Privacy Policy

Last updated April 15th, 2021
We respect your privacy rights, care about Your Personal Data, and do Our best endeavors to protect it. So we provide this Privacy Policy (can also be referred to as Policy) to explain You how we collect, manage, use and protect your Personal Data. Please read carefully this Policy together with the Terms of Use and Cookie Policy. Unless otherwise defined all of the terms in this Privacy Policy have the same meaning as in the Terms of Use. Mestory is committed to maintaining the confidentiality, integrity and security of any personal information about our users. This Privacy & Security Policy explains how we protect personal information provided through our website mestory.io (the "Site") and how we use that information in connection with our service offered through the Site and Application (the "Service"). "Personal information" for purposes of this Policy means information that identifies you, such as your name, address, phone number, fax number or email address. Mestory stresses its privacy and security standards to guard against identity theft and provide security for your personal information. We regularly re-evaluate our privacy and security policies and adapt them as necessary to deal with new challenges.
About us
Operator of this service and responsible person in the sense of the General Data Protection Regulation (GDPR) is: Mestory, Inc., a company incorporated in the USA, which registered address is 16192 Coastal Highway, Lewes, Delaware 19958 USA. (referred to as the “Mestory” as well as “Service”, “Application”, “Site”, “we”, “us” etc.) Mestory, Inc. is acting as a controller of the Mestory Individual Users’ Personal Data. For the purpose of this clause the term “Individual User” shall mean any natural person, who visits our Site and/or uses Our Services. If You have any questions related to your privacy, please contact us hello@mestory.io
Core principles
  • With this Privacy Policy we would like to inform you how we process personal data while providing you with the service. The protection of your privacy is of the utmost importance to us, which is why it goes without saying that we comply with the statutory provisions on data protection.
  • By using the services, you consent to the collection, use and transfer of your personal data for processing as Described in this privacy policy and our terms of use.
  • Users of the Services and the Application should note that all data processing and storage, including registration, is hosted on servers in the USA.
  • By agreeing to using our Services and providing information to us, you consent to the transfer to and processing of the information to us and, unless otherwise stated in this Privacy Policy, we use this consent as the legal ground for that data transfer. When collecting your Personal Data, you may be asked for your explicit consent to this data transfer as part of account creation.
  • Please read this Privacy Policy carefully, as your access to and use of the Services signifies that you have read, understand and agree to all terms within this Privacy Policy. If you do not agree with any part of this Privacy Policy or our Terms of Use, please do not access or continue to use any of the Services or otherwise submit your Personal Data.
What Data is Being Logged by Default
To ensure the technical functionality and presentation of our System and our Service, to clarify security incidents and to monitor technical malfunctions or attacks, we collect the standard data necessary for this. You can use all areas of our Website and the System that do not require access authorization without having to disclose any personal data. When you visit our Website, so-called log files (activity logs) are automatically transmitted to our servers. As a general rule, this is not personal data and this information is not mixed with other data processed by us.
  • Log Files
  • Time and date of the page visit
  • Information about user activity and transferred data volume
  • Server Logs
We may create de-identified or anonymous data from Personal Data by excluding data components (such as your name, email address, or linkable tracking ID) that makes the data personally identifiable to you, through anonymization or through other means. Our use of anonymized and de-identified data is not subject to this Privacy Policy.
Data Provision Stipulated or Required
The provision of Personal Data is necessary and obligatory. Without the transmission of technically necessary information the presentation and functionality of our System and Services is not guaranteed.
Additional Information
Our Services are not specifically aimed at children and teenagers under the age of 18. A transfer of personal data to us should not take place without the consent of parents. If we become aware that a child has submitted information to Mestory, we delete this information immediately. We encourage parents to instruct their children to never give out their real names, addresses, or phone numbers, without permission, when using the Internet. Our Web site or system may contain links to other websites or applications for whose content, function and compliance we are not responsible. Please inform yourself about the data protection regulations of the respective web pages with the respective operators.
Data Retention
We will retain your Personal Data for as long as you maintain an Account or as otherwise necessary to provide you the Services. We will also retain your Personal Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. When we no longer need to process your Personal Data for the purposes set out in this Privacy Policy, we will delete your Personal Data from our systems. Where permissible, we will also delete your Personal Data upon your written request to the Support Service email support@mestory.io. If you have questions about our data retention practices, please contact us via email hello@mestory.io.
Security
We implement appropriate technical and organizational measures to protect against unauthorized or unlawful processing of Personal Data and against accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Personal Data. Please be advised, however, that we cannot fully eliminate security risks associated with the storage and transmission of Personal Data.
