This policy governs the processing of personal data carried out within the Hopia software application (accessible at app.hopia.eu). For the policy applicable to the hopia.eu website, see Website Privacy policy.
1. Purpose
This privacy policy (hereinafter the "Privacy Policy") reflects the commitment of PLANINNOVIA, a SAS (Société par Actions Simplifiée) with a share capital of €15,000, registered with the Evry Trade and Companies Register (RCS) under number 900 626 706, with intra-Community VAT number FR 32900626706, and whose registered office is located at 3 rue Joliot Curie, 91190 Gif-sur-Yvette (hereinafter the "Company"), to respecting your privacy and protecting your personal data when using the HOPIA software application (hereinafter the "Software").
2. Processing of your personal data
2.1 Description of processing activities
In accordance with applicable laws and regulations, the Company, acting as data processor, collects certain personal data.
When you log in to the Software, the Company collects your email address.
When you use the Software, the following information is recorded in your personal account:
- your last name;
- your username;
- your first name;
- your email address;
- your professional skills;
- days of absence and presence;
- reason(s) for your absences (sick leave, leave, paid holidays, RTT);
- your professional calendar;
- your professional role.
If you wish to receive the Company's newsletter, the Company collects your email address.
When you log in to the Software, the Company, acting as data controller, also collects the following personal data: connection logs, connection data, IP address.
Purposes, legal bases and retention periods
| Purpose | Legal basis | Retention period |
|---|---|---|
| Access and login to the Software | Contractual necessity and consent | Duration of the contractual relationship with the Company |
| Identity verification and assistance in case of lost or forgotten login / password | Performance of the contract concluded with the Company | Duration of the contractual relationship / deletion request |
| Sending of the newsletter on new features | Consent | 3 years from the collection of consent or until consent is withdrawn |
| Handling of requests to exercise rights (access, portability, erasure, restriction, rectification, objection) | Legal obligation and consent | Up to 1 year from the request |
| Handling of requests to object to direct marketing | Legal obligation | Up to 3 years from the exercise of the right to object |
3. Recipients and transfers of your personal data
Access to your personal data is restricted to persons who need your personal data in order to carry out the purpose of the processing.
Your personal data may also be shared by the Company with third parties:
- if the law or a legal proceeding requires the Company to disclose your personal data;
- in response to a request from a public or judicial authority (in particular in the case of a judicial summons);
- where the Company considers that disclosure is necessary or appropriate to ensure the safety of persons or to protect the public.
Your personal data is transmitted to Amazon Web Services EMEA SARL (38 Avenue John F. Kennedy, L-1855 Luxembourg), which hosts the Software on servers located in France. Amazon Web Services EMEA SARL is ISO 27018:2019 certified (protection of personal data in the cloud).
Certain personal data (IP address and username) are transferred to Sentry, located at 45 Fremont Street, 8th Floor, San Francisco, CA 94105, United States (to facilitate the identification and correction of errors on the Software — sentry.io/trust/privacy).
Your personal data is therefore transferred outside the European Economic Area. The Company undertakes to ensure a level of protection of your personal data equivalent to that guaranteed by the GDPR: it has notably entered into Standard Contractual Clauses with Sentry (in their version amended in June 2021 by the European Commission) and put in place additional security safeguards as required by the "Schrems II" ruling of the Court of Justice of the European Union (16 July 2020).
4. Security of personal data
The Company takes care to secure your personal data by implementing appropriate technical and organizational measures to ensure a level of security appropriate to the risk. The Company maintains measures to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services, means to restore the availability of and access to your personal data, and a procedure for regularly testing, analyzing and evaluating the effectiveness of the measures in place.
5. Retention of personal data
Your personal data is retained only for as long as is necessary to fulfill the purpose for which the Company holds your data, to meet your needs, to comply with its legal or regulatory obligations, to enable it to exercise its rights, and/or for statistical or historical purposes.
At the end of the retention periods set out above, your personal data will be deleted or anonymized.
