Privacy Policy

Oneleaf SAS ("Oneleaf") provides a tele-hypnosis app, where a user can self-hypnotize to help with depression, anxiety, smoking cessation, and potentially weight loss and endometriosis symptoms (hereinafter "Tele-hypnosis Application").
‍
When you are using the Tele-hypnosis Application, you communicate your personal data to Oneleaf.

Please read this privacy policy carefully as it explains how your personal data are used and how to exercise your rights. This privacy policy supplements any documents or notices that may refer to this privacy policy. Should you have any questions, you may contact Oneleaf directly by sending an email to [email protected]
‍
1. WHO IS THE DATA CONTROLLER OF YOUR PERSONAL DATA?
Oneleaf is the data controller of your personal data

‍• to the extent that it determines the purposes and means of the processing related to the Tele-hypnosis Application;
• when it operates personal data processing in order to comply with its legal and regulatory obligations; and
• when it operates personal data processing in order to improve the Tele-hypnosis Application and its services.
‍
2. WHAT KIND OF PERSONAL DATA ARE PROCESSED?
All personal data provided by you via the Tele-hypnosis Application or generated by the Tele-hypnosis Application.
‍

Also, the Tele-hypnosis Application automatically collects the following data via cookies and other trackers:
‍

The provision of certain types of personal data may be necessary or optional, depending on your requests. Mandatory data will be marked as such at the moment of collection of your personal data. If you refuse to provide mandatory data, Oneleaf may not be able to process your request (e.g., creation of your consumer account, provision of the requested Tele-hypnosis Application’s services).

3. FOR WHAT PURPOSES DOES ONELEAF USE YOUR PERSONAL DATA?
Oneleaf processes your personal data for the following purposes only:
‍

4. WHO CAN ACCESS YOUR PERSONAL DATA?
Your personal data may be transmitted to the following recipients when you use the Tele-hypnosis Application and the services it provides:

‍
5. HOW DOES ONELEAF PROTECT YOUR PERSONAL DATA?
Oneleaf has implemented technical and organizational measures in order to protect your personal data, in
particular against potential data breaches likely to cause, either by accident or unlawfully, the destruction, loss, modification, unauthorized access or divulgation of your personal data. These measures will ensure a level of security adapted to the data and will take into account the state of the art and the cost of implementation in relation to the risks and nature of the data to be protected. However, no data, on the Internet or otherwise, can be guaranteed to be 100% secure. While we strive to protect your information from unauthorized access, use, or disclosure, we cannot and do not warrant the security of your information.

Oneleaf also requires that all members of its personnel and any other person processing your personal data comply with the internal rules and procedures related to the processing of personal data, including the technical and organizational security measures put in place to protect your personal data. In this context, Oneleaf reviews and updates its practices regularly to enhance your privacy and ensure that its internal policies are followed.

If you have found a vulnerability or would like to report a security incident, you may send an email [email protected]

Oneleaf is a provider of online and mobile meditation, hypnosis, mindfulness, sleep and movement content in the health& wellness space and is not a covered entity or a business associate of a covered entity under the Health Insurance Portability and Accountability Act of 1996, and the regulations promulgated thereunder, as amended from time to time (“HIPAA”). As such, HIPAA does not apply to the collection, storage, use, and disclosure of the information you provide to us.

6. FOR HOW LONG ARE YOUR PERSONAL DATA STORED?
As a general rule, your personal data will only be retained for the period necessary for the accomplishment of the purposes for which said data was collected, or as necessary to fulfill legal or regulatory obligations.

In the absence of applicable exceptions:
‍
• all personal data processed in order to provide with Oneleaf’s services (including health data) will be stored until the deletion of your personal account or after two (2) years of inactivity on your personal account; and,
• beyond that, personal data is archived for five (5) years for evidential purposes and for ten (10) years for invoicing data;
• your traffic data will be stored for a period of thirteen (13) months from the connection date.
‍
7. WHAT ARE YOUR RIGHTS REGARDING YOUR PERSONAL DATA?
‍
You have the following rights over your personal data:

• You can request the access to your personal data in order to obtain clear, transparent and understandable information on how Oneleaf processes your personal data and on your rights (as provided in this policy), as well as a copy of your personal data.
• You can request the rectification of your personal data in order to obtain the modification of your personal data if they are obsolete, inaccurate or incomplete.
• You can object to the processing of your personal data when the processing is based on Oneleaf's legitimate interest. Oneleaf will no longer process your personal data unless Oneleaf demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, such as the respect of a legal obligation (e.g. legal obligation involving the retention of documents), or for the establishment, exercise or defense of legal claims.
• You can request the restriction of the processing during a limited period of time, in particular in order to carry out some verifications, where one of the following applies:
    • You contest the accuracy of your personal data, the processing of which is thus restricted for the period necessary for Oneleaf