Privacy Policy
Oneleaf SAS (“Oneleaf”) provides a tele-hypnosis app, where a user can self-hypnotize to help with
depression, anxiety, smoking cessation, and potentially weight loss (hereinafter “Tele-hypnosis
Application”).
When you are using the Tele-hypnosis Application, you communicate your personal data to Oneleaf.
Please read this privacy policy carefully as it explains how your personal data are used and how to
exercise your rights. This privacy policy supplements any documents or notices that may refer to this
privacy policy.
Should you have any questions, you may contact contact Oneleaf directly by sending an email to
hello@getoneleaf.com.
1. WHO IS THE DATA CONTROLLER OF YOUR PERSONAL DATA?
Oneleaf is the data controller of your personal data:
to the extent that it determines the purposes and means of the processing related to the
Tele-hypnosis Application;
when it operates personal data processing in order to comply with its legal and regulatory
obligations; and
when it operates personal data processing in order to improve the Tele-hypnosis Application
and its services.
2. WHAT KIND OF PERSONAL DATA ARE PROCESSED?
All personal data provided by you via the Tele-hypnosis Application or generated by the Tele-hypnosis
Application.
Oneleaf SAS (“Oneleaf”) provides a tele-hypnosis app, where a user can self-hypnotize to help with
depression, anxiety, smoking cessation, and potentially weight loss (hereinafter “Tele-hypnosis
Application”).
When you are using the Tele-hypnosis Application, you communicate your personal data to Oneleaf.
Please read this privacy policy carefully as it explains how your personal data are used and how to
exercise your rights. This privacy policy supplements any documents or notices that may refer to this
privacy policy.
Should you have any questions, you may contact contact Oneleaf directly by sending an email to
hello@getoneleaf.com.Oneleaf SAS (“Oneleaf”) provides a tele-hypnosis app, where a user can self-hypnotize to help with
depression, anxiety, smoking cessation, and potentially weight loss (hereinafter “Tele-hypnosis
Application”).
When you are using the Tele-hypnosis Application, you communicate your personal data to Oneleaf.
Please read this privacy policy carefully as it explains how your personal data are used and how to
exercise your rights. This privacy policy supplements any documents or notices that may refer to this
privacy policy.
Should you have any questions, you may contact contact Oneleaf directly by sending an email to
hello@getoneleaf.com.
Also, the Tele-hypnosis Application automatically collects the following data via cookies and other trackers:
The provision of certain typesof personal data may be necessary or optional, depending on your requests. Mandatory datawill be marked as such at the moment of collection of your personal data. If you refuseto provide mandatory data, Oneleaf may not be able to process your request (e.g., creation of yourconsumer account, provision of the requested Tele-hypnosis Application’s services).
2. FOR WHAT PURPOSES DOES ONELEAF USEYOUR PERSONAL DATA?
Oneleaf processes your personal data for the following purposes only:
3. WHO CAN ACCESS YOUR PERSONAL DATA?
Your personal data may be transmitted to the following recipients when you use theTele-hypnosis Application and the services it provides:
4. WILL YOUR PERSONAL DATA BE TRANSFERRED OUTSIDE OF THE EUROPEAN
UNION/EUROPEAN ECONOMIC AREA/UNITED KINGDOM (UK)?
As far as possible, your personal data are processed within the United States.
Oneleaf will, in the absence of an adequacy decision and after having carried out an assessment of the
level of protection of your rights on the territory of the third country where the recipient of your personal
data is established, implement all necessary measures through the adoption of appropriate safeguards
(such as standard contractual clauses). A copy of such safeguards can be obtained by sending an email
directly to Oneleaf at hello@getoneleaf.com.
5. HOW DOES ONELEAF PROTECT YOUR PERSONAL DATA?
Oneleaf has implemented technical and organizational measures in order to protect your personal data, in
particular against potential data breaches likely to cause, either by accident or unlawfully, the destruction,
loss, modification, unauthorized access or divulgation of your personal data. These measures will
ensure a level of security adapted to the data and will take into account the state of the art and the
cost of implementation in relation to the risks and nature of the data to be protected. However, no data,
on the Internet or otherwise, can be guaranteed to be 100% secure. While we strive to protect your
information from unauthorized access, use, or disclosure, we cannot and do not warrant the security of
your information.
Oneleaf also requires that all members of its personnel and any other person processing your
personal data comply with the internal rules and procedures related to the processing of personal data,
including the technical and organizational security measures put in place to protect your personal data. In
this context, Oneleaf reviews and updates its practices regularly to enhance your privacy and ensure that
its internal policies are followed.
If you have found a vulnerability or would like to report a security incident, you may send an email
hello@oneleathealth.com.
Oneleaf is a provider of online and mobilemeditation, hypnosis, mindfulness, sleep and movement content in the health& wellness space and is not acovered entity or a business associate of a covered entity under the HealthInsurance Portability and Accountability Act of 1996, and the regulationspromulgated thereunder, as amended from time to time (“HIPAA”). As such, HIPAA does notapply to the collection, storage, use, and disclosure of the information you provide to us.
6. FOR HOW LONG ARE YOUR PERSONAL DATA STORED?
As a general rule, your personal data will only be retained for the period necessary for the
accomplishment of the purposes for which said data was collected, or as necessary to fulfill legal or
regulatory obligations.