6. Your rights regarding your personal data
You have the following rights:
- Right of access and rectificationYou may request access to your personal data, request its rectification if it is inaccurate, or its completion if it is incomplete. You also have the right to know the source of your data.
- Right of erasureYou may request the deletion of your data where: (1) it is no longer necessary for the purposes of the processing; (2) you withdraw your consent (without affecting the lawfulness of prior processing); (3) you object to the processing; (4) your data has been processed unlawfully; (5) a legal obligation requires it; or (6) compliance with the law demands it.
- Right to objectYou may object to the processing of your personal data in accordance with applicable legal obligations.
- Right to restrictionYou may request restriction of processing if (1) you contest the accuracy of your data; (2) the Company no longer needs your data for the purposes of the processing; or (3) you have objected to the processing.
- Right not to be subject to an automated decisionYou have the right not to be subject to a decision based solely on automated processing that produces legal effects concerning you or significantly affects you, in particular based on profiling.
- Right to data portabilityYou may request to receive your data in a structured, commonly used and machine-readable format, or to have it transmitted directly to another data controller, where the processing is based on your consent and carried out by automated means.
- Post-mortem directivesIn accordance with Article 85, I of the French Data Protection Act of 6 January 1978 as amended, you may define directives regarding the exercise of your rights after your death (in particular regarding retention, deletion and communication of your data) and designate a person responsible for the exercise of such rights. In the absence of such directives, the Company will respond to requests from your heirs as limitatively set forth in Article 85, II.
- Right to withdraw consentYou may withdraw your consent to the processing of your personal data at any time. Withdrawal only applies for the future and does not affect the lawfulness of any processing carried out by the Company on the basis of your consent prior to withdrawal, or of any processing based on another legal basis (such as the performance of a contract between you and the Company).
- Right to lodge a complaintYou may lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés, the French data protection authority), 3 Place de Fontenoy, 75007 Paris, telephone: 01 53 73 22 22, cnil.fr/fr/plaintes. You are invited to inform the Company's Data Protection Officer beforehand, so that the Company can handle your request and attempt to find an amicable solution.
You may exercise your rights and/or ask any question relating to the processing of your data by email at dpo@hopia.eu, or by mail to: PLANINNOVIA, Data Protection Officer, 3 rue Joliot Curie, 91190 Gif-sur-Yvette.
To allow the Company to process your request as quickly as possible, you may specify its purpose and the context in which your data was processed. In case of reasonable doubt as to your identity, the Company may ask you to provide a copy of a valid identity document (front and back).
7. Cookies
The Software uses trackers that are required to ensure its access, security and operation (necessary cookies). These cookies do not require your consent.
The necessary cookies placed by the Software are as follows:
| Cookie type | Persistent / session | Issuer | Duration | Purpose |
|---|---|---|---|---|
| Necessary cookie | Session cookie | PLANINNOVIA | Expires at the end of the browser session | Protection against CSRF (Cross-Site Request Forgery) attacks |
Acceptance of these cookies is a necessary condition for accessing and using the Software. You may, at any time, disable these cookies via your browser settings. Each browser has its own configuration, described in its help menu:
- Firefox: support.mozilla.org
- Microsoft Edge: support.microsoft.com
- Google Chrome: support.google.com/chrome
- Safari: apple.com/legal/privacy
- Opera: help.opera.com
If you disable necessary cookies, you may experience potentially negative effects (optimal navigation on the Software is not guaranteed and features may be degraded).
The Company collects the following personal data via cookies: identifier, first name, last name, email, teams, start date, end date, professional skills, working time percentages, recurring unavailabilities, access permissions to the Software, date and time of last interaction, display settings.
8. Language
This Privacy Policy is drafted in French. In the event that it is translated into one or more foreign languages, only the French version shall prevail in case of dispute.
9. Updates to the Privacy Policy
The Company reserves the right to make changes to this Privacy Policy at any time. The Company recommends consulting this page regularly, referring to the date of its last modification. In the event of significant changes, the Company will notify you of such changes.