{"snippets":{"[data-modal-content-wrapper]":{"html":"\u003Cdiv class=\u0022modal__content\u0022 data-modal-content-wrapper\u003E\n    \u003Cheader class=\u0022mb-3\u0022\u003E\n        \u003Cdiv class=\u0022title title--h3 mb-2\u0022\u003E\u003Cstrong\u003EGDPR\u003C\/strong\u003E\u003C\/div\u003E\n        \u003Chr class=\u0022hr my-3\u0022\u003E\n    \u003C\/header\u003E\n    \u003Cdiv class=\u0022structure-content\u0022\u003E\n        \u003Cp\u003E\u003Cstrong\u003EPrinciples of Processing Personal Data of Users of the MyWay analytix System\u003C\/strong\u003E\u003C\/p\u003E\r\n\u003Col\u003E\r\n\u003Cli\u003E\u003Cstrong\u003EMilkyWay be well s.r.o.\u003C\/strong\u003E, identification number: 109 91 859, with its registered office at Slune\u010dn\u00ed 1120, 252 10, Mn\u00ed\u0161ek pod Brdy, registered in the Commercial Registry maintained by the Municipal Court in Prague, file no. C 351921 (hereinafter referred to as the \u0022\u003Cstrong\u003EController\u003C\/strong\u003E\u0022), protects the personal data of users, being fully aware of the importance of protecting personal data, especially their health status data. In collecting and processing personal data, the Controller complies with the Regulation (EU) 2016\/679 of the European Parliament and of the Council of April 27, 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95\/46\/EC (General Data Protection Regulation) (hereinafter referred to as the \u0022Regulation\u0022) and other legal laws. All data processed by the Controller is handled in a transparent manner, exclusively for the purposes defined below for the necessary scope and duration and protected against unauthorized or illegal processing and against accidental loss, destruction, or damage. These principles define how the Controller handles the personal data of registered users, what data is collected, and how affected individuals can exercise their rights.\u003C\/li\u003E\r\n\u003Cli\u003E\u003Cstrong\u003EPersonal data\u003C\/strong\u003E is information about an identified or identifiable natural person, i.e., data associated with a specific person that alone or in combination with other data can lead to the direct or indirect identification of that individual. Data that the Controller additionally works with, which cannot be related to a specific person and any anonymous or aggregated data that cannot be linked to a specific individual, are not considered personal data.\u003C\/li\u003E\r\n\u003Cli\u003E\u003Cstrong\u003EHealth data\u003C\/strong\u003E is a special category of personal data as per Article 9 of the Regulation. For the Controller, it is necessary to be able to process this special category of personal data in consideration of the provided service.\u003C\/li\u003E\r\n\u003C\/ol\u003E\r\n\u003Cp\u003E\u00a0\u003C\/p\u003E\r\n\u003Cp\u003EAll personal data is obtained by the Controller directly from users, but only in relation to the operation of the web application available through the website https:\/\/mywayanalytix.com\/ (hereinafter referred to as the \u0022system\u0022). The system is intended for a comprehensive evaluation of the current state of an individual\u0027s mental health (hereinafter referred to as the \u0022\u003Cstrong\u003Eservice\u003C\/strong\u003E\u0022).\u003C\/p\u003E\r\n\u003Cp\u003EThe scope of processed data differs depending on whether the Controller processes data of only visitors to the aforementioned websites or of registered system users (hereinafter referred to as \u0022\u003Cstrong\u003Euser\u003C\/strong\u003E\u0022). The Controller also has access to operational and location data, as well as data from the end devices of website visitors including cookies.\u003C\/p\u003E\r\n\u003Cp\u003EUsers can access the system for free using a unique company code received from their employer or for a fee as self-payers or insured (hereinafter referred to as \u0022\u003Cstrong\u003Epaid users\u003C\/strong\u003E\u0022).\u003C\/p\u003E\r\n\u003Cp\u003EThe Controller processes the following personal data of users:\u003C\/p\u003E\r\n\u003Col\u003E\r\n\u003Cli\u003E\u003Cstrong\u003EIdentification and access data\u003C\/strong\u003E: name, surname, email address, login details, and password, and possibly also the telephone number and company code.\u003C\/li\u003E\r\n\u003Cli\u003E\u003Cstrong\u003EDemographic data\u003C\/strong\u003E: especially gender, age, level of education, marital status, employment status, etc.\u003C\/li\u003E\r\n\u003Cli\u003E\u003Cstrong\u003EPayment data\u003C\/strong\u003E: details of payments made by paid users for access to the system (the Controller does not access payment card data of paid users, for which only the secured payment gateway has access in case of payment), residence, and citizenship.\u003C\/li\u003E\r\n\u003Cli\u003E\u003Cstrong\u003EHealth insurance data\u003C\/strong\u003E: health insurance company, and policyholder number (social security number).\u003C\/li\u003E\r\n\u003Cli\u003E\u003Cstrong\u003EMetadata\u003C\/strong\u003E (operational and location data): type of internet access, IMEI of the end device, data connection address (e.g., IP address or URL address), number, name, and location of the network endpoint, and network data of website visitors.\u003C\/li\u003E\r\n\u003Cli\u003E\u003Cstrong\u003EHealth status data\u003C\/strong\u003E: information about the mental state of a registered user necessary for a comprehensive evaluation of the individual\u0027s current mental health state.\u003C\/li\u003E\r\n\u003C\/ol\u003E\r\n\u003Cp\u003E\u00a0\u003C\/p\u003E\r\n\u003Cp\u003EProvision of personal data is voluntary, with the understanding that for the use of the system, the user must allow the Controller to process Health Status Data.\u003C\/p\u003E\r\n\u003Cp\u003EPaid users must enable the Controller to process their Identification and Access Data along with Payment Data to conclude the respective contract with the Controller for the provision of services within the system and invoicing these services.\u003C\/p\u003E\r\n\u003Cp\u003EPaid users who are insured must enable the Controller to process their Identification and Access Data along with Payment Data and Health Insurance Data to claim the contribution from the health insurance company for the payment of services within the system.\u003C\/p\u003E\r\n\u003Cp\u003EPersonal data, including Health Status Data, will not be shared on an individual level with third parties, especially employers of users. Data about users of the MyWay analytix system may be transferred to employers or health insurance companies of users exclusively in aggregated form, without the possibility of identifying a specific user.\u003C\/p\u003E\r\n\u003Cp\u003EThe Controller processes users\u0027 personal data under conditions and for the purposes stated in the table:\u003C\/p\u003E\r\n\u003Ctable width=\u0022604\u0022\u003E\r\n\u003Cthead\u003E\r\n\u003Ctr\u003E\r\n\u003Ctd width=\u0022185\u0022\u003E\r\n\u003Cp\u003E\u003Cstrong\u003EPurpose of processing\u003C\/strong\u003E\u003C\/p\u003E\r\n\u003C\/td\u003E\r\n\u003Ctd width=\u0022149\u0022\u003E\r\n\u003Cp\u003E\u003Cstrong\u003EScope of personal data\u003C\/strong\u003E\u003C\/p\u003E\r\n\u003C\/td\u003E\r\n\u003Ctd width=\u0022132\u0022\u003E\r\n\u003Cp\u003E\u003Cstrong\u003ELegal basis of