PRIVACY POLICY

  1. 1. RESPONSIBLE FOR THE DATA PROCESS

This website belongs to and is managed by ATRIA TECNOLOGÍA Y PSICOLOGÍA, SL who from now on and for the processing of personal data related to the provision, maintenance, and management of the Serenmind application, analysis or closure of it, as well as a direct contact service via email, it will be responsible for the data processed for the stated purposes. Our contact details for this purpose are:

  • Identity: ATRIA TECNOLOGIA Y PSICOLOGIA, SL (hereinafter «Serenmind» or «us»).
  • Address: Valencia, calle Sueca 6, Pl. 2 -Ap. 4- CP: 46006 (Valencia).
  • Valencia Mercantile Registry, Volume 10461, Book 7742, Folio 63, Section 8, Page V180690, 1st Inscription.
  • VAT: B98975261
  • Email: info@serenmind.com

Google Ireland, Ltd. and Apple, Inc. are also responsible for the treatments associated with the downloads that take place when downloading the application from the marketplace.

  1. AFFECTED
  • Interested / affected: the user (hereinafter » you«)
  1. DETAILS ABOUT THE DATA PROCESSING

Below, we show what categories or types of personal data we collect and process:

  • Traffic and navigation data.

Type of data: IP, configuration, language, operating system of your terminal, etc.

Legitimation:

    1. our legitimate interest in keeping the app running;
    2. our legitimate interest in maintaining a high level of security in the app.

Purposes:

    1. allow the use of the functionalities of our app and contents;
    2. ensure a high level of data security;
    3. analysis of the level of quality of our app and analytical and statistical study of its use.

Conservation: immediate anonymization after the deletion of the account by the user or withdrawal of consent for data processing.

Communication of data: no communication of data is foreseen, unless the user consents to communicate reports of failures, drops, or errors to the providers of the marketplaces, such as Google Ireland, Ltd. and Apple, Inc.

  • Identification or contact data

Type of data : name or alias, email, age, gender.

Legitimation:

    1. your consent expressed through the checkbox enabled for it;

Purposes:

    1. identification of users;
    2. relationship of them with their conversation histories and the results of the self-evaluations;
    3. maintain communications with the user in case it is necessary.

Conservation: only the email will be kept in order to attend to requests and requirements of users and / or competent bodies.

Communication of data: no datacommunication is foreseen, except for the processing orders necessary to support the application.

  • Data relating to the mental health of users

Data typology : anxiety and depression levels according to international tests and scales.

Legitimation:

    1. your consent by accepting the data processing through the checkbox enabled for this purpose.

Purposes:

    1. determine the psychological context of the interested party;
    2. allow the interested party to consult its evolution;
    3. recommend a program itinerary;
    4. improve chatbotresponses and offer a more accurate service;
    5. provide the user assistance service through the chatbot.

Conservation: the data will be automatically pseudonymised once the interested party withdraws their consent or they proceed to delete their account. Pseudonymised conservation has been established as a guarantee and security mechanism for the exercise of rights and defense in legal proceedings and claims.

Data communication: no data communication is foreseen, except for the processing orders necessary to support the application.

  • Data relating to the mental health of users

Typology of data : thoughts, expression of emotional states, feelings and the like.

Legitimation :

    1. 1. your consent by accepting the data processing through the checkboxenabled for this purpose.

Purposes:

    1. determine the psychological context of the interested party;
    2. allow the interested party to consult its evolution;
    3. recommend a program itinerary;
    4. improve chatbotresponses and offer a more accurate service;
    5. provide the user assistance service through the chatbot.

Conservation: the data will be automatically pseudonymised once the interested party withdraws their consent or they proceed to delete their account. Pseudonymized preservation has been established as a guarantee and security mechanism.

Communication of data: no data communication is foreseen, except for the processing orders necessary to support the application.

  • Data related to opinions, and ideology

Typology of data: opinions, expressions, perception of reality.

Legitimation:

    1. your consent by accepting the data processing through the checkboxenabled for this purpose.

Purposes:

    1. determine the psychological context of the interested party;
    2. improve chatbotresponses and offer a more accurate service;
    3. provide the user assistance service through the chatbot.
  1. Conservation: the data will be automatically pseudonymised once the interested party withdraws their consent or they proceed to delete their account. Pseudonymized preservation has been established as a guarantee and security mechanism.

