Personal Data Processing Notice for Users of the MindX 360 Application
(MindX 360 App Privacy Policy)
pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR)
1. Who is the Controller and the Person Responsible for Personal Data Protection?
Controller
MindX, s. r. o., with its registered seat at Potočná 169/85, Skalica 909 01, Company ID No.: 57 359 016, registered in the Commercial Register of the District Court Trnava, Section: Sro, File No.: 61533/T (hereinafter the „Controller“ or also „we“ in the applicable form).
E-mail address: support@mindx360.eu
Website: www.mindx360.eu
Correspondence address for contacting the responsible person:
MindX, s. r. o., Potočná 169/85, Skalica 909 01
E-mail address: adam@mindx360.eu
2. In What Circumstances Do We Not Process the Personal Data of the Application User as a Controller?
If you use the MindX 360 application as a member of a sports club, association, or other organisation (hereinafter the „Club“) that has purchased a licence to use the platform from us (MindX 360 Core model), the legal position with respect to the processing of your personal data changes as follows:
- Who is your Controller: In this relationship, your Club acts as the Controller. It is the Club that determines the purposes and means of processing your data, typically for the purpose of training, care, and monitoring of your progress.
- Our position: Our company, MindX, s.r.o., acts in this relationship in the capacity of a processor for the purposes of GDPR. This means that we process your data exclusively on behalf of and pursuant to the instructions of the Club, and in accordance with the concluded data processing agreement (a so-called DPA). In this capacity, we do not make decisions concerning your data subject rights under Articles 15 to 21 GDPR and we are not directly authorised to provide you with copies of your data or to erase them. We therefore recommend that you contact your Club directly.
3. What Are the Purposes and Legal Bases for Processing Personal Data When Using the MindX 360 Application?
Personal data of users of the MindX 360 application (other than users within MindX 360 Core) may be processed for the following purposes:
| Purpose of personal data processing | Legal basis | Further explanation |
|---|---|---|
| 1. Provision of information society services and account management | Contract pursuant to Article 6(1)(b) GDPR and, additionally, explicit consent for processing of special category personal data pursuant to Article 9(2)(a) GDPR | This processing includes in particular: (i) creation and administration of the user account, (ii) assignment of a subscribed service package (Core, Premium, Elite) to a specific user, (iii) collection, creation, analysis and use of necessary data, including sensitive data relating to performance and health (e.g. HRV – heart rate variability) and neuro-analytical data of the data subject in support of his/her training process and improvement of athletic performance, (iv) detection of the data subject’s thought patterns using AI from the content of text questionnaires (not inference of emotions), (v) generation of overviews and reports and their sharing with designated users (e.g. club coach) based on the data subject’s authorisation, (vi) management of the user profile (name, e-mail, optionally telephone and address), (vii) processing of audio recordings and textual feedback from questionnaires using AI models (STT and LLM) in the MS Azure cloud, (viii) provision of advice and consultations by professional MindX 360 advisors through the application and video-conference calls. |
| 2. Security and stability of the application | Compliance with legal obligations pursuant to Article 6(1)(c) GDPR | This processing includes in particular: (i) identity and access management via MS Azure Entra (possibility of account deactivation or deletion), (ii) automatic collection of IP addresses within HTTP communication for the purposes of network security (server logs), (iii) securing communication via encrypted HTTPS protocol and protection of data „at rest“ on Azure servers, (iv) backup and restoration of data in the event of temporary loss or restricted accessibility. |
| 3. Accounting and tax purposes | Compliance with legal obligations pursuant to Article 6(1)(c) GDPR | This processing includes in particular: (i) recording, retention, and use of accounting documents pursuant to Section 35 of the Accounting Act, (ii) retention of invoices pursuant to Section 76(1) of the VAT Act, (iii) any processing of personal data necessary for the fulfilment of obligations of a tax payer pursuant to the Income Tax Act, (iv) any processing of personal data necessary for the fulfilment of obligations of a tax entity pursuant to applicable law. |
| 4. Establishment, exercise, and defence of legal rights and claims | Legitimate interest pursuant to Article 6(1)(f) GDPR | This processing includes in particular: (i) establishment, exercise, or defence of the legal claims of MindX through judicial or extra-judicial proceedings, including the securing of evidence regarding the manner in which the MindX 360 application was used by a specific person, (ii) resolution of disputes with users, business partners, or third parties, (iii) notification of certain facts and provision of assistance to public authorities (e.g. courts, police), (iv) demonstration of compliance with applicable laws and regulations (e.g. during inspections by supervisory authorities). |
| 5. Use of marketing analytics | Legitimate interest pursuant to Article 6(1)(f) GDPR | This processing is limited to internal analytics of the MindX 360 application without tracking across other applications or websites. It typically includes in particular: (i) measurement of the frequency and effectiveness of feedback submission before and after a match, (ii) use of push notifications to deliver personalised training recommendations to the application user, (iii) customisation of content based on preferences and key words selected by the athlete or application user, (iv) segmentation and profiling of application users for a better understanding of their needs and the manner in which they use the MindX 360 application in the context of maintaining their satisfaction. |
| 6. Direct marketing communications | Consent of the data subject pursuant to Article 6(1)(a) GDPR | This processing includes: (i) sending of newsletters exclusively to persons who have given their consent via the MindX 360 website. No third-party advertisements are displayed within the application itself, nor is data sold to advertising networks or any unauthorised third parties. |
| 7. Development, improvement, and testing of the application | Legitimate interest pursuant to Article 6(1)(f) GDPR | This processing encompasses activities throughout the entire software development life cycle (SDLC), including in particular: (i) technical design, coding, and testing of new functionalities and interfaces of the application prior to their deployment, (ii) identification and elimination of technical errors (so-called „bug fixing“) and optimisation of system performance and stability, (iii) improvement, training, and validation of artificial intelligence algorithms and models (e.g. LLM models) with the aim of enhancing the accuracy of analytical outputs, whereby data are pseudonymised or fully and permanently stripped of direct identifiers of data subjects to the maximum extent possible, (iv) analysis of user preferences and feedback for personalisation of content and improvement of user experience (UX/UI), (v) ensuring data integrity within the cloud infrastructure, (vi) testing and debugging of the system primarily using anonymous or fully synthetic data only; however, in cases of necessity, pseudonymised user data in a form without direct identifiers of data subjects may also be processed. |
| 8. Statistical purposes and scientific research | Legal bases stated above in connection with Article 89 GDPR | This processing includes the processing of aggregated and anonymised data on mental resilience and HRV trends for the purposes of internal research in the field of neuropsychology, without impact on the identity of a specific user, or any creation of anonymous aggregated statistical indicators and overviews that we will generate from the data of MindX 360 application users. Once anonymous statistics have been created, GDPR does not apply to their further processing in the context of scientific research. |
4. What Legitimate Interests Do We Pursue in Processing Personal Data?
When using the MindX 360 application, legitimate interest as a legal basis for processing personal data of users may be applied only to:
- Establishment, exercise, and defence of legal rights and claims
- Use of marketing analytics
- Development, improvement, and testing of the application
as described above. Data subjects (users) of the application have the right to object pursuant to Article 21 GDPR to such processing.
5. Is the Provision of Your Personal Data to the MindX 360 Application a Statutory or Contractual Requirement?
The provision of personal data to the MindX 360 application is not a statutory requirement. The use of the application is based on your free and voluntary decision.
From the perspective of contractual requirements, however, the situation is as follows:
- Contractual necessity: If you decide to use our services (Core, Premium, or Elite packages), the provision of basic data (e.g. e-mail for registration, name, payment details) is a necessary contractual requirement. Without this data, we are unable to create your account, assign your subscription, or ensure the proper functioning of the application in accordance with our General Terms and Conditions.
- Voluntary nature and consent: The provision of sensitive data, such as neuro-analytical tests or biometric data (HRV), is based exclusively on your express and voluntary consent. You may withdraw this consent at any time directly in the application settings.
- Legitimate interest: Where we process your data on the basis of our legitimate interest (e.g. for security, system stability, or improvement of algorithms), you are required to tolerate such processing. You are, however, entitled to object to it effectively at any time. Depending on the circumstances, this may result in a restriction of the processing, its termination, or – if our legitimate reasons outweigh your interests – the continuation of the processing. Details on the right to object are set out in a separate section below.
6. What Are the Consequences of a Potential Refusal to Provide Your Data?
Although the provision of data is voluntary, refusal to grant certain system permissions or (express) consents will result in a limitation of the features of the MindX 360 application. In practice, this means that the application will not be able to generate a neuro-analytical report for you, link HRV measurements with the optimisation of your training process, or provide sufficiently personalised training recommendations, thereby significantly reducing the added value of the services for which you are paying.
7. Is the MindX 360 Application a Digital Medical Device within the Meaning of EU Law?
No, the MindX 360 application is not a medical device within the meaning of the relevant Regulation of the European Parliament and of the Council (EU) on medical devices.¹
The information provided serves exclusively for the purpose of optimising athletic performance and mental resilience of the application’s users (fitness/wellness). The MindX 360 application does not under any circumstances provide any form of medical diagnosis, prevention, or treatment of diseases or injuries.
8. What Is the Source of Your Personal Data?
The MindX 360 application obtains some of your personal data directly from you upon registration; however, a substantial part of the data is generated only through your activity in the application or is produced by artificial intelligence algorithms (so-called inferred data).
In specific cases, the source of your personal data processed in the application may also be third parties, such as your sports club or trainer, or other persons. For the sake of full transparency, we provide below an overview of indirectly obtained categories of data and the sources of their collection, about which we are obliged to inform you pursuant to Article 14 GDPR:
| Specific data processed | Source of data collection | |
|---|---|---|
| Indirectly obtained data from third parties |
These are common categories of personal data relating to:
|
Sports clubs, trainers, or legal representatives. |
| Observed data |
These are special categories of personal data relating to the health and mental condition of the data subject:
|
|
| Inferred data |
These are special categories of personal data relating to the health and mental condition of the data subject:
These also include common categories of personal data, albeit still contextually sensitive, such as:
|
|
9. For How Long Do We Retain Your Personal Data?
If your personal data are processed within the MindX 360 Core service, decisions regarding their erasure are made by the Club. We ensure the complete erasure of all data of the Club only upon the termination of the provision of our services, subject to the conditions agreed in the so-called DPA with the Club.
Otherwise, we process your personal data for a maximum period until the purpose of their processing ceases to exist. Below we provide an overview of such periods in relation to individual purposes of personal data processing:
| Purpose of personal data processing | General maximum retention period |
|---|---|
| 1. Provision of information society services and account management | We will generally process personal data in the MindX 360 application for as long as you actively use it, up until the deletion of your account via the application (see privacy settings – „Delete account“ option). If you do not delete your account, we will delete it without undue delay following the termination of your subscription to our services. |
| 2. Security and stability of the application | Maximum of 1 year. |
| 3. Accounting and tax purposes | 10 years following the year to which the accounting documents relate. |
| 4. Establishment, exercise, and defence of legal rights and claims |
For the duration of court proceedings or out-of-court settlement up to the final and conclusive resolution of the legal matter on the merits, including the exhaustion or waiver of available remedies, or until the legal claim is satisfied (e.g. due to fulfilment of an obligation) or exercised (e.g. by filing an action within the limitation period) or until the right or legal claim becomes extinguished (e.g. due to the expiry of the limitation period). In certain cases, also earlier upon handling of a justified objection against legitimate interest. Personal data that could be important for the protection of our rights and legitimate interests in proceedings before supervisory authorities may be retained for a maximum period of 5 years from their collection. |
| 5. Use of marketing analytics | Until the handling of an objection to the marketing processing of personal data. |
| 6. Direct marketing communications | Until the withdrawal of the granted consent to the processing of personal data, or upon unsubscribing from newsletters by automated means. |
| 7. Development, improvement, and testing of the application | Until the handling of a justified objection. |
| 8. Statistical purposes and scientific research | For the duration of the above-mentioned retention periods applicable to personal data processed for compatible purposes – in practice, generally only until the creation of an aggregated and anonymised statistical output or overview. |
10. To Whom Do We Disclose Your Personal Data?
Primarily to our authorised employees and consultants to whom the Controller has issued instructions pursuant to Articles 29 and 32(4) GDPR and who are bound by a duty of confidentiality pursuant to Section 79 of the Personal Data Protection Act, within the scope of standard personal data protection requirements, to the extent of necessary access rights and roles required for the proper performance of their work tasks arising from their respective positions and functions within the individual teams involved in the operation and provision of the services of the MindX 360 application, where they are not acting on behalf of our processors (see below).
Personal data of users of the MindX 360 application may be processed by the following categories of recipients of personal data:
- Our vetted and duly contracted processors, in particular from among:
- providers of specialised consulting services necessary for the delivery of a quality end service to the customer,
- providers of technical and service support for the MindX 360 application,
- providers of cloud services,
- provider of AI services,
- providers of technical analytical tools intended for monitoring application stability and elimination of technical errors,
- providers of communication platforms and video-conference calls,
- providers of marketing analytics tools and mass newsletter distribution,
- marketing agencies.
- Persons to whom you have yourself granted permission to access your data within the MindX 360 application:
- Personal trainers and coaches to whom you allow access to monitor your progress and with whom you share overviews (dashboards).
- Other persons of your choosing.
- Other persons, typically acting as independent third-party controllers:
- payment service providers and payment gateways and banks,
- operators of social networks.
11. Do We Carry Out Cross-Border Transfers of Your Personal Data?
Yes, given the global nature of our team and the use of cutting-edge cloud technologies, cross-border transfers of your personal data to third countries (outside the EU/EEA) do occur. We carry out such transfers only to the extent necessary and always subject to strict data protection conditions being met, in compliance with the rules of Chapter V of GDPR. On the basis of these rules, we always conclude with data importers so-called standard contractual clauses established in the relevant implementing decision of the European Commission.
Specifically, transfers to the following third countries, which do not ensure an adequate level of personal data protection, may occur:
- United Arab Emirates (Dubai) and the USA: The reason for the transfer is access by members of our expert team and coaches, who live and work in these countries, to your data for the purpose of providing consultations and interpretation of neuro-analytical results during individual consultations with application users.
- The United States of America under the „Data Privacy Framework“ regime, in relation to our technology sub-processors listed below:
| Supplier | Privacy Policy | Adequate safeguards pursuant to Article 46 GDPR | Adequacy decision for third country pursuant to Article 45 GDPR |
|---|---|---|---|
| Google LLC (Analytics, Firebase) | https://policies.google.com/?hl=sk | Accepted standard contractual clauses for Google Analytics and Google Ads services are incorporated in the Google Ads Data Processing Terms. |
The Commission’s adequacy decision is available at: Adequacy decision for the EU-US Data Privacy Framework | European Commission The data importer’s registration in the Data Privacy Framework can be verified at: https://www.dataprivacyframework.gov/list |
| Microsoft Corporation (Azure) | https://www.microsoft.com/en-us/privacy/privacystatement | Accepted standard contractual clauses are incorporated in the Microsoft Product and Services Data Protection Addendum. | |
| Meta Platforms, Inc. (Facebook fanpage) | https://www.facebook.com/privacy/policy/?entry_point=about_fb | Accepted standard contractual clauses incorporated in the Data Processing Terms and the Meta European Data Transfer Addendum. | |
| Zoom Communications Inc. (Zoom) | https://www.zoom.com/en/trust/privacy/privacy-statement/ | Accepted standard contractual clauses incorporated in the Global Data Processing Addendum. |
12. What Measures Have We Implemented to Ensure Compliance with the Requirements of Google Play and the App Store?
In the MindX 360 application, we have implemented specific technical and organisational measures that guarantee the protection of your personal data in accordance with the latest standards of digital marketplaces:
- Limitation of access and purpose limitation: We use your personal and sensitive data (neuro-tests, HRV) exclusively for the purposes of the application’s functionality and the provision of our services intended for the optimisation of sports training, preparation, and performance, about which we inform you in these terms.
- Secure data processing: All data are transmitted using modern encryption via HTTPS protocol and are protected on Azure storage by „at rest“ encryption methods.
- We do not sell your data: The Controller does not provide your personal or sensitive data to any third parties for financial consideration. In other words, we strictly adhere to the prohibition on monetisation and sale of your data. The same applies, of course, where we process your data in providing our services within the MindX 360 Core subscription as a processor of your Club.
- Account deletion request: In compliance with the requirements of Apple and Google, the MindX 360 application allows users to request the permanent deletion of their user account and all associated data from our servers. Should you encounter any technical difficulties, you may also request erasure directly through our DPO (see contact details at the beginning of this document).
- Transparency of algorithms: We clearly communicate the logic of our estimates (e.g. Mental Readiness Index), thereby transforming the fear of „unknown AI“ into trust in the tools of our application that help you grow and improve your athletic performance.
- Processing of minors‘ data: Since the MindX 360 application may also be used by juniors from the age of 12, we have implemented a process whereby the consent to the use and processing of data is granted by the legal representative, and such consent is always carefully verified – for example, by requesting payment for our services from the parent’s bank account.
- Transparent subscriptions and in-app purchases: To unlock the Core, Premium, and Elite packages, we use exclusively official payment mechanisms of the respective marketplaces (In-App Purchases), thereby ensuring the protection of your financial transactions. In cases where our customer is a Club or a B2B customer directly, payments for the use of the application may also be managed differently – e.g. on the basis of regularly agreed individual invoicing.
- Diagnostics and analytics without tracking: The MindX 360 application does not use persistent device identifiers to track across other applications.
- No Ad Networks: Your data are not shared with any advertising networks for the purposes of targeted advertising.
- The MindX 360 application is not a medical device: Our recommendations are directed exclusively at the optimisation of athletic performance and the improvement of the mental resilience of the athlete, not at the diagnosis or prevention of injuries or diseases.
- Access to contacts: The MindX 360 application does not require and does not access the contact list (address book) on your end device.
- Access to photos: Access to the device’s photo gallery is limited exclusively to the purpose of uploading a profile photo. The application does not access the entire content of your photo library, but only to the specific photo that you yourself select and upload as your user profile photo through the system dialogue, which is entirely voluntary and need not be done if you do not wish to do so.
- Compliance with developer policies: Our SDKs (e.g. Firebase, MySASY) are regularly reviewed for compliance with the requirements for the security and privacy protection of users.
13. Do We Carry Out Automated Individual Decision-Making, Including Profiling?
No, we currently do not carry out processing operations on the basis of which decisions with legal effect or other significant impact on your person would be made and that would be based solely on fully automated processing of your personal data.
All analytical outputs and recommendations generated by the system serve only as a basis for expert assessment. The human factor (trainer, expert consultant, or coach) is always involved in the process, interpreting and authorising the results.
Our MindX 360 application does, however, carry out in-depth psychological and neuroscientific profiling of athletes. This profiling includes analysis of „mental factors“ and „situational behavioural patterns“ on the basis of processed neuro-data, physiological data (HRV), and textual feedback.
