This Personal Data Protection Policy (hereinafter referred to as “Privacy Policy” or the “Policy”) describes the manner in which Macromo s.r.o., with registered office at Jeseniova 2760/56f, Žižkov, 130 00 Prague 3, Company ID no: 14031493, registered in the Commercial Register of the Municipal Court in Prague, file no. C 359192 (hereinafter referred to as “Macromo” or “we”) collects, processes, and protects your personal data. Macromo undertakes to protect your personal data in accordance with applicable data protection laws and regulations, such as the GDPR.

This Policy applies to the processing of personal data within all services, applications, and websites operated by Macromo in which the personal data are processed and that contain this Policy or link thereto. They apply to the processing of personal data of visitors of our website, users of our services, and also representatives of our business partners and persons who contact us through our website or otherwise. This Privacy Policy applies when Macromo processes personal data as a data controller.

In the event of any conflict between this Privacy Policy and any specific privacy policy applicable to any Macromo product or service, the specific privacy policy shall prevail.

In no case does Macromo process your personal data for the purpose of providing health care services or medical advice. The information provided by Macromo is for informational purposes only. Always consult your physician about your medical condition.

The provisions of this Privacy Policy are effective as of the above effective date.

1. Which data do we process?

When you create an account with Macromo, visit our website, order goods from our e-shop, subscribe to our newsletter, we may process the following categories of personal data:

• identification data: e.g. name, surname, nickname, date of birth

• contact details: address, phone number, email

• information about whether you have subscribed to the newsletter,

• information about your preferences and behaviour on the website,

• payment details,

• information about your DNA, blood markers, or health condition,

• data revealing your racial or ethnic origin,

• any other information you choose to share with us.

1. How do we process your data?

When you create an account with Macromo, we process the data that are necessary to create your account, such as your username, email, etc. At Macromo, we also process the data required to process your order, which may include your contact, identification, and payment details.

By ordering goods or creating an account with Macromo, you enter into a contractual relationship with Macromo. The legal basis for the processing of this personal data is the performance of a contract or pre-contractual relationship within the meaning of Article 6 (1) (b) GDPR.

With respect to the services we provide to you, we will process the information we obtain from your genetic analysis performed by our contract laboratory. Your genetic material is extracted in the laboratory from the sample you provide us with and converted into a machine-readable code that is used to provide our genome analysis services. This information may include information concerning your health, genetic information and information revealing your racial or ethnic origin. We also process the test kit code for pairing with our application. We may also process other information that you provide to us through questionnaires that you may complete. This information constitutes a special category of personal data within the meaning of Article 9 (1) of the GDPR, and we therefore process it on the legal basis of your explicit consent pursuant to Article 9 (2) (a) of the GDPR, which you have already given when ordering on our website. You may withdraw your consent at any time by contacting us at info@macromo.org, but withdrawal of this consent will result in us being unable to provide you with the services you have ordered. Please note that the processing of information concerning your health, genetic data and data revealing your racial and ethnic origin is necessary to provide our services.

Macromo may use your data for marketing purposes, i.e. if you subscribe to our newsletter or other marketing communications. This communication is carried out in accordance with the applicable legal regulations. Advertising and marketing communications will only be sent to you if you have opted in for receiving this communication or you have not refused them, via email on our website or otherwise. The legal basis for the processing of your data for marketing purposes is your consent within the meaning of Article 6 (1) (a) GDPR or Section 7 (3) of Act No. 480/2004 Sb. on certain information society services. In the case of personalised marketing communications, the legal basis for processing your data for marketing purposes is your explicit consent pursuant to Article 9 (2) a) GDPR.

You can withdraw your consent to receive marketing newsletters at any time by unsubscribing in the application, the footer of each email, or other form of electronic communication. You may also unsubscribe by contacting Macromo directly at info@macromo.org. If you unsubscribe, Macromo will only retain the data that is necessary to provide you with the services in accordance with the rules set out in this Policy.