Legal Basis for Data Processing
The General Data Protection Regulation (GDPR) provides various legal bases on which personal data can be legally processed. We base the processing of your data on the following legal principles:
  • Your consent, if you have given us such consent (Art. 6 para. 1 lit. a) GDPR)
  • the initiation or execution of a contract with you (Art. 6 para. 1 lit. b) GDPR)
  • the fulfilment of a legal obligation (Art. 6 para. 1 lit. c) GDPR)
Storage Period of the Collected Data We store your data,
  • if you have consented to the processing at most until you revoke your consent;
  • if we need the data for the execution of a contract, at the most as long as the contractual relationship with you exists or legal retention periods run;
  • if we use the data on the basis of a justified interest, at the most as long as your interest in deletion or anonymization does not prevail;
  • if legal (e.g. commercial code, tax code) exist, until the end of these storage obligations. Data Sources
Along with data received from you, they will come from the following sources, which may partly be publicly accessible:
  • from your Devices
  • from Third Parties
The list of the data received:
For the User: name, surname, sex, date of birth, weight, height, blood type, Rh factor, fact of blood transfusion, phone number, email, address, working profession, allergy list, list of injuries, list of surgical operations, list of vaccines made, date of registration in the System, first visit date, discharge date, sessions time and date, applicable language, applicable theme mode, total active System time, agreement for the newsletter receipt. The data consisting of email – are the required fields mandatory for provision of the Service, the rest of the fields are optional.
Your Rights as a Data Subject
As a data subject within the meaning of the General Data Protection Regulation (GDPR), you have the right to do so:
  • to request free information about the processing of your data and to receive a copy of your personal data. You may request information on, among other things, the purposes of the processing, the categories of personal data to be processed, the recipients of the data (if disclosed), the duration of the retention or the criteria for determining the duration;
  • to correct your data. If your personal data are incomplete, you have the right to complete them, taking into account the purposes for which they are processed;
  • delete or block your data. Reasons for the existence of a cancellation/blocking claim can include, among others: a) the revocation of the consent on which the processing is based, b) the data subject objects to the processing, c) the personal data have been processed unlawfully;
  • to restrict the processing;
  • to object to the processing of your data;
  • to revoke your consent to the processing of your data for the future and
  • to complain to the competent supervisory authority about unauthorized data processing.
In Which Cases Your Data Will Be Forwarded
For the operation of our online presence, our System and our Service we cooperate with various service providers. In addition, your data will be passed on to parties that are unavoidable for the fulfilment of contractual obligations or where there is a legal obligation to pass them on.
Residents of the European Economic Area and the United Kingdom
You may choose not to provide us with your Personal Data. However, if you choose not to provide your Personal Data, you may not be able to enjoy the Services.
How to exercise your rights
Mestory takes steps to keep your Personal Data accurate and up to date. If you reside in the European Economic Area, you have certain rights to the Personal Data that we have collected about you. To exercise your rights to your Personal Data, please contact us through our Support Service. We will respond to reasonable requests as soon as practicable, and in any event, within the time limits prescribed by law.
You have the following rights
Right of access to your Personal Data (Art. 15 GDPR): You have the right to ask us for confirmation on whether we are processing your Personal Data, and access to the Personal Data and related information on that processing (e.g., the purposes of the processing, or the categories of Personal Data involved). Right to correction (Art. 16 GDPR): You have the right to have your Personal Data corrected, as permitted by law. Right to erasure (Art. 17 GDPR): You have the right to ask us to delete your Personal Data, as permitted by law. This right may be exercised among other things: (i) when your Personal Data is no longer necessary for the purposes for which it was collected or otherwise processed; (ii) when you withdraw consent on which processing is based according to Art. 6 (1) (a) or Art. 9 (2) (a) GDPR and where there is no other legal ground for processing; (iii) when you object to processing pursuant to Art. 21 (1) GDPR and there are no overriding legitimate grounds for the processing, or when you object to the processing pursuant to Art. 21 (2) GDPR; or, (iv) when your Personal Data has been unlawfully processed. Right to restriction of processing (Art. 18 GDPR): You have the right to request the limiting of our processing under limited circumstances, including: when the accuracy of your Personal Data is contested; when the processing is unlawful and you oppose the erasure of your Personal Data and request the restriction of the use of your Personal Data instead; or when you have objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of the Raccoon override your grounds. Right to data portability (Art. 20 GDPR): You have the right to receive the Personal Data that you have provided to us, in a structured, commonly used and machine-readable format, and you have the right to transmit that information to another controller, including to have it transmitted directly, where technically feasible. Right to object (Art. 21 GDPR): You have the right to object to our processing of your Personal Data, as permitted by law. This right is limited to processing based on Art. 6 (1) (e) or (f) GDPR, and includes profiling based on those provisions, and processing for direct marketing purposes. After which, we will no longer process your Personal Data unless we can demonstrate compelling legitimate grounds for the processing that override your interests, rights and freedoms or for the establishment, exercise or defence of legal claims.
How we may disclose your Personal Data
The GDPR and national laws of European Union member states implementing the Regulation permit the sharing of Personal Data relating to users who are residents of the European Economic Area with third parties only under certain circumstances. If you reside in the European Economic Area, we will only share your Personal Data as described in our Privacy Policy under the cl. 2.5 if we are permitted to do so under applicable European and national data protection laws and regulations.
Marketing communications
Where we are legally required to do so, we ask you for your prior consent before providing you with promotional materials or information. When required by local law, when marketing consent is obtained, we use the double-opt-in method (confirmation of your email address by email before sending you promotional messages) in order to verify your consent. You may revoke your consent at any time (this will not affect the processing of your Personal Data undertaken until the revocation). If you want to stop receiving promotional materials, etc., you can do so at any time as outlined in this Privacy Policy.
Additional use of Personal Data
Additional use of your Personal Data that is not described in this Privacy Policy will only take place as required by statute or when we have obtained your consent.
Legal Basis for Processing under the GDPR
In this section we provide information on the legal basis for our processing of your Personal Data as required by Art. 13 and 14 of the GDPR: When you register for an account or interact with our Services, such processing is necessary for the performance of our Services, Art. 6 (1) (b) GDPR. With regard to other non-sensitive Personal Data, we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is to enhance our Services. When you communicate with us or sign up for promotional materials, we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is to provide you with our promotional messages. Where we are required under applicable local law to obtain your consent for sending you marketing information, the legal basis is your consent, Art. 6(1)(a) GDPR. With regard to other Personal Data, we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is to enhance your experience and to improve our Services. When you connect with us through social media: Where we collect your consent in such case, for instance for marketing purposes, we process such data on the basis of your prior consent, Art. 6 (1) (a) GDPR. Where we do not collect your consent in such case, we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is providing you with better Services and to enable you to use the full range of our Services (Art. 6 (1) (f) GDPR). When we collect data from third parties or publicly-available sources: For Personal Data which we need in order to perform the Services (e.g. for email verification purposes), such processing is necessary for the performance of our Services, Art. 6 (1) (b) GDPR. With regard to other Personal Data, we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is providing you with better Services and to enable you to use our Services more efficiently. When we leverage and/or collect cookies, device IDs, Location Data, data from the environment, and other tracking technologies, we process such data on the basis of your consent, Art. 6 (1) (a) GDPR, and based on our legitimate interest, Art. 6 (1) (f) GDPR, where we do not obtain your consent and our legitimate interest is to provide you with better Services or marketing. When we aggregate or centralize data, such processing is either necessary for the performance of our Services, Art. 6 (1) (b) GDPR, or we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is to provide you with better or customized Services and marketing. When we disclose Personal Data to our affiliates and partners, and to our service providers and vendors: Where we collect your consent in such a case, we process such data on the basis of your prior consent, Art. 6 (1) (a) GDPR Where we do not collect your consent in such cases, such processing is necessary for the performance of our Services, Art. 6 (1) (b) GDPR, or we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is to provide you with better Services and marketing. When we process or share Personal Data in the event of an actual or contemplated sale, we process such data for our legitimate interest in offering, maintaining, providing, and improving our Services, Art. 6 (1) (f) GDPR). When we conduct analytics, we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is to enhance your experience and to develop and improve our Services. When we investigate suspected illegal or wrongful activity, we process such data on the basis of our legitimate interest, Art. 6 (1) (f) GDPR, and our legitimate interest is to ensure compliance with legal requirements and law enforcement requests and for public safety purposes. Right to lodge a complaint before the Data Protection Authority We encourage you to contact us directly and allow us to work with you to address your concerns. Nevertheless, you have the right to lodge a complaint with a competent data protection supervisory authority, in particular in the EU Member State where you reside, work or the place of the alleged infringement. You have the right to do so if you consider that the processing of Personal Data relating to you infringes applicable data protection laws.
Your privacy is not for sale
Simply put, we do not and will not sell or rent your personal information to anyone, for any reason, at any time. Mestory uses and discloses your personal information only as follows:
  • to provide the Service;
  • to analyze site usage and improve the Service;
  • for internal system administration;
  • to deliver to you any administrative notices, health alerts and communications relevant to your use of the Service;
  • to fulfill your requests for certain products and services;
  • for market research, project planning, troubleshooting problems, detecting and protecting against error, fraud or other criminal activity;
  • to third-party contractors that provide services to Mestory and are bound by these same privacy restrictions;
  • to enforce Mestory’s Terms of Use;
  • and as otherwise set forth in this Privacy and Security Policy.
