Last Updated: 21st February 2022
Employer – This refers to our Client (which may be a Company/Corporation/Organization) who enters into a binding contract to create accounts on our platform and enroll its employees to a selected program.
Third Party Providers – This refers to providers, agents, and affiliates of both parties but who we may disclose personal information relating to our users. This includes payment providers, insurance companies, cloud communication platforms, and in the case of an emergency, hospitals or designated health practitioners (example, a medical doctor). Please note that we shall not be liable for the actions or liability of these third-party providers. Ensure to abide by their terms and conditions.
Third Parties We Use
The following are third parties that we use to store and process data:
- We use Google Analytics to track usage patterns on our Platform in order to improve our services.
- We use Mailchimp to send Newsletters only to customers who have consented specifically to receive the newsletter.
- We use Twilio for any calls and chats, such as coaching sessions, that are done through our App.
- We use Onesignal to create notifications on our Platform.
- We use Amazon Web Services to store and process data obtained through our Platform.
- We might engage Third Party Insurance Providers to provide our services to you.
- Enterprise Service: If you are an employee, we might use Third Party Insurance providers to engage your Employer to provide our services to you
Modification/ or Changes
How to Contact Us
If you have any questions about this policy or the practices described herein, you may contact us at firstname.lastname@example.org.
By submitting your Personal Information, you consent to use that information as set out in this policy. This shall include and not be limited to disclosure to third party providers referred to in this policy.
Collection and Use of Personal Data
Information We Collect
Despite the collection of personal information mentioned above, we may collect additional information when your Employer signs you up on our platform or when you use our platform. We may ask either you or your Employer to provide us with certain personal information that can be used to contact or identify you. This information may include your suffix, sex, employeeID (if applicable), department, title, job code (if applicable).
How We Use the Information About You
We gather this information from you and your Employer to allow us to:
- Process your registration;
- Process your subscription;
- Provide access to the services we offer on our platform including webinars, behavioral health coaching sessions, and users support;
- Browse our website through your browser’s cookies;
- Deliver through emails our special offers on services we think may be of interest to you;
- Contact you to ask for your feedback and comment on our services;
- Notify you on all assigned or impending tasks on our platform;
- Process your Payment.
Also, we may de-identify users information and statistics to form de-identified information for the purposes of monitoring usage of our Platform and website in order to help us to develop our website and our services, provide insight to the Employers on users performance and stress level on workloads, assess mental and risk impact of users, and evaluate insurance coverage. We may also provide such de identified information to third parties including academic journals and external publications for research and analysis purposes. This may be different from our use to monitor and improve our services. These statistics will not include information that can be used to identify you.
Processing of Personal Data
The Bases on Which We Process Information about You are as follows –
Information we process for the purposes of legitimate interests: We may process information on the basis there is a legitimate interest, either to you or to us, of doing so. Where we process your information on this basis, we do after having given careful consideration to whether the same objective could be achieved through other means; whether processing (or not processing) might cause you harm; whether you would expect us to process your data; and whether you would consider it reasonable to do so.
For example, we may process your data on this basis for the purposes of:
- record-keeping for the proper and necessary administration of our organization.
- responding to unsolicited communication from you to which we believe you would expect a response.
- protecting and asserting the legal rights of any party.
- insuring against or obtaining professional advice that is required to manage risk.
- protecting your interests where we believe we have a duty to do so.
Information we process because we have a legal obligation: Sometimes, we must process your information in order to comply with a statutory obligation. For example, we may be required to give information to legal authorities if they so request or if they have the proper authorisation such as a search warrant or court order. This may include your personal information.
Log Files: Log files track actions occurring on our Platform, including but not limited to our App and Website, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
Please note that our Platform offers “Do Not Track” features to manage the personal information we track and process.
Storage and Location of Personal Data
To ensure the security of your information, we use the following methods: Zero-knowledge encryption and transmission, SSL Protocol, SET Protocol, Automatic backup, Digital Certificate, Username/Password, authorizations to access management, and Firewalls. Please note that the internet is not secure and no system involving the internet and the transmission of electronic data is 100% secure. Nevertheless, we take all reasonable efforts to safeguard and protect your information.
We encrypt all video and audio communications on our Platform. This means that your video and audio conversations done through our Platform are secure and end-to-end encrypted.
Also, note that our use of zero-knowledge encryption for the security of your information may have an adverse effect on you in the event that you lose your primary device. If you change your device or migrate to a new device, some of your personal information on our Platform does not transfer to the new device. You may need to re-enter your information again to continue using our Platform.
In the event of a breach which affects your personal information, you will be notified within a reasonable timeframe of such breach and measures we took to rectify the breach. Note that you may request at any time to access and delete your information with us.
Disclosure of Personal Data
Although our policy is to maintain the privacy of your information as described herein, we may disclose your information if we believe that it is reasonable to do so in certain cases, in our sole and exclusive discretion. Such cases may include, but are not limited to:
- To satisfy any laws or regulations including Local, State, or Federal laws;
- To respond to requests, such discovery, criminal, civil, or administrative process, subpoenas, court orders, or writs from law enforcement or other governmental or legal bodies;
- As may be necessary for the operation of this platform;
- To generally cooperate with any lawful investigation about our users;
- If we suspect any fraudulent activity on this platform or if we have noticed any activity which may violate our terms or other applicable rules.
