General Privacy Notice – Clients/ Research Subjects
Welcome to Mu Corp, an online therapist guided home brain training system, consumer behaviour and brain media company based on neurofeedback (the “Service”). The Service is owned and operated by Francisco Marques-Teixeira Unipessoal, Lda (“Company”, “we”, “us”).
We respect your privacy and are committed to protect your personal information. This Privacy Notice (the “Notice”) explains our privacy practices for the Service we offer through our website, our web and mobile applications and our staff. The Notice also describes the rights and options available to you with respect to your personal information.
The Service operates through our website at www.mulabs.tech (the “Website”).
PERSONAL DATA WE PROCESS
Upon registration for the Service we collect certain details such as: your full name, date of birth, gender, address, email address, mobile phone number, some health-related details and biometric data (EEG, EMG, EDA, HR, HRV, RR).
The Service is available only to registered research subjects and clients. Research Subjects and clients may register for the Service through two alternative channels:
– Users who are registered for the Service by one of our therapists or researchers.
– Users who register for the Service independently through our form.
When our therapist/researcher registers you for the Service through our Application, we collect your full name, date of birth, gender, email address, mobile phone number, relevant health-related details and biometric data (EEG, EMG, EDA, HR, HRV, RR).
When you register for the Service through the form, we collect your full name, date of birth, gender, email address, address, phone number and some health-related details.
We may also collect your payment information, such as your credit card details or other supported payment methods on the Service.
You are not legally required to provide us your information.
You do not have a legal duty to provide us the Registration Information or your Payment Information. However, you will not be able to sign up to and use the Service without providing us the information.
When using our Applications, we collect your electrical brain activity signals (EEG).
When we use the Application, we collect your electrical brain activity signals (EEG) and may also collect your cognitive tests results.
We collect analytic information about your use of the Service.
When you access the Service, we use our own and third-party analytics tools, such as Google Analytics, to automatically collect aggregated information about your use of the Service. For example, we may record the frequency and scope of your use of the Service, the duration of your sessions and your interaction with the Service.
HOW WE PROCESS AND USE PERSONAL DATA
We process your data for the following purposes:
– To operate the Service.
– We process your Registration Information and Payment Information to facilitate your access to and use of the Service, and to operate the Service.
– To provide you with the Service, its features and functionality.
– We process your Use Information to provide you with the Service, its features and functionality.
– The legal basis under EU law for processing your Use Information is your explicit consent.
– To develop and improve the Service.
– We process aggregated Use Information for research purposes, in order to improve and develop our Service.
– The legal basis under EU law for processing aggregated Use Information is your explicit consent.
– For security and monitoring purposes. We process Metadata for security and monitoring purposes.
– The legal basis under EU law for processing Metadata is our legitimate interest in monitoring and securing our Service.
– To personalize and improve the Service.
– We process your Analytics Information to understand how users interact with the Service so that we can personalize and improve it.
– The legal basis under EU law for processing your Analytics Information is our legitimate interest in understanding how the Service is used in order to personalize and improve it.
WHEN IS YOUR PERSONAL DATA SHARED WITH OTHERS
We will not share your information with third parties, except in the events listed below or when you provide us your explicit and informed consent.
We will share your information with our service providers (therapists/researchers) that help us to operate the Service.
We will share your personal information with service providers (therapists/researchers) who assist us with the internal operations of the Service.
These companies are authorized to use your personal information only as necessary to provide these services to us and not for their own purposes. The service providers we use are:
The service providers we use are:
We will share your information with your therapist or neuro-coach.
We will share your personal information with your therapist or neuro-coach.
The legal basis under EU law for sharing your information with your therapist or neuro-coach is your explicit consent.
We may share your Use Information with other entities for their own research purposes.
We may share your Use Information and additional data such as your age, gender, and health related details, with other entities for their own academic research purposes.
We will only share this information after removing any data that may directly identify you (such as your name and contact information).
The legal basis under EU law for sharing your information with other entities for their own research purposes is your explicit consent.
If you violate the law, we will share your information with competent authorities.
If you violate any applicable law, your Registration Information will be shared with competent authorities and with third parties (such as legal counsels and advisors), for the purpose of handling the violation.
The legal basis under EU law for such processing is our legitimate interest in enforcing our legal rights.
We will share your information if we are legally required.
If we are required to disclose your information by a judicial, governmental, or regulatory authority.
The legal basis under EU law for this processing is our compliance with the legal obligations we are subject to.
We will share your information if the operation of the Company is organized within a different framework.
If the operation of the Company is organized within a different framework, or through another legal structure or entity (such as due to a merger or acquisition), provided that those entities agree to be bound by the provisions of this Notice, with reasonably necessary changes taken into consideration.
The legal basis under EU law for this processing is our legitimate interest in business continuity, following a structural change.
