This Notice summarizes the basic principles governing the processing of personal data of LifeStorie users (natural persons) by Mystorie s.r.o.
The operator of the LifeStorie portal – Mystorie s.r.o., ID No. 175 77 888, with the registered office at Čs. armády 251, 263 01 Dobříš, registered in the Commercial Register of the Municipal Court in Prague, Section C, Insert 373185 (“Lifestorie”) is the personal data controller.
When processing your personal data, we are subject to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation – GDPR; the “Regulation”) and other relevant legislation, in particular Act No. 110/2019 Coll., on the processing of personal data (the “Act on Personal Data Processing”).
Registered Service Users
This section of the Notice summarizes the basic principles of the processing of your personal data by Mystorie s.r.o. if you are a registered user of the LifeStorie service.
This section provides an overview of the purposes for which we will use (process) your personal data. Usually, each piece of data is used for more than one purpose at the same time. The means of processing, the duration of the processing, etc., are then determined by the stated purposes. In certain cases set out in the Regulation , we may also process your data for purposes other than those set out below, but only in exceptional and limited cases, subject to further conditions as determined by the Regulation.
The data collected by LifeStorie are used for the following purposes:
We usually process your data using our own computer systems, although we may also use third-party systems (so-called processors). You can log in to LifeStoria via our iOS and Android app. The app allows you to log in to your own account, access your own albums, create new albums and events, upload content to them and edit existing albums and events.
Each processing of personal data is based on the applicable legislation – i.e. must rely on one of the legal bases for processing provided for in the Regulation. Similarly, as in the case of a purpose, each piece of data may be processed under more than one legal basis for processing. If no legal grounds apply anymore, we will discontinue processing your data. The possible legal grounds for processing are listed in Article 6 of the Regulation.
The legal basis for the processing of your personal data is in particular:
Your consent may also represent a legal basis for the processing of your data, in particular if you enter so-called special categories of data into LifeStorie. In this case, you can withdraw your consent at any time (for withdrawal, please use the interface of the service or contact us using the details set below). Please note that the withdrawal of consent to the processing of personal data is without prejudice to the lawfulness of processing based on consent given before its withdrawal.
This section describes the types of your personal data that will be subject to processing. Personal data mean any information about an identified or identifiable natural person (the “Data Subject”); an identifiable natural person is a natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, a network identifier or to one or more specific features of the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Your personal data that we process will usually be obtained directly from you or as part of tracking your activity on our website (accounts). In justified cases (in particular as part of debt recovery), we may also seek further information about you from open and publicly available sources.
We will collect personal data of registered users of our LifeStorie service primarily directly from you to the following extent in particular: your completed login details (username, email), your password to the service (stored in hash form), stored photos/videos including so called EXIF (name of the file, used camera, date of the photo, used ISO value, geolocation data), profile and main photo uploaded into the service including EXIF, your favorite events and authors, your comments on other people´s photos or posted in the discussion forum and your address, contact details and billing and payment details, including the relevant account number. We will also process data about how you registered or, where applicable, whether and how you consented to the processing of your personal data (usually by storing information about how and when you registered/consented, including, for example, your IP address from which you checked the relevant box or details of your reaction to a confirmation email) and when you cancelled your registration or withdrew your consent.
We will also store logs of your activity within your account in the system to document your activity and as a security measure. In this context, we will collect related information about you, i.e. the IP address from which you log in to our services or use within the service, the date and time you accessed these services, the changes you made.
If we are forced to cancel your registration, e.g. due to a breach of the Terms of Service, we will store your basic identification data, registration and cancellation data and, where applicable, information about consents granted and withdrawn, activity logs and the reason for cancelling the service for a reasonable period of time, in particular to protect our rights and the rights of third parties and to be able to prove the lawfulness of personal data processing.
If you enroll for a contest, we will store the related data for the duration of your account.
The personal data processed by us will thus be obtained either directly from you (by providing it to us as part of your registration for the service and your activity within the service interface or from individual communications with you) or as part of tracking your activity within our service.
The duration of personal data processing is not at our company´s discretion, it depends on how long we actually need them. We try to limit this period taking into account both your and our interests.
All data collected as part of the registration for the LifeStorie service and during the use of the registered LifeStorie service are usually stored for the entire registration period and for 3 months after cancellation, when you can reactivate your account. The photos/videos originally stored in the service are backed up for a period of 3 months after cancellation of the account or deletion of the uploaded files in order to protect the rights of our company and third parties and to be able to provide proof of lawfulness of personal data processing. These backups are deleted after 3 months, except where an incident relating to the data in question is currently being resolved. Thereafter, only the basic registration data, information about consents granted/withdrawn and the reason for termination of the service or the data forming part of the operational backups and the security logs of the activity within the account are stored for a reasonable period of time (determined in particular with regard to the limitation period for legal claims that could be exercised against our company).
Cancellation of the above accounts is without prejudice to our right to retain for an extended period of time information that such an account existed, when it was set up and cancelled.
Information about the use of paid services (payment details, etc.) is usually stored for 10 years after delivery as proof of our contractual performance. For registered users, the underlying photos are stored in their profile where they can be deleted.
We reserve the right to make inaccessible or delete accounts that are not used by the user for a reasonable period of time or seem to be defective.
The above time limits may be exceeded where appropriate given the circumstances, e.g. if an inspection by a regulatory authority is initiated or in the event of a pending dispute.
As regards the processing period, unless it is expressly stated in the Terms of Service or provided for by law, we determine the adequacy of the processing period based on the following considerations in particular:
You may discontinue your use of our LifeStorie service whenever you wish. If you want to cancel your account, please contact the administrator of the service, who will complete the cancellation process with you, or cancel the service directly from your user account. If you cancel your registration, we will stop using your data to provide the service.
Please also note that – as stated above – we will store certain data even after cancellation as backups in order to protect the rights of our company and third parties, as part of IT security and to prove compliance with legal regulations, in particular on data protection and accounting.
We are not the only entity that may process your personal data. We may hire third parties, called data processors, to process personal data. We try to engage only processors with sufficient credibility. As part of the service, we may also disclose data about you to other service providers or third parties in the event of incidents.
If you order a paid service, we will disclose selected personal data to our partner companies that are owners of such products. Basic identification data will also be shared with Apple Pay, Google Pay, which allows you to make payments for service orders (however, the payment itself is carried out outside our system and we only receive general information without an account number, and we do not have access to detailed data on payment methods).
Otherwise, Mystorie s.r.o. may disclose your personal data to third parties only if required or permitted by law or with your consent. Mystorie s.r.o. only discloses personal data to processors or other recipients to the extent customary:
Provision of your personal data to Mystorie s.r.o. is voluntary (however, if you want to register for our service, certain types of personal data are mandatory, i.e., in their absence, you will not be able to use the LifeStorie service). If you are obliged by a specific law to disclose personal data for processing in some instances, you will be informed of this fact separately.
The Regulation or the Act on Personal Data Processing restricts the processing of data in connection with web services in some cases if they are to be used by children under the age of 15. It also provides for enhanced erasure rights for users who entered data into the service when they were under 18 years of age.
As part of registration, we reserve the right to directly require the user to indicate whether he/she is 12 years of age or younger in order to verify whether the consent of his/her parent or other legal guardian is required for this process.
If you still wish to register for our service as a person under 18 years of age, please be advised that you have an enhanced right to request the erasure of any data processed about you that was entered before the age of 18. We will always strive to comply with your request for erasure. If you were under the age of 18 when you registered for or entered data into the service and subsequently request erasure, please let us know of this so that we can take your age into account sufficiently and properly.
Although consent is only one of the grounds for processing, the Regulation imposes specific requirements for obtaining it. If you believe that you are being forced to grant it, please contact us and we will focus on the issue immediately.
Note that if the legal basis for processing of your personal data is your consent (typically given by selecting it in the service settings), you may withdraw such consent at any time, free of charge, either directly in the service interface or by contacting using the details below. Withdrawal of consent is without prejudice to the lawfulness of processing based on consent given prior to its withdrawal.
You may link your LifeStorie account to your Apple account or Google account, whereby we will obtain from these services and store your email address, name and profile photo within your account.
You have the right to request that Mystorie s.r.o. erases your data without undue delay in accordance with Article 17 of the Regulation if any of the following grounds apply:
Pursuant to Article 22 of the Regulation, you have the right as a Data Subject not to be subject to any decision based solely on automated processing, including profiling, which has legal effects on you or significantly affects you in a similar way (“the right to automated individual decision-making”).
The right to automated individual decision-making will not apply if the decision is:
Mystorie s.r.o. has no intention to carry out any automated decision-making that would have legal effects for you or would affect you in a similarly material manner within the meaning of Article 22 of the Regulation. If you are, for example, denied the opportunity to register for our service due to an automated check of, for example, a duplicate email address, you can always contact the administrator of the relevant service or LifeStorie in general to request a final decision, which will always be based on an assessment by the operator.
In order to improve the protection of our service from illicit use, we will be introducing automated checks of uploaded content for illegality. In this regard, we use artificial intelligence to analyze individual photos and then alert our operators to potentially problematic photos. Our operators will review such content and, where necessary, delete them or contact the uploader. However, the artificial intelligence we use is not intended to recognize individual persons by tracking biometric data.
We will also process data about current or past users of our services or persons who have given us consent in this regard for the purposes of so-called direct marketing, typically emails or telephone calls with offers of similar products or services as you have received from us. You will always be allowed to opt-out of receiving commercial communications in each message you receive, or by contacting us at the details below.
Offers may usually be sent without any time limitation. However, if you reject such offers, we will not send them to you. You may reject offers in any e-mail containing such communications or during telephone conversation, or by using the contact details listed below. However, we will continue to process basic mailing data for a reasonable period to be able to demonstrate the reasons for making such offers. We will not forward your data to any third parties for the purpose of sending offers (except to our subcontractors – processors who process personal data for us).
When sending so-called commercial communications, we will process the following personal data about you: your name, surname, your e-mail address and, where applicable, a list of e-mails we have sent you. In this context, we may also use, to a reasonable extent, other data you provided within our service in order to include you in a general group of people with similar preferences and to be able, in certain cases, to limit the commercial communications to only those that you may find appealing. We will process this data for the purpose of sending you commercial communications, i.e. for the purpose of so-called direct marketing. This will involve sending commercial communications from our company, in particular concerning LifeStorie.
We will send you commercial communications at reasonable intervals, usually several times a month. You will be able to opt-out of such communications at any time by clicking the link available in each such message you receive.
As part of email communications, the relevant mailing services also usually store information about whether and when an email was opened, how you responded to the e-mail, your IP address and approximate geolocation or version of your system. This information is used to protect our or third-party rights and for our IT security and direct marketing purposes (to allow us to customize the content of emails to contain information you find interesting).
We will process data about message history, the legal basis for mailing, including, where applicable, the list of messages sent, as part of IT security, the protection of our and third-party rights, and to substantiate our compliance with the requirements set out in privacy legislation for a reasonable period of time after you have opted out of email communications.
As a data controller, one of our obligations is to process accurate data or, where appropriate, to complete incomplete data in view of the circumstances. Please, inform us that changes have been made to your data to help us to fulfil this obligation properly. In the event of a change in the data you have provided, kindly notify us about the change or update the data yourself directly in the service interface.
LifeStorie is an information society service, which means that primary responsibility for content of the uploaded photos is borne by the uploader. However, LifeStorie allows you to report inappropriate content using a simple form. When a form is submitted, we store the data entered in the form, the IP address from which it was sent and the time of submission. If the report is made by a registered user, we store the information that they have used this functionality and how. If you feel that any of the posted photos or other posted content violates your rights or the rights of third parties, please use the above function to report such violation. We will promptly investigate any reports. Of course, you can also contact us using other channels.
In justified cases (especially if misuse of a photo is reported), we may confront the user who uploaded the photo and inform him/her about the content of the report. Likewise, we may forward his/her response to the complainant for comment. We may also use other data to resolve the incident, such as the EXIF data of the photo in question and other similar photos, which may help us determine whether the photos were taken by the same user.
LifeStorie allows registered users to comment on individual photos. Comments are displayed publicly on the LifeStorie app page. We store the comments (their text) and the IP addresses from which they were sent.
LifeStorie also allows you to activate measurement via Google Analytics.
LifeStorie does not allow the sharing of content on social networks via third-party applications.
Any processing of personal data carries certain risks that may vary depending on the scope of the processing and the means used. Below is a list (non-exhaustive) of the best practices that can help you protect your data:
The Data Subject may exercise the following rights with us, as the data controller:
a) request access to personal data processed by the controller, namely the right to obtain confirmation from the controller as to whether or not personal data concerning him/her are being processed and, if so, the right to obtain access to such personal data and to the other information referred to in Article 15 of the Regulation,
b) request the rectification of his/her personal data being processed if they are inaccurate. Taking into account the purposes of the processing, the Data Subject also has the right, in certain cases, to request the completion of incomplete personal data, including by providing an additional declaration (Article 16 of the Regulation),
c) request the erasure of personal data in the cases provided for in Article 17 of the Regulation,
d) request the restriction of data processing in the cases provided for in Article 18 of the Regulation,
e) obtain personal data relating to him/her and
f) the right to object to processing within the meaning of Article 21 of the Regulation on grounds relating to his/her particular circumstances (see section “Right to Object” for more details).
If we receive such a request, we will inform the Data Subject of the action taken without undue delay and in each case within one month of its receipt. This time limit may be extended by a further two months if necessary, taking into account the complexity and number of requests. LifeStorie is not obliged to comply with all or part of the request in certain cases provided for in the Regulation, such as, in particular, if the request is manifestly unfounded or unreasonable, especially if it has been submitted repetitively. In these cases, we may (i) impose a reasonable fee taking into account the administrative costs of disclosure or communications or taking the requested steps, or (ii) refuse to comply with the request altogether.
If we receive the above request but have reasonable doubt as to the identity of the person in question, we may ask the person to provide us with additional information necessary to establish and confirm his/her identity.
We will retain information about the Data Subject´s exercise of their rights with us and how we have dealt with their request for a reasonable period (usually 3-4 years) for archiving and statistical purposes, to improve our services and to protect our rights.
If the Data Subject believes that LifeStorie processes his/her personal data unlawfully or otherwise violates those rights, he/she has the right to lodge a complaint with the relevant supervisory authority (Office for Personal Data Protection) or pursue his/her claims in court.
You can use the following contacts for any comments and questions about data protection and to contact us regarding the exercise of your legal rights: