For Elysium, we addressed GDPR obligations and biometric data

Steiniger advised Instarea on their new project called “Elysium”, where personal data protection needs to be specifically addressed when processing biometric data in accordance with GDPR.

The client's needs were based on the processing of personal data based on customer registrations within the mobile application and on the use of biometrics to enter the premises of the Elysium Wellness Center.

Our mandate consisted mainly of the following tasks:

  • analysis of the mobile app functionality
  • definition of the way personal data are processed and data maping
  • identifying risks related to the processing of biometric data
  • elaboration of information for customers according to Article 13 of GDPR
  • analysis of the possible emergence of obligations from GDPR
  • assessment of whether the company has been obliged to develop DPIA (Data Protection Impact Assesment) in relation to the use of biometric data


Elysium - a unique Slovak project based on providing services through IoT (Internet of Things). Elysium is supposed to act as a network of wellness centers, the services of which should be used by the customer through a mobile application used to reserve entries to a fully automated wellness center (

Instarea - Slovak company and "laboratory" for innovative ideas for monetization of telecommunication big data within the international group Adastra. Through the efficient use of data, they strive to optimize marketing processes and improve infrastructure in cities (

Facebook Twitter Google+ LinkedIn