use, your browser connects to Google automatically. We have no control over the scope of your data and its further processing, so we can only inform you to the best of our knowledge as follows: DFP integration means that Google receives information that you have entered or entered a page or clicked on some advertising. If you sign up for a Google service, Google may associate such information with your account. However, even if you do not have a Google registration or are not currently logged in, it is possible that this provider will find your IP address and save it.
Withdrawal of consent. You can disable your participation in this tracking mechanism in several ways: (a) by changing your browser settings, in particular by disabling third-party cookies; (b) by disabling cookies for conversion tracking purposes by setting your browser to block cookies from googleadservices.com (this preference will be cleared if you clear your cookies); (c) by disabling interest-based retailer advertising included in the “about Ads” campaign, see http://www.aboutads.info/choices (this preference will be cleared if you clear your cookies); or (d) general deactivation of cookies.
More information. Learn more at http://www.google.com/doubleclick and https://support.google.com/dfp_premium/answer/2839090?hl=en_US. The user can disable the placement of DFP cookies as well as the placement of relevant user ads related to the use of the products through the website http://www.google.com/ads/preferences.
We may update this policy as appropriate, for example, in response to changes in the cookies we use or for other operational, legal, or regulatory reasons.
11.9 Where can I get more information?
12.1 Required third-party cookies
These cookies are necessary for the basic functionality of the site.
1 Hacker WayMenlo Park
It allows you to log in via Facebook.
Google LLC1600 Amphitheater Parkway
Allows you to sign in with a Google Account.
12.2 Functional third party cookies
These cookies allow us to analyze the use and performance of our website so that we can continue to improve it.
1600 Amphitheater Parkway
12.3 Third party cookies necessary for advertising
These cookies are necessary in order for us to display advertising on our website, and therefore they cannot be completely blocked. However, by using the links below, you can disable third-party tracking, which is used to serve ads that are relevant to you.
Google Publisher Tags
1600 Amphitheater Parkway
1600 Amphitheater Parkway
12.4 Optional third-party cookies for advertising purposes and social networks
These cookies help us in our marketing efforts, help us understand the behavior of visitors to our website and enable the integration of social channels.
1 Hacker Way
1355 Market St # 900
Partners – Advertising agencies
● Identity information: unique ad-ID
● Device information
Data analysis solution providers
● Identity information
● Device information
Cloud solution providers
● Activity information
Providers of targeted marketing services
● Identity information
● Contact information
● Activity information
● Device information
Payment process providers
● Identity information
● Contact information
● Purchase information
Providers of social services and communication channels (eg Facebook, Twitter,…)
● according to your preferences
● Activity information
Local and national: government organizations, tax organizations, law agencies and the judiciary
● All types of personal data if requested by these authorities.