Confidentiality Policy

Preamble

ENSOPCO, a simplified joint stock company, registered in the Pontoise Trade and Companies Register under number 894 917 459, whose registered office is located at 9 bis rue de la Briqueterie - ZAE des Fauvettes, 95330 Domont, and whose trade name is "Teale" (hereinafter "TEALE"), makes the protection of its Users' personal data a priority.

TEALE expressly undertakes to comply with French and European legislation on the protection of Personal Data when using its website and Platform, and in particular with the provisions of the General Data Protection Regulation of April 27, 2016 and Law No. 2018-493 of June 20, 2018.

The purpose of this privacy policy (the "Policy") is to set out the way TEALE collects, uses and stores the Personal Data of its Users. These Users include employees of companies that have contracted with TEALE to provide the Platform and its Services (the "Companies").  

The present Policy completes and forms an integral part of the General Conditions of Use of the https://teale.io/fr/cgu Platform. Use of the Platform requires acceptance by the User of these General Conditions of Use and this Policy.

Article 1 — Definitions

"Subscription" - Refers to the subscription taken out by the Company for Users, via the conclusion of a non-exclusive license agreement between TEALE and the Company.

"CNIL" - Refers to the French Data Protection Authority (Commission Nationale de l'Informatique et des Libertés).

"General Conditions of Use" or "GCU” - Refers to the general conditions of use of the Teale Platform.

"Personal data" - Means, within the meaning of the GDPR, any information relating to an identified or identifiable natural person (an identifiable person being a person who can be identified, directly or indirectly, by reference to a name, an identification number, an online identifier or a specific feature specific to his physical or mental identity).

"Company" - To the meaning given to it in the Preamble.

"User Space" - Refers to the personal account created by the User on the Platform, in accordance with the GCU.

"Newsletter" - With the meaning given to it in article 4.

"Platform" - Designates the "Teale" digital platform accessible via a digital application and a website, designed to be offered by Companies to their employees to provide them with psychological support and improve their daily lives.

"Policy" - To the meaning given to it in the Preamble.

"Practitioners" - Designate the mental health practitioners (psychologist, coach) accessible via the Platform, in accordance with the GCU.

"GDPR" - Refers to the General Data Protection Regulation of April 27, 2016 (EU 2016/679).

"Services" - Refers to all functionalities offered by TEALE to Users via the Platform in accordance with the GCU. These features include : Tools for assessing and improving the user's emotional well-being; and Access to consultations with practitioners.

"TEALE" - To the meaning given to it in the Preamble.

"Authorized Third Parties" - With the meaning given to it in article 4

"User" - Refers to any person who has access to the Platform and uses the Services, in accordance with the GCU.

Article 2 - Identification of data controllers and subcontractors

2.1 Data controllers

Data controller means, within the meaning of the GDPR, any person who determines the purposes and means by which Personal Data is used.

In connection with the use of the Platform and Services, the data controllers are as follows:

  • TEALE :

When creating and managing the User Space on the Platform

When using the various functionalities enabling the User to improve his or her emotional well-being, to self-assess and monitor the evolution of his or her state of well-being;

  • Practitioners: during consultations offered to Users via the Platform.

2.2 Processors

Processor means, within the meaning of the GDPR, any person processing Personal Data on behalf of the data controller.

TEALE acts as a processor, within the meaning of the General Data Protection Regulation:

Where applicable, on behalf of the Company, when obtaining information enabling it to send each User an access link to the Platform.; and

Where applicable, on behalf of Practitioners during consultations offered via the Platform.

Article 3 — Nature and origin of the Personal Data collected

In order to use the Platform and its various functions, TEALE collects personal data from Users.

The Personal Data that may be collected by TEALE when using the Platform and the Site include the following :

  • User first and last name;
  • User's e-mail address and password;
  • User gender ;
  • Connection data, devices used, and the User's IP address;
  • Information provided by the User on the Platform when using the Services, and in particular :

Via questionnaires offered on the Platform designed to assess and improve the User's emotional well-being; and

By making appointments with Practitioners.

This Data includes not only general data enabling the User to access the Platform and his User Space, but also health data.

This Data is collected by TEALE in its capacity as data controller or processor.

TEALE may also collect Personal Data from Users through the use of cookies on the Site and the Platform.

Article 4 - Purpose of collecting Personal Data

4.1 Use of Personal Data

The User is hereby informed that the Personal Data collected by the Platform is necessary for the provision of the Services offered by TEALE, the main purpose of which is to contribute to the psychological well-being of Users.

In addition, the User's Data may be used to send emails inviting him/her to create or update his/her Personal Space on the Platform, as well as to send content related to mental health, well-being at work, and informing of updates made on the Platform (the "Newsletters"). In any event, the User may unsubscribe from these Newsletters at any time by clicking on the dedicated link (provided in each email).

The processing of the User's Personal Data is justified by the performance of TEALE's contractual obligations under the Subscription or additional services provided to the User at his/her request. depending on the nature of the processing, the performance of these contractual obligations and the User’s consent constitute the legal basis for the processing of Personal Data as provided for in the GDPR.

In the event that the User joins a new company that has also a Subscription with TEALE, the Personal Data used in the context of the first Subscription may be retained by TEALE to ensure the follow-up of the User in this new company.

The User expressly acknowledges that if he/she chooses not to provide all the information requested when using the Platform, he/she runs the risk of not being able to benefit from the Services made available on the Platform.

