Glossary of Terms
The glossary for GDPR is the same as that in the General terms and conditions. We have added the terms Controller and Processor, which are specific to GDPR.
Controller vs. Processor
Within Zenamu, Service Providers, which are usually yoga studios or individual teachers, can manage their clients.
We distinguish between the operator of the Zenamu Platform when acting as a data controller (user or studio profile) and when it acts as a data processor (storing data on servers for the Service Provider).
Fyooga s.r.o. acts as a data controller when you are logged in as a User to the application, and the application requires this to function correctly. This includes email, first and last name, cookies, and user preferences agreed by you.
Fyooga s.r.o. acts as a data processor when you are a Service Provider within the Zenamu Platform. Remember, in this case, you legally become the data controller of your customers' personal data.
The Processing Agreement governs the protection of the User's personal data provided to Service Providers.
1. Personal Data Controller
1.1
The Operator of the Zenamu Platform is the Data Controller, also referred to as the "Controller", for its users. The Controller informs you about the processing of your personal data and your rights under Regulation (EU) 2016/679 of the European Parliament and of the Council, Act No. 110/2019 Coll., on the processing of personal data.
1.2
We respect and follow data protection standards when processing personal data, and we adhere to the following principles:
Personal data is processed only for clearly and comprehensibly stated purposes
Personal data is processed using the means and methods specified
Personal data is processed only for as long as strictly necessary
1.3
We collect users' personal data to the extent necessary and do not share it with third parties, except those directly involved in the necessary processing within the application.
1.4
Zenamu is responsible for its employees and subcontractors who come into contact with personal data in the performance of their authorized duties. They are obliged to maintain the confidentiality of personal data and security measures in accordance with the GDPR.
1.5
Users have the right to be informed about the extent to which and for what purpose their personal data is processed, who will process the data and how, and to whom the data may be disclosed.
2. Subject of Personal Data Processing
2.1 Data
The personal data processed by the Zenamu application includes:
User profile information
name, surname
email address
phone*
bank contact*
profile photo*
Service provider information
name, surname*
email address
Company ID*, VAT ID*
residence / registered office*
website
bank account number
phone
Technical data
cookies
IP address
other analytical metrics, including information about application crashes and logs of user account activity
Other data
correspondence via email, chat, in-app, and voluntary responses to Provider's surveys.
*Optional data is only collected if available or if you are filling in for a legal entity.
2.1.1 Data from third-party sign-in (Facebook/Google)
When you register or sign in via Facebook or Google, we process the following data:
email address,
name / display name,
profile photo,
the app-scoped user ID (a unique identifier for our application),
technical authentication data (e.g., tokens and their expiry times).
For Google Sign-In, this means we access the following Google user data via Google APIs:
your Google account email address
your Google account basic profile information (name and, where available, profile picture)
your Google user ID / app-scoped identifier
authentication and refresh tokens, token expiry times, and related technical authentication data
We use this information to:
authenticate you via Google and verify your identity
create a new Zenamu account or link an existing Zenamu account to your Google account
keep your login method up to date (e.g., if you change your Google email alias)
maintain security, fraud-prevention, and audit logs related to sign-in and access to your account
use your email address and name as your contact details in Zenamu for sending you application-related emails (e.g. account notifications, system messages) and, where you have given the appropriate consent in Zenamu, marketing communications about the Platform.
We do not access the contents of your Gmail, Google Drive, Google Calendar, Google Photos, or any other Google services or files.
For Facebook Login, we access the following Facebook user data via Facebook APIs:
- your Facebook account email address (if available)
- your name / display name
- your profile photo (if available)
- your Facebook app-scoped user ID
- authentication tokens, token expiry times, and related technical authentication data
We use this information to:
authenticate you via Facebook and verify your identity
create a new Zenamu account or link an existing Zenamu account to your Facebook account
keep your login method up to date
maintain security, fraud-prevention, and audit logs related to sign-in and access
use your email address and name as your contact details in Zenamu for sending you application-related emails (e.g. account notifications, system messages) and, where you have given the appropriate consent in Zenamu, marketing communications about the Platform.
We do not access or read the content of your private messages or other private content on Facebook.
2.2 Cookies
We use cookies to ensure the proper functioning of our website and measure its performance. Cookies are small data files stored on your device, which can remember text data for a specified time period.
