Confidentiality Policy

Preamble 

ENSOPCO, a simplified joint stock company, registered in the Pontoise Trade and Companies Register under number 894 917 459, whose registered office is located at 9 bis rue de la Briqueterie - ZAE des Fauvettes, 95330 Domont, and whose trade name is "Teale" (hereinafter "TEALE"), makes the protection of its Users' personal data a priority. 

The purpose of this privacy policy (the "Policy") is to set out the way TEALE collects, uses,stores, shares and protects the Personal Data of its users. (“you” or “Users”) 

“Users” means any natural person accessing the Teale Platform. This may include employees of companies that have contracted with TEALE to provide the Platform and its Services (the “Company” or "Companies"). 

The Services, as defined in the General Terms of Use available at https://teale.io/fr/cgu, include in particular well-being assessments, digital resources, teleconsultation services, as well as the AI-powered well-being conversational agent “Joy.”  

The present Policy completes and forms an integral part of the General Conditions of Use of the https://teale.io/fr/cgu Platform. Use of the Platform requires acceptance by the User of these General Conditions of Use and this Policy.  

Article 1 - Definitions

"Subscription": Refers to the subscription taken out by the Company for Users, via the conclusion of a non-exclusive license agreement between TEALE and the Company. 

"CNIL": Refers to the French Data Protection Authority (Commission Nationale de l'Informatique et des Libertés)

"General Conditions of Use" or "GCU”: Refers to the general conditions of use of the Teale Platform.

"Personal data": Means, within the meaning of the GDPR, any information relating to an identified or identifiable natural person (an identifiable person being a person who can be identified, directly or indirectly, by reference to a name, an identification number, an online identifier or a specific feature specific to his physical or mental identity)

"Company": To the meaning given to it in the Preamble

"User Space": Refers to the personal account created by the User on the Platform, in accordance with the GCU.

"Newsletter": With the meaning given to it in article 4 

"Platform": Designates the "Teale" digital platform accessible via a digital application and a website, designed to be offered by Companies to their employees to provide them with psychological support and improve their daily lives.  

"Policy": To the meaning given to it in the Preamble

"Practitioners": Designate the mental health practitioners (psychologist, coach) accessible via the Platform, in accordance with the GCU.

"GDPR": Refers to the General Data Protection Regulation of April 27, 2016 (EU 2016/679).

"Services": Refers to all functionalities offered by TEALE to Users via the Platform in accordance with the GCU. These features include : 

  • Tools for assessing and improving the user's emotional well-being; and access to consultations with practitioners.   
  • Access to the conversational agent Joy

“Subprocessor”: Refers to processors to whom TEALE entrusts the performance of specific processing activities.

"TEALE": To the meaning given to it in the Preamble 

"Authorized Third Parties": With the meaning given to it in article 4 

"User": Refers to any person who has access to the Platform and uses the Services, in accordance with the GCU.

Article 2 - Identification of data controllers and processors

2.1 Persons responsible for processing

Data controller means, within the meaning of the GDPR, any person who determines the purposes and means by which Personal Data is used. 

In connection with the use of the Platform and Services, the data controllers are as follows: 

  • TEALE : 
    • When creating and managing the User Space on the Platform;
    • When using the various functionalities enabling the User to improve his or her emotional well-being, to self-assess and monitor the evolution of his or her state of well-being;
  • Practitioners: during consultations offered to Users via the Platform. 

2.2 Joint Controllers

Joint Controllers, within the meaning of the GDPR, are entities that jointly determine the purposes and means of a given processing activity.

In the context of the use of the Telephone Support Service, the Joint Controllers are:

- TEALE:

  • When using a service provider to provide a 24/7 Telephone Support Service, in accordance with Article 7.2.2 of the GCU.

- JLO GROUP:

  • For the provision of the 24/7 Telephone Support Service, in accordance with Article 7.2.2 of the GCU.

2.3 Processors

Processor means, within the meaning of the GDPR, any person processing Personal Data on behalf of the data controller. 

TEALE acts as a processor, within the meaning of the General Data Protection Regulation: 

  • Where applicable, on behalf of the Company, when obtaining information enabling it to send each User an access link to the Platform.; and
  • Where applicable, on behalf of Practitioners during consultations offered via the Platform. 

Article 3 - Nature and origin of the personal data collected 

In order to use the Platform and its various functions, TEALE collects Personal data from Users. 

When collecting Personal Data, Teale clearly indicates to the User which information is mandatory in order to benefit from the Services. Other data is optional. 

In any event, TEALE undertakes to delete Personal Data from its active databases at the end of the retention periods mentioned above, subject to the retention of certain information for legal, accounting, or tax purposes, for a maximum period in compliance with applicable obligations after the closure of the User’s personal account, or in the event of litigation.

Article 4 – To whom is your personal data transmitted 

4.1. Authorized TEALE personnel

Only certain authorized members of TEALE may access your personal data, strictly to the extent necessary to perform their duties. This includes, in particular, the Product, Support, Development, and Security teams, as well as the teams responsible for managing your Personal Space.

