Privacy is a fundamental right and one of the core values of moka.care. We build strong and lasting relationships with our customers, partners, users and employees based on mutual trust. Ensuring the security and confidentiality of the personal data of users of our websites and other applications is therefore a priority for us. When you use the website (hereinafter the "Site"), we may collect personal data about you. The purpose of this policy is to inform you of the ways in which we process this data.
In the course of your use of the Moka.care website (hereinafter referred to as "the Solution"), your personal data are processed.
The person responsible for this processing is your employer, who invited you to create your account on the Website (hereinafter referred to as the "Data Controller").
Our company, Moka Care, SAS, registered in the Paris Trade and Companies Register under no. 883 203 887, whose registered office is at 6 rue Bayen - 75017 Paris, acts exclusively as a subcontractor of the Data Controller, i.e. we process your data in its name, on its behalf and according to its instructions.
2. Description of data processing
The Solution is a support website for our clients' employees and collaborators (hereafter the "Users") that allows them to make appointments with coaches and psychologists (hereafter the "Practitioners").
We offer different services:
• Individual coaching with a Practitioner
• Group sessions led by a Practitioner
• The provision of digital content and programmes.
3. What is the purpose of the data collected ?
The Data Controller determines the purpose(s) for which the data is processed and the legal basis, depending on the purpose for which it uses the Solution.
4. What personal data do we collect ?
On the instructions of the Data Controller, we collect the following data:
Identification data (e.g. surname, first name, email address, telephone number, appointment dates)
Connection data (e.g. IP address, logs)
Mandatory data are indicated when you provide us with your data. It is necessary to provide you with our services.
If you choose to log in using a third party authentication service (e.g. Google or Facebook), certain data such as your name and email may be retrieved from that service. By choosing this option, you consent to the sharing of this data with us by that service.
Concerning Google data,
- as a user, you can choose to sign-in with Google to your moka.care account. In this case, moka.care will get from Google your first name, last name, and email address used to create the account. moka.care only processes this data to enable its user to access our service (eg. book sessions with practitioners and transmit the contact details to your practitioner).
- if you are a practitioner working with moka.care : moka.care will use the Calendar API to synchronize your calendar with moka.care. The API enables moka.care to know what slots are available or not according to your calendar. This data is used to update in real time the available sessions to users on your profile page, so that users can book sessions with you. It also allows moka.care to create, cancel or reschedule sessions directly in your Google calendar when users book a session with you.
Moka.care's use of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
5. Who has access to this data ?
Without prejudice to the other recipients to whom the Data Controller may transmit your data, we will transmit them to:
our own subcontractors for the purposes of implementing the Solution: hosting provider, CRM provider, emailing provider
our Practitioners who listen to you and advise you
the services in charge of control (auditor in particular), public bodies, exclusively to meet our legal obligations, court officers, ministerial officers and bodies in charge of debt collection.
In the case of individual appointments with Practitioners, we only transmit aggregated or anonymised data to the Data Controller and not details of individuals and the appointments they have made.
6. How long will the data be kept ?
The data controller determines the periods for which your personal data is stored. For our part, we keep your data for the duration of our contract with the data controller.
7. Is your data likely to be transferred outside the European Union ?
Your data is stored on the servers of the company OVH, in France.
It may be transferred outside the European Union in the context of the tools we use and our relations with our subcontractors (see the section "Who are the recipients of the data?").
This transfer is secured by means of the following tools:
- Either the data is transferred to a country that has been judged to offer an adequate level of protection by a decision of the European Commission;
- Or we have entered into a specific contract with our subcontractors for the transfer of your data outside the European Union, based on the standard contractual clauses between a data controller and a subcontractor, approved by the European Commission.
8. What are your rights to your data ?
You have the following rights with regard to your personal data:
Right to information: This is precisely why we have drawn up this charter.
Right of access: You have the right to access all your personal data at any time.
Right of rectification: You have the right to rectify your inaccurate, incomplete or obsolete personal data at any time.
Right to limitation: You have the right to obtain the limitation of the processing of your personal data in certain cases defined in art.18 of the GDPR.
Right to be forgotten: You have the right to request that your personal data be erased, and to prohibit any future collection of your personal data.
Right to lodge a complaint with a competent supervisory authority (in France, the CNIL), if you consider that the processing of your personal data constitutes a violation of the applicable laws.
Right to set up instructions on the storage, deletion and communication of your personal data after your death.
Right to object: You have the right to object to the processing of your personal data. Please note, however, that we may continue to process your personal data despite this objection, for legitimate reasons or to defend legal rights.
You may exercise these rights by writing to the Data Controller, using the contact details set out in the Data Controller's Information Document.
9. How to contact moka.care regarding personal data :
Contact email : email@example.com
Contact Address : moka.care, 19 Boulevard Poissonnière, 75002 PARIS
We may amend this policy at any time. These changes will apply as of the effective date of the modified version. You are therefore invited to consult the latest version of this charter regularly.
Effective date: 01/01/2021