In some cases, legal regulations impose obligations on us to process your personal data, such as tax and accounting laws, anti-money laundering laws, and the provision of certain data to public authorities by law. This means that we may process your personal data to ensure compliance with these obligations. The legal basis for processing such personal data is compliance with legal obligations within the meaning of Article 6 (1) (b) GDPR.

We never sell your personal data.

1. Cookies and other monitoring technologies on our website.

Our website uses cookies to collect information about persons who visit our website. Cookies are small encrypted text files that are stored on your computer or other device. Cookies help us operate our website and provide important features and functionality on our website. They help us understand how our website is used. At the same time, we use cookies for statistical and analytical purposes, for example, to track and monitor from which country, what website, and how they were used to visit our website, as well as to enable personalization.

We use the following types of cookies:

(i) essential (strictly necessary) cookies that are necessary to provide access to our website and to provide the services you have specifically requested, to enable basic website functions such as tagging your data inputs, network management, and accessibility; (if these cookies are disabled, our website may not function properly);

(ii) analytic (performance) cookies help us analyze how you move around our website and what content is relevant to our users. Based on this, we are able to track user navigation on our website/application (we track automated events, custom events, and event logging and store them in a real-time database). Analytic and performance cookies are also used to measure and improve performance.

(iii) Functional cookies allow us to remember choices you have made in the past, such as what language and currency you prefer, remember your name and email, and automatically fill out forms and allow for personalization, such as live chats, videos and the use of social media such as Smartlook, Microsoft Clarity;

(iv) advertising cookies that help deliver tailored and personalized advertising, such as Google Analytics, Google Tag Manager, Facebook Pixel, LinkedIn Insight Tag, TikTok Pixel and UET Tag.

We may collect the following information through cookies: IP address, gender, time zone, browser settings, operating system, website traffic information including URL, searched terms, information about what you have viewed or searched for on our website, website response time, download errors, length of visits to certain pages, information about how you interact with the website (such as scrolling, clicking and hovering).

When you visit our website, you will be informed via the cookie banner located on the website that we collect cookies. This banner allows you to manage what cookies Macromo can collect. You can change your settings and withdraw your consent at any time via the privacy settings at the bottom of our website.

If we store data or access data already stored on your end device, such as a computer or mobile device, for analytical, functional, or advertising purposes, we do so only with your consent within the meaning of Article 6 (1) (a) GDPR.

When collecting essential cookies, the legal basis for processing these data is a legitimate interest within the meaning of Article 6 (1) f) GDPR. It is not possible to disable these cookies through your privacy settings as our website may not function properly if you disable this type of cookies, however, if you still wish to do so, you can follow the instructions below under Blocking the cookies.

If you do not want us to use cookies, you can withdraw your consent for each type of cookie or re-grant it at any time after you have given it on the page dedicated to managing the cookie consent, which is available through the cookie icon.

Blocking the cookies

If you do not want cookies to be collected, you can restrict, block or delete them at any time by adjusting your browser configuration. Although each browser has different parameters, the configuration of cookies can usually be found in the “Preferences” or “Tools” menu. If you disable cookies, the functionality of our website may be limited (in the case of essential cookies, you may not be able to access our website).

If you wish to prevent the installation of new cookies or if you wish to delete existing cookies, you can find instructions at the links below. The exact procedure depends on the browser you are using:

• Internet Explorer: here

• Firefox: here and here

• Google Chrome: here

• Safari: here

For mobile devices, you can limit tracking through your device's privacy settings (by turning off the advertising identifier), see https://www.networkadvertising.org/mobile-choice/.

In addition, you can use a third-party tool to opt out of targeted advertising. Third party opt-out tools available include Digital Advertising Alliance, Network Advertising Initiative and European Interactive Digital Advertising Alliance (Europe only).

To opt out of receiving cross-device web advertising (i.e., tracking a user across devices), you can access your device settings or visit and use the controls described on NAI Mobile Choices.