processing\u003C\/strong\u003E\u003C\/p\u003E\r\n\u003C\/td\u003E\r\n\u003Ctd width=\u0022128\u0022\u003E\r\n\u003Cp\u003E\u003Cstrong\u003ERetention period\u003C\/strong\u003E\u003C\/p\u003E\r\n\u003C\/td\u003E\r\n\u003C\/tr\u003E\r\n\u003C\/thead\u003E\r\n\u003Ctbody\u003E\r\n\u003Ctr\u003E\r\n\u003Ctd width=\u0022185\u0022\u003E\r\n\u003Cp\u003ECreation and management of user accounts\u003C\/p\u003E\r\n\u003C\/td\u003E\r\n\u003Ctd width=\u0022149\u0022\u003E\r\n\u003Cp\u003EIdentification and access data, Demographic data\u003C\/p\u003E\r\n\u003C\/td\u003E\r\n\u003Ctd width=\u0022132\u0022\u003E\r\n\u003Cp\u003EConsent Article 6(1)(a) of the Regulation\u003C\/p\u003E\r\n\u003C\/td\u003E\r\n\u003Ctd width=\u0022128\u0022\u003E\r\n\u003Cp\u003EDuration of consent\u003C\/p\u003E\r\n\u003C\/td\u003E\r\n\u003C\/tr\u003E\r\n\u003Ctr\u003E\r\n\u003Ctd width=\u0022185\u0022\u003E\r\n\u003Cp\u003EUse of the system for evaluating mental health levels\u003C\/p\u003E\r\n\u003C\/td\u003E\r\n\u003Ctd width=\u0022149\u0022\u003E\r\n\u003Cp\u003EIdentification and access data, Demographic data, Health status data\u003C\/p\u003E\r\n\u003C\/td\u003E\r\n\u003Ctd width=\u0022132\u0022\u003E\r\n\u003Cp\u003EExplicit consent Article 6(1)(a) of the Regulation Article 9(2)(a) of the Regulation\u003C\/p\u003E\r\n\u003C\/td\u003E\r\n\u003Ctd width=\u0022128\u0022\u003E\r\n\u003Cp\u003EDuration of consent\u003C\/p\u003E\r\n\u003C\/td\u003E\r\n\u003C\/tr\u003E\r\n\u003Ctr\u003E\r\n\u003Ctd width=\u0022185\u0022\u003E\r\n\u003Cp\u003EOrdering and payment for services within the system\u003C\/p\u003E\r\n\u003C\/td\u003E\r\n\u003Ctd width=\u0022149\u0022\u003E\r\n\u003Cp\u003EIdentification and access data, Payment data\u003C\/p\u003E\r\n\u003C\/td\u003E\r\n\u003Ctd width=\u0022132\u0022\u003E\r\n\u003Cp\u003EPerformance of a contract Article 6(1)(b) of the Regulation\u003C\/p\u003E\r\n\u003C\/td\u003E\r\n\u003Ctd width=\u0022128\u0022\u003E\r\n\u003Cp\u003EDuration of the contract\u003C\/p\u003E\r\n\u003C\/td\u003E\r\n\u003C\/tr\u003E\r\n\u003Ctr\u003E\r\n\u003Ctd width=\u0022185\u0022\u003E\r\n\u003Cp\u003EService billing\u003C\/p\u003E\r\n\u003C\/td\u003E\r\n\u003Ctd width=\u0022149\u0022\u003E\r\n\u003Cp\u003EIdentification and access data, Payment data\u003C\/p\u003E\r\n\u003C\/td\u003E\r\n\u003Ctd width=\u0022132\u0022\u003E\r\n\u003Cp\u003ECompliance with a legal obligation Article 6(1)(c) of the Regulation\u003C\/p\u003E\r\n\u003C\/td\u003E\r\n\u003Ctd width=\u0022128\u0022\u003E\r\n\u003Cp\u003EAccording to relevant accounting and tax regulations\u003C\/p\u003E\r\n\u003C\/td\u003E\r\n\u003C\/tr\u003E\r\n\u003Ctr\u003E\r\n\u003Ctd width=\u0022185\u0022\u003E\r\n\u003Cp\u003EOrdering and payment for services within the system\u003C\/p\u003E\r\n\u003C\/td\u003E\r\n\u003Ctd width=\u0022149\u0022\u003E\r\n\u003Cp\u003EIdentification and access data, Payment data\u003C\/p\u003E\r\n\u003C\/td\u003E\r\n\u003Ctd width=\u0022132\u0022\u003E\r\n\u003Cp\u003EPerformance of a contract Article 6(1)(b) of the Regulation\u003C\/p\u003E\r\n\u003C\/td\u003E\r\n\u003Ctd width=\u0022128\u0022\u003E\r\n\u003Cp\u003EDuration of the contract\u003C\/p\u003E\r\n\u003C\/td\u003E\r\n\u003C\/tr\u003E\r\n\u003Ctr\u003E\r\n\u003Ctd width=\u0022185\u0022\u003E\r\n\u003Cp\u003EClaiming health insurance benefits\u003C\/p\u003E\r\n\u003C\/td\u003E\r\n\u003Ctd width=\u0022149\u0022\u003E\r\n\u003Cp\u003EIdentification and access data, Payment data, Health insurance data\u003C\/p\u003E\r\n\u003C\/td\u003E\r\n\u003Ctd width=\u0022132\u0022\u003E\r\n\u003Cp\u003EPerformance of a contract Article 6(1)(b) of the Regulation\u003C\/p\u003E\r\n\u003C\/td\u003E\r\n\u003Ctd width=\u0022128\u0022\u003E\r\n\u003Cp\u003EDuration of the contract\u003C\/p\u003E\r\n\u003C\/td\u003E\r\n\u003C\/tr\u003E\r\n\u003Ctr\u003E\r\n\u003Ctd width=\u0022185\u0022\u003E\r\n\u003Cp\u003EEnhancing user comfort, developing new services, and optimizing existing services including system security\u003C\/p\u003E\r\n\u003C\/td\u003E\r\n\u003Ctd width=\u0022149\u0022\u003E\r\n\u003Cp\u003EIdentification and access data, Metadata\u003C\/p\u003E\r\n\u003C\/td\u003E\r\n\u003Ctd width=\u0022132\u0022\u003E\r\n\u003Cp\u003ELegitimate interest of the controller Article 6(1)(f) of the Regulation\u003C\/p\u003E\r\n\u003C\/td\u003E\r\n\u003Ctd width=\u0022128\u0022\u003E\r\n\u003Cp\u003EDuration of the user account\u003C\/p\u003E\r\n\u003C\/td\u003E\r\n\u003C\/tr\u003E\r\n\u003C\/tbody\u003E\r\n\u003C\/table\u003E\r\n\u003Cp\u003E\u00a0\u003C\/p\u003E\r\n\u003Col start=\u00224\u0022\u003E\r\n\u003Cli\u003EThe user, whose personal data the Controller processes, has the following rights in this regard:\r\n\u003Col\u003E\r\n\u003Cli\u003E\u003Cstrong\u003ERight of access\u003C\/strong\u003E through which a user may request confirmation as to whether their personal data is being processed and, if so, additional information about the purposes of processing, categories of affected personal data, recipients of the data including details on the potential transfer of data to third countries, planned duration of storage, existence of the right to rectification\/erasure\/restriction and to object, the right to lodge a complaint with the supervisory authority, information about the source of the personal data that is not acquired directly from users, whether there is automated decision-making and related information.\u003C\/li\u003E\r\n\u003Cli\u003E\u003Cstrong\u003ERight to rectification of processed personal data\u003C\/strong\u003E, which the Controller will perform without undue delay after receiving information that the processed data is not accurate.\u003C\/li\u003E\r\n\u003Cli\u003E\u003Cstrong\u003ERight to erasure\u003C\/strong\u003E, where an affected user has the right to request the deletion of personal data concerning them that the Controller processes, and the Controller will erase without undue delay if any of the reasons specified in the Regulation are met.\u003C\/li\u003E\r\n\u003Cli\u003E\u003Cstrong\u003ERight to object to the processing of personal data\u003C\/strong\u003E based on the legitimate interests of the Controller. If the Controller cannot demonstrate compelling reasons for processing that override the interests or rights and freedoms of the user, or the necessity of processing the data for the establishment, exercise, or defense of legal claims, then the processing will be terminated without undue delay following the objection.\u003C\/li\u003E\r\n\u003Cli\u003E\u003Cstrong\u003ERight to restriction of processing in cases\u003C\/strong\u003E where (a) personal data is not accurate and cannot be promptly corrected, (b) processing is unlawful, and the user refuses erasure, (c) data is to be deleted, but the user requires them for the establishment, exercise, or defense of legal claims, (d) a user objects to processing, and it needs to be verified whether the legitimate reasons of the Controller for processing outweigh those of the user. If the request for restriction of processing is legitimate, the Controller limits processing for the time necessarily required.\u003C\/li\u003E\r\n\u003Cli\u003E\u003Cstrong\u003ERight to data portability\u003C\/strong\u003E, where a user who has provided the Controller with data whose processing is based on consent or the fulfillment of a contract, has the right to obtain such data (in a structured, commonly used, and machine-readable format) and transfer it to another controller.