Last updated April 15th, 2021
We respect your privacy rights, care about Your Personal Data, and do Our best endeavors to protect it.
and protect your Personal Data.
Mestory is committed to maintaining the confidentiality, integrity and security of any personal information
our users. This Privacy & Security Policy explains how we protect personal information provided through our
(the "Site") and how we use that information in connection
with our service offered through
Site and Application (the "Service"). "Personal information" for purposes of this Policy means information that
identifies you, such as your name, address, phone number, fax number or email address.
Mestory stresses its privacy and security standards to guard against identity theft and provide security for
personal information. We regularly re-evaluate our privacy and security policies and adapt them as necessary to
deal with new challenges.
Operator of this service and responsible person in the sense of the General Data Protection Regulation (GDPR) is:
Mestory, Inc., a company incorporated in the USA, which registered address is 16192
Coastal Highway, Lewes, Delaware 19958 USA. (referred to as the “Mestory” as well as “Service”, “Application”,
“Site”, “we”, “us” etc.)
Mestory, Inc. is acting as a controller of the Mestory Individual Users’ Personal Data.
For the purpose of this clause the term “Individual User” shall mean any natural person, who visits our Site
and/or uses Our Services.
If You have any questions related to your privacy, please contact us firstname.lastname@example.org
service. The protection of your privacy is of the utmost importance to us, which is why it goes without saying
that we comply with the statutory provisions on data protection.
By using the services, you consent to the collection, use and transfer of your personal data for processing as
Users of the Services and the Application should note that all data processing and storage, including
registration, is hosted on servers in the USA.
By agreeing to using our Services and providing information to us, you consent to the transfer to and
ground for that data transfer. When collecting your Personal Data, you may be asked for your explicit consent
this data transfer as part of account creation.
submit your Personal Data.
What Data is Being Logged by Default
To ensure the technical functionality and presentation of our System and our Service, to clarify security
incidents and to monitor technical malfunctions or attacks, we collect the standard data necessary for this. You
can use all areas of our Website and the System that do not require access authorization without having to
disclose any personal data.
When you visit our Website, so-called log files (activity logs) are automatically transmitted to our servers. As a
general rule, this is not personal data and this information is not mixed with other data processed by us.
- Log Files
- Time and date of the page visit
- Information about user activity and transferred data volume
- Server Logs
We may create de-identified or anonymous data from Personal Data by excluding data components (such as your name,
email address, or linkable tracking ID) that makes the data personally identifiable to you, through anonymization
Data Provision Stipulated or Required
The provision of Personal Data is necessary and obligatory. Without the transmission of technically necessary
information the presentation and functionality of our System and Services is not guaranteed.
Our Services are not specifically aimed at children and teenagers under the age of 18. A transfer of personal data
to us should not take place without the consent of parents. If we become aware that a child has submitted
information to Mestory, we delete this information immediately. We encourage parents to instruct their children to
never give out their real names, addresses, or phone numbers, without permission, when using the Internet.
Our Web site or system may contain links to other websites or applications for whose content, function and
compliance we are not responsible. Please inform yourself about the data protection regulations of the respective
web pages with the respective operators.
We will retain your Personal Data for as long as you maintain an Account or as otherwise necessary to provide you
the Services. We will also retain your Personal Data as necessary to comply with our legal obligations, resolve
disputes, and enforce our agreements.
delete your Personal Data from our systems.
Where permissible, we will also delete your Personal Data upon your written request to the Support Service email
If you have questions about our data retention practices, please contact us via email email@example.com
We implement appropriate technical and organizational measures to protect against unauthorized or unlawful
processing of Personal Data and against accidental or unlawful destruction, loss, alteration, unauthorized
disclosure of, or access to Personal Data. Please be advised, however, that we cannot fully eliminate security
risks associated with the storage and transmission of Personal Data.
Legal Basis for Data Processing
The General Data Protection Regulation (GDPR) provides various legal bases on which personal data can be legally
processed. We base the processing of your data on the following legal principles:
- Your consent, if you have given us such consent (Art. 6 para. 1 lit. a) GDPR)
- the initiation or execution of a contract with you (Art. 6 para. 1 lit. b) GDPR)
- the fulfilment of a legal obligation (Art. 6 para. 1 lit. c) GDPR)
Storage Period of the Collected Data We store your data,
- if you have consented to the processing at most until you revoke your consent;
if we need the data for the execution of a contract, at the most as long as the contractual relationship
exists or legal retention periods run;
if we use the data on the basis of a justified interest, at the most as long as your interest in deletion
anonymization does not prevail;
if legal (e.g. commercial code, tax code) exist, until the end of these storage obligations.
Along with data received from you, they will come from the following sources, which may partly be publicly
- from your Devices
- from Third Parties
The list of the data received:
For the User: name, surname, sex, date of birth, weight, height, blood type, Rh factor, fact of blood transfusion,
phone number, email, address, working profession, allergy list, list of injuries, list of surgical operations,
list of vaccines made, date of registration in the System, first visit date, discharge date, sessions time and
date, applicable language, applicable theme mode, total active System time, agreement for the newsletter receipt.
The data consisting of email – are the required fields mandatory for provision of the Service, the rest of the
fields are optional.
Your Rights as a Data Subject
As a data subject within the meaning of the General Data Protection Regulation (GDPR), you have the right to do
to request free information about the processing of your data and to receive a copy of your personal data.
may request information on, among other things, the purposes of the processing, the categories of personal
be processed, the recipients of the data (if disclosed), the duration of the retention or the criteria for
determining the duration;
to correct your data. If your personal data are incomplete, you have the right to complete them, taking into
account the purposes for which they are processed;
delete or block your data. Reasons for the existence of a cancellation/blocking claim can include, among
a) the revocation of the consent on which the processing is based, b) the data subject objects to the
c) the personal data have been processed unlawfully;
- to restrict the processing;
- to object to the processing of your data;
- to revoke your consent to the processing of your data for the future and
- to complain to the competent supervisory authority about unauthorized data processing.
In Which Cases Your Data Will Be Forwarded
For the operation of our online presence, our System and our Service we cooperate with various service providers.
In addition, your data will be passed on to parties that are unavoidable for the fulfilment of contractual
obligations or where there is a legal obligation to pass them on.
Residents of the European Economic Area and the United Kingdom
You may choose not to provide us with your Personal Data. However, if you choose not to provide your Personal
Data, you may not be able to enjoy the Services.
How to exercise your rights
Mestory takes steps to keep your Personal Data accurate and up to date. If you reside in the European Economic Area,
you have certain rights to the Personal Data that we have collected about you. To exercise your rights to your
Personal Data, please contact us through our Support Service. We will respond to reasonable requests as soon as
practicable, and in any event, within the time limits prescribed by law.
You have the following rights
Right of access to your Personal Data (Art. 15 GDPR): You have the right to ask us for confirmation on whether we
are processing your Personal Data, and access to the Personal Data and related information on that processing
(e.g., the purposes of the processing, or the categories of Personal Data involved).
Right to correction (Art. 16 GDPR): You have the right to have your Personal Data corrected, as permitted by law.
Right to erasure (Art. 17 GDPR): You have the right to ask us to delete your Personal Data, as permitted by law.
This right may be exercised among other things: (i) when your Personal Data is no longer necessary for the
purposes for which it was collected or otherwise processed; (ii) when you withdraw consent on which processing is
based according to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR and where there is no other legal ground for processing;
(iii) when you object to processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds
for the processing, or when you object to the processing pursuant to Art. 21 (2) GDPR; or, (iv) when your Personal
Data has been unlawfully processed.
Right to restriction of processing (Art. 18 GDPR): You have the right to request the limiting of our processing
under limited circumstances, including: when the accuracy of your Personal Data is contested; when the processing
is unlawful and you oppose the erasure of your Personal Data and request the restriction of the use of your
Personal Data instead; or when you have objected to processing pursuant to Art. 21 (1) GDPR pending the
verification whether the legitimate grounds of the Raccoon override your grounds.
Right to data portability (Art. 20 GDPR): You have the right to receive the Personal Data that you have provided
to us, in a structured, commonly used and machine-readable format, and you have the right to transmit that
information to another controller, including to have it transmitted directly, where technically feasible.
Right to object (Art. 21 GDPR): You have the right to object to our processing of your Personal Data, as permitted
by law. This right is limited to processing based on Art. 6 (1) (e) or (f) GDPR, and includes profiling based on
those provisions, and processing for direct marketing purposes. After which, we will no longer process your
Personal Data unless we can demonstrate compelling legitimate grounds for the processing that override your
interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
How we may disclose your Personal Data
The GDPR and national laws of European Union member states implementing the Regulation permit the sharing of
Personal Data relating to users who are residents of the European Economic Area with third parties only under
certain circumstances. If you reside in the European Economic Area, we will only share your Personal Data as
national data protection laws and regulations.
Where we are legally required to do so, we ask you for your prior consent before providing you with promotional
materials or information. When required by local law, when marketing consent is obtained, we use the double-opt-in
method (confirmation of your email address by email before sending you promotional messages) in order to verify
your consent. You may revoke your consent at any time (this will not affect the processing of your Personal Data
undertaken until the revocation). If you want to stop receiving promotional materials, etc., you can do so at any
Additional use of Personal Data
by statute or when we have obtained your consent.
Legal Basis for Processing under the GDPR
In this section we provide information on the legal basis for our processing of your Personal Data as required by
Art. 13 and 14 of the GDPR:
When you register for an account or interact with our Services, such processing is necessary for the performance
of our Services, Art. 6 (1) (b) GDPR.
With regard to other non-sensitive Personal Data, we process such data on the basis of our legitimate interest,
Art. 6 (1) (f) GDPR, and our legitimate interest is to enhance our Services.
When you communicate with us or sign up for promotional materials, we process such data on the basis of our
legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is to provide you with our promotional
messages. Where we are required under applicable local law to obtain your consent for sending you marketing
information, the legal basis is your consent, Art. 6(1)(a) GDPR.
With regard to other Personal Data, we process such data on the basis of our legitimate interest, Art. 6 (1) (f)
GDPR, and our legitimate interest is to enhance your experience and to improve our Services.
When you connect with us through social media:
Where we collect your consent in such case, for instance for marketing purposes, we process such data on the basis
of your prior consent, Art. 6 (1) (a) GDPR.
Where we do not collect your consent in such case, we process such data on the basis of our legitimate interest,
Art. 6 (1) (f) GDPR, and our legitimate interest is providing you with better Services and to enable you to use
the full range of our Services (Art. 6 (1) (f) GDPR).
When we collect data from third parties or publicly-available sources:
For Personal Data which we need in order to perform the Services (e.g. for email verification purposes), such
processing is necessary for the performance of our Services, Art. 6 (1) (b) GDPR.
With regard to other Personal Data, we process such data on the basis of our legitimate interest, Art. 6 (1) (f)
GDPR, and our legitimate interest is providing you with better Services and to enable you to use our Services more
When we leverage and/or collect cookies, device IDs, Location Data, data from the environment, and other tracking
technologies, we process such data on the basis of your consent, Art. 6 (1) (a) GDPR, and based on our legitimate
interest, Art. 6 (1) (f) GDPR, where we do not obtain your consent and our legitimate interest is to provide you
with better Services or marketing.
When we aggregate or centralize data, such processing is either necessary for the performance of our Services,
Art. 6 (1) (b) GDPR, or we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our
legitimate interest is to provide you with better or customized Services and marketing.
When we disclose Personal Data to our affiliates and partners, and to our service providers and vendors:
Where we collect your consent in such a case, we process such data on the basis of your prior consent, Art. 6 (1)
Where we do not collect your consent in such cases, such processing is necessary for the performance of our
Services, Art. 6 (1) (b) GDPR, or we process such data on the basis of our legitimate interest, Art. 6 (1) (f)
GDPR, and our legitimate interest is to provide you with better Services and marketing.
When we process or share Personal Data in the event of an actual or contemplated sale, we process such data for
our legitimate interest in offering, maintaining, providing, and improving our Services, Art. 6 (1) (f) GDPR).
When we conduct analytics, we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and
our legitimate interest is to enhance your experience and to develop and improve our Services.
When we investigate suspected illegal or wrongful activity, we process such data on the basis of our legitimate
interest, Art. 6 (1) (f) GDPR, and our legitimate interest is to ensure compliance with legal requirements and law
enforcement requests and for public safety purposes.
Right to lodge a complaint before the Data Protection Authority
We encourage you to contact us directly and allow us to work with you to address your concerns. Nevertheless, you
have the right to lodge a complaint with a competent data protection supervisory authority, in particular in the
EU Member State where you reside, work or the place of the alleged infringement. You have the right to do so if
you consider that the processing of Personal Data relating to you infringes applicable data protection laws.
Your privacy is not for sale
Simply put, we do not and will not sell or rent your personal information to anyone, for any reason, at any time.
Mestory uses and discloses your personal information only as follows:
- to provide the Service;
- to analyze site usage and improve the Service;
- for internal system administration;
to deliver to you any administrative notices, health alerts and communications relevant to your use of the
- to fulfill your requests for certain products and services;
for market research, project planning, troubleshooting problems, detecting and protecting against error,
fraud or other criminal activity;
to third-party contractors that provide services to Mestory and are bound by these same privacy
- and as otherwise set forth in this Privacy and Security Policy.
We limit the collection and use of personal information
Certain areas and features of mestory.io
are available to you without
registration or the need to provide to us
any information. However, other features of the Site or the Service may require registration, which involves
provision to Mestory of an email address, a password and a username (collectively the “Registration Information”).
In order to benefit from the full functionality of the Service, you also must provide your third-party health
portal credentials (“Portal Credentials”) to allow Mestory to access your health data at those other healthcare
providers institutions (“Portal Information”) for your use.
From time to time we may request other personal information to provide you with other benefits of the Service. In
all such instances, you will be given the opportunity to provide or to decline to provide that information, and it
will be used only for the stated purpose. Mestory may make anonymous or aggregate personal information and
disclose such data only in a non-personally identifiable manner to:
Organizations approved by Mestory that conduct research into health; and
Users of the Service for purposes of comparison of their personal health situation relative to the broader
Such information does not identify you individually. Access to your Registration Information, Portal Credentials,
Portal Information and any other personal information you provide is strictly restricted and used in accordance
with specific internal procedures and safeguard governing access, in order to operate, develop or improve the
Service. These individuals have been selected in accordance with our security policies and practices and are bound
by confidentiality obligations. They may be subject to discipline, including termination and criminal prosecution,
if they fail to meet these obligations.
Changes to your registration information
If your Registration Information changes during your subscription to Mestory, you may update it any time via the
Online session information and use is only used to improve your experience
When you visit mestory.io
, we may collect technical and navigational
information, such as computer browser type,
Internet protocol address, pages visited, and average time spent on our Site. This information may be used, for
example, to alert you to software compatibility issues, or it may be analyzed to improve our Web design and
“Cookies” are alphanumeric identifiers in the form of text files that are inserted and stored by your Web browser
on your computer’s hard drive. mestory.io
may set and access cookies on your
computer to track and store
preferential information about you. mestory.io
may gather information about you
through cookie technology. Please
note that most Internet browsers will allow you to stop cookies from being stored on your computer and to delete
cookies stored on your computer. If you choose to eliminate cookies, the full functionality of the Service may be
impaired for you.
We encode our cookies so that only we can interpret the information stored in them.
Web beacons are images embedded in a Web page or email for the purpose of measuring and analyzing site usage and
, or third party service providers acting on our behalf, may
use Web beacons to help us
analyze Site usage and improve the Service.
We may use third party service providers to help us analyze certain online activities. For example, these service
providers may help us measure the performance of our online campaigns or analyze visitor activity on mestory.io
. We do not share any personal information about our customers with
these third party service providers,
and these service providers do not collect such information on our behalf. Our third party service providers are
required to comply fully with this Privacy and Security Policy.
You can transport or delete your data
Your data is yours. You can remove it anytime you want. When you request us to delete your account for the
Service, your data will be permanently expunged from our primary production servers and further access to your
account will not be possible. We will also promptly disconnect any connection we had established to your Portal
Information and delete all portal credentials.
Email communications from us
From time to time we may provide our registered customers with email alerts or email newsletters. Mestory
subscribers have the ability to opt-out of receiving our promotional emails and to terminate their newsletter
subscriptions by following the instructions in the emails. Opting out in this manner will not end transmission of
service-related emails, such as email alerts.
We maintain information in USA and in accordance with the laws of USA, which may not provide the same level of
protection as the laws in your jurisdiction. By using the Services and providing us with information, you
understand and agree that your information may be transferred to and stored on servers located outside your
resident jurisdiction and, to the extent you are a resident of a country other than USA, that you consent to the
Our Service does not address anyone under the age of 18 ("Children").
We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a
parent or guardian and you are aware that your Child has provided us with Personal Data, please contact us at
. If we become aware that we have collected Personal Data from
children without verification of
parental consent, we take steps to remove that information from our servers as soon as possible.
Your data is secure
We use a combination of firewall barriers, encryption techniques and authentication procedures, among others, to
maintain the security of your online session and to protect Mestory accounts and systems from unauthorized access.
When you register for the Service, mestory.io
requires a password from you for
your privacy and security. Mestory
transmits information such as your Registration Information for mestory.io
Portal Credentials securely.
Our servers are in a secure facility.
Our databases are protected from general employee access both physically and logically. We encrypt your Service
password so that your password cannot be recovered, even by us. All backup drives and tapes also are encrypted.
Our service ensures secure communications with encryption
From the time you submit your Login ID and Password, these communications between your computer and mestory.io
encrypted. This enables client and server applications to communicate in a way that is designed to prevent
eavesdropping, tampering and message forgery.
We post updates on our website whenever there is a change to our privacy and security policy
We update this Privacy & Security Policy periodically. The date last revised appears at the top of the Policy.
Changes take effect immediately upon posting.
Contact us if you have any questions or concerns
If you have questions, comments, concerns or feedback regarding this Privacy and Security Policy or any other
privacy or security concern, send an e-mail to firstname.lastname@example.org
For any other questions and concerns you may have, please contact us by email: email@example.com
The property of the mobile application and website mestory.io
Mestory, Inc. located at
Lewes, Delaware 19958 USA.