Privacy policy

This document explains how we process the personal data you provide to us.

We attach the greatest importance to the security and confidentiality of the data of the users of our services.

As part of our business and to meet the needs of the services to which you subscribe, we process sensitive personal data.

Our practices are in compliance with the GDPR. We only collect and process data that is strictly necessary for their purpose. The data retention period does not exceed the period necessary for the purposes for which this data is collected and processed.

You have the possibility in a few clicks to delete all of your usage data by deleting your account. Please note that this action is total, final and irreversible. By legal obligation, if you had taken out a subscription, we will only have payment and billing data. Data which will be deleted at the end of the mandatory retention period (see Data processed).

Data actors

We ensure the processing of your data. We define the means and purposes of the data processing necessary for the implementation of your Alohadoo monitoring: the information necessary for the use of the platform, the operations to be carried out on the data for return them to you in an understandable and readable format.

We do not sell your data.

As part of the Enterprise offer, we may need to process data to help with the administrative management of the client company.

We outsource the management of payments and invoicing to the company Stripe, which specializes in securing and processing banking transactions. So when you enter your payment and billing data (company mailing address), it is the system secured by Stripe that you use. This data is stored on their servers in compliance with the GDPR law (Stripe policy). This data is not stored on Alohadoo servers.

We outsource the management of your product feedback to Hotjar. So when you enter your messages, it is their system that you use. This data is stored on their servers in compliance with the GDPR law (Hotjar policy). This data is not stored on Alohadoo servers.

Our email provider is OVH. When you send us messages, they are managed by OVH. This data is stored on their servers in compliance with the GDPR law (OVH policy). This data is not stored on Alohadoo servers.

Data security

Our site forces the use of the HTTPS protocol. Traffic to and from Alohadoo.com is encrypted.

The data is hosted by an HDS-certified host for the storage of health data (list on the Digital Health Agency).

The data is stored in France in a Datacenter of the company AWS.

It is for data protection that we impose a high level of password on our users: minimum 8 characters including at least 1 lowercase, 1 uppercase, 1 number & 1 symbol.
Your password is not stored in our databases. It is used by an algorithm to create a hash key. This key validates the logon authorization of a valid password. This is why, if you lose your password, our services do not have it. It will need to be reset using your email.

- Be careful when you export your data to your email box, you are leaving the protection and confidentiality domain of the Alohadoo application. As with any other email, the content and therefore your data is exposed to your email provider as well as to the email providers of people to whom you may transfer your results. Do not export your data if you are not sure that you have mastered the security of your IT tools (email box, antivirus, security update of your systems, etc.).

Data processed

Individual subscription

Last name & first name
Email
Bank details (after subscription)

This data can be viewed, modified and deleted from the user account of the Alohadoo application.
This data is used for access to the service, payment processing and invoicing.
In the absence of subscription, the user account and all data are deleted after 24 months of inactivity.
In the event of a previous subscription, only the contractual and invoicing data are kept in accordance with the provisions of the law in force (see next paragraph).

Enterprise subscription

Administrator data

Last name & first name
Professional email
Company bank details

This data can be consulted, modified and deleted from the administrator account of the Alohadoo application.
This data is used for contract, billing and payment processing.

Employee data

Last name & first name
Department
Professional email
License activation status

This data is used to invite employees by email to register and to see if a license has been activated.
These data are used for access to the service.

An administrator can view, modify and delete an employee's Last Name, First Name and E-mail data from the license management screen. An administrator can delete a license. This removes the subscription that was offered to an employee. This does not delete the employee's account, it is a standalone account in its own right. The user can continue to use the free service or subscribe to an individual offer to continue using all the features.

An administrator manages account activations but does not have access to employee accounts. An administrator does not have access to user data.
An administrator has access to consolidated usage and well-being score data to feed his psychosocial risk analysis dashboards.

An Enterprise user benefits from the same data control functionalities as a private user. She/he/they/ze can delete her/his/their/zir account and all of her/his/their/zir data from our servers at any time from her/his/their/zir user account.

A user's data is kept for the time of use of the service. She/he/they/ze can delete her/his/their/zir account and all of her/his/their/zir data at any time from her/his/their/zir user account. In the event of subscription, for legal reasons only her/his/their/zir payment and invoicing data are kept.

In accordance with the law, contractual data is kept for 5 years after the end of the contract (10 years if the contracting is electronic) and billing data for 10 years.

Tracking data

Alohadoo allows you to assess your well-being.
As a result, we process the tracking data that you send us and which are the subject of the service and the data necessary for the proper execution of the service that you subscribe to:

  • assessment and Cogito data: this data is used to allow you to assess your level of well-being and to easily find advice and best practices adapted to your needs. Without the processing of this data we cannot perform subscribed service. You can delete your data at any time. In the event of a subscription in progress, you remain liable for the amount of the subscription taken.
  • Messages sent to our services (questions of use): these data are used to meet service needs. They are deleted 2 years after the end date of subscription.
  • returns on the product through Feedback or answers to satisfaction questionnaires: this data is used to improve the quality of our services. This data is deleted 2 years after receipt of your answers.

Data Collected Automatically

If you accept cookies the following data is collected:

  • Visited pages
  • Access using smartphone or computer
  • Site interactions
  • Server errors
  • Duration of visit
  • IP address

The cookie policy is available here: Cookies policy.

This data is used globally to improve the quality of our services: traffic management, level of use of a service, relevance of content and collection of user feedback for product improvement.

Advertising

There is no advertising on user accounts of paid subscriptions.

The Free subscription (limited version) is funded by advertising. By using this version you give your consent to Atom Business Consulting, owner of the Alohadoo platform and services, to use your personal data in the following cases:

- Personalised advertising and content, advertising and content measurement, audience research and services development

- Store and/or access information on a device

If you do not give your consent, your personal data won't be used for the above. You will not be able to use the Free version, funded by advertising, but you can subscribe to a paid version, without advertising.

Advertising is managed by Google AdSense.

You can change how your personal data is used and who uses it by clicking on the "Manage options" button on the Google banner, appearing at the opening and at the bottom of pages including advertising, recognizable by the icon .

To collect and use data, vendors can :
- Match and combine data from other data sources
- Link different devices
- Identify devices based on information transmitted automatically.

Collecting and using the following data will require your consent, unless it's collected to ensure security, prevent fraud, or debug :
- Use precise geolocation data.

Your personal data will be processed and information from your device (cookies, unique identifiers, and other device data) may be stored by, accessed by and shared with TCF vendor(s) and ad partner(s) ( list ), or used specifically by this site or app.

Some vendors may process your personal data on the basis of legitimate interest, which you can object to by managing your options from the “Manage options” button on the Google banner, appearing at the opening and at the bottom of pages including advertising, recognizable by the icon .

Update

We want to see the number of services we provide to our users grow. A new feature or a new law may require this Privacy Policy to be updated. Do not hesitate to regularly take note of the updates that will be made.

We will notify you of significant changes that will affect the processing of your data.

If you have any questions about the management of your data by Alohadoo (Atom Business Consulting company), or wish to exercise your rights of access, rectification, or deletion, you can send your request to gdpr @alohadoo.com