Privacy policy
Simundia application

This privacy policy applies to the Simundia application and all related products and services.

SIMUNDIA attaches particular importance to the protection of your personal data. The purpose of this policy is to inform the persons concerned about the ways in which SIMUNDIA processes personal data in compliance with Law n°78-17 of January 6, 1978 relating to information technology, files and freedoms as amended by Law 2018-493 of June 20, 2018, and Regulation (EU) 2016/679 of April 27, 2016 on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter collectively referred to as " ").

Personal data protection policy

1. Definitions

Customer: refers to the company that has signed a contract with SIMUNDIA to allow one or more of its employees to register on the Site in order to benefit from a defined number of Sessions.

Personal data: means any information relating to a natural person who may be identified, directly or indirectly, such as, but not limited to, a name, postal address, e-mail address, telephone number, IP address...

Expert(s): refers to the psychologist, healthcare professional or coach using the Site to provide Users with psychological and/or coaching services.

Data subjects: refers to the natural persons whose Personal Data are collected by SIMUNDIA in the context of the use of the Site.

Sessions: refers to the support service provided to the User by the Expert via the Site.

Site: refers to the app.simundia.com platform

Third-party employee: refers to an employee of the Customer (HR, manager, colleague) from whom the User requests feedback on his or her training program.

User(s): refers to the natural person with a Simundia account (coachee or HR administrator). 

‍The terms "Personal Data", "Controller", "Processor", have the meaning given to them by Article 4 of the RGPD.

2. Identity of the Data Controller

The Data Controller is SIMUNDIA SAS, registered in the Nanterre Trade and Companies Register under no. 827 580 242 and whose registered office is at 15, rue Ancelle, 92200 Neuilly-sur-Seine, (hereinafter referred to as " SIMUNDIA " or "We").

SIMUNDIA is an application that connects users wishing to benefit from a training program with experts.

3. Origin of personal data

As a matter of principle, we only collect the Personal Data necessary to enable us to deliver the best possible experience on our Site as well as the best coaching experience.

3.1 The data transmitted by the Customer

When a customer enters into a contract with SIMUNDIA to allow one or more of its employees or agents to benefit from a defined number of Sessions, it will transmit, under its responsibility, to SIMUNDIA, the e-mail addresses of the employees or agents concerned and, where applicable, the surname, first name, position and organization of the latter.

SIMUNDIA will also collect from the Customer the e-mail addresses of Users authorized to access the Customer's reserved area on the Site.‍

3.2 Data transmitted by the User

When the User opens an account on the Site, SIMUNDIA collects via the Site his/her surname, first name, e-mail address, telephone number, year of birth, year of employment, job level and place of residence. The User may also choose to submit a photo (optional field).

Secondly, during the orientation meeting between the User and the Expert by videoconference, the User is likely to provide additional information on his/her professional situation, to enable SIMUNDIA to define a suitable training path and improve the User's experience. Subject to prior acceptance by the User, SIMUNDIA collects recordings of the Sessions. No screenshots will be taken in this context.

Once the training course has been completed, the User will be asked to answer a series of questions as part of an impact and satisfaction survey, with the aim of continuously improving our service. The report is sent out immediately after the last Session and 3 months afterwards. A roadmap can also be completed by the User for personal use, to help anchor their learning over time.

SIMUNDIA does not require any personal data during these exchanges and in these questionnaires, but the User may mention them in the free text fields to answer the questions asked.

The Customer has no knowledge of the content of the Sessions and has no right of access to the Sessions.

No health data about the User is collected on the Site.

3.3 Data transmitted by salaried third parties

The User may optionally request feedback from a Third-Party Employee when creating an account on the Site. In this case, the User sends SIMUNDIA the surname, first name, email address and type of professional relationship (manager, HR, colleague) of the Third-Party Employee concerned, as well as an additional message if necessary.

The feedback request will include 3 free fields to indicate what the User should continue to do, stop doing or start doing (axis of progression) in the context of his professional activity.

SIMUNDIA emails the feedback request to the Third Party employee.

The Third Party employee will be able to:

(i) return the feedback request, duly completed, by logging on to the Site and accepting the Site's "Personal Data" policy; or

(ii) request by return mail to SIMUNDIA the deletion of personal data concerning him.

Following the return of the Third Party Employee, SIMUNDIA will retain the Third Party Employee's data and the completed feedback request as defined below.

3.4 Data provided by the Experts

When the Expert registers on the Site and opens his account, SIMUNDIA collects his surname, first name, email address, telephone number, diplomas and qualifications, experience, professional background and IBAN.

Subject to prior acceptance by the Expert, SIMUNDIA collects recordings of the Sessions. No screenshots will be taken in this context.

3.5 Data transmitted by Users and Experts

SIMUNDIA provides the User and the Expert with a messaging system on the Site that allows them to exchange information on the organization of the Sessions, between themselves or with SIMUNDIA.

This messaging is exclusively intended to improve the organization of the Sessions (postponement, cancellation, ...) or to share resources (sending documentation). As part of the management of the Site, SIMUNDIA will have access to this messaging.

This messaging system is not intended to be used by the User and the Expert to share individual or personal information about the content of the Sessions.

SIMUNDIA also provides Users with a conversation tool with an intelligent virtual agent. 

4. Purpose and legal basis

SIMUNDIA collects and processes the Personal Data of the Persons concerned in order to provide a service that puts Users and Experts in contact with each other for the purpose of conducting Sessions.

The Expert and the User consent to the use of their personal Data when opening their account on the Site by ticking the dedicated box after having read the present confidentiality policy.

The Third-Party Employee consents to the use of his or her Personal Data by logging on to the Site.

SIMUNDIA does not use the Personal Data of Data Subjects for commercial prospecting purposes.

5. Retention period of Personal Data

The length of time Data Subjects' personal data is kept varies according to the purpose of the Processing. 

Personal data relating to the User and the Experts for the provision of Services are kept for the duration of the contractual relationship. 

Data relating to the salaried Third Party will be kept for the duration of the contractual relationship with the Customer of the User who requested the advice.

Personal Data collected during audio recordings of Sessions are kept for a period of 12 months from the date of collection. The User and/or Expert may withdraw their consent at any time. 

Session content analysis documents are kept for 13 months from the date of recording.

If the User or Expert requests proof of identity, SIMUNDIA retains the personal data collected in connection with requests to exercise rights only for the time required to verify identity. Once verification has been completed, the proof of identity is deleted.

6. Recipients of personal data collected

The recipients of the Personal Data of Data Subjects processed are :

  • the Customer: SIMUNDIA may transmit to the Customer data on the use of the Site by Users. Under no circumstances may this data concern the content of the Sessions attended by Users.
  • SIMUNDIA staff in charge of contractual services, 
  • SIMUNDIA's subcontractors and non subcontractors involved in providing these services, such as IT service providers,
  • where applicable: public and private bodies, exclusively to meet our legal obligations.

7. Transfer of data outside the European Union

Personal Data is kept and stored for the duration of processing on AWS and Scalingo servers located in the European Union. 

The Data Subjects are informed that the Data Controller may, where appropriate, in particular where a service provider is located outside the European Union, transfer Personal Data to a third country which is the subject of an adequacy decision issued by the European Commission; if the recipient country is not the subject of an adequacy decision, the transfer may only be carried out on condition that appropriate safeguards are put in place and that the Persons concerned by the processing of Personal Data have enforceable rights and effective means of redress, under the conditions of the Regulations in force and in particular Articles 46 to 49 of the RGPD.

8. Rights of persons concerned

Data subjects have the following rights:

Right of access: Data subjects have the right to ask what data SIMUNDIA holds and to have it communicated to them.

Right of rectification: Data subjects have the right to request the rectification of inaccurate data concerning them held by SIMUNDIA.

Right to erasure ("right to be forgotten"): Data Subjects have the right to obtain from SIMUNDIA the deletion of data concerning them, under the conditions provided for by the Regulations.

Right to restrict processing: Data Subjects have the right to request SIMUNDIA to suspend the processing of their data until such time as a verification can take place (in particular to verify the accuracy and relevance of the Personal Data processed by SIMUNDIA).

Right of portability: Data Subjects may have their Personal Data transmitted to them in a structured format and have the right to transmit it to another Data Controller.

Right to object: Data subjects have the right to object, at any time, to being included in a file for legitimate reasons.

Right of withdrawal: Data Subjects may at any time request SIMUNDIA to rectify inaccurate, incomplete or obsolete Personal Data. 

Right to define directives relating to the fate of personal data post-mortem: In the absence of directives or mentions to the contrary in such directives, the heirs of Data Subjects may, after their death, exercise their rights over their Personal Data.

Right to lodge a complaint with a supervisory authority

For more information about exercising your rights:

https://www.cnil.fr/fr/comprendre-vos-droits

These rights may be exercised by sending a request to SIMUNDIA at contact@simundia.com. SIMUNDIA will use its best efforts to respond to requests within a reasonable time, and in any event within the time limits set by the Regulations.

Appendix 1

List of subcontractors

  • Front: The User may use the Front chat service to ask questions and receive assistance in navigating the site. This messaging service is not intended to be used to share individual or personal information. Nevertheless, if the User uses the Front chat service, he/she consents to the collection and processing of his/her personal data in accordance with Front's general terms and conditions. In this case, the User should refer to the legal notice, general terms of use and data protection policies available at https://front.com/legal/privacy-notice.
  • Azure Communication Services: we use Azure Communication Services for videoconferencing, SMS and phone calls. Their privacy policy is available at https://privacy.microsoft.com/fr-fr/privacystatement
  • Customer.io Customer.io: we use this tool to send e-mails to Users as part of the coaching process. Customer.io has access to users' first and last names and e-mail addresses. Their privacy policy is available at https://customer.io/legal/privacy-policy/
  • Make (Integromat): in order to automate certain data processing processes (in particular the connection between our various databases), certain data temporarily transit through Make servers. Make is a European company whose data processing policy can be accessed via this link: https: //www.make.com/en/privacy-notice
  • Auth0 (SSO option): we use this tool to set up SSO (Single Sign On) for our customers. Auth0 then has access to users' email addresses. Their data privacy policy is available on this link: https://auth0.com/docs/secure/data-privacy-and-compliance

Technical service providers are required to comply with the Regulations. These service providers may only use Personal Information about Data Subjects on behalf of SIMUNDIA.