Respect for privacy is a fundamental right and one of the core values of ninti. We build strong and lasting relationships with our customers, partners, users and employees, based on mutual trust. Ensuring the security and confidentiality of the personal data of users of our websites and other applications is therefore a priority for us. When you use the website www.ninti.io(hereinafter the “Site”), we may collect personal data about you. The purpose of this policy is to inform you of the ways in which we process this data.
In the context of your use of the ninti.io platform (hereinafter referred to as “the Solution”), personal data concerning you are processed.
The controller of this processing is your employer who invited you to create your account on the Platform (hereinafter “the Controller”).
Our company, Ninti, SAS registered with the Paris Trade and Companies Register under number 904 761 855, having its registered office at 73 rue Saint-Honoré, 75001, Paris (hereinafter referred to as “the Company”), acts exclusively as a subcontractor of the Data Controller, i.e. we process your data in its name, on its behalf and according to its instructions.
2. Description of the treatment
The Solution is a support platform for our clients’ employees and collaborators that allows them to make appointments with coaches and psychologists (hereafter the “Practitioner”).
We offer various services:
– The realization of individual accompaniments with a Practitioner
– The realization of group sessions led by a Practitioner
– The provision of digital content and programmes
3. What is the purpose of the data collected?
The Data Controller determines the purpose(s) for which the data is processed and the legal basis, depending on the purpose for which it uses the Solution.
4. What personal data do we collect?
On the instructions of the Data Controller, we collect the following data:
– Identification data (e.g. surname, first name, email address, telephone number, appointment dates)
– Connection data (e.g. IP address, logs)
Mandatory data are indicated when you provide us with your data. They are necessary to provide you with our services.
If you choose to sign in using a third party authentication service (e.g. Google or Facebook), certain data such as your name and email may be collected from that service. By choosing this option, you agree that the third party authentication service may share this information with us.
Concerning Google data:
– As a user: you can choose to log into your ninti account via your Google account. In this case, ninti will collect from Google your first name, last name and email address used to log in. ninti only processes this data to enable the proper functioning of its service (i.e. to enable you to book a session with a practitioner and to transmit your details to that practitioner).
– If you are a practitioner working with ninti.io: ninti.io uses the Calendar API to connect your calendar with its platform. The API allows ninti to know which slots are available or not in your schedule. Ninti can then update in real time the sessions available for Ninti users. It also allows nintito create, move or cancel an event directly in your calendar when a Ninti session is booked, moved or cancelled.
Ninti’s use of information received via Google APIs complies with the User Data Policy, including the details set out in the Limited Use requirements.
5. Who are the recipients of the data?
Without prejudice to the other recipients to whom the Data Controller may transmit your data, we will transmit them to :
– to our staff
– to our own subcontractors for the purposes of implementing the Solution: hosting provider, CRM provider, emailing provider
– to our Practitioners who listen to you and advise you.
– to the services responsible for auditing (in particular the auditor), public bodies, exclusively in order to meet our legal obligations, judicial auxiliaries, legal officers and bodies responsible for debt collection.
In the case of individual appointments with Practitioners, we only transmit aggregated or anonymised data to the Data Controller and not details of individuals and the appointments they have made.
6. How long will the data be kept?
The data controller determines the period of time for which your personal data is stored. For our part, we keep your data for the duration of our contract with the data controller.
7. Will your data be transferred outside the European Union?
It may be transferred outside the European Union as part of the tools we use and our relationship with our subcontractors (see “Who are the data recipients?”).
This transfer is secured by means of the following tools:
– Or the data is transferred to a country that has been judged to offer an adequate level of protection by a decision of the European Commission;
– Or we have entered into a specific contract with our subcontractors for the transfer of your data outside the European Union, based on the standard contractual clauses between a data controller and a subcontractor, approved by the European Commission.
8. What are your rights to your data?
You have the following rights with regard to your personal data:
- Right to information: This is precisely why we have drawn up this charter.
- Right of access: You have the right to access all your personal data at any time.
- Right of rectification: You have the right to rectify inaccurate, incomplete or outdated personal data at any time.
- Right to limitation: You have the right to obtain the limitation of the processing of your personal data in certain cases defined in art.18 of the GDPR.
- Right to be forgotten: You have the right to demand that your personal data be deleted and to prohibit any future collection.
- The right to lodge a complaint with a competent supervisory authority (in France, the CNIL), if you consider that the processing of your personal data constitutes a violation of the applicable laws.
- The right to set up guidelines for the retention, deletion and disclosure of your personal data after your death.
- Right of objection: You have the right to object to the processing of your personal data. Please note, however, that we may continue to process your data despite this objection, for legitimate reasons or to defend legal rights.
You may exercise these rights by writing to the Data Controller, using the contact details set out in the Data Controller’s Information Document.
9. How to contact Ninti regarding your personal data:
Contact email: firstname.lastname@example.org
Contact address: Ninti, 73 Rue Saint-Honoré, 75001, Paris
We may amend this policy at any time. These changes will apply as of the effective date of the modified version. You are therefore invited to consult the latest version of this charter regularly.
Entry into force: 01/01/2022