What are cookies? Cookies are text files, comprised of a small amount of data, that are saved on your computer or other device (e.g., smartphone, tablet, etc.) when you use the Internet and visit various websites.
Necessary. Cookies that are strictly necessary for the functioning of the Service. The Service cannot operate properly without these cookies.
Analytics. Analytics cookies operated by third parties, such as LinkedIn, Google, and Facebook, that assist us in understanding how users interact with the Service by collecting data that, by itself, does not directly identify you.
Marketing. Marketing cookies operated by third parties, such as LinkedIn, Google, and Facebook, that track your use of the Service and allow us to tailor content, both on and off the Service, that we believe is relevant to you.
Our cookie management tool provides you detailed information about the cookies we use and enables you to control their use. We use a cookie management tool to provide you more information about the cookies we use. It also enables you to control the use of analytics and marketing cookies.
You can change your mind at any time by enabling or disabling certain cookies or categories of cookies.
However, you cannot disable the ‘necessary’ cookies because the Service cannot operate without them. By enabling cookies, you give your consent to collect the data they are intended for.
SECURITY AND DATA RETENTION
We retain your personal data as long as you are a registered user of the Service and thereafter for compliance and legal purposes.
We retain your personal data as long as you are a registered user of the Service. Thereafter, we will continue to retain your personal information as necessary to comply with our legal obligations, resolve disputes, establish, and defend legal claims.
We will also retain aggregated Use Information for research purposes after removing any data that may directly identify you.
We implement measures to secure your Information.
We implement measures to reduce the risks of damage, loss of information and unauthorized access or use of information. However, these measures do not provide absolute security. Therefore, although efforts are made to secure your personal information, it is not guaranteed, and you cannot expect that the Service will be completely protected from information security risks.
INTERNATIONAL DATA TRANSFER
We will transfer your Information internationally only in accordance with applicable data protection laws.
The Service, by its nature as an online service, may store and process Information in various locations throughout the globe, including through cloud services.
When we transfer your information from within the EU to the United States or other countries that are not recognized by the European commission as having adequate protection for personal data, we will endeavour to do so while using adequate safeguards determined by the European commission, such as the privacy shield framework for the United States.
YOUR EU RIGHTS
If you are an individual in the EU, you have the following rights:
Right to Access your personal data that we process and receive a copy of it.
Right to Rectify inaccurate personal data we have concerning you and to have incomplete personal data completed.
Right to Data Portability, that is, to receive the personal data that you provided to us, in a structured, commonly used and machine-readable format. You have the right to transmit this data to another service provider. Where technically feasible, you have the right that your personal data be transmitted directly from us to the service provider you designate.
If the legal basis for processing your personal information is your consent, you may Withdraw Your Consent at any time. If you do that, we will still process certain information on a legal basis other than consent, as described in this Notice. Withdrawing your consent will not affect the lawfulness of data processing we carried out based on your consent before such withdrawal.
Right to Object, based on your particular situation, to using your personal data on the basis of our legitimate interest. However, we may override the objection if we demonstrate compelling legitimate grounds, or for the establishment, exercise or defence of legal claims. You may also object at any time to the use of your personal data for direct marketing purposes.
Right to Restrict processing your personal data (except for storing it) if you contest the accuracy of your personal data, for a period enabling us to verify its accuracy; if you believe that the processing is unlawful and you oppose the erasure of the personal data and request instead to restrict its use; if we no longer need the personal data for the purposes outlined in this Policy, but you require them to establish, exercise or defend legal claims, or if you object to processing, pending the verification of whether our legitimate grounds for processing override yours.
Right to be Forgotten. Under certain circumstances, such as when you withdraw your consent, you have the right to ask us to erase your personal data. However, we may still process your personal data if it is necessary to comply with a legal obligation we are subject to under laws in EU Member States or for the establishment, exercise or defence of legal claims.
If you wish to exercise any of these rights, contact us at [email protected]
We reserve the right to ask for reasonable evidence to verify your identity before we provide you with information.
Where we are not able to provide you with information that you have asked for, we will explain the reason for this.
You have a right to submit a complaint to the relevant supervisory data protection authority.
Subject to applicable law, you have the right to lodge a complaint with your local data protection authority. If you are in the EU, you can lodge a complaint to the supervisory authority, in particular in the Member State of your residence or place of work, of an alleged infringement of the GDPR.
For a list of supervisory authorities in the EU
Collect Information from minors under the age of 18 will need to be approved by their legal represents.
If we change this Policy, we will provide notice of such change.
From time to time, we may change this Notice, in which case we will notify you of the updated Notice by email.
The latest version of the Notice will always be accessible on the mobile application and on www.mulabs.tech/privacy-policy
We are the data controller of the personal data we collect through the Service.
Francisco Marques-Teixeira Unipessoal, Lda is the data controller of the personal data we collect and process through the Service.