Privacy Policy

Effective Date: 1st August 2025
Data Controller: TOLION HEALTH CZ s.r.o.
Contact: info@tolionhealth.com

Scope and Purpose

This Privacy Policy explains how we collect, use, store, and protect the personal data you provide when using the MVP test version of our mobile application Tolion Brain Coach (the “App”). Data collection is solely for the purpose of testing, internal research, and product development.

All processing of personal data is conducted in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable national data protection laws.

Information We Collect

  • Personal identifiers: age, gender, height, weight
  • Health and wellness data: partial health information, data collected from connected wearables
  • Technical data: device information and anonymized analytics about app usageAll data is collected only with your explicit consent during voluntary participation in the MVP testing

All data is collected only with your explicit consent during voluntary participation in the MVP testing.

The above list is not exhaustive; additional types of data may be collected if required for testing specific or experimental app features. Any such data collection will occur only with your explicit consent during voluntary MVP participation

Lawful Basis for Processing

Under the GDPR, we process your personal data based on:

  • Consent (Article 6(1)(a) GDPR): You voluntarily provide consent for participation in MVP testing
  • Special category data (health data) (Article 9(2)(a) GDPR): Explicit consent is obtained for processing any health-related information

You may withdraw your consent at any time (see section 6 below)

Use of Data

  • To analyze and improve the App’s performance and features during MVP testing
  • To evaluate user interaction and collect feedback for development
  • We do not sell, trade, or share your personal data for marketing or commercial purposes
  • Data will not be transferred to the production environment; all personal and sensitive information will be deleted or anonymized after the MVP phase

Data Storage and Security

  • Your data is stored securely on servers located within the European Union, in compliance with the GDPR
  • We implement technical and organizational measures to protect data from unauthorized access, loss, or misuse
  • Only authorized personnel involved in App development will have access to your data

Data Sharing

  • No personal data is shared with third parties for commercial or marketing purposes
  • Anonymized and aggregated data, which does not contain any personally identifiable information, may be shared for statistical or scientific research purposes related to testing procedures
  • If any third-party processors are engaged (e.g., cloud hosting), they will act in compliance with GDPR requirements under a Data Processing Agreement (DPA)

Your Rights under GDPR

You have the following rights under the GDPR:

  • Right of access (Article 15): To obtain a copy of your personal data
  • Right to rectification (Article 16): To correct inaccurate or incomplete data
  • Right to erasure (“Right to be forgotten”) (Article 17): To request deletion of your personal data
  • Right to restriction of processing (Article 18)
  • Right to data portability (Article 20): To receive your data in a structured, commonly used, and machine-readable format
  • Right to withdraw consent (Article 7(3)): You may withdraw your consent to data processing at any time, which will end your participation in the MVP test
  • Right to lodge a complaint (Article 77): If you believe your data protection rights have been violated, you can file a complaint with your local data protection authority (e.g., the Czech Office for Personal Data Protection)

Data Retention

  • Personal data will only be retained for the duration of the MVP testing phase
  • Afterward, all personal data will be securely deleted or anonymized in accordance with GDPR and applicable industry standards

Contact Information

For any questions, requests, or concerns regarding this Privacy Policy or your rights under GDPR, please contact us: