PERSONAL DATA PRIVACY POLICY

DISCLAIMER

This text is a translation of the original in French. The English translation is offered for ease of understanding and is not a legally binding substitute for the original French version.

The original version is available at the following address: https://www.hakisa.com/fr/confidentialite

1. INTRODUCTION

The General Data Protection Regulation (GDPR) requires to give explanations about the collected data and their use within the platform in order to obtain informed consent from the user.

Thus, we present to you a synthetic vision of data use for each of the features of the platform.

NB: some features are only accessible for administrator roles and/or by caretaker roles in alarm management.

2. OBJECT

The aim of the present document is to describe the conditions under which Hakisa (hereinafter "HAKISA" or “the provider”) collects and processes personal data  (hereinafter "data") of its clients (hereinafter "user" or "you") when using the website (hereinafter "the Website" or “the platform”) under the conditions described in the "General terms and conditions of use".

HAKISA SAS is responsible for data processing.

HAKISA SAS 3 Rue Désiré Christian, 57960 Meisenthal, France Tél. : +33 (0)3 88 24 55 14

HAKISA is a simplified joint-stock company (Société par Actions Simplifiée, SAS) with a capital of 429 168 € registered under the number TI 538 224 254 of the RCS of SARREGUEMINES which intercommunity VAT number is FR07538224254.

3. GENERAL PRINCIPLES OF PERSONAL DATA MANAGEMENT ON THE HAKISA PLATFORM

Data Storing

The data is stored in Germany, a member of the European Union, for an unlimited period of time. In the event of deletion of your account, the data will be made anonymous, but the content of the messages will remain the same to ensure the exchange between members.

Most of the stored information is time-stamped to allow chronological display and/or debugging in case of technical issues.

Technical information (browser, operating system, IP address) is also stored for debugging and platform enhancement purposes.

Hakisa does not store any banking or medical data except those freely communicated in messages by the users themselves.

 For legal reasons, the user's IP address at the time of connection is also stored.

Hakisa allows the effective deletion of accounts and anonymization of posted messages for the entire duration of use of the platform by the user.

Data Usages

Hakisa stores only the data required for:

• The proper functioning of the services offered on the Hakisa platform

• Compliance with French law and European regulations

• Debugging the platform in case of a technical issue

• For analysis purposes: Hakisa uses tags to make statistics about the general use of the platform's pages via a dedicated statistics tool. These statistics are anonymous and allow to measure the global traffic of the platform with indicators such as the global connection time, the number of pages viewed or the number of sessions.

The type of data collected and its use are detailed in the section "Use of data in the services available on the Hakisa platform" below.

The processing of these data has been declared at the French "National Commission on Informatics and Liberty" (Commission Nationale de l’Informatique et des Libertés - CNIL).

In accordance with the clauses of article 22 of the French Law n° 2004-575 of June 21st, 2004 considering the confidence of the online economy ("Loi pour la Confiance dans l'Economie" - LCEN), in agreement of the User, HAKISA is able to use the collected data to inform the user about the services.

Data Sharing

Hakisa only shares your data with third parties in the following situations:

• With administrators: the administrators of Hakisa and the services you subscribe to on Hakisa have access to a certain number of data. This use is detailed in the section "Use of data in the services offered on the Hakisa platform" below.

• With your consent: the data collected by Hakisa are not sold to third parties. In the event of data sharing with third parties, this sharing will not take place without your enlightened consent.

• Upon judicial request: we are under an obligation to share your data to satisfy legal proceedings.

Use of cookies

To improve the user-friendliness, Hakisa uses login cookies.

A cookie is a text file that is sent to your browser by the website you are visiting (here the Hakisa platform). This cookie only contains an identification of the user's session, the rest of the data (user ID, language, etc...) is stored on the servers. The user's password is never stored.

Hakisa uses two types of cookies:

• technical cookies, which are necessary for the execution of the solution and therefore do not belong to the cookies that can be managed by the user

• tracking cookies

The use of technical cookies allows the user to remain logged in without having to log in again each time, as well as to manage the configuration of the Progressive Web App if it is installed on a mobile phone.

If the customer has configured a Google Analytics code to retrieve usage statistics, a Google Analytics cookie is also used to collect usage statistics.

An application allows you to manage cookies in accordance with the applicable regulations.

The use of cookies is not mandatory and can be disabled at any time by the user. To disable the use of cookies, the user can configure the web browser used as follows:

For Microsoft Internet Explorer :

1. select the menu  "Tools", then "Internet Options";

2. click on the tab "Confidentiality";

3. select the preferred level with the help of the cursor.

For Mozilla Firefox :

1. select the menu "Tools", then "Options" ;

2. click on the option « private life »;

3. go to the "cookies" menu and select your options.

For Chrome :

1. select the menu "Edit" then "Preferences";

2. click on the option "Personal data";

3. go to the "Cookies" section and select your options.

Pour Safari :

1. select the menu "Edit" then "Preferences";

2. click on the option "Personal data";

3. go to the "Cookies" section and select your options.

Data Safety

The safety of its users' data is extremely important to Hakisa. Hakisa implements all appropriate measures to restrict data access to unauthorized third-parties.

Hakisa agrees to implement any measure to ensure the protection of the data in its possession in order to limit the risk of loss, theft, deterioration and any misuse of these data.

Access rights and rectification of data

In accordance with the clauses of the French Law n° 78-17 of January 6, 1978 related to informatics, files and liberty, the User benefits of the right to access, correct, modify and delete his personal Data.

To exercise these rights, please write  to the following address:

HAKISA

PH8 8, Place de l’hôpital

67000 STRASBOURG - FRANCE

Or send a request by email to contact@hakisa.com.

The request will be fulfilled within the legal deadline of one month following the request.

4. USE OF DATA IN THE SERVICES AVAILABLE ON THE HAKISA PLATFORM

My Profile

Hakisa collects two types of sensitive data in the user profile: mandatory data and optional data. This data is provided with the user's consent, at the time of registration on the Hakisa platform and / or when he changes his account information.

The mandatory sensitive data collected for all users are:

• Email address: used as a unique identifier to login to the platform and allows sending confirmation or reminder emails to the user

• Last name: allows identification of the person and personalization of emails and messages sent from the platform

• First name: allows identification of the person and personalization of emails & messages sent from the platform

• Postal Code and City: enables the activation of specific services such as the weather and local news broadcast

• In the case of caregivers who agree to manage alarms:

• The complete postal address, as well as the fixed telephone number, are requested in order to be able to contact the person in case of a problem

• The mobile phone number may be required in the case of sending alarms by SMS and to warn the person in case of a problem

The optional sensitive data collected are:

• Photo: allows account customization and reminder emails customization; it is also displayed to the user's contacts and administrators of communities the user subscribes to and to the members of Exclusives Clubs where the user is member of and where the "Member Directory"  feature is activated

• Gender and date of birth: this data is used to allow administrators to select users to send them personalized messages or to offer them personalized services.

The non-sensitive data collected:

• Profile configuration information (font size, notification and reminder email configuration, dashboard configuration, simplified navigation): allows data to be displayed according to user-defined usage parameters and is also collected to display the platform according to the usage profile (font size, simplified navigation, notification configuration, etc.).

• Timezone: allows the correct display of calendar events as well as the synchronization of calendars of people living in different timezones

• Profile languages: allows the user to access written content in the languages supported by the platform

User Commitments

When the user registers on the platform, he is asked to choose a password. The password of the user account is stored thanks to a hash function, i.e. it is stored encrypted, without any possibility of being decrypted. Thus, the user is the only owner of the password.

The user expressly agrees to maintain the confidentiality of his password.

The user accepts not to use the profile, username and password of another User, nor to disclose its password to a third party.

The user expressly agrees to inform Hakisa in case of suspicion of a non-authorized use of its profile or access to its password.

The user is the only responsible for the use if its profile.

Notifications & emails

Sending of notifications

The platform includes a real-time notification system. This system makes it possible to notify the user when events concerning him occur such as a new article in one of his Clubs, a new invitation to an event or a new contact request.

These notifications are sent on the Hakisa platform. They can also be relayed to an mobile application using the Progressive Web apps technology  a smartphone and tablet application running on Android with the Chrome browser, upon installation and configuration of the application by the user.

The user can configure the notifications they wish to receive or not.

Sending of emails

Some notifications can also be sent by email, such as new messages in "My Contacts" or invitations. The user can configure his email preferences in his profile.

NB: when using the Alarms application, the email settings are different since they concern the sending of critical alarms via email (see dedicated section).

Some emails are mandatory and cannot be disabled, including :

• Emails related to account confirmation, password change or account deletion, in order to verify the user's identity

• Emails related to security information

• Emails relating to legal information (example: updating the General Terms of Use)

My Contacts

The "My Contacts" section is the communication section between users. To add another user to his contacts, the user must know the user's email address.

It is not possible to find a person on Hakisa without knowing his email address.

However, Hakisa may suggest new contacts to a user in the case where the user has taken part in a group conversation containing at least one contact of the user and persons to whom he is not yet connected.