1. How long will we process your data?

In general, personal data shall be retained for as long as necessary for the purpose for which they were processed. The period for which Macromo will retain your personal data also depends on the legal basis on which your data are processed. If the processing is based on a legitimate interest, your data will be processed for the duration of that legitimate interest of Macromo. In the case of data retained on the basis of legal obligations, the retention period is determined by applicable legal regulations. For data processed on the basis of the performance of a contract, the data are processed for the duration of the contractual relationship and for the relevant limitation period. If the processing is based on your consent within the meaning of Article 6 (1) (a) GDPR, your personal data will be deleted after the withdrawal of consent. You can withdraw your consent to the processing of your personal data at any time by sending a message to info@macromo.org. Please note that the same data may also be processed on more than one legal basis, in which case your withdrawal of consent or request for the erasure of personal data may not result in the complete erasure of your personal data. Withdrawal of consent does not affect the lawfulness of processing based on consent given before its withdrawal.

Macromo will not collect excessive amounts of personal data or other information that is not relevant to the purposes for which the personal data are collected.

If you create an account on our website or application, we will process your personal data for the duration of that registration. You can request deletion of your account at any time.

1. Data sharing, processors, and transfers to third countries

Your personal data will not be shared with any third party except in the following situations:

• data are necessary for the provision of Macromo services,

• based on your consent,

• entrusting personal data to processors who process personal data on behalf of Macromo,

• Macromo is obliged to provide personal data based on the law or order of a public authority.

Processors,

Macromo uses the services of verified suppliers (hereinafter referred to as “Processors”) to assist us in providing our services. These Processors process your personal data based on instructions from Macromo. At Macromo we use the following categories of Processors:

• hosting,

• analytical tools,

• marketing tools,

• IT tools,

• our contractors and other partners who assist us in providing our services (including laboratories that will analyze your genetic material),

Transfers to third countries

In some cases, Macromo may transfer your data to countries outside the EU/European Economic Area. Such a transfer can only take place if it complies with the GDPR. This means, for example, that the provider is based in a country for which the European Commission has issued a decision that it provides an adequate level of protection for personal data, or that standard contractual clauses issued by the European Commission and/or other transfer mechanisms are in place that provide adequate safeguards with respect to the protection of your personal data. It may be necessary to apply certain additional measures in order to provide the data subject with a level of protection substantially equivalent to that guaranteed by the GDPR.

You have the right to receive a copy of the Standard Contractual Clauses (“SCC”) that we have entered into with our Processors who are based outside the EU/EEA and who are used to transfer personal data outside the EU/EEA. If you wish to obtain a copy of the SCC relating to a specific transfer of your personal data, please contact us via info@macromo.org.

1. Data security

Macromo undertakes to ensure that your personal data is stored securely. Therefore, Macromo has taken appropriate technical and organizational measures to secure the personal data processed by Macromo, including, for example:

• encryption of data,

• use of passwords, and other barriers to access user data (multiple levels of system logs, strong password policy)

• implementation of sufficient physical barriers to enter the premises where the data is stored (access control),

• automated and manual QA tests,

• two-factor authentication when logging into the development environment.

We store your personal data on your device and in the cloud, and always encrypt it when transmitted.

These measures do not relieve you of the obligation to take appropriate measures to secure your personal data. You should, among other things, change your passwords regularly. On the other hand, you should not, among other things, use predictable usernames and/or passwords, share your passwords with others or provide access to your administrator account and/or disclose your personal information to others. Macromo will never ask you for your password in any unsolicited communication. Immediately notify us of any unauthorized use of your administrator account or any other suspected breach of security.