We limit the collection and use of personal information
Certain areas and features of mestory.io are available to you without registration or the need to provide to us any information. However, other features of the Site or the Service may require registration, which involves provision to Mestory of an email address, a password and a username (collectively the “Registration Information”). In order to benefit from the full functionality of the Service, you also must provide your third-party health portal credentials (“Portal Credentials”) to allow Mestory to access your health data at those other healthcare providers institutions (“Portal Information”) for your use. From time to time we may request other personal information to provide you with other benefits of the Service. In all such instances, you will be given the opportunity to provide or to decline to provide that information, and it will be used only for the stated purpose. Mestory may make anonymous or aggregate personal information and disclose such data only in a non-personally identifiable manner to: Organizations approved by Mestory that conduct research into health; and Users of the Service for purposes of comparison of their personal health situation relative to the broader community. Such information does not identify you individually. Access to your Registration Information, Portal Credentials, Portal Information and any other personal information you provide is strictly restricted and used in accordance with specific internal procedures and safeguard governing access, in order to operate, develop or improve the Service. These individuals have been selected in accordance with our security policies and practices and are bound by confidentiality obligations. They may be subject to discipline, including termination and criminal prosecution, if they fail to meet these obligations.
Changes to your registration information
If your Registration Information changes during your subscription to Mestory, you may update it any time via the Service.
Online session information and use is only used to improve your experience
When you visit mestory.io, we may collect technical and navigational information, such as computer browser type, Internet protocol address, pages visited, and average time spent on our Site. This information may be used, for example, to alert you to software compatibility issues, or it may be analyzed to improve our Web design and functionality. “Cookies” are alphanumeric identifiers in the form of text files that are inserted and stored by your Web browser on your computer’s hard drive. mestory.io may set and access cookies on your computer to track and store preferential information about you. mestory.io may gather information about you through cookie technology. Please note that most Internet browsers will allow you to stop cookies from being stored on your computer and to delete cookies stored on your computer. If you choose to eliminate cookies, the full functionality of the Service may be impaired for you. We encode our cookies so that only we can interpret the information stored in them. Web beacons are images embedded in a Web page or email for the purpose of measuring and analyzing site usage and activity. mestory.io, or third party service providers acting on our behalf, may use Web beacons to help us analyze Site usage and improve the Service. We may use third party service providers to help us analyze certain online activities. For example, these service providers may help us measure the performance of our online campaigns or analyze visitor activity on mestory.io. We may permit these service providers to use cookies and other technologies to perform these services for mestory.io. We do not share any personal information about our customers with these third party service providers, and these service providers do not collect such information on our behalf. Our third party service providers are required to comply fully with this Privacy and Security Policy.
You can transport or delete your data
Your data is yours. You can remove it anytime you want. When you request us to delete your account for the Service, your data will be permanently expunged from our primary production servers and further access to your account will not be possible. We will also promptly disconnect any connection we had established to your Portal Information and delete all portal credentials.
Email communications from us
From time to time we may provide our registered customers with email alerts or email newsletters. Mestory subscribers have the ability to opt-out of receiving our promotional emails and to terminate their newsletter subscriptions by following the instructions in the emails. Opting out in this manner will not end transmission of service-related emails, such as email alerts.
International users
We maintain information in USA and in accordance with the laws of USA, which may not provide the same level of protection as the laws in your jurisdiction. By using the Services and providing us with information, you understand and agree that your information may be transferred to and stored on servers located outside your resident jurisdiction and, to the extent you are a resident of a country other than USA, that you consent to the transfer of such data to USA for processing by us in accordance with this Privacy Policy. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.
Children’s privacy
Our Service does not address anyone under the age of 18 ("Children"). We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and you are aware that your Child has provided us with Personal Data, please contact us at hello@mestory.io. If we become aware that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers as soon as possible.
Your data is secure
We use a combination of firewall barriers, encryption techniques and authentication procedures, among others, to maintain the security of your online session and to protect Mestory accounts and systems from unauthorized access. When you register for the Service, mestory.io requires a password from you for your privacy and security. Mestory transmits information such as your Registration Information for mestory.io or Portal Credentials securely. Our servers are in a secure facility. Our databases are protected from general employee access both physically and logically. We encrypt your Service password so that your password cannot be recovered, even by us. All backup drives and tapes also are encrypted.
Our service ensures secure communications with encryption
From the time you submit your Login ID and Password, these communications between your computer and mestory.io are encrypted. This enables client and server applications to communicate in a way that is designed to prevent eavesdropping, tampering and message forgery.
We post updates on our website whenever there is a change to our privacy and security policy
We update this Privacy & Security Policy periodically. The date last revised appears at the top of the Policy. Changes take effect immediately upon posting.
Contact us if you have any questions or concerns
If you have questions, comments, concerns or feedback regarding this Privacy and Security Policy or any other privacy or security concern, send an e-mail to legal@mestory.io.
For any other questions and concerns you may have, please contact us by email: hello@mestory.io
The property of the mobile application and website mestory.io belongs to:
Mestory, Inc. located at
16192 Coastal Highway,
Lewes, Delaware 19958 USA.