- To Third Party Providers on whose behalf the information was collected for the purpose of providing services to you.
- To third parties we engage to provide services on our behalf such as processing transactions and operating services on our Platform. We have taken all necessary action to enter into agreements that require these third parties to protect such information and use the Personal Information they receive only to perform services for us.
- In the event of a merger, acquisition, asset sale, reorganization or similar transaction, we may transfer any and all Personal Information we collect to the relevant third party involved in the transaction, with your consent if and as required under applicable privacy laws.
- Enterprise Service: To inform the necessary Legal Authorities or Emergency Contacts about situations of imminent danger such as threat to life or reckless actions of the user that can affect other users, emergency crisis, suicidal tendencies, and other related actions by a user;
If you have any questions, comments, or concerns regarding your rights, please contact us
through email to email@example.com.
Accuracy of Personal Data
We generally rely on personal data provided by you, your authorized representative or your Employer. In order to ensure that your personal data is current, complete and accurate, please update us if there are changes to your personal data by informing our Data Protection Officer in writing or via email at firstname.lastname@example.org.
You always have the opportunity to opt-out of our communications with you or change your preferences by contacting us at email@example.com.
Enterprise Service: If you have signed up through your Employer as an employee account, please reach out to your Employer to cancel your account. You may still receive communications from us even after you cancel your account unless you also opt-out of our communications, as described above.
Your Right and Applicable Laws
You have the following rights to the processing of your personal information under relevant privacy laws including but not limited to Singapore PDPA, EU GDPR, and US HIPAA:
- Access: You have the right to know whether we process personal information about you, and if we do, to access data we hold about you and certain information about how we use it and who we share it with. To obtain information and access to your personal information held by us, please contact us at firstname.lastname@example.org.
- Portability: You have the right to receive a subset of the personal information you provide us if we process it on the legal bases of our contract with you or with your consent in a structured, commonly used, and machine-readable format and a right to request that we transfer such personal information to another party. If you wish for us to transfer the personal information to another party, please ensure you detail that party and note that we can only do so where it is technically feasible. We are not responsible for the security of personal information or its processing once received by the third party.
- Correction: You have the right to require us to correct any personal information held about you that is inaccurate and have incomplete data completed. Where you request a correction, please explain in detail why you believe the personal information we hold about you to be inaccurate or incomplete so that we can assess whether a correction is required. Please note that while we assess whether the personal information we hold about you is inaccurate or incomplete, you may exercise your right to restrict our processing of the applicable data as described below.
- Restriction of processing to storage only: You have a right to require us to stop processing the personal information we hold about you other than for storage purposes in the following circumstances:
- You believe the personal information is not accurate for the period it takes for us to verify whether the data is accurate;
- We wish to erase the personal information, but you want us to simply restrict the use of that data;
- We no longer need the personal information for the processing, but you require us to retain the data for the establishment, exercise, or defence of legal claims; or
- You have objected to us processing personal information we hold about you based on our legitimate interest and you wish us to stop processing the personal information while we determine whether there is an overriding interest in us retaining such personal information.
- Objection: You have the right to object to our processing of data about you and we will consider your request. Please provide us with detail as to your reasoning so that we can assess whether there is a compelling overriding interest in us continuing to process such data or we need to process it concerning legal claims. You also have the right, at any time, to object to our processing of data about you to send you marketing, including where we build profiles for such purposes and we will stop processing the data for that purpose.
- Choice/Opt-Out of Marketing Communications: You always have the opportunity to opt-out of our marketing communications with you or change your preferences by emailing us at email@example.com or by using the unsubscribe link (if any) found at the bottom of a marketing email to opt-out of receiving future emails. Some communications from us are considered transactional or service communications (for example, important account notifications and billing information), and your account(s) on our platform are provided to you upon the condition that you receive these communications from us. You must cancel your account(s) on our platform, as applicable, if you do not wish to receive any transactional or service communications. To cancel your account(s), please follow the instructions found in the terms of service for the applicable Service. You may still receive marketing communications from us even after you cancel your account unless you also opt-out of our marketing communications, as described above.
- Erasure: You may request that we erase the personal information we hold about you in the following circumstances:
- where you believe it is no longer necessary for us to hold the personal information;
- we are processing it based on your consent, and you wish to withdraw your consent;
- we are processing your data based on our legitimate interest and you object to such processing;
- you no longer wish us to use your data to send you marketing; or
- you believe we are unlawfully processing your data.
- Upon request for erasure of your data, it will take us approximately thirty (30) days to delete your data. We may send an update to you acknowledging the deletion. Please note that if we delete your data, it is permanent and we will not be able to retrieve such data. You may be required to create a new account if you still want to access and use our Platform.
- Withdrawal of Consent: Where you have provided your consent to us processing your data, you can withdraw your consent at any time by emailing us at firstname.lastname@example.org.