The purpose of this profiling is to identify thought patterns, determine the current mental state and level of recovery of the athlete following athletic performance, in order to design personalised training protocols and optimise athletic performance.
14. Does the Profiling of MindX 360 Application Users Involve Artificial Intelligence Systems and What Is the Significance Thereof for Data Subjects?
Yes, in creating psychological and neuroscientific profiles of data subjects (application users), we use artificial intelligence systems (MS Azure agents). AI analyses your neuro-tests, physiological health data (HRV), and the content of your textual feedback in order to identify thought patterns and mental attitudes of significance from the perspective of athletic performance.
15. What Is the Significance of the Outputs Generated by Artificial Intelligence (AI) Systems for Data Subjects, i.e. Users of the MindX 360 Application?
The significance of this processing lies in the ability of the application to provide the data subject with highly personalised feedback in real time. The system is capable of detecting hidden trends, such as declining stress resilience, risk of central nervous system overtraining, or specific errors in athletic thinking, which could not be detected at all or in a timely manner through manual data processing, or further professionally addressed from the position of MindX 360 coaches and trainers.
Logic and decision-making weights:
In order to help you understand how AI reached its conclusions, we publish the „parameter weights“ that have the greatest influence on your profile:
- 20% Subjective perception: Your responses in questionnaires.
- 20% Quality of recovery: HRV data (heart rate variability).
- 20% Historical trend: Your long-term performance stability.
- 40% Current „Mindset“: Evaluation of content analysis of the data subject’s thinking system.
Although AI identifies patterns against the pseudonymised identity of the MindX 360 application user, decisions that have significant impact on your athletic career (e.g. adjustment of the training plan or selection for a match line-up) are always human decisions. AI serves solely as an assistant that prepares materials for qualified interpretation by your trainer or MindX 360 coach.
For a better understanding of the logic of AI-generated decisions, we provide the following model examples:
Example 1: If the AI system within the MindX 360 application detects a decline in neuro-response of more than 15% concurrently with an elevated heart rate, it will assess this as a risk of overtraining and will recommend that the trainer reduce training intensity.
Example 2: If the AI system within the MindX 360 application detects negative thought patterns across the historical trend, it may identify and name them (e.g. as „sharp decline in motivation“ or „decreased self-confidence“) for the purposes of the data subject’s trainer, who may work with them further within his/her professional capacity.
If you have become the subject of a decision made by your trainer on the basis of output from our AI and which has legal effect or other significant impact on you in the context of your athletic career (e.g. adjustment of the training plan or a recommendation for recovery resulting in restricted participation in matches), you are entitled to:
- A clear and meaningful explanation of the role of the AI system in this process.
- Human intervention, i.e. the right to request that the AI output be reviewed by a qualified expert (coach).
This may occur in particular where MindX 360 is used at the professional level by a Club within the MindX 360 Core service subscription. In such case, you should exercise these rights directly against your Club.
16. What Are Your Rights as a Data Subject in the Processing of Personal Data?
We care about the protection of personal data and therefore endeavour to ensure it through measures, as well as through the possibility of exercising data subject rights under GDPR at any time by means of an electronic, written, or in-person request. Requests concerning data subject rights may be submitted electronically or in writing to the contact details of the responsible person stated above.
We recommend that with each request you explain as thoroughly as possible which right under GDPR the data subject is exercising, what the identification details of the data subject are (for identity verification purposes), and which purposes and data the request relates to. In the case of overly general requests, we must ask for clarification, which extends the basic one-month period for handling.
GDPR sets out general conditions for the exercise of individual rights of data subjects. Their existence does not, however, automatically mean that every exercise of these rights will be granted by the Controller, as in specific cases exceptions may apply, or certain rights are conditional upon the satisfaction of specific requirements that may not be met in every case. The Controller shall always examine each request and assess it in light of the relevant legal regulation and the decisive factual circumstances.