Thus, the data stored in "My Contacts" section are:

• The user's first and last name: allows his contacts to identify him

• The user's photo (if the user has filled in his photo): allows his contacts to identify him

• User's email address: used to send invitations

• Date, time and username of the Contact invitation: allows the contact to know who sent an invitation, track the status of the invitation and allow debugging in case of technical issues

• The date, time of conversations and messages sent as well as the names of the participants in the conversations: allows to know the identity of the creator of the conversation, the participants; allows to facilitate the sorting and the follow-up of the conversations; and allows the debugging in the event of a technical issue

• User login status: allows contacts to start a video conference if the user is online and allows debugging in case of a technical issue

• Date, time and caller name of video calls: lets you know who called if a call fails (no answer) and allows debugging in case of a technical issue

My Photos

"My Photos" allows the user to create photo albums. Users can share their photo albums with their contacts. In the case of photo album sharing, people participating in the photo album can: view photos, download them on their computer, comment them, delete them and add photos to the album.

It should be noted that users participating in a photo album may also invite other users who are part of their contacts.

In this context, the following data are stored:

• Photos added to photo albums

• The date and time the photos were added

• The date, time and name of the creator of the photo comments

My Internet

"My Internet" allows the user to access websites sorted into categories in order to simplify their access.

Users can create their own categories and buttons (link to websites) and customize them.

The stored data concerning the "My Internet" buttons are:

• The URL of the website

• Button image

• The date the button was created

• The storage of this information allows the proper functioning of the "My Internet" service.

My Agenda

In this section, the user can create timestamped events in his agenda and invite people to his events.

People accepting invitations are personally associated with the event and their avatar appears in the area provided.

It is also possible to join a community event (a Club) and in this case, the facilitator who created the event is notified of the member's participation.

My Games

In this section, the user can play various online games.

No sensitive personal data is collected.

Sending support request

At any time and from any page of the platform, the user can send a support request to the administrators of the platform in case of a technical problem encountered or to ask them a question about the use of the platform features.

In order to best respond to the user's request, we collect technical information about the customer's environment: the operating system (OS) and web browser used.

To allow debugging, the remarks sent are nominative and timestamped and are visible only by the administrators of the platform.

My Clubs (users)

In this section, the user will be able to access the content and services of the communities (Clubs) of which he is a member. There are open communities, which can be joined without invitation (Public Clubs, Internal Clubs) and closed communities, which can only be joined by invitation from administrators (Exclusive Clubs).

Data shared within the Club

Within Clubs, there are two types of content:

• Internal content, produced by the Club administrators, directly within the platform such as articles, forums or events

• External content, recovered from a third party platform and displayed within the Club (RSS Feeds, Google News)

The user member of a Club can react to the internal content of the Club by posting 3 types of messages:

• A comment on an article

• A message in a forum

• A comment on an event

• These messages are nominative and timestamped. They are visible by all the members of the Club who see :

• The first name and first letter of the last name of the creator of the message

• The date of publication of the message

• The content of the message

NB: when a user deletes his account, messages posted within Clubs are anonymized.

Within an Exclusive Club, the administrator can activate a member directory feature. In this case, the obligatory personal data of the Club user are visible by the other members (name, first name, email address, postal code, city, country). In case they are filled out by the user, the optional personal data are also visible by the other members of the Club (postal address, landline, and mobile phone numbers).

At any time the user can:

• Leave a Internal or Public Club

• Make a request to leave an Exclusive Club to the Club Administrator who undertakes to satisfy the request within a reasonable time.

Data shared with community (Clubs) administrators

By joining a community (a Club), the user agrees to share data with the Club administrators, namely:

• His first and last name

• His email address (Club Exclusif only)

• The language of his account

• His city

• His postal code

Messages posted within the Club

The messages posted by a user within a Club are nominative and timestamped. The Club administrator has access to the message data and the user who posted it: name, first name, date and time of the message, message content, user's email address (in the case of an Exclusive Club only).

Club Events

Club events can be defined by the administrators who may or may not send invitations to members. The administrator has access to the list of users participating or not in the event with, for each user: his last name, first name and the status of his invitation (participates, pending, does not participate).

Document Sharing

This feature allows the administrator to create directories and upload files accessible to all Club members.

No user data is stored on document sharing and usage.

Conversations with administrators

This feature allows the user of a Club to start a private conversation with a Club manager. The conversation is always initiated by the user and is visible only by the Club manager.

The manager then has access to the following user's personal data: the user's first and last name, email address, the content of the messages and the date the messages were sent.

The conversation also has a processing status, updated by the administrator and visible to the user.

