Privacy & Cookies Policy of the Koa Foundations App

Full policy

This Privacy Policy applies to any collection and/or processing of personal data (hereinafter “Personal Data”) performed as a result of your use of the app Koa Foundations (the “App”). Note that this App might collect personal sensitive information that is health-related (hereinafter “Sensitive Data”). If you do not agree with this Policy, please do not access or use the App and the Services.

1. Who collects, controls and process your personal data?

Koa Health B.V. (hereinafter “Koa”), a company registered in the Netherlands (registered number 78707838) with registered address at Prins Bernhardplein 200, 1097 JV, Amsterdam, The Netherlands.Koa is the Data Controller of all Personal Data collected through the App. Koa will not share your personal data with any other Data Controllers. Only Koa and its sub processors, following its instructions, will have access to your personal information as described in this Privacy Policy.Where the App is offered by an employer (Customer) to its employees, Koa may provide aggregated insights related to usage of the App, so that they can understand its impact. For example, we may provide information on what percentage of people who used the App have found it to be beneficial. These insights will never include personal information and your employer will not be able to know your name, email address nor see any raw data you have entered into the App.Koa may choose to conduct a study with invited users. In this case, users will be invited by Koa or a third-party agency and Koa will process personal data of those participants following the same purposes described in this Policy.You can contact Koa at privacy@koahealth.com for any privacy related matter. The Data Protection Office contact for Koa may be contacted at dpo@koahealth.com.

2. Why do we collect personal data about you and what do we do with it?

Help you manage your stress

The main purpose of the App is to help you better understand and manage your stress. In order to achieve that purpose, we collect and process information, including personal data. We analyze information from your interaction with the app, including the answers that you share with us, in order to offer you recommendations, activities and programs that may help you manage your stress.

In order to help you manage your stress, we will use data you provide in the app to help provide a more relevant experience such as recommending activities to you based on your preferences.

Your consent is the basis for the collection and process of personal data to manage your stress, including data collected through questionnaires. Some personal data collected for this purpose may be considered health data. You can remove this consent within the settings of the app, or at any time by contacting us at privacy@koahealth.com using, if possible, the same e-mail address with which you registered in the App.

Personalised notifications based on your activity

We may optimise the notifications we send you by basing these on your preferences or activity within the app, in order to make them as relevant as possible. For example, we may inform you about new programmes we think you might be interested in based on your preferences. This processing may include the use of cookies or similar technologies, as detailed in our cookies policy. The lawful basis for this processing is your consent. You will be asked for consent the first time you use the app, as part of the onboarding. You can manage and remove your consent at any time within the app settings.

Help you track your response to selected audio activities

We may offer you some functionalities for self-tracking your breathing rate or heart rate, in order to see if the selected activities have helped you relax. When performing these activities, and if you have previously consented, we will capture and process information from your smartphone and show it to you. Note that these functionalities might not be 100% accurate, as described in Koa Foundations' Terms & Conditions.

Your consent is the lawful basis for this purpose. You will be asked for consent the first time you perform an activity which offers these functionalities. If you consent, you will be able to choose if you want to use these functionalities each time you perform a new activity. You can also remove this consent at any time in the settings menu, or by contacting us at privacy@koahealth.com.

Provision of basic App services:

If you create an account in our App, we will process some personal data for providing basic services of the App such as registration, authentication or support.

As we strictly need some personal data for the functioning of the App, the lawful basis of this processing is the performance of a contract, specifically the Terms & Conditions of the App. Sensitive data is not collected or processed for this purpose.

Improving the functioning of the App and our services:

We process personal data to improve the App performance, usability and to provide a better service. This includes aspects related to performance, navigation, availability and usability. To do this we consider things like how often and for how long you use the App, how you navigate between screens, the activities you use, and which screens you spend more time on. We might also ask for your feedback through email or the App. In some cases the functionality of the App uses third party services to support analytics and navigation and these functions may involve cookies as described in our cookies policy (as detailed in section 8 below.

Our legitimate interest is the legal basis for this processing. Where we use cookies for this purpose, your consent is the basis for collecting and processing personal data for this purpose. Sensitive data (such as stress levels or breathing rates) is not collected or processed for this purpose.

Marketing:

We process your contact data to send you information about our services or products. We may use third party services to facilitate communication

Our legitimate interest is the legal basis for this processing. Sensitive data (such as stress levels or breathing rates) is not collected or processed for this purpose.

3. What personal data do we collect about you and how?

The App’s functionalities require the collection of personal data. Sometimes you provide us with data, sometimes data about you is collected or inferred through your use of the App or generated by us through analysis.

Since our service is focused on helping you manage your stress, some of the personal information that you share or we collect from you might be related to health conditions or stress behaviors. This is not directly sought by the App, but answers to questions may relate to a medical condition. The App and any information and/or services provided by the App are not intended to be used in the detection, diagnosis, prevention, monitoring, prediction, prognosis, therapy, treatment or alleviation of any condition, disease or vital physiological processes or for the transmission of time sensitive health information. See our Terms & Conditions.