Our cookies are categorized into:
Technical cookies - enable the proper functioning of our website, such as preparing the display of pages, remembering your preferred language, and securing your login.
Analytical cookies - collect anonymized data about website usage for development purposes.
Marketing cookies - send data about your website usage to advertising platforms to target you with advertising or build audiences.
For a comprehensive list of all cookies, visit the cookie bar in the Platform footer, where you can grant, remove, or configure your consent to their use.
In connection with social sign-in, provider scripts/SDKs (Facebook/Google) may be loaded, which use their own cookies and identifiers for secure authentication.
2.3 Data Operations
The Controller performs the following data processing operations on the User's personal data:
Automated storage on the Controller's servers.
Organising, structuring, retrieving, ranking, or combining for analytical and statistical evaluation and improvement of the Platform (system metrics).
For Google user data obtained through Google Sign-In, these operations are limited to what is necessary to:
store and update authentication data,
link your Google account to your Zenamu user account, and
maintain security and audit logs related to sign-in events.
3. Purposes of the processing of personal data:
3.1. Error-free operation of the application
This includes mainly cookies necessary for the error-free operation of the application and email, which is required to log in to the application.
3.1a Identity verification and account linking (Facebook/Google)
Enabling registration/sign-in, creating or linking a user account, performing security verification, and maintaining audit logs.
When you choose to sign in with Google, we use the Google user data described in section 2.1.1 to:
authenticate you via Google and verify your identity,
create or link your Zenamu user account
keep your login method up to date
maintain security and audit logs related to sign-in and access
populate and maintain your contact details in Zenamu so that we can send you application-related emails and, where permitted, marketing communications.
We do not use Google user data to build marketing or advertising profiles for third parties, we do not read the content of any Google services (such as Gmail, Drive, or Calendar), and we do not use Google user data for personalised or interest-based advertising.
Google user data is not used for any purposes other than those explicitly described in this Privacy Policy.
When you choose to sign in with Facebook, we use the Facebook user data described in section 2.1.1 to:
authenticate you via Facebook and verify your identity
create or link your Zenamu user account
keep your login method up to date
maintain security and audit logs related to sign-in and access
populate and maintain your contact details in Zenamu so that we can send you application-related emails and, where permitted, marketing communications.
We do not use Facebook user data to build marketing or advertising profiles for third parties, and we do not use Facebook user data for personalised or interest-based advertising.
3.2. Performance of the contract between the Service Provider
This includes conclusion of the contract, communication with the Service Provider, issuing and recording of tax documents.
3.3. Information purposes
This includes informative email and telephone communications related to the operation of the Platform, such as notifications of expiration of credits and entries, subscription expiration, information about changes to the terms and conditions, information about system upgrades, as well as other information about emergencies not related to marketing communications.
These messages can be sent to the contact email you provided directly in Zenamu or via social sign-in providers (Facebook/Google).
3.5. Technical and analytical purposes
This includes cookies, IP address, and other online technical identifiers, as well as traffic information used for analytical processing in order to improve the Platform itself.
3.6 Sending marketing communications
Users who have given their explicit consent to receive marketing communications on the App are sent marketing content, such as newsletters. These communications can be sent to the email address you provided directly in Zenamu or to the email address obtained via social sign-in (Facebook/Google).
You can opt-out of receiving marketing communications directly in the app or by sending a request to [email protected].
4. Recipients of personal data (subcontractors of the controller)
4.1
The User acknowledges that the Zenamu Platform is operated on servers located in a hosting center, and that the processing of personal data involves companies registered at the web address of subcontractors.
Meta Platforms (Facebook) and Google act as independent controllers with respect to the data you provide to them. Processing may involve transfers outside the EEA; in such cases, we rely on Standard Contractual Clauses (SCCs) and other appropriate safeguards.
4.2
The Controller is entitled, even without the User's prior consent, to involve another supplier of hosting, cloud, or other services as a so-called additional processor in the processing of personal data or to replace the existing companies with another supplier.
In such cases, the User will be informed of this change on the relevant website or, for Users who are themselves Service Providers under a Processing Agreement, also by email.
4.3 Sharing of social sign-in data (Google / Facebook)
We do not sell or rent social sign-in data (Google or Facebook user data) to any third parties.