Surveys

This feature allows a Club manager to offer surveys to Club members. There are two types of surveys:

• Anonymous: the administrator has access to the overall results of the survey as well as the individual nominative results (answers to the questions of the survey by a member, with the surname and first name of the respondent user)

• Non-anonymous: the administrator has access to the overall results of the survey; he does not have access to the nominative results

• Regardless of the type of survey: Club members never have access to the individual results of other users. They may have access to the overall results of the survey if the administrator allows them to do so.

External Services

External services (hosted outside the platform) are optional within the Clubs.

In this case of use, all data is managed by the third party platform responsible for the service in question, and not by Hakisa.

As such, the collection and use of this data must, therefore, be made explicit to the user of the said service.

Mobile application

If desired, the user can install the notification application on his mobile device (available on Android starting release 4.4 and Chrome with the latest release installed) to receive the platform's push notifications on his device.

The stored data is:

• Operating system of the mobile phone

• Browser

• Brand of the mobile phone

• Model of the mobile phone

• Type of mobile phone (smartphone or tablet)

• Date of installation

The mobile application does not request access to the user's personal data on his device.

Back-Office

This section only applies to users who have access to the administration interface. In this case, the user assumes an administrator role.

A role hierarchy defines access to the various administrative functions:

• Platform administrators: have access to user data (details in "My Profile") as well as information related to the communities of which the user is a member (details in the "Data shared with Club administrators" section)

• Community administrators: having access to shared user data within communities (details in the "Shared data with Club administrators" section)

• Alarm system operator: having access to the data of the users having subscribed to the alarm application (details in the "Alarm Management" section)

Administrators' data

In order to allow the animation and administration of the platform, as well as the technical support and possible debugging, Hakisa stores data regarding the contents created in the Back-Office:

• The creator of the content (first and last name of the administrator)

• The date and time the content was created

• The date and time the content was modified

• The date and time the content was published

By accepting an administration role on the platform, the administrator agrees to share additional data about the content he creates on the platform with Hakisa.

As a reminder, the contents created by the administrators, within the platform, are governed by the intellectual property rights in force between the administrator and the operator of the platform, detailed in the Terms Of Use.

Alarm management

This section only applies to users who have subscribed to the alarm management application as an owner or caretaker.

Subscription to the alarm application

Subscription to the alarm application, as owner or caregiver, implies the consent sharing of the following personal data (to the caregiver circle and to the system operator):

• E-mail address

• Last Name

• First name

• Postal Code

• City

• Mailing Address

• Landline phone number

• Mobile phone number: in case of SMS subscription

Alarm sharing

The platform allows the collection and distribution of alarms from sensors and IoT systems connected to external platforms. The interconnection of these platforms allows the identification of an alert system and its association with a user account.

Alarms are emitted by the alert system and are shared:

• to the user who owns the system,

• the caretakers of the owner user,

• to the system operator, for debugging purposes or to take action if necessary

For each alarm, the previously mentioned entities have access to :

• The data of the user concerned by the alarm (information is given when subscribing to the application)

• Data of the owner user's caretakers (information provided when subscribing to the application)

• Alarm support status, for each user and caretaker

• The date and time of the alarm

• Alarm history: status changes (timestamped), messages posted by the caregiver circle (name and time-stamped messages)

• The alarm data, varying according to the nature of the alarm system installed: this data is detailed in the general conditions of use of the alarm application, available for each user of the application, directly in the alarm application.

5. COLLECTED TECHNICAL DATA FOR ERROR SEARCH (LOGS)

Hakisa also collects technical data at the Symfony framework level to enable error search and visualization of information about the use of the platform in case of problems.

The collected data is as follows:

The technical data (instance used, date, ...)

The HTTPS calls with the used method (POST or GET) of the customers, via :

o the called URL
o the user ID
o the e-mail of the user
o the role of the user
o the IP address of the transmitter
o the Symfony route used
o the user agent used

A line is generated for each called URL. Post data are collected for all Back Office URL for audit per request by customers. 

There is a slightly different error handling.

In this case, a buffer is created that allows you to retrieve the same personal information and an even greater amount of technical information for troubleshooting.

The data is stored and encrypted  in the Amazon CloudWatch tool for 3 months.

6. POLICY REGARDING DATA PROTECTION

 Hakisa reserves the right to edit at any time its policy regarding data protection and to apply all potential modifications to all owned data concerning the user.

The operator commits to inform the user in the event of major changes to its data processing policy.

The user is therefore advised to regularly consult the present document in order to be perfectly aware of any potential modification made by Hakisa.