In the absence of applicable exceptions:
all personal data processed in order to provide with Oneleaf’s services (including health data) will
be stored until the deletion of your personal account or after two (2) years of inactivity on
your personal account; and,
beyond that, personal data (except health data) is archived for five (5) years for evidential
purposes and for ten (10) years for invoicing data;
your traffic data will be stored for a period of thirteen (13) months from the connection date.DM_US 188633016-2.117901.0012
7. WHAT ARE YOUR RIGHTS REGARDING YOUR PERSONAL DATA?
You have the following rights over your personal data:
you can request the access to your personal data in order to obtain clear, transparent and
understandable information on how Oneleaf processes your personal data and on your rights
(as provided in this policy), as well as a copy of your personal data.
you can request the rectification of your personal data in order to obtain the modification of your
personal data if they are obsolete, inaccurate or incomplete.
you can object to the processing of your personal data when the processing is based on
Oneleaf’s legitimate interest. Oneleaf will no longer process your personal data unless
Oneleaf demonstrates compelling legitimate grounds for the processing which override
your interests, rights and freedoms, such as the respect of a legal obligation (e.g. legal
obligation involving the retention of documents), or for the establishment, exercise or defense of
legal claims.
You can request the restriction of the processing during a limited period of time, in particular
in order to carry out some verifications, where one of the following applies:
you contest the accuracy of your personal data, the processing of which is thus restricted for
the period necessary for Oneleaf to verify the accuracy of such personal data;
the processing is unlawful and, rather than requesting their deletion, you prefer to restrict their
use;
Oneleaf no longer needs your personal data for the purposes of the processing, but you need
them for the establishment, exercise or defense of legal claims;
you have objected to the processing, which is thus restricted pending the verification of
whether the compelling legitimate grounds of Oneleaf may override your interests, rights and
freedoms.
You can withdraw your consent when it has been obtained, without this withdrawal affecting the
lawfulness of the processing operations previously carried out.
You can ask to receive your personal data in a structured, commonly used and machine-
readable format and also can request their transmission to another controller where
technically feasible. This right is not exercised in all circumstances, it applies only if it fulfils
all the following conditions:
your request is only related to your personal data (excluding anonymous or third party data);
your request does not adversely affect the rights or freedoms of others, in particular those of
Oneleaf (including trade secrets or intellectual property);
the processing is carried out by automated means (paper files are therefore not included);
the processing is based on consent or the performance of a contract (to check if it is the case,
you can see the section 2 of this policy).
you can request the deletion of your personal data (or right to be forgotten), where one of the
following legal grounds applies:
you object to the processing of your personal data and there are no overriding legitimate
reasons justifying to maintain the processing of your personal data (such as an obligation for
Oneleaf to keep certain personal data);
you decide to withdraw your consent on which the processing is based;DM_US 188633016-2.117901.0012
your personal data are no longer useful for the original purposes for which they were
collected or for any other type of processing;
the use that is made of your data does not comply with the applicable legal or regulatory
provisions.It is specified that the exercise of these rights is based on the legal basis of the processing as indicated in section 2 of this policy, as follows:
Under certain circumstances, Oneleaf may ask you for specific information in order to confirm your
identity and ensure the exercise of your rights. This is another appropriate security measure to ensure
that personal data is not disclosed to an individual who does not have the right to receive it.
If you have any questions or wish to exercise your rights, you may directly contact Oneleaf by
sending an email to hello@oneleafhealth.com.
If needed, you may also lodge a complaint with your national data protection authority. This right
may be exercised at any time and free of charge, at the exclusion of potential postal fees or expenses
related to legal representation or assistance should you choose to engage third party assistance for the
procedure.
8. CHILDREN’S PRIVACY
We do not knowingly collect information, including personal information as defined by the Children’s
Online Privacy Protection Act, from children under the age of 13 without parental consent. If you are a
parent or guardian of a child under the age of 13 and believe he or she has disclosed personal
information to us without your consent, you may contact us to request that we delete and stop use of that
information (our contact information is at the end of this Privacy Policy). If we learn that we have received
any information directly from a child under age 13 without first receiving his or her parent’s verified
consent, we will use that information only to respond directly to that child (or his or her parent or legal
guardian) to inform the child that he or she cannot use the Services. We will then subsequently delete
that child’s information.
California residents under 16 years of age may have additional rights regarding the collection and sale of their personal information. Please see Your State Privacy Rights for more information.
9. Your State Privacy Rights State
consumer privacy laws may provide their residents with additional rights regarding our use of their personal information. To learn more about California residents' privacy rights, visit [HYPERLINK TO CCPA AND CPRA PRIVACY NOTICE FOR CALIFORNIA RESIDENTS]. California's "Shine the Light" law (Civil Code Section § 1798.83) permits users of our Tele-hypnosis Application that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to hello@oneleafhealth.com.
Colorado (beginning July 1, 2023), Connecticut (beginning July 1, 2023), Virginia (beginning January 1, 2023), and Utah (beginning on December 31, 2023) each provide their state residents with rights to:
• Confirm whether we process their personal information.
• Access and delete certain personal information.
• Data portability.
• Opt-out of personal data processing for targeted advertising and sales.
Colorado, Connecticut, and Virginia also provide their state residents with rights to:
• Correct inaccuracies in their personal information, taking into account the information's nature processing purpose.
• Opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects.
To exercise any of these rights please [REQUEST SUBMISSION METHOD]. To appeal a decision regarding a consumer rights request [APPEAL PROCEDURE].] Nevada provides its residents with a limited right to opt-out of certain personal information sales. Residents who wish to exercise this sale opt-out rights may submit a request to this designated address: [TOLL-FREE NUMBER/EMAIL/WEBSITE URL].[However, please know we do not currently sell data triggering that statute's opt-out requirements.]]
9. CHANGES TO THIS POLICY
This privacy policy may be amended from time to time, in particular to reflect the changes in the services
provided by the Tele-hypnosis Application or the applicable regulations. Therefore, we recommend you to
review this privacy policy each time you use the Tele-hypnosis Application. If we make material changes
to this policy, we will make reasonable attempts to notify you.
