Privacy policy

  1. General information

MX Labs OÜ (hereinafter: “MX Labs”, “us”, “our” or “we”) protects the privacy rights of its users (“users or “you”).

This Privacy Policy (hereinafter: “Policy”) sets out the general rules for our processing of users’ data that users provide to us or that we collect in connection with the use of our Shen Health application (hereinafter: “Application” or “service”). We shall refer to all data and other information that you provide to us or that we collect as “Data”.

If any of these Data allow us to know your identity, they shall be treated as personal data in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (hereinafter: “GDPR”).

Please do not install or use the Application if you have any doubts about our Policy or if you do not agree with this Privacy Policy.

  1. Who processes your personal data?

MX Labs OÜ is an exclusive data controller. Our contact details:

  1. Estonia: Lõõtsa tn 8a, 11415 Tallinn;
  2. Poland: ul. Gwiaździsta 66, 54-413 Wrocław.

Email: office@mxlabs.ai

To maintain the highest level of privacy, we are supported by the Data Protection Officer:

Stalmach Szczeszek Kancelaria sp.j., contact person: Piotr Szczeszek

E-mail: dpo@stsk.pl

  1. Why are we processing your Data?

Your Data shall be processed only for the following purposes:

  1. performance of the contract for the provision of services, if you use our Application under the conditions set out in the Terms and Conditions of the Application or in order to take any action before concluding the contract;
  2. providing test results to selected external entities providing medical services;
  3. marketing communications regarding MX Labs’ own products and partners products;
  4. providing, maintaining and improving services, providing access to them, understanding user preferences in order to increase the comfort or benefits of using the Services;
  5. determination, investigation and defence against claims.
  6. What Data are we processing and how do we collect it?

If you want to use the Application, you must register an account. Therefore, you provide us with and process your basic contact details: e-mail address, and additionally: name, surname.

Providing data is voluntary, but necessary to register in the Application. If the required data is not provided, it will be impossible to complete the registration process and set up an individual account in the Application.

In connection with the use of the Application, we will collect and process your health data, including data for: assessment of your lifestyle, physical assessment, mental health, cardiovascular health assessment, diabetes risk assessment, hypertension risk assessment, obesity risk assessment, heart disease risk assessment, stroke risk assessment, respiratory health assessment, insomnia assessment, as well as BMI and hydration calculators, medication management and test results. Providing this data is voluntary, but necessary to use certain functionalities of the Application. If some data are not provided, it will be impossible to use these functionalities.

In the remaining scope, the Data will be processed only as standard data collected from users of software or online services in accordance with the functions and technical specifications of this software or services known to you, in particular automatically from you, your device and other services you use. Such data may include: hardware and type of hardware components, data and analytics about the use of our services; the type of device and operating system you are using; general geographic location (e.g. country or city level location) based on your IP address; quality indicators of the performance of our services on your device); qualitative and quantitative indicators of the performance of our services on your device. The above-mentioned data collected automatically are necessary for us to provide services. If you do not want even such data to be collected, you should not install or use our services. If you have already done so, please see the Notice of Your Rights in section 8 below. In addition, we may establish separate rules for data collection, as above, including the use of cookies or similar technologies, in particular in the cookie policy for individual services.

Typically, this data itself is not personal data, but it may be considered personal if it identifies you along with other information. In this case, we shall apply to them all the principles and legal grounds for the processing of personal data set out in this Policy.

  1. Legal basis for personal data processing

Data for the purposes specified in point 3 let. a), MX Labs processes the data to the extent necessary to perform the contract to which you are a party or in order to take action at your request before concluding the contract – article 6(1)(b) of the GDPR.

Data for the purposes specified in point 3 let. a), to a greater extent than necessary to perform the contract, MX Labs processes on the basis of consent – article 6 (1) (a) and article 9 (2) (a) of the GDPR.

For the purposes set out in point 3 let. b), MX Labs processes the data on the basis of consent to share data –  article 6(1)(a) of the GDPR.

Data for the purposes specified in point 3 let. c), MX Labs processes it when it is necessary for the purposes of pursuing the legitimate interests of MX Labs and third parties – article 6(1)(f) of the GDPR. Above-mentioned legitimate interests include the need to constantly improve the availability and attractiveness of services, increase the availability and number of users of the MX Labs’s and its partners’ services.

Data for the purposes specified in point 3 let. d), MX Labs processes it when it is necessary for the purposes of pursuing its legitimate interests – article 6(1)(f) of the GDPR. Above-mentioned legitimate interests include the need to continuously improve the quality, functionality and security of MX Labs services, increase the availability and number of users of MX Labs’s services.

Data for the purposes specified in point 3 let. e), MX Labs processes when it is necessary for the purposes of pursuing its legitimate interests – article 6(1)(f) of the GDPR. Above-mentioned interests include protecting MX Labs rights related to possible claims.

  1. Who may access your Data?

Within our organization your Data shall be disclosed only to our personnel which need to know such Data for carrying out their work and shall be subject to strict rules. We may disclose your Data to our affiliates (companies controlled by MX Labs) and their personnel. We do not have other recipients of your personal data.

If you agree to this, using the Application, your personal data, including the results of your tests, that have been added in the Application, may be transferred to third parties selected by you, which are separate data administrators.

MX Labs shall not transfer any personal data to a third country (outside EU) or international organization.

  1. How long are we store your personal data ?

We shall store your personal data until you delete your account in the Application.

No data will be processed if you have withdrawn your consent or have objected to such processing. In this case, the period for which personal data will be stored ends immediately and the data will be deleted or anonymized.

Some data may be processed longer if such processing is necessary to establish, exercise or defend claims.

  1. Informacje o Twoich prawach

Users whose personal data are processed by MX Labs have the following rights:

  1. a) to request access to their data,
  2. b) to request that their data are corrected,
  3. c) to request that their data are erased,
  4. d) to request that their data are transferred,
  5. e) to request that the processing of their data is limited,
  6. f) to not be subject to automated decision-making, including profiling,
  7. g) to file an objection to the processing of their data,
  8. h) to withdraw consent at any time (without affecting the legality of the processing performed on the basis of consent before its withdrawal),
  9. a) to file a complaint with respect to data processing with the appropriate supervisory body.

Should you have any queries, comments or request for your rights as above, please contact the data controller at data@mxlabs.ai or our Data Protection Officer at dpo@stsk.pl.

W celu przyspieszenia procedury rozpatrywania wniosku możesz doprecyzować swoje żądanie, np. wskazując, co chcesz usunąć lub zmienić. W przypadku braku jednoznacznego oświadczenia co do zakresu danych osobowych do usunięcia, MX Labs może skontaktować się z Tobą w celu potwierdzenia szczegółów Twojego żądania. Odpowiemy na wyżej wymienione żądanie niezwłocznie, najpóźniej w ciągu miesiąca, a jeśli okaże się to niemożliwe, podamy powody.

In order to speed up the procedure of examining the request, you may clarify your request, e.g. by indicating what you wish to delete or change, or you do not want to receive news or other commercial information. In the absence of an unequivocal statement as to the scope of personal data to be erased, We may contact you in order to confirm details of your request. We shall respond to the aforementioned request immediately, at the latest within a month, and should that prove impossible, we shall give the reasons therefor.

Please pay attention however, that erasure of all your data may be technically impossible if such data is connected with your accounts in other services, in particular with external entities providing medical services.

Also remember that use of the Application requires your Data to be processed as described herein. If you do not accept processing of your Data, you should cease using the Application. If you object to processing of your Data, request the Data to be erased or request that we stop processing your Data, as a result you may not be (depending on the type of Data and the type of Services) able to use the Application. If you file an objection to the processing of data or withdraw your consent to processing of certain Data, you may not be able to use the full functionality of the Services or even may not be able to use the Services at all.

If you consider your rights to be violated or your personal data processing rules infringed, you are entitled to file a complaint with relevant supervisory authority. You may lodge a complaint with any personal data protection authority in a EU member state.

□ I have read the Terms and Conditions of the Shen Health Mobile Application and accept them.

I consent to the processing of my personal health information in order to use the Shen Health Mobile Application.

I agree to receive commercial information regarding the products and services of MX Labs OÜ by electronic means to my e-mail address.

I agree to receive electronically to my e-mail address commercial information regarding products and services of MX Labs OÜ Partners, the list of which is available at the link.

I understand that I can withdraw my consent at any time. Withdrawal of consent does not affect the lawfulness of the processing that was made on the basis of consent before its withdrawal.