We do not share this data with third parties except in the following limited situations:
with our infrastructure, hosting, authentication, and email delivery / newsletter providers, who process this data solely on our behalf (for example to send application-related or, where permitted, marketing emails) and under written data processing agreements that require them to protect the data and follow our instructions
where we are required to do so by law, court order, or regulatory request.
This may include sharing your email address and name (including where obtained via Google Sign-In or Facebook Login) with our email service providers to deliver the communications described in sections 3.3 and 3.6.
We do not disclose social sign-in data to advertisers and do not use it for targeted advertising, ad measurement, or audience building.
5. Time and Location of Data Processing
5.1 Location of Processing
Personal data is primarily processed within the European Union Member States.
5.2 Data Retention Period
Personal data is processed indefinitely until the User or the Zenamu Platform Operator cancels the user account, terminating the contractual relationship.
We retain the data necessary for social sign-in (e.g., the app-scoped ID and technical tokens) for as long as your account is linked to the social provider, and thereafter delete it or disassociate it from your profile.
For social sign-in data (Google and Facebook), we apply the following retention and deletion rules:
we retain this data only for as long as your Zenamu account is active and linked to your Google or Facebook account, and only for the purposes described in this Privacy Policy;
when you disconnect your Google or Facebook account from Zenamu (see section 6.2) or request the deletion of your account (see section 6.3), we delete or irreversibly anonymise the social sign-in data and related authentication tokens that we store, except where retention of certain data is required by law (e.g. for accounting records);
you can also revoke Zenamu’s access in your Google Account settings or Facebook account settings. After such revocation, we can no longer access new data via the respective APIs and will use only the data that remains in your Zenamu account until you edit or delete it.
In all cases, data is retained only for as long as necessary for the fulfilment of the purposes described above or to comply with our legal obligations.
5.3 Data storage and protection
We take appropriate technical and organisational measures to protect your personal data, including social sign-in data (Google and Facebook user data), against unauthorised or unlawful processing, accidental loss, destruction, or damage. These measures include, in particular:
limiting access to personal data only to those employees and contractors who need it to perform their duties and who are bound by confidentiality;
using industry-standard security measures such as encrypted connections (HTTPS/TLS) for data in transit;
maintaining access controls, logging, and monitoring to detect and respond to potential security incidents;
periodically reviewing our security measures and supplier contracts to ensure an adequate level of protection.
While no system can be guaranteed to be 100% secure, we aim to keep your data protected using measures that are appropriate to the nature and sensitivity of the data we process.
6. User's Rights
6.1 Right of Access
Each Application User has the right to access their personal data.
6.2 Right to Edit
A Platform User has the right to edit their personal data. This can be done through the Platform or by submitting a request to [email protected].
Disconnecting social accounts
You can disconnect your Facebook/Google link at any time in My Profile. Disconnecting removes only this sign-in method and does not delete your account or data.
When you disconnect your Google or Facebook account, we stop using the respective social sign-in data for sign-in and we delete or invalidate stored authentication tokens. Your contact email and name may remain in your Zenamu profile and continue to be used for application-related communications and, where permitted, marketing emails, until you edit or delete them or request deletion of your account.
If you wish to remove all data, including social sign-in data, you can request full account deletion under section 6.3.
6.3 Right to Erasure
Every User has the right to request the erasure of all personal data. This can be done by sending a request to [email protected].
The Administrator is obligated to delete all User records obtained during the use of the Platform without undue delay.
This right to erasure also applies to social sign-in data (Google and Facebook user data) obtained via sign-in providers. Upon your request for deletion, we will remove such data, subject only to any retention required by applicable law.
7. Final provisions
7.1
All legal relationships related to the processing of personal data are governed by the laws of the Czech Republic, regardless of where the data was accessed.
The Czech courts have the authority to resolve any disputes related to the protection of privacy between the User and the Administrator.
7.2
Users who provide their personal data for the purpose of concluding a contract with the Administrator or provide consent to the processing of personal data do so voluntarily, on their behalf, and the Administrator does not control their activities in any way.
7.3
The Personal Data Processing Policy may be amended or supplemented by the Controller, and the current version will always be available on the Platform, which every User has easy access to.
If the User continues to use the Application after the new version of the General terms and conditions comes into force, by actively using the Application, the User grants consent to the processing of personal data according to the updated version.
7.4
The User may withdraw their consent at any time by sending a request to the email address [email protected].
7.5
These Terms and Conditions and the information on the processing of personal data shall take effect from November 17th, 2025.