> For the complete documentation index, see [llms.txt](https://legal.macromo.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://legal.macromo.com/privacy-policy.md). # Privacy Policy This Personal Data Protection Policy (the “Privacy Policy”) describes the manner in which Macromo s.r.o. with its office at Českomoravská 2408/1a, Libeň, 190 00 Prague 9, Czech Republic, Company ID No.: 14031493, registered in the Commercial Register maintained by the Municipal Court in Prague, File No. C 359192 (“Macromo” or “we”) collects, processes, and protects your personal data. Macromo undertakes to protect your personal data in accordance with applicable data protection laws and regulations, such as Regulation (EU) 2016/679 of the European Parliament and of the Council – General Data Protection Regulation (the “GDPR”). This Privacy Policy applies to the processing of personal data across all services, applications, and websites operated by Macromo that display or link to this Privacy Policy. It applies to the processing of personal data of website visitors, users of our services, and individuals who contact us through our website or other channels. This Privacy Policy applies when Macromo acts as a data controller. For the purposes of this Privacy Policy, “Application” means the application through which Macromo offers and makes available its services. For information about our services, please refer to our [Terms and Conditions](/general-terms-and-conditions.md). Capitalised terms not defined in this Privacy Policy have the meaning given to them in our Terms and Conditions. **What data do we process?** When you create an account with Macromo, visit our website, order goods or services from our e-shop, or subscribe to our newsletter, we may process the following categories of personal data: * identification data, e.g. first name, last name, nickname, date of birth; * contact details, e.g. address, phone number, email; * health and genetic data, e.g. information about your DNA, blood markers, or health condition, data revealing your racial or ethnic origin; * records of mutual communication, e.g. chat messages, emails, written correspondence, records of phone calls and records of other communication made through different channels; * service usage data, e.g. information about your behavior on the website, interactions with the Application; * information about your preferences, e.g. whether you have subscribed to the newsletter; * membership data, including your current membership or subscription plan, membership level, term and renewal status, billing history, and information about the benefits you have used; * other data necessary for the performance of a contract, e.g. payment details; * any other information you choose to share with us. We obtain most personal data directly from you – whether by filling out relevant forms or contractual documents, connect your wearables to the Application (e.g. Apple Watch, Oura Ring, etc.) or sharing data in any other form (e.g. providing a sample or uploading an analysis report to the Application, etc.). We also process personal data obtained from a third-party Provider that performs testing, measurements, or other services using the samples, data, or materials you provide, based on your consent to the transfer of such data by that Provider. **Why do we process your data and for how long?** We process your personal data for the following purposes: 1. **Registration and maintenance of user account** When you create an account with Macromo, we process the data necessary to create your account, such as your identification and contact data. By creating an account, you enter into a contractual relationship with Macromo. The legal basis for the processing of this personal data is the performance of a contract or pre-contractual relationship within the meaning of **Article 6(1)(b) GDPR**. We will process this data for the duration of your registration. You can request the deletion of your account at any time. 2. **Provision of services within the Application** To provide our services within the Application, including the Membership and its plans, we process personal data necessary for the performance of a contract, e.g. data required to process your order and manage your Membership, which may include your contact, identification, and payment details (we may store and further use your payment details for the purpose of processing recurring payments for the renewal of your Membership). The legal basis for the processing of this personal data is the performance of a contract or pre-contractual relationship within the meaning of **Article 6(1)(b) GDPR**. We will process this data for the duration of the provision of our services, i.e. for the duration of your Membership or other contractual relationship with us. Our services may involve the processing of health and genetic data. This data constitutes a special category of personal data within the meaning of **Article 9(1) GDPR**, and we therefore process it on the legal basis of your explicit consent pursuant to **Article 9(2)(a) GDPR,** which you grant us in the process of creating an Account. We will process this data for the duration of the provision of our services or until you withdraw your consent. 3. **Sending of news about the Application and our services and their updates** Macromo may use your data for marketing purposes, i.e. if you subscribe to our newsletter or other marketing communications. This communication may include information about the Application, our services, Memberships and special offers. This communication is carried out in accordance with the applicable legal regulations. We will only send you marketing messages: * if you have granted us your consent pursuant to **Article 6(1)(a) GDPR**; or * based on our legitimate interest pursuant to **Article 6(1)(f) GDPR** if you have already purchased something from us and have not opted out of receiving such communication. We will process this data until you **unsubscribe** or **withdraw your consent, or for as long as our legitimate interest applies, unless you object to the processing earlier**. After that, we retain only the minimal information necessary to ensure that no further communication is sent. 4. **Protection of our rights** We may also process your personal data when necessary to protect our legal claims and to ensure the proper safeguarding and effective exercise of our rights and entitlements. This is based on our legitimate interest pursuant to **Article 6(1)(f) GDPR**. We will process this data for the duration of the applicable limitation period, including the period covering any suspension or interruption thereof, which is typically not more than 15 years, plus one year in case of potential disputes or legal claims. 5. **Ensuring the quality of services, creation of analyses, surveys, and statistics** We may also process your personal data to ensure the quality of our services and to create analyses, surveys, and statistics based on our legitimate interest in safeguarding and effectively exercising our rights and claims pursuant to **Article 6(1)(f) GDPR.** This includes the processing necessary for the purpose of service improvement, including internal research and AI model training. We will process this data for the duration of the applicable limitation period, including the period covering any suspension or interruption thereof, which is typically not more than 15 years, plus one year in case of potential disputes or legal claims. 6. **Compliance with our legal obligations** In certain cases, we are legally required to process your personal data – for example, under tax and accounting laws, or when specific data must be provided to public authorities by law. This means that we may process your personal data to ensure compliance with these obligations. The legal basis for processing such personal data is compliance with our legal obligations under **Article 6(1)(c) GDPR**. We will process this data for the period stipulated by the relevant laws. **Who processes your personal data and to whom do we transfer it?** All the above-mentioned personal data are processed by us as the data controller. This means we determine the above-defined purposes and means of collecting your personal data and are responsible for ensuring its proper handling. Your personal data will not be shared with any third party except in the following situations: * the data are necessary for the provision of Macromo services (e.g. booking your laboratory appointment); * based on your consent (e.g. sharing your health and genetic data with external consultants); * personal data are entrusted to processors who process data on behalf of Macromo (see Processors below); * Macromo is obliged to provide personal data pursuant to legal requirements or orders from public authorities. **Processors** Macromo engages verified suppliers (“Processors”) to assist in providing our services. These Processors handle your personal data based on Macromo’s instructions. The following categories of Processors are used by Macromo: * hosting; * analytical tools; * marketing tools; * IT tools; * our contractors and other partners who assist in providing our services. **Transfers to third countries** In some cases, Macromo may transfer your data to countries outside the EU/European Economic Area. Such a transfer can only take place if it complies with the GDPR. This means, for example, that the provider is based in a country for which the European Commission has issued a decision that it provides an adequate level of protection for personal data, or that standard contractual clauses issued by the European Commission and/or other transfer mechanisms are in place that provide adequate safeguards with respect to the protection of your personal data. It may be necessary to apply certain additional measures in order to provide the data subject with a level of protection substantially equivalent to that guaranteed by the GDPR. You have the right to receive a copy of the Standard Contractual Clauses (“SCC”) that we have entered into in order to transfer personal data outside the EU/EEA. If you wish to obtain a copy of the SCC relating to a specific transfer of your personal data, please contact us via ****. **Data security** Macromo is committed to ensuring that your personal data is stored securely. Therefore, Macromo has implemented appropriate technical and organizational measures to safeguard the personal data processed by Macromo, including, but not limited to: * encryption of data, * use of passwords and other barriers to accessing user data (e.g., multiple levels of system logs, a strong password policy), * implementation of sufficient physical barriers to enter the premises where the data is stored (access control), * automated and manual QA tests, * two-factor authentication when logging into the development environment. We store your personal data on your device and in the cloud and always encrypt it when transmitted. These measures do not relieve you of the obligation to take appropriate measures to secure your personal data. You should, among other things, change your passwords regularly. On the other hand, you should not, among other things, use predictable usernames and/or passwords, share your passwords with others or provide access to your administrator account and/or disclose your personal information to others. Macromo will never ask you for your password in any unsolicited communication. Immediately notify us of any unauthorized use of your administrator account or any other suspected breach of security. **Your rights** Under the GDPR, you have the following rights: **Right to withdraw your consent to the processing of your personal data** You can withdraw your consent to the processing of your personal data at any time by contacting us. Upon withdrawal of your consent, your personal data will be deleted unless another lawful basis for processing applies. The withdrawal does not affect the lawfulness of any processing carried out based on your consent prior to its withdrawal. **Right to access** You have the right to be informed, among other things, about what personal data Macromo processes about you, the purposes of the processing, and the recipients of your personal data. If you wish to obtain such information, please contact us. You have learned this information in this Privacy Policy. However, if you are unsure which personal data we process about you, you may ask us to confirm whether we process personal data relating to you and, if so, you have the right to access that data. As part of your right of access, you may request a copy of the personal data we process about you. The first copy will be provided free of charge; additional copies will be provided for a fee. **Right to rectification (right to have the data completed)** You have the right to have any of your incomplete, inaccurate, or outdated personal data rectified. **Right to erasure (right to be forgotten)** You have the right to have certain personal data we have collected and processed about you erased without undue delay. Please note that Macromo may be entitled – or even obliged – to retain some personal data despite your request for erasure. This is particularly the case where we need to process your personal data to comply with legal obligations or to establish, exercise, and defend legal claims. **Right to restriction of processing** In some cases, in addition to the right to erasure, you may exercise the right to restrict the processing of personal data. This right allows you, in certain cases, to request that your personal data be marked and excluded from further processing – not permanently (as with the right to erasure), but for a limited period of time. You can request a restriction of processing in situations such as: * when you dispute the accuracy of the personal data, for a period of time that allows us to verify the accuracy of the personal data; * when the processing is unlawful and you do not consent to the erasure of your personal data and request the restriction of its use; * when we no longer need your data for processing purposes, but it is necessary for the establishment, exercise, or defense of legal claims, * you have objected to the processing (the right to object is described in more detail below in the “Right to object” section); we are obliged to restrict the processing of your personal data while we assess whether your objection is justified. **Right to data portability** You have the right to obtain the personal data you provide to us in a structured, commonly used, and machine-readable format and to request that it be transferred to another controller, if technically feasible. Please note that the right to data portability only applies to data that you have provided to us and that we process as controller on the basis of your consent or the performance of a contract. **Right to object** You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you that is carried out in the public interest or for the purposes of Macromo’s legitimate interests, including profiling. The exercise of your rights may be limited where Macromo is required to retain any of your personal data for the purposes of complying with legal obligations, establishing, exercising, or defending legal claims, or for other compelling reasons set out in applicable data protection legislation. **Right not to be subject to automated individual decision-making** You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision: * is necessary for entering into, or performance of a contract between you and Macromo; * is authorized by the law and the law lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or * is based on your explicit consent. Macromo does not make decisions based solely on automated processing that would have significant effects on its users. For the sake of completeness, we note that Macromo uses cookies and similar technologies, the use of which may constitute profiling. Information on how to withdraw your consent to the use of cookies or disable cookies can be found in the cookie settings available in bottom part of our website. **Right to lodge a complaint** If you believe that your data has been processed unlawfully, please contact us and we will try to resolve the issue. Under the GDPR, you have the right to file a complaint with **the Office for Personal Data Protection**, which is located at **Pplk. Sochora 27, 170 00 Praha 7, Czech Republic**. **Contact details** If you wish to exercise any of your rights set out above, please contact us at [**gdpr@macromo.com**](mailto:info@macromo.com). We will process your request without undue delay, but within one month at most. In exceptional cases, in particular due to the complexity of your request, we are entitled to extend this period by a further two months. We will, of course, inform you of any such extension and the reasons for it. If you would like to learn more about Macromo, its privacy protection, or this Privacy Policy, you may contact us at ****. Please help us keep your information up to date. If you believe that any data processed by Macromo are incorrect, or if you believe that we are not complying with this Privacy Policy, please contact us at ****. **Final provisions** Our website, services, and applications are not intended for individuals under the age of 18. If you are under the age of 18, please do not provide your personal information to Macromo. We do not knowingly collect any personal information from minors under the age of 18 on our website. Users under the age of 18 (or the age of majority in the applicable jurisdiction) should not use Macromo’s website, services, and applications without authorization from a parent or legal guardian. This Privacy Policy may be amended by Macromo at any time. If we change this Privacy Policy, we will post the changes on our website and/or other places we deem appropriate. We may, but are not obligated to, notify you of such changes by email or other means. However, you should check this Privacy Policy periodically for any significant updates. In the event of any conflict between this Privacy Policy and any specific privacy policy applicable to any Macromo product or service, the specific privacy policy shall prevail. The provisions of this Privacy Policy are effective as of the above effective date. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://legal.macromo.com/privacy-policy.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.