What are our commitments?
The Wecare@work brand and its Alex and ALLO Alex services are hereinafter referred to as KEPLER HR (our company). KEPLER HR's main mission is to help people and organizations better reconcile illness and work.
This data protection policy applies to all our websites: wecareatwork.com / alex.wecareatwork.com and alloalex.com and to all the processing operations we carry out in the course of our activities and for which we are identified as responsible. Protecting your data is a priority for KEPLER HR. Our employees are trained and supported to ensure compliance with laws and regulations.
With this policy, we would like to provide you with information on how we manage your data, as well as informing you of your rights in relation to the processing we carry out and how to exercise them.
What types of personal data do we collect?
Personal data is any information relating to a natural person that enables that person to be identified directly or indirectly.
The personal data we may collect are : Surname, first name, e-mail address, employer, professional background and status, health data, connection data, etc.
This personal data may be collected at different times:
when you write to us by e-mail or via our various contact forms
when you subscribe to our newsletter (on the wecareatwork.com website)
when you register on the alex.wecareatwork.com platform
when you request the alloalex.com solidarity service
as part of our training courses and e-learning modules
more generally, for all services offered by KEPLER HR.
Data marked with an asterisk must be provided. Otherwise, access to the requested service cannot be guaranteed.
What types of processing do we carry out?
Within the meaning of Article 4.2 of the RGPD, and in summary, processing is defined as "any operation applied to personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction".
KEPLER HR undertakes to process your data according to at least one legal basis defined in Article 6 of the RGPD and to:
determine the explicit purposes when collecting the data and indicate whether they are mandatory or optional,
provide transparent information and appropriate security for processing,
apply the principle of minimization (collection of data that is necessary and relevant to the purpose),
retain data for a specified period (which may vary depending on the contract under which the data is made available to KEPLER HR) that does not exceed the needs of the processing operation or the legal or regulatory obligations to which KEPLER HR is subject,
notify the CNIL and the persons concerned, in the event of a data breach of a prejudicial nature.
If the collection of data has a legal basis requiring your consent, KEPLER HR undertakes to obtain your consent by informing you, and where applicable, of the way in which you may exercise your right to withdraw it at any time. Depending on the type of processing, you may be asked to renew your consent once it has expired (e.g. for cookies).
How do we ensure data security?
To protect your data, we implement technical and organizational measures based on the state of the art and best practices in cyber-security (staff awareness and training, encryption of data and exchanges, etc.). These measures are designed to prevent unauthorized access, loss, alteration, destruction or disclosure of your data.
This protection covers both malicious acts and accidental damage. Data transmitted by web sites is protected by encryption using a secure protocol that prevents it from being read by third parties as it travels over the network to the server on which it is hosted.
KEPLER HR contracts with subcontractors who offer sufficient guarantees in terms of security. In particular, the servers and databases containing your health data are hosted by an HDS-certified subcontractor certified by the French digital health agency
If certain processing operations are hosted outside the European Union, KEPLER HR takes the necessary steps to ensure that the host to which the data is entrusted provides the essential guarantees to protect it. KEPLER HR ensures that its service providers authorized to process personal data are subject to an obligation of confidentiality and provide the persons authorized to process personal data with the necessary training in the protection of personal data. More generally, KEPLER HR takes sufficient guarantees by contracting RGPD commitments with its service providers.
Who are the recipients of your data?
Your data is intended for Kepler HR's internal departments, in order to provide you with access to our services. Some data, anonymized, may be shared, either with the sponsor of your access (for example, your employer if it is your employer who offers you access to the service), or with researchers as part of a scientific study, in all cases with the sole aim of being able to measure its impact, such as frequency of use, response to your need for information, effect on your mental workload, contribution to a more serene return to work...
What are your rights?
You have many rights regarding the processing of your personal data. The most common are:
the right of access: provision of information about your data,
the right of rectification: modification of inaccurate or incomplete information in your data,
the right to erasure: deletion of your data,
the right to object to the processing of your data.
Other rights exist, such as limitation (to "freeze" your data so that it cannot be processed), portability (for transfer to a third party), human intervention (in the case of profiling or automated decision-making).
It should be noted that while these rights cannot be infringed, they are not absolute. This means that you can only exercise them under certain conditions. For example, you cannot request the deletion of personal data from an invoice relating to a service purchased from KEPLER HR as long as the tax authorities require KEPLER HR to keep this information.
To keep control of your data, you can exercise your rights:
By post: KEPLER HR / For the attention of the RGPD Manager / 67 rue des Rabats / 92 160 Antony (France)
By e-mail: email@example.com, specifying the processing operation to which you are referring and the right you wish to exercise, as well as any other information enabling us to identify the processing operation and to identify you in the processing operation (e-mail address, for example).
ATTENTION: the address firstname.lastname@example.org is exclusively reserved for exercising rights. All other requests should be addressed to the relevant department (marketing, accounting, etc.).
If we have reasonable doubt about the identity of the applicant, proof of identity may be requested and this in order not to prejudice the person concerned (article 12.6 of the RGPD). KEPLER HR may carry out this check in order to verify possible identity theft.
KEPLER HR has the option of objecting to or requesting the payment of administrative costs related to unfounded requests, manifestly abusive by their number and repetitive nature (Article 12.5 of the RGPD).
If you do not obtain satisfaction for your requests, and by providing all supporting elements, you have the possibility of lodging a complaint with a supervisory authority (in France, the CNIL: Commission Nationale Informatique et Libertés https://www.cnil.fr)
How do you update your transmitted data?
In order to avoid any processing errors, it is important that the information you send us is accurate and up-to-date, and that you inform us immediately of any significant changes concerning you, by sending an e-mail to email@example.com. However, for certain processing operations, we will ask you to update your information if necessary.
KEPLER HR may modify this policy in the light of changes in laws and regulations, the services offered and changes in its practices. KEPLER HR recommends that you consult it regularly on this Internet site.