Koa Care 360

Privacy Policy

We know your privacy is important to you. It's important to us too.

This Privacy Policy applies to any collection and/or processing of personal data (hereinafter “Personal Data”) performed as a result of your use of the Koa Landing Page website (The “Website”). Any personal data collected through the stress assessments and health questionnaires would be subject to the specific Privacy Policy.

Please read this privacy policy (“Privacy Policy”) to understand more.

1. Who collects, controls and processes your personal data?

Koa Health B.V. (hereinafter “Koa”), a company registered in the Netherlands (registered number 78707838) with registered address at Basisweg 10, 1043 AP, Amsterdam, The Netherlands.

Koa is the Data Controller of all Personal Data collected through the Website. Koa will not share your personal data with any other Data Controllers unless we specifically ask you. Only Koa and its sub processors, following its instructions, will have access to your personal information as described in this Privacy Policy.

2. Why do we collect personal data about you and what do we do with it?

Checking your eligibility for our services:

To access our services, including our clinical assessment, we will need to check you are eligible for this service through your employer. To do this we will need to validate your work email, your name, and potentially other demographic details (e.g. date of birth) with our list of eligible customers before letting you use our services.

Where we receive your data as part of a data processing agreement with your employer, our contract with them is our lawful basis for processing your data. Where your data is given to Koa Health as Data Controller, the lawful basis of this processing is the performance of a contract, specifically the Terms & Conditions of the website, as we strictly need this data for the functioning of the website. Sensitive data is not collected or processed for this purpose.

Improving the functioning of the website and our services:

We process personal data to improve the Web performance, usability and to provide a better service. This includes aspects related to performance, navigation, availability and usability. To do this we consider things like how often and for how long you use the Web, how you navigate between screens, and which screens you spend more time on. We might also ask for your feedback through email or the Website. If you decide to share your feedback with us, we will also use this information to improve our service. In some cases the functionality of the Website uses third party services to support analytics and navigation and these functions may involve cookies as described in our cookies policy.

Our legitimate interest is the legal basis for this processing. Where we use cookies for this purpose, your consent is the basis for collecting and processing personal data for this purpose. Sensitive data (such as stress levels or breathing rates) is not collected or processed for this purpose.

Communicating to you your eligibility for our services:

We might receive your email address from your employer and use it to get in touch with you over email and inform you that you are eligible for one of our services.

Where we receive your data as part of a data processing agreement with your employer, our contract with them is our lawful basis for processing your data. Where your data is given to Koa Health as Data Controller, your consent is the lawful basis for sending you communications. You can withdraw consent at any time by clicking “Unsubscribe” in the footer of one of the email communications we have sent you, or by using one of the contact methods described in Section 6.

3. What personal data do we collect about you and how?

To check your eligibility for our services, we need the following information:

  • Email
  • Name(s)
  • Date of Birth

We collect through cookies (read our cookies policy) the following information:

  • User activity on the web page; Frequency of access to the web page, time spent on the web page, interaction with third party services through the web page.

Where we receive your data from your employer, we might receive the following information:

  • Email
  • Full name
  • Employee ID number
  • Department
  • City and country of employment
  • Medical Plan
  • Gender
  • Phone number
  • Date of birth

4. Do we share personal data about you with others?

We do not share any personal information about you with other Data Controllers. We may share some of your personal data with service providers for specific activities such as hosting (e.g. AWS) or analytics (e.g. G Analytics). For more information, please read our cookies policy.

We only authorize our service providers to process your information following our instructions. We make sure that our service providers erase all your personal information right after their services are finished. Some of our service providers may be located outside the EEA, including in countries (such as the United States) whose data protection laws may not be the same as that of the country of origin of our customers. We take the appropriate measures to ensure those providers comply with EEA standards in every processing of personal data they perform on our behalf, by requiring guarantees such as Standard Contractual Clauses.

Internal team members shall process your personal data following professional responsibilities and contractual obligations only for the purposes established in this Privacy Policy. We take appropriate measures to guarantee the fair and confidential use of all personal data by our employees.

5. How long do we keep your data?

We may retain your personal data for different periods of time, depending on the type of data involved and the purposes of the processing, but generally, following these criteria:

  • We will erase any of your data collected from the website after 12 months from your last interaction with us.

The data protection laws give you a series of rights regarding the personal information that we manage about you. Specifically, the rights of access, rectification, erasure, limitation, objection, portability, as well as not being subject to automated decisions and the right to remove your consent at any time.

You can exercise these rights by contacting us at privacy@koahealth.com, using if possible the same e-mail address with which you registered on the Website and identifying the right you want to request. If you decide to exercise one of these rights through a representative, it will be necessary to provide the documentation that proves this condition with the request.

If you feel your data privacy rights have been breached, you also have the right to file a complaint with a Data Protection Control Authority (e.g., the Information Commissioner’s Office).

In order to register and use our services you must be over 18 years old. Therefore, by signing up you confirm that you meet this condition. We may contact you to confirm this. We do not knowingly collect information from those younger than 18 years. If you are a parent or guardian and believe that your child has used the application you may contact us at privacy@koahealth.com and we will respond promptly.

7. How do we keep your data safe?

Koa Health is responsible for ensuring the security, integrity and confidentiality of your personal information. Therefore, as part of our commitment and in compliance with current legislation, we have adopted the most demanding and robust security measures and technical means to prevent their loss, misuse or access without your authorization.

We protect all communications between the applications, website and servers in line with best practices by using TLS for encryption and server authentication. We use ISO 27001 certified systems to protect your registration information including email and password. We store your personal data in an encrypted database.

Also, we promise to act quickly and responsibly if the security of your data may be in danger, and to inform you if necessary.

Effective From: November 2022.