\u003C\/li\u003E\r\n\u003Cli\u003E\u003Cstrong\u003ERight to withdraw consent\u003C\/strong\u003E, where a user who has given consent for the processing of personal data including Health Status Data, can withdraw this consent at any time, without affecting the lawfulness of processing carried out before its withdrawal. The processing of personal data will then be terminated without undue delay.\u003C\/li\u003E\r\n\u003Cli\u003E\u003Cstrong\u003ERight to approach the competent supervisory authority,\u003C\/strong\u003E where a user has the right to lodge a complaint with the supervisory authority if they consider that the processing of their personal data has led to a violation of the Regulation. The competent supervisory authority for data protection in the Czech Republic is the Office for Personal Data Protection, located at Pplk. Sochora 27, 170 00 Prague 7, website: \u003Ca href=\u0022http:\/\/www.uoou.cz\u0022\u003Euoou.cz\u003C\/a\u003E.\u003C\/li\u003E\r\n\u003C\/ol\u003E\r\n\u003C\/li\u003E\r\n\u003C\/ol\u003E\r\n\u003Cp\u003E\u00a0\u003C\/p\u003E\r\n\u003Col start=\u00225\u0022\u003E\r\n\u003Cli\u003EUser personal data may be accessible to the following entities:\u003C\/li\u003E\r\n\u003C\/ol\u003E\r\n\u003Cp\u003E\u00a0\u003C\/p\u003E\r\n\u003Cul\u003E\r\n\u003Cli\u003EAdministrative bodies and courts - if the law imposes such an obligation on the Controller, if it is necessary to fulfill the obligation prescribed by law, or if it is necessary to assert a legal claim of the Controller against the user in accordance with the Controller\u0027s legitimate interest;\u003C\/li\u003E\r\n\u003Cli\u003EOLC Systems s.r.o. \u2013 ID No. 092 43 411, with its registered office at Technologick\u00e1 941\/12, Holice, 779 00 Olomouc. This is a processor that the Controller collaborates with in the development and administration of the MyWay analytix system. This processor processes users\u0027 personal data based on cooperation agreement and is bound by these principles and applicable legal regulations in its processing.\u003C\/li\u003E\r\n\u003C\/ul\u003E\r\n\u003Cp\u003E\u00a0\u003C\/p\u003E\r\n\u003Cp\u003EThe Controller does not transfer personal data itself or through authorized processors to third countries (outside the EU\/EEA) or international organizations.\u003C\/p\u003E\r\n\u003Col start=\u00226\u0022\u003E\r\n\u003Cli\u003EUser personal data are under constant physical, electronic, and procedural control, and the Controller adopts the necessary technical, control, and security measures aimed at ensuring the protection of the processed personal data, against their loss, theft, destruction, and misuse.\u003C\/li\u003E\r\n\u003Cli\u003ERights and complaints regarding the processing of personal data may be exercised by the user with the Controller via the email address info@milkywaybewell.com or in writing at the address of the Controller MilkyWay be well s.r.o., Na Per\u0161t\u00fdn\u011b 432\/1, 110 00 Prague 1.\u003C\/li\u003E\r\n\u003Cli\u003EThe Controller is authorized to unilaterally change or supplement these conditions. Any changes to these principles become effective after they are published through the website (www.mywaynalytix.com).\u003C\/li\u003E\r\n\u003Cli\u003EThese principles are valid and effective from March 1\u003Csup\u003Est\u003C\/sup\u003E, 2024.\u003C\/li\u003E\r\n\u003C\/ol\u003E\r\n\u003Cp\u003E\u00a0\u003C\/p\u003E\n    \u003C\/div\u003E\n\u003C\/div\u003E","action":"replace"}},"actions":{"addClass":{"identifier":"[data-modal=\u0022modal\u0022]","class":"is-visible"}}}