Last updated: 30 March 2021.
Bien-être takes data privacy very seriously and is one of our core beliefs that without total privacy, users will not trust any mental health platforms and use it extensively. We commit to attaining the highest level of data privacy for all users of our platform. Our data privacy section is not hidden at the bottom of our website or in fine prints. We strive to adhere to all local data protection policies of local authorities where we operate, one of which is EU’s GDPR (General Data Protection Regulation) .
Bien-être supports corporations through the promotion of the mental health and mental wellbeing of their employees, whilst at the same time improving productivity and reducing absence and sick claims. Today, we offer complementary mental health service to selected employees, on top of existing EAP (Employee Assistance programs) which major corporations already use.
How does Bien-être comply with Data Protection Law?
Data protection law gives individuals certain rights about the way in which their personal data is processed. When Bien-être processes personal data, this activity and the personal data in question are covered and regulated by data protection law e.g. “GDPR” (EU) 2016/679 is a regulation in European Union law on data protection and privacy for all individuals within the European Union. It addresses the export of personal data outside the EU. We strive for minimal strictly necessary cookies policy.
What does this mean for Bien-être?
Bien-être must take proper steps to ensure that it processes personal data on an international basis in a safe and lawful manner. Bien-être has therefore developed policies and procedures to ensure appropriate governance and compliance with such data privacy laws, including GDPR. Such framework shall apply to all personal data processing activities conducted by Bien-être globally.
Data Protection Principles
Below is the summary of basic data protection principles that Bien-être must observe when it processes personal data.
Principle 1 – lawfulness of processing, fairness and transparency
Bien-être will ensure that all processing is carried out in accordance with applicable laws.
Bien-être will inform and explain to individuals, at the time when their personal data is collected, how their personal data will be processed.
Principle 2 – purpose limitation
Bien-être will only obtain and process personal data for those purposes which are known to the individual or which are within their expectations and are relevant to Bien-être.
Bien-être will only process personal data for specified, explicit and legitimate purposes and not further process that information in a manner that is incompatible with those purposes unless such further processing is consistent with the applicable law of the country in which the personal data was collected.
How do we collect your personal information?
We collect personal information directly from you; and these information will be anonymized from the first download whenusing our website and mobile applications; when you contract with Bien-être to provide services on our behalf or where we agree to provide services on your behalf.
Through feedback forms on the app; we designed our website and app so there is minimal strictly necessary cookies only. No recording of any video or audio consultation will be kept.
Principle 3 – anonymity/ pseudonym
Bien-être will keep all personal data anonymized and up to date.
Principle 4 – data minimization
Bien-être will ensure that data collected and processed is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
Principle 5 – limited retention of anonymized personal data
Bien-être will only keep anonymized personal data for as long as is necessary for the purposes for which it is collected and further processed and to comply with our legal and regulatory obligations. In some cases, if there is a dispute or a legal action we may be required to keep personal information for longer.
Principle 6 – security and confidentiality
Bien-être will implement appropriate technical and organizational measures to ensure a level of security of personal data that is appropriate to the risk for the rights and freedoms of the individuals.
Bien-être will ensure that providers of services to Bien-être also adopt appropriate and equivalent security measures.
Bien-être will comply with data security breach notification requirements as required under applicable law.
Bien-être will ensure that information is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
How do we use your personal information?
We use your personal information to provide you with the services you require based on your situation. Users data will be anonymized and aggregated before these will be collected for analysis.
Under data protection laws we need a reason to use and process your personal information and this is called a legal basis. We have set out below the main reasons why we process your personal information and the applicable circumstances when we will do so.
Processing is necessary for us to provide you with the services you require, such as assessing your need and setting you up as a user of the services and communicating with you.
Where we have a legal or regulatory obligation to use such personal information, for example, when our EU regulator, and our data protection regulator, the European Data Protection Board (EDPB) wish us to maintain certain records of any dealings with you.
Where we need to use your personal information to establish, exercise or defend our legal rights, for example when we are faced with any legal claims or where we want to pursue any legal claims ourselves.
Where we need to use your personal information for reasons of substantial public interest, such as investigating fraudulent or criminal activities.