Communication ofthe data: no data communication is expected any, except treatment orders needed to support the application.

  1. DATA SOURCE

All data comes from the interested party. Either by using the registration form, or by interacting with thechatbot or with the app tools. If you would like additional information, please contact: info@serenmind.com

  1. SECURITY MEASURES THAT WE APPLY IN SERENMIND
    • At SERENMINDwe apply reinforced security measures to guarantee the confidentiality and integrity of your data, one of them being the disassociation of the databases, separating the identification of the users (name, aliases, age, etc.) from the data relating to Your Health.
    • From your identification data we obtain a unique identifier, which is the identifier that we associate with your health data. Thus, together with dissociation, we ensure that your health data is not easily related to your identifying data.
    • In addition, your data, whether in transit, use or at rest, is permanently encrypted, so that it cannot be accessed by third parties, not even by our own team, which, by default, has limited functions within the system to only access the unique identifier of the user and the history of operations that said user has performed (sending messages through the chatbot, listening or reading our recordings, etc.).
    • An encryption with OpenSSL AES-256 encryption with MAC is carried out on the “message” fields with regard to the user / patient dialogue with the chatbot.
    • Our team to access the different work environments is done by username and password, which are stored encrypted. In addition, to be able to access the servers where the work environments are located, it is necessary to be authorized in a list of authorized IPs, so that anyone who is not on said list cannot access the servers.
    • At all times the messages between the database and the app are encrypted with SSL, and HTTPS, and the connection between the machines or servers is made through an API controlled by the person in charge, using an OAuth2.0 token.
  1. 6. OUR DATA MANAGERS

Below, we show you basic information about the processors who process our data on our behalf and under our guidelines.

  • OVH Hispano, SL: storage servers. Spain. Spain.
  • Hetzner Online GmbH: Backup servers. Germany
  • RDAdmin: in charge of the administration of the servers. Spain.
  • Arnau Castelltort: Chief Technology Officer (CTO). Spain.
  • Mailjet SAS: emailing platform. France.
  • EMMA Mobile Solutions, S.L.: attribution services platform. Spain.
  1. YOUR RIGHTS

You have the right to request SERENMIND at the following address info@serenmind.com:

    • access to your data, which you can also check in the «my data» section,
    • the rectification of your data, because we also want to ensure that your information is accurate and up-to-date,
    • o the deletion of your data,
    • the limitation of the processing of the data that concerns you,
    • the opposition to the processing of your data, when the legitimacy for the processing of your data is our legitimate interest,
    • the withdrawal of your consent to process your data, when the legitimacy to process your data is your consent and
    • the portability of your data, when the legitimacy for the processing of your data is your consent or the execution of a contract.

In addition, you have the right to file a claim with the Spanish Agency for Data Protection (AEPD) if you have doubts or are not satisfied with the exercise of your rights or the treatments we carry out. The contact details are:

    • Agencia Española de Protección de Datos (AEPD) -Spain-
    • Registro de entrada
    • Calle Jorge Juan, 6 // C.P.: 28004 – Madrid
    • Telephone assistance: +34 901 100 099 // +34 91 266 35 17
    • https://www.aepd.es/
  1. DELETION OF YOUR DATA
    • At SERENMIND we apply reinforced security measures to guarantee the confidentiality and integrity of your data, and as you may have seen, one of them is to encrypt the databases with which we work and dissociate your identification data and your unique identifier into different databases. the app for the health-related data that we process during the service.
    • o In accordance with the provisions of Regulation, 2016/679, General Data Protection on the right to deletion (to «oblivion»), this can always be requested by the user and we must always delete the data automatically whenever you withdraw your consent. However, given the sensitivity of the service and its proximity to the provision of a therapeutic and psychological assistance service, we keep health-related data in a pseudonymized way, limiting access to only two team managers to the unique identifier that can decrypt the database. data related to your health, so these are completely pseudonymised and the application automatically ignores them, as if they did not exist.
    • The pseudonymized conservation is carried out for a maximum period of 5 years, after which the identifier that allows the re-identification and association of your data will be eliminated.