A user of the MindX 360 application, as a data subject, is entitled to request from the Controller:
- Confirmation as to whether or not personal data concerning the data subject are being processed, and related information on the processing of his/her personal data pursuant to Article 15(1) GDPR,
- access to personal data relating to him/her, including the right to obtain copies thereof, pursuant to Article 15(2) GDPR,
- rectification of inaccurate and completion of incomplete personal data pursuant to Article 16 GDPR,
- erasure of personal data processed by the Controller pursuant to Article 17 GDPR,
- restriction of processing of personal data pursuant to Article 18 GDPR,
- notification of rectification, erasure, or restriction of data to other recipients pursuant to Article 19 GDPR,
- portability/transferability of data provided by the data subject to the Controller pursuant to Article 20 GDPR in a structured, machine-readable format, being data that are processed by automated means and that are simultaneously processed on the basis of a contract or consent,
- the right to object pursuant to Article 21 GDPR,
- the right to object to the processing of personal data for direct marketing purposes,
- the right not to be subject to a decision based solely on automated processing, including profiling, under the conditions set out in Article 22 GDPR.
|
Notice: The data subject has the right to object to the processing of his/her personal data on the basis of legitimate interest as well as to the processing for the purposes of direct marketing, including objection to related profiling pursuant to Article 21 GDPR. Where the data subject has granted consent to the Controller for the processing of personal data, he/she has the right to withdraw it at any time, and the withdrawal shall not affect the lawfulness of processing based on the consent prior to its withdrawal. Withdrawal of consents granted through the MindX 360 application can be effectively and easily carried out by changing the consent settings directly within the application. |
|---|
Every data subject also has the right to lodge a complaint with the supervisory authority, which is primarily the Office for Personal Data Protection of the Slovak Republic, or a motion to initiate proceedings pursuant to Section 100 of Act No. 18/2018 Coll. on Personal Data Protection and on Amendments and Supplements to Certain Acts. The Office for Personal Data Protection of the Slovak Republic provides templates for such submissions on its website.
Contact details of the supervisory authority in the Slovak Republic:
Office for Personal Data Protection of the Slovak Republic
Námestie 1. mája 18
81106 Bratislava
Slovak Republic
17. How Do We Process Cookies in Connection With Your Use of the MindX 360 Application?
Currently, our MindX 360 application does not require the storage of any cookie files on the end user’s device. Instead of cookies, we use digital identifiers such as your IP address and „personUuid“ and SDKs (Software Development Kits), which are third-party code libraries that ensure the functionality, security, and analytics of the MindX 360 application.
In the application, we use the following tools, while strictly distinguishing between those that collect data and those that serve only for technical processing necessary for the operation of the MindX 360 application on your device (telephone, tablet):
| Tool / SDK | Reason for data processing | Legal basis |
|---|---|---|
| @posam/rn-authentication | Ensures secure user login and authentication via Azure B2C. | Performance of contract. |
| @react-native-firebase/messaging | Enables delivery of push notifications about training goals and feedback. | Performance of contract and legitimate interest. |
| MySASY Integration | Server-level technical interconnection for the transfer of HRV values (heart rate variability) from external hardware and a third-party application working with hardware enabling measurement of heart rate values. | Express user consent. |
Amendment of the Personal Data Processing Notice
The protection of personal data is not a one-off matter for us. The information that we are obliged to provide to you with regard to our processing of personal data may change or cease to be current. For this reason, we reserve the right to amend and modify this information at any time and to any extent.
If we make a material change to these terms, we will bring this change to your attention by, for example, a general notice on this website or a specific notification by e-mail, or by other appropriate means – such as a service message directly within the MindX 360 application.
In Skalica, on 23 March 2026
MindX s.r.o.
¹ Regulation (EU) 2017/745 of the European Parliament and of the Council of 5 April 2017 on medical devices, amending Directive 2001/83/EC, Regulation (EC) No 178/2002 and Regulation (EC) No 1223/2009 and repealing Council Directives 90/385/EEC and 93/42/EEC (Text with EEA relevance).