1. Your rights

Under the EU General Data Protection Regulation 2016/679 (“GDPR”), you are entitled to the following rights:

Right to access

You have the right to be informed about, among other things, what personal data Macromo processes about you, for what purposes and who the recipients of your personal data are. If you wish to obtain such information, please contact us via our email info@macromo.org. If we process your personal data, we will provide you with the following information:

• purposes of processing such data,

• categories of personal data concerned,

• recipients or categories of recipients of your personal data,

• if possible, the period for which your personal data will be retained or at least the criteria that determine this period,

• existence of the right to require the controller to rectify or erase personal data or to restrict the processing of personal data concerning the data subject or to object to such processing,

• right to lodge a complaint with the supervisory authority,

• information about the source of your personal data that is not obtained directly from you, and

• information about the existence of automated decision-making, including profiling

Right to rectification (right to have the data completed)

You have the right to have any of your incomplete, inaccurate or outdated personal data rectified.

Right to erasure (right to be forgotten)

You have the right to have certain personal data we have collected and processed about you erased without undue delay. Please note that Macromo may be entitled or even obliged to retain some personal data despite your request for erasure. This is particularly the case where we need to process your personal data to comply with legal obligations or to establish, exercise and defend legal claims.

Right to restriction of processing

In cases, such as

• when you dispute the accuracy of the personal data, for a period of time that allows us to verify the accuracy of the personal data,

• the processing is unlawful and you do not consent to the erasure of your personal data and request the restriction of its use,

• we no longer need your data for processing purposes, but your personal data are necessary for the establishment, exercise or defense of legal claims,

• you have objected to processing in connection with profiling until it is verified whether our legitimate grounds override yours.

you can request a restriction of the processing.

Right to data portability

You have the right to obtain the personal data you provide to us in a structured, commonly used, and machine-readable format and to request that it be transferred to another controller, if technically feasible. Please note that the right to data portability only applies to data that you have provided to us and that we process as controller on the basis of your consent or the performance of a contract.

Right to object

You have the right to object, on grounds relating to your particular situation, at any time to the processing of personal data concerning you that is carried out in the public interest or for the purposes of Macromo's legitimate interests, including profiling.

The exercise of your rights may be limited where Macromo is required to retain any of your personal data for the purposes of complying with legal obligations, establishing, exercising, or defending legal claims, or for other compelling reasons set out in applicable data protection legislation.

Right not to be subject to automated individual decision-making

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This shall not apply if the decision:

• is necessary for entering into, or performance of, a contract between you and Macromo

• is authorized by the law and the law lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or

• is based on your explicit consent.

Macromo does not make decisions based solely on automated processing that would have significant effects on its users. For the sake of completeness, we note that Macromo uses cookies and similar technologies, the use of which may constitute profiling. Information on how to withdraw your consent to the use of cookies or disable cookies can be found in Chapter III. Cookies of this Privacy Policy.

Right to lodge a complaint

If you believe that your data has been processed unlawfully, please contact us and we will try to resolve the issue. Under the GDPR, you have the right to file a complaint with the Office for Personal Data Protection, which is located at Pplk. Sochora 27, 170 00 Praha 7, Czech Republic.

1. Contact details

If you wish to exercise any of your rights set out above, please contact us at info@macromo.org.

If you would like to learn more about Macromo, its privacy protection or this Privacy Policy, you may contact Macromo at info@macromo.org.

Please help Macromo to keep your information up to date. If you believe that any data processed by Macromo are incorrect, or if you believe that Macromo is not complying with this Privacy Policy, please contact Macromo at info@macromo.org.

1. Final provisions

Our website, services, and applications are not intended for persons under the age of eighteen (18). If you are under the age of eighteen, please do not provide your personal information to Macromo. We do not knowingly collect any personal information from children under the age of eighteen on our website. Users under the age of eighteen (18) (or the age of majority in the applicable jurisdiction) should not use Macromo's website, services, and applications without authorization from a parent or legal guardian.

This Privacy Policy may be amended by Macromo at any time. If we change this Privacy Policy, we will post the changes on our website and/or other places we deem appropriate. We may, but are not obligated to, send you an email or other notice of such a change, but you should check this Privacy Policy from time to time for any significant changes to its text.