4.2 Recipients of Personal Data

The User's Personal Data will not be transmitted for commercial or advertising purposes without the User's express prior consent.

The User's Personal Data may be processed by the following persons:

TEALE's internal departments, within the limits of their responsibilities and in particular concerning the management of the User Space;

Practitioners in the context of consultations offered via the Platform.

The User's Personal Data may also be transmitted to certain entities with access expressly authorized by law, and in particular to the following entities:

Judicial authorities, particularly in the context of a judicial inquiry or preliminary investigation;

Administrative authorities, including duly authorized tax or financial authorities; and

Where applicable, TEALE's processors (such as IT service providers), namely :

- GOOGLE CLOUD PLATFORM for data hosting

- IMEDIAPP (RCS Paris n°525 279 600) for sending push notifications and emails.

- KOMBO GmbH for data transmission between information systems

(hereinafter, the "Authorized Third Parties")

In accordance with current legislation, any transmission made to an Authorized Third Party will be carried out after having carried out all the required checks as to the quality of the Third Party to receive this transmission and the legal basis of its request. TEALE expressly undertakes to adopt all confidentiality measures necessary to ensure the security of any such transmission and to preserve its traceability.

Lastly, Personal Data may also be transmitted to the User concerned as part of the exercise of his/her rights as set out in article 6 of this Policy.

4.3 Anonymization of Data and transmission for information and statistical purposes

As part of the Subscription taken out by the Company, TEALE may provide the Company with feedback on the use of the Platform by its employees, who are also Users.

TEALE expressly undertakes to ensure that any information transmitted on this occasion is first anonymised by TEALE, making it impossible to identify Users by any reasonable means.

Anonymised information (which does not allow the User to be identified) may also be used for research and analysis purposes, in direct connection with TEALE's activity.

Article 5 — Protection of Personal Data

5.1. Protective measures implemented

TEALE, in its capacity as data controller and processor, implements all appropriate technical measures to guarantee an appropriate level of security in the processing of Personal Data collected from Users.

In accordance with the regulations in force, TEALE undertakes to notify any violation of this Data to the qualified persons within 72 hours.

5.2 Personal Data Retention Period

The length of time that Personal Data is kept is determined by the data controller according to the purpose for which the data was collected.

Users' Personal Data is kept for the time strictly necessary for Users to use the Platform's Services.

At the end of a period of 6 months following the closure of the User's User Space or 1 year without the User having accessed this Space, his/her Data is deleted or anonymized.

TEALE determines the duration of Data retention solely in its capacity as data controller. When TEALE acts as a processor, the Data retention period is determined by the data controller, and by the Practitioners.

5.3 Hosting Personal Data

The Services offered by TEALE, and in particular the consultations provided by the Practitioners, do not fall within the scope of article L.1111-8 of the French Public Health Code, and therefore do not require the use of an HDS-certified hosting provider.

TEALE hosts Users' personal data in Europe, in Belgium to be precise: europe-west1 region with Google Cloud Platform, an HDS-certified host (number: FR053558).

Article 6 - User Rights

In accordance with current legislation, the Platform User has the following rights:

  • Right of access and rectification

The User has the right to access his or her personal data and request that it be corrected;

  • Deletion right

The User has the right to obtain from TEALE the deletion, as soon as possible, of personal data concerning him.

TEALE is obliged to delete such Data as soon as possible when one of the following reasons applies:

- Withdrawal of consent ;

- Opposition to processing ;

- Personal Data are no longer necessary for the purposes for which they were collected;

- Personal Data has been processed unlawfully.

  • Right to limit the processing of Personal Data

The User may restrict the processing of their Personal Data in the following cases:

- Challenging the accuracy of the Data collected;

- Unlawful processing and the User objects to their deletion and demands only that their use be restricted;

- TEALE no longer requires the Data, but it is still necessary for the User.

  • Right to object to the processing of the User's Personal Data

The User may at any time object to the processing of his/her Personal Data.

  • Right to withdraw consent at any time

The User has the right to withdraw his/her consent to access the Platform Services at any time.

  • Right to portability of personal data

The User has the right to move, copy or transmit his or her Personal Data to a platform other than TEALE.

Any request made in application of the foregoing shall be made via the TEALE contact details set out in Article 8 of this Policy.

The User may file a complaint with the CNIL (https://www.cnil.fr/fr/plaintes) concerning the respect of his rights regarding the protection of his Personal Data.  

Article 7 — Application of the Privacy Policy

TEALE reserves the right to modify this Policy at any time, in particular to adapt it to future changes in legislation, regulations and its Services.

In the event of a significant change in the provisions of this Policy, TEALE undertakes to inform Users at least 30 days before the change takes effect.

The User expressly acknowledges that the only authoritative version of the Policy is the online version.

Any withdrawal of adherence to the present Privacy Policy will result in the User's access to the Platform and his Personal Space being terminated.

The original version of the present document is in French. If it is translated into one or more languages, solely the French version shall govern and control in the event of a dispute.

Article 8 — Contact

TEALE, in its capacity as data controller, guarantees Users the possibility of addressing any questions, comments or complaints relating to this Policy. Users are invited to contact TEALE at support@teale.io.  

TEALE undertakes to assist Users with any complaints they may have concerning the protection of their Personal Data by Practitioners.