Data Policy 

 

In the course of using its services, and in particular the services accessible on its mobile applications (hereinafter « HealthHero »), QARE, in its capacity as data controller and data processor, may collect and process personal data about you.  

We are committed to respecting the rules for protecting the privacy of users of our mobile app, HealthHero. All processing of personal data implemented within the framework of the services available complies with the regulations applicable to the protection of personal data and in particular with the provisions of the French Data Protection Act of January 6th, 1978 as amended and the General Data Protection Regulation (EU Regulation 2016/679) referred to as the « GDPR ». 

To ensure that these rules are applied, QARE has appointed a Data Protection Officer who is the main contact for the French data protection authority: the National Commission for Information Technology and Civil Liberties (CNIL). We also implement appropriate internal procedures to raise awareness and ensure compliance within our organisation. 

 What is QARE’s commitment to data protection? 

QARE is committed to ensuring a high level of protection for the personal data of users of its Website and mobile app (HealthHero) and of any other person whose personal data it processes. 

QARE is committed to complying with the regulations applicable to all processing of personal data that it implements. In particular, QARE is committed to the following principles:  

• your personal data are processed lawfully, fairly and transparently (lawfulness, fairness, transparency); 
• your personal data is collected for specified, explicit and legitimate purposes and is not further processed in a way incompatible with those purposes (purpose limitation); 

• your personal data are kept adequate, relevant and limited to what is necessary for the purposes for which they are processed (data minimization); 
• your personal data is accurate, kept up to date and every reasonable step is taken to ensure that inaccurate data, having regard to the purposes for which it is processed, is erased or rectified without delay (accuracy). 

QARE implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk inherent in its processing operations, to meet regulatory requirements, and to protect the rights and data of data subjects at the design stage of processing operations, particularly in a health data context. 

In addition, QARE contractually imposes the same level of personal data protection on its subcontractors (service providers, suppliers, etc.). 

Finally, QARE is committed to complying with any other principles that may be required by applicable data protection regulations, including rights of data subjects, retention periods, and obligations regarding cross-border transfers of personal data. 

 What is the purpose of the data that may be collected by QARE? 

Means of collecting your data 

In the context of our relationship, you may communicate your personal and health data to us by various means, in particular on our Website and HealthHero when you browse the Internet, fill in the various collection forms, create an account, use HealthHero or when you transmit your personal data to us in any other way. 

 Purposes Of Processing and Legal Bases 

The purpose is, in particular, and without this list being exhaustive, to allow Internet users to benefit from all the services available on the My Sherpa Website and mobile app (creation of an account, discussion with the chatbot, configuration of treatment reminders, feedback on bugs or improvements), to allow personalised browsing in the app, to improve the parts that are of most interest to you. 

 QARE does not collect or process any credit or debit card (hereinafter « Payment Card ») information for the HealthHero app. Apple and Google collect Payment Card information for integrated purchases made through HealthHero. These payment service providers generally provide us with very little information about you, including the fact that your purchase has been validated by their service. 

QARE processes your information for the purposes described in these rules and in accordance with the following legal bases:  

• with your consent to process your information for purposes of personalising your experience on HealthHero, to set up your notifications, and for connection with third party apps such as the Apple Health app. You are free to withdraw your consent. 
• for the purposes of QARE’s legitimate interests (enhancing security, providing the user with identification data) 
• for statistical and research purposes using anonymised data  

  

How long will your data be kept? 

QARE will keep your personal data for no longer than is necessary for the purposes for which it is processed. In addition, QARE retains your personal data in accordance with the retention periods imposed by applicable laws, including data related to health information. 

These retention periods are defined according to the purposes of the processing carried out by QARE and take into account, in particular, applicable legal provisions imposing a specific retention period for certain categories of data, any applicable statute of limitations, as well as the recommendations of the French data protection authority (CNIL) concerning certain categories of data processing. 

The following are kept on the Website: 

• your e-mail address if you decide to provide it 

On the Mobile app: 

• scores on your mood, emotions, sleep quality, energy quality; 
• your profiling scores; 
• personality test scores; 

• exchanges with the chatbot; 
• data from the Apple or Android health app, specifically the number of steps taken per day, specifically the number of steps taken per day; 
• your profile data: e-mail address, gender, surname, first name, name used by the chatbot; 
• purchase/subscription data: transaction ID, transaction date, transaction amount 

  

Who may have access to your personal data? 

Our technical team may have access to some of your data (for instance: your OS version, the state of your Wi-Fi connection, your email address) in case of bug reports. This allows us to correct the bugs reported. However, you will never be identified via your data and we guarantee strict measures to limit the processing of individual data. 

The health data collected on My Sherpa Website and Mobile app are not communicated to third parties 

The technical and navigation data collected on the HealthHero mobile app may be communicated to authorized QARE personnel, its partners or its service providers in the context of the performance of all or part of the services. We remind you that QARE requires its service providers to implement strict confidentiality and data protection measures. In addition, QARE may be required to provide personal information to authorized French or foreign public authorities. 

 These include: 

For the Mobile app 

• Data for the use of HealthHero app 

• In the Eurozone (France): the data, stored at health data hosts (AWS and Azure), concerning the creation of the account and the profile, and the exchanges with the chatbot. 

• Data for feedback on My Sherpa app 
• Outside the Eurozone (USA): Instabug to provide feedback on bugs or improvements for HealthHero app 
• Outside the Eurozone (USA): Jira (Atlassian) for ticketing management (asynchronous support) 

• Technical data of My Sherpa app 

• In the Eurozone (Germany): Datadog to analyse logs for improvement and bug fixes 

• Marketing data: 

• In the Eurozone (Ireland): AppsFlyer to do channel attribution and measure audience and traffic 

• Data on purchases/subscriptions 

• Outside the Eurozone (USA): RevenueCat to make purchases on the Stores (App Store and Google Play Store) 

Data Transfers Outside the European Union 

Some of the above-mentioned recipients may be located outside the European Union and may have access to some or all of the personal information collected by QARE because of specific legal authority. 

In this context, QARE is committed to ensuring that your data is protected in accordance with the most stringent rules, in particular through the signing, on a case-by-case basis, of contractual clauses based on the European Commission’s model, or any other mechanism that complies with the GPDR, in the event that your personal data is processed by a service provider outside the European Economic Area and whose country is not considered by the European Commission to provide an adequate level of protection 

 These include: 

For the Mobile app 

• Feedback data on HealthHero app 

• Outside the Eurozone (USA): Instabug to provide feedback on bugs or improvements for HealthHero app 
• Outside the Eurozone (USA): Jira (Atlassian) for ticketing management (asynchronous support) 

• Outside the Eurozone (USA): RevenueCat to make purchases on the Stores (App Store and Google Play Store)
   

How can you exercise your rights? 

In accordance with the applicable regulations on the protection of personal data, you may, at any time, exercise your rights of access, rectification, deletion of data concerning you as well as your rights to limit and oppose the processing and portability of your personal data. 

In addition, you have the legal right to define directives concerning the fate of your personal data after death. 

Furthermore, any person who was a minor at the time of the collection of his or her personal data may obtain its deletion as soon as possible. 

These rights can be exercised by post or by e-mail to the following address: 

Qare 

Data Protection Officer/Délégué à la Protection des Données 

36 Avenue Pierre 1er de Serbie, 75008 Paris 

Email: privacy@qare.io 

In this context, we kindly ask you to accompany your request with the elements necessary for your identification (surname, first name, email) as well as any other information necessary to confirm your identity. 

For some specific services, these rights may be exercised directly online (managing your user account). 

You also have the right to appeal to the French data protection authority: the National Commission for Information Technology and Civil Liberties (CNIL) in the event of a violation of the applicable regulations on the protection of personal data. 

 Computer Security / Securing Transactions 

QARE implements all appropriate technical and organizational measures, taking into account the nature, scope and context of the personal and health data you provide to us and the risks presented by their processing, to safeguard the security of your personal data and, in particular, to prevent any accidental or unlawful destruction, loss, alteration, disclosure, intrusion or unauthorized access to such data. 

The security and confidentiality of personal data depends on the good practices of everyone. That is why we invite you not to share your passwords with third parties, to always log out of your profile and to lock your phone when it is not in your field of vision. This will prevent other users from accessing your personal data. 

  

 

Personal Data Concerning Minors 

QARE does not collect or process personal data from children under the age of 18 without the prior consent of the child’s parents or guardians. 

If personal data about children is collected via the QARE Website or apps, parents or guardians may object by contacting us at the address at the bottom of this page. 

Furthermore, as stated above, a child who was a minor at the time of the collection of his or her personal data may obtain its deletion as soon as possible. 

 Links to Other Websites 

On the HealthHero app, you are offered the possibility to click to access other websites of other companies. We advise you to read the privacy policy of these websites, as the terms and conditions on these websites may differ and QARE will not be responsible for the processing of personal data by these other websites. 

 Modifications 

QARE reserves the right to change this privacy policy from time to time and will post any modifications or additions to this policy on its Website.