When you create an account within the App, you share with us the following information:

  • Name
  • Email Address

When you use the App and answer our questionnaires and tests, you share with us the following information:

  • Your goals for using the app, such as feeling overwhelmed, trouble sleeping, etc
  • Information related to how you perceive your stress, such as a Perceived Stress Scale assessment with questions around how stressed or overwhelmed you have felt over the past week. We collect this information so that you can better understand your perceived stress and see how it might change over time. This information is used to determine the evolution of your perceived stress.
  • Information related to the activities provided within the App, such as text you insert into the App within the journaling activities.
  • Your opinion on the App and its functionality, if you choose to provide us feedback.
  • Periodic information about how you feel and your mood e.g. stressed, happy.

When you perform an activity with heart rate/breathing rate tracking enabled (if you have activated the tracking):

  • We capture and process your device’s accelerometer data to produce a report on your breathing rate and heart rate.

We collect through cookies (read our cookies policy) the following information:

  • User activity in the App: Frequency of access to the App, time spent on different screens, functions used etc.

We infer from your activity in the App the following information:

We process information to improve the user experience. Based on analysis of how users use the App we can make judgements like if loading times or slow, or if information is too hard to find, and use this to improve the user experience.

4. Do we share personal data about you with others?

We do not share any personal information about you with our customers or any other Data Controllers. We will only share aggregated or unidentifiable information that cannot be related to an individual.

We may share some of your personal data with service providers for specific activities such as hosting, providing customer support, analytics or application functionality such as notifications. We only share the minimum information and authorize our service providers to process your information following our instructions. We make sure that our service providers erase all your personal information right after their services are finished. Some of our service providers may be located outside the EEA, such as companies in the United States. We take the appropriate measures to ensure those providers comply with EEA standards in every processing of personal data they perform on our behalf, by requiring appropriate guarantees such as Standard Contractual Clauses.

Internal team members shall process your personal data following professional responsibilities and contractual obligations only for the purposes established in this Privacy Policy. We take appropriate measures to guarantee the fair and confidential use of all personal data by our employees.

5. How long do we keep your data?

We may retain your personal data for different periods of time, depending on the type of data involved and the purposes of the processing, but generally, following these criteria:

  • As long as you are an active user of our services or we have legal obligations to retain the data.
  • If you are not active in our App, we will erase your data after 12 months from last access.
  • You may be offered Koa Foundations by your employer for a trial period. In such cases, we might need to delete your data at the end of our agreement with your employer, if we have agreed such condition. Normally, this would be after the first three months of the trial.
  • We will also erase or stop processing your data if you withdraw consent or require us to do so. In these cases, we will erase your data or anonymize it in such a manner that is no longer identifiable.

The data protection laws give you a series of rights regarding the personal information that we manage about you. Specifically, the rights of access, rectification, erasure, limitation, objection, portability, as well as not being subject to automated decisions and to remove your consent at any time.

You can exercise these rights by contacting us at privacy@koahealth.com, using if possible the same e-mail address with which you registered in the App and identifying the right you want to request. In the event that you decide to exercise one of these rights through a representative, it will be necessary to provide with the request, the documentation that proves this condition.

If you feel your data privacy rights have been breached, you also have the right to file a complaint with a Data Protection Control Authority (e.g., the Information Commissioner’s Office).

In order to register and use our services you must be over 16 years old. Therefore, by signing up you confirm that you meet this condition. We may contact you to confirm this. We do not knowingly collect information from those younger than 16 years. If you are a parent or guardian and believe that your child has used the App you may contact us at privacy@koahealth.com and we will respond promptly.

7. How do we keep your data safe?

Koa is responsible for ensuring the security, integrity and confidentiality of your personal information. Therefore, as part of our commitment and in compliance with current legislation, we have adopted the most demanding and robust security measures and technical means to prevent their loss, misuse or access without your authorization.

We protect all communications between the App and the servers in line with best practice by using TLS for encryption and server authentication. We use ISO 27001 certified systems in order to protect your registration information including email and password. We store your personal data in an encrypted database.

Also, we promise to act quickly and responsibly in the event that the security of your data may be in danger, and to inform you if necessary

8. Cookies Policy

What are cookies?

Cookies are small data files that are placed on your computer or mobile device when you visit a website or use an app. Cookies are widely used by online service providers in order to (for example) make services work, or to work more efficiently, as well as to provide reporting information.

Cookies set by the Data Controller are called 'first party cookies'. Cookies set by parties other than the Data Controller are called 'third party cookies'. Third party cookies enable third party features or functionality to be provided through the app you are using (such as interactive content and analytics). The third parties that set these third-party cookies can recognize your device both when it visits the service in question and also when it visits certain other websites or services.

Why do we use cookies and other tracking technologies?

The third party cookies or similar tracking technologies we work with help us to track and target the activity of our users. For example, we use cookies for analytics, configuration, and other purposes. Every cookie we use is described in more detail below.

What cookies do we use?

App cookies:

Analytics: we collect technical data from our App in a pseudo-anonymous manner so that we can better understand how users interact with our App. This is used to be able to better understand and track activities within the App to inform you based directly on your activities and to be able to improve the App services overall.

Personalised notifications: we collect technical data from our App in a pseudo-anonymous manner so that we can send users more relevant notifications based on how they interact with the App.

How can I deactivate cookies or similar tracking technologies?

You can withdraw consent for the usage of cookies in the settings section of the app, or by following the instructions of section 6 of this Privacy Policy.

Effective From: November 5, 2020