1. Who collects, controls and process your personal data?
Koa Health B.V. (hereinafter “Koa”), a company registered in the Netherlands (registered number 78707838) with registered address at Prins Bernhardplein 200, 1097 JV, Amsterdam, The Netherlands.
You can contact Koa at email@example.com for any privacy-related matter. The Data Protection Office contact for Koa may be contacted at firstname.lastname@example.org.
2. Why do we collect personal data about you and what do we do with it?
Sending you information for your company about our products that might be of interest
If you sign up on the website to register your company’s interest in our products, we will process your personal data to send you relevant information about them. We might also collect your personal data using forms embedded in our LinkedIn ads. We may retain your personal data for some time (see section 5) in order to invite you to try other new products from Koa. We may use third party services (such as Hubspot or Typeform) to facilitate communication such as promotional emails.
Our legitimate interest in promoting new products and services is the basis for this processing.
Managing job offers and recruiting
If you are interested in one of our job offers, we will process your personal data for managing the recruitment process. We’ll get in touch if we think your application matches the needs of the advertised position. If you opt-in to receive communications on future job openings we will also get in touch if we think your application matched the needs of future positions. Your data will be stored for a maximum of 12 months from the date you opted-in.
Your consent is the basis for the collection and process of personal data to manage job offers and recruiting. You can remove this consent within the settings of the app, or at any time by contacting us at email@example.com using, if possible, the same e-mail address with which you registered in the App.
3. What personal data do we collect about you and how?
When you sign up on the website or fill up a form in LinkedIn to register your interest in our products, we might collect:
- Email address
- Job title
- Contact Details
When you apply to any of our job offers, we might collect:
We collect through cookies (read our cookies policy) the following information:
- User activity in the web page; Frequency of access to the web page, time spent in the web page, interaction with third party services through the web page, etc.
4. Do we share personal data about you with others?
We do not share any personal information about you with other Data Controllers, unless we have your consent. We may share some of your personal data with service providers for specific activities such as hosting (e.g. AWS), recruiting (Lever) or analytics (e.g. G Analytics).
We only authorize our service providers to process your information following our instructions. We make sure that our service providers erase all your personal information right after their services are finished. Some of our service providers may be located outside the EEA, including in countries (such as the United States) whose level of data protection may not be the same as that of the country of origin of our customers. We take the appropriate measures to ensure those providers comply with EEA standards in every processing of personal data they perform on our behalf, by requiring guarantees such as Standard Contractual Clauses or Privacy Shield certificates.
5. How long do we keep your data?
We may retain your personal data for different periods of time, depending on the type of data involved and the purposes of the processing, but generally, following these criteria:
- We will erase any of your data collected from the website after 12 months from last opening any email we sent you.
- We will erase your information obtained for recruiting, after 12 months from the end of the recruitment process.
- We will also erase or stop processing your data if require us to do so (See Section 6)
6. What rights do you have related your personal data and how can you use them?
The data protection laws give you a series of rights regarding the personal information that we manage about you. Specifically, the rights of access, rectification, erasure, limitation, objection, portability, as well as not being subject to automated decisions and to remove your consent at any time.
You can exercise these rights by contacting us at firstname.lastname@example.org using if possible the same e-mail address with which you registered in the website and identifying the right you want to request. In the event that you decide to exercise one of these rights through a representative, it will be necessary to provide with the request, the documentation that proves this condition.
If you feel your data privacy rights have been breached, you also have the right to file a complaint with a Data Protection Control Authority (e.g., the Information Commissioner’s Office).
In order to register and use our services you must be over 16 years old. Therefore, by signing up you confirm that you meet this condition. We may contact you to confirm this. We do not knowingly collect information from those younger than 16 years. If you are a parent or guardian and believe that your child has used the App you may contact us at email@example.com and we will respond promptly.
7. How do we keep your data safe?
Koa is responsible for ensuring the security, integrity and confidentiality of your personal information. Therefore, as part of our commitment and in compliance with current legislation, we have adopted the most demanding and robust security measures and technical means to prevent their loss, misuse or access without your authorization.
We protect all communications between website and the servers in line with best practice by using TLS for encryption and server authentication. We use ISO 27001 certified systems in order to protect your registration information including email and password. We store your personal data in an encrypted database.
Also, we promise to act quickly and responsibly in the event that the security of your data may be in danger, and to inform you if necessary.
Effective From: November 2020