From download of the app and using our website and app, users information are collected anonymously. For our mental health practitioners, we will only collect necessary information about you and when you provide your personal information. We will ask for your consent and explain why it is necessary. Without your consent in these circumstances, we may not be able to provide the services; or you may not be able to benefit from some of our services. Where we have appropriate legitimate business need to use your personal information such as maintaining our business records, developing and improving our products and services, all whilst ensuring that such business need does not interfere with your rights and freedoms and does not cause you any harm.
Where we need to use your sensitive personal information such as practitioner’s bank details for payments for your services provided, we will ask for your consent.
Principle 7 – rights of individuals
Bien-être will adhere to the data subject rights procedure and will respond to any requests from individuals to access their personal data in accordance with applicable law.
Bien-être will also deal with requests to rectify or erase inaccurate or incomplete personal data, or to cease processing personal data in accordance with the data subject rights procedure.
The right to access your personal information
You are entitled to a copy of the personal information we hold about you and certain details of how we use it. There will not usually be a charge for dealing with these requests. Your personal information will usually be provided to you in writing or email.
The right to rectification
You have the right to request that our company correct any information you believe is inaccurate. You also have the right to request our company to complete information you believe is incomplete.
The right to erasure
In certain circumstances, you have the right to ask us to erase your personal information, for example where the personal information we collected is no longer necessary for the original purpose or where you withdraw your consent. However, this will need to be balanced against other factors, for example according to the type of personal information we hold about you and why we have collected it, there may be some legal and regulatory obligations which mean we cannot comply with your request. Please note that if you withdraw your consent we may not be able to provide you with the services you have requested.
Right to restriction of processing
You are entitled to ask us to restrict using your personal information, for example where you think that the personal information we hold about you may be inaccurate or where you think that we no longer need to process your personal information.
The right to object to processing
You have the right to object to our company to processing of your personal data, under certain conditions.
The right to data portability
You have the right to request that our company transfer the data that we have collected to another organization, or directly to you, under certain conditions.
The right to lodge a complaint
You have a right to complain to the CNIL at any time if you object to the way in which we use your personal information. More information can be found on the CNIL website: https://www.cnil.fr/en/data-protection-around-the-world
You can make any of the requests set out above using the contact details contained at the end of this policy. If you make a request, we have one month to respond to you.
In some circumstances exercising some of these rights (including the right to erasure, the right to restriction of processing) will mean we are unable to continue providing you the services you have selected and may therefore result in the cancellation thereof.
Principle 8 – ensuring adequate protection for trans-border transfers
Bien-être will not transfer personal data to third parties outside European Union (“EU”) without ensuring adequate protection.
Bien-être is a global business. To offer our services, we may need to transfer your personal data to companies within our Group of companies and with third parties in other countries.
Who do we share your personal information with?
We might share your personal information with two types of organisations – companies within our group of companies i.e. parent companies, subsidiary and affiliated (sister companies) (“Group”), and other third parties who provides a service to the functioning of our platform.
Principle 9 – safeguarding the use of sensitive personal data
Bien-être will only process sensitive personal data where an individual elects to disclose same, alternatively where Bien-être has a legitimate basis for doing so, consistent with the applicable law of the country in which the personal data was collected.
Additional security measures and safeguards will be implemented to ensure that this sensitive personal data remains confidential and that it is deleted as soon as is reasonably possible.
We have a minimal strictly necessary cookies policy.
Legally Binding Effect of This Policy
Bien-être and its employees (including new hires, individual contractors and temporary staff) that process personal data worldwide must comply with, and respect, this Policy when processing personal data as a controller and / or processor, irrespective of the country in which they are located.
Bien-être reserves the right to change, modify or update this Policy at any time. Please review it frequently for any update.
Contact Details of DPO
If you have any questions regarding the provisions of this Policy, your rights under this Policy or any other data protection issues, you can contact our Data Privacy Office at the email below:
In case of complaint or if you feel that our company has not addressed your concern in a satisfactory manner, you may contact the CNIL Commission Nationale de l’Informatique et des Libertés:
3 Place de Fontenoy
75334 PARIS CEDEX 07
Tel: +33 (0)22.214.171.124.22
Fax: +33 (0)126.96.36.199.00