Last updated: 20 Jan 2020
PLEASE READ THIS POLICY CAREFULLY BEFORE USING ANY OF AKESIO SERVICES.
IF YOU DO NOT CONSENT, PLEASE DO NOT SUBMIT ANY PERSONAL DATA TO US.
You must be 18 years or older to use our services (Akesio website and application). By using our website and agreeing to our Terms, you warrant that you are at least 18 years of age.
Akesio Limited (“Akesio”,“We”,“Us”, “Our”) administer the website https://www.akesio.com (the “Website”) and the Akesio web application (our “App”); they are collectively named our “Services”.
We are committed protecting and respecting your privacy and it is crucial for us that you feel safe while you’re using our services.
We are complying with Data Protection Laws and General Data Protection Regulation including the 'Directive 96/46/EC' but not limited to (“GDPR”) and all the other regulatory legislations relatives to data protection effective in the UK.
Akesio is a company incorporated in England, our company number registration is 11191446 and our registered address is: 4th Floor 8 Old Jewry, London, England, EC2R 8DN.
We are registered with the UK Information Commissioner’s Office as a “Data Controller” (Reg No. ZA315403), and have in place a comprehensive Company data protection policy, procedures and practices to meet the standards of high quality data protection. Our Data Protection Officer is Lavinia Ionita (email@example.com).
We need to collect and process your data in order to provide you with a personalised stress management programme and to improve your mental and overall well being (the scope of our services).
Before starting using our Services, you’ll be asked to provide us with relevant information like (but not limited to):
This data will be used to identify you and/or to allow further communications with you, in particular when:
You can opt out at any moment for any external communication such as phone calls, text messages, chat, emails including Newsletters, marketing or promotional campaigns about our services.
When you register to our Services, we may collect lifestyle and health data (“Health Data”) from you in order to provide you with a personalised report regarding stress and mental well-being and with an ongoing follow up to evaluate progress against your health goals.
We will collect information about your general health, mental health and your sex life. You’ll be asked for example information about your current symptoms, medical history, habits and behaviours etc. You can opt out if you don’t want us to process a particular subset of information, like for example ‘sex life’ data but certain information is mandatory.
We may use your Health Data to fulfil our obligations and commitments towards you for a high quality service, therefore we may need use of appropriate information for our internal procedures and practices, which includes healthcare, operations, administration, planning.
We keep records for all your health information, including lifestyle, and behaviours, as well as for all interactions we may have with you to ensure a high quality of care and support. In order to monitor and improve our service quality and user experience, we may retain records of all our interactions regarding your demands, suggestions, greetings or complaints you could have about our services regarding to your health and mental wellness.
In order to have access to your personalised wellbeing programme you’ll need to make a payment for our Services. The payment processing is done through third-party services (e.g. payment processors) that are receiving the information directly from you (we will not store or collect your payment card details, we will only retain basic details of the transaction).
Our payment processor is compliant with the Payment Card Industry Data Security Standards (PCI DSS).
adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.
We may collect technical information about the devices you use to access our Services and also analytical information on your visit on our website and/or app. Therefore, while you’re visiting our Services, your browser is sending us information about your device such as (but not limited to) the IP address, the operating system, the browser type, the pages you visit, the date and time, how much time you’ve spent on the website, etc.
This information is kept anonymous as much as possible and we will not use this data to identify you, but merely to improve the user experience of our Services, to improve our offres, to assist communication, etc.
When you first visit our website, cookies are sent to your browser and stored on your computer or mobile device. For example, in this way, we may recognise your device next time you’re visiting our Services, storing data about your preferences etc. that will allow us to improve your experience.
Data collected in this manner is pseudonymized, and is not stored together with other personal data of the user.
You are free to decide whether you’re willing or not to accept cookies on your device by changing the settings of your browser (you can decide to refuse all cookies). However, if you choose this option you may not benefit from the integrality of our Services.
We do have policies, procedures and other operating systems in place in order to take reasonable steps to limit the use or disclosure of your personal data (i.e. we restrict access to your personal data to dedicated persons for a specific task following the principle of minimum necessary access to identifiable health information).
Akesio doesn’t share any of your personal information with any third parties without your explicit consent (you can change and/or remove your consent at any time; see below in “Your rights” how to withdraw consent).
We may use providers and sub-contractors (third parties) to support our Service, perform Service-related services or assist us in analysing how our Service is used.
In case we need to share your personal data for the purposes for which data was initially collected (i.e. having your samples processed by an external laboratory), the sharing of your personal information will always be done with your consent and following strict rules of security and confidentiality. These third parties will only legally be able to use your data for the purpose of providing a service to us and are obliged not to disclose or use it for any other purpose. We request that these service provider contractors (third parties) have in place solid privacy and security measures for data protection.
The third parties we may use include but not limited to:
In order to meet the highest quality and safety standards and minimise the risks, we may use pseudonymised data wherever applicable.
We may share aggregate statistics from anonymised data (non-identifiable data) to our partners, for research and to contribute to the innovation in the healthcare and mental wellness areas (i.e., x% of your group of 50 individuals present high levels of stress). This type of data is irreversibly anonymised.
Under certain exceptional circumstances, we may disclose your information in good faith as a legal obligation in order to comply with a regulation, legal process or governmental request:
In accordance with current legislation, we will retain health data for 10 years.
When you use our website, your data is removed after 14 days, unless any unless any security-relevant event occurs (e.g. a DDoS attack). If there is a security-relevant event, server log files are stored until the security-relevant threat has been fully eliminated and solved.
When you use our app and you request deletion of your account or when you delete your account in the App, your data is deleted or irreversibly anonymised (and cannot be associated with a specific natural person). If your account is inactive for more than 24 months, we will contact you to check whether you wish to continue using our Services. If you then leave your user account unused for another 12 months, we will delete your account and anonymise your data (in a way that it cannot be associated with a specific natural person).
We may retain personal data for reasonable business needs (i.e. for the purpose of the internal analysis) and when your personal data is no longer needed it is either irreversibly anonymised (and the anonymised data may be retained) or securely destroyed.
If you are located outside the United Kingdom and choose to use our Services and provide information to us, we may transfer the data, including Personal Data, from where you are located to the United Kingdom and process it here. Therefore, your information, including Personal Data, may be transferred to/ maintained on computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of the UK.
We use OVH to store all the personal data we collect from you. OVH have implemented an information systems security policy, and meet the requirements for several standards and certifications: PCI DSS, ISO/ IEC 27001 certification, SOC 1 type 2 and SOC 2 type 2 attestations, etc. They also have an accreditation for hosting healthcare data (HDS).
We send personal data to OVH servers in an encrypted form. The information transferred between your browser and our website is also encrypted using Transport Layer Security (“TLS”). All passwords are stored in encrypted form and all traffic is transmitted securely via “SSL” by default. When transmitting sensitive information, you should always make sure that your browser can validate our certificate.
The security of your data is of crucial importance to us and we do our best to mitigate the risks, but remember there is no “risk zero” in the digital world (there is no method of transmission over the Internet or method of electronic storage that is 100% secure, therefore we cannot guarantee the absolute security of your personal data).
According to General Data Protection Regulation (GDPR), you have several rights regarding your personal data as a resident of the European Economic Area (EEA) as following:
- processing for direct marketing purpose, including profiling
- processing for statistical purposes
Once you object to the processing of your personal data by us, we will no longer process your data.
For any of these requests listed above, you need to contact us at: firstname.lastname@example.org and/or at our registered office address (4th Floor 8 Old Jewry, London, England, EC2R 8DN). Asking us to stop processing your personal data or deleting your personal data will mean that you are no longer able to use our Services or part of the Services related to the processing of the types of personal data you have asked us to delete. This may remove your access and the use of our Services.
You must be 18 years or older to use our “Services” (Akesio website and application). By using our website and agreeing to our Terms, you warrant that you are at least 18 years of age.