4.2. Technical service providers (processors)

Your data may be transmitted to service providers acting as processors, operating solely on TEALE’s instructions and under data processing agreements compliant with Article 28 of the GDPR.

TEALE notably uses the following processors:

  • Google Cloud Platform (Google Ireland Ltd.): Hosting of the Platform, servers located within the European Union;
  • Google Calendar (Google Ireland Ltd.): Management of appointments with Practitioners;
  • Kombo GmbH: Secure transmission of identification data to Practitioners;
  • Imediapp: Sending of push notifications and transactional emails;
  • Livestorm: Organization of workshops via videoconferencing.

4.3. Communication for legal reasons

Certain personal data may be disclosed to third parties if TEALE is legally required to do so. This concerns, in particular, judicial authorities in the context of legal proceedings, duly authorized administrative authorities, or any other entity with a clear legal basis to access the data. Such disclosures are strictly limited to what is required and are subject to rigorous controls.

4.4. Use of anonymized data for information and statistical purposes

TEALE also anonymizes Users’ personal data to produce reports, perform statistical analyses, or conduct research related to the improvement of its Services. As part of Subscriptions taken out by Companies, they may receive feedback on their employees’ use of the Platform. 

These processes are carried out under conditions that prevent any re-identification of Users by reasonably accessible means. 

4.5. Practitioners

The data necessary for scheduling appointments may also be shared with Practitioners through secure interfaces, only when you request such support. 

Article 5 - Is your personal data transferred outside the European Union?

Certain personal data may be transferred outside the European Economic Area, notably due to the involvement of TEALE’s technical service providers.

In particular, the use of the processor Livestorm for the organization of videoconference workshops entails such transfers, strictly governed by appropriate safeguards designed to ensure a sufficient level of protection of Users’ privacy and fundamental rights, in accordance with the GDPR. These safeguards notably include the signing of standard contractual clauses adopted by the European Commission.

The Platform is hosted by Google Cloud Platform (GCP), whose servers are located exclusively within the European Union. GCP is certified as a Health Data Host (HDS) in accordance with French regulations (cert. no.: FR053558).

Personal data likely to reveal or allow the inference of information relating to Users’ health is under no circumstances transferred outside the European Union.

You may obtain further information on the transfers carried out and the safeguards implemented by sending a request to the following address: privacy@teale.io.

Article 6 - Technical measures implemented  

TEALE, in its capacity as Data Controller and Processor, implements appropriate technical measures to ensure a level of security appropriate to the processing of Personal Data collected from Users.

These measures notably include:

  • Secure hosting on HDS-certified servers located within the European Union;
  • Strict limitation of access to authorized persons only;
  • Strengthened authentication for system access;
  • Pseudonymization or anonymization of data whenever possible;
  • Logging of access and actions to ensure traceability;
  • Regular data backups and the implementation of a disaster recovery plan;
  • Regular internal and external security audits. 

TEALE adapts these measures according to the evolution of risks and regulatory obligations.

Article 7 - User rights 

In accordance with applicable law, Users of the Platform have the following rights: 

- Right of access and rectification 

The User has the right to access his or her personal data and request that it be corrected; 

- Deletion right

The User has the right to obtain from TEALE the deletion, as soon as possible, of personal data concerning him. 

TEALE is obliged to delete such Data as soon as possible when one of the following reasons applies:  

  • Withdrawal of consent ; 
  • Opposition to processing ; 
  • Personal Data are no longer necessary for the purposes for which they were collected; 
  • Personal Data has been processed unlawfully. 

- Right to limit the processing of Personal Data

The User may restrict the processing of their Personal Data in the following cases: 

  • Challenging the accuracy of the Data collected; 
  • Unlawful processing and the User objects to their deletion and demands only that their use be restricted; 
  • TEALE no longer requires the Data, but it is still necessary for the User. 

- Right to object to the processing of the User's Personal Data 

The User may at any time object to the processing of his/her Personal Data. 

- Right to withdraw consent at any time 

The User has the right to withdraw his/her consent to access the Platform Services at any time. 

- Right to portability of personal data 

The User has the right to move, copy or transmit his or her Personal Data to a platform other than TEALE.

Any request made in application of the foregoing shall be made via the TEALE contact details set out in Article 8 of this Policy. 

The User may file a complaint with the CNIL (https://www.cnil.fr/fr/plaintes) concerning the respect of his rights regarding the protection of his Personal Data.  

Article 8 - Modification of the Privacy Policy

This Privacy Policy may be amended or updated to reflect changes in TEALE’s practices regarding the protection of personal data, or to ensure compliance with applicable regulations.

In such cases, TEALE will implement appropriate measures to inform Users of these changes.

Article 9 - Contact 

TEALE, in its capacity as data controller, guarantees Users the possibility of addressing any questions, comments or complaints relating to this Policy. Users are invited to contact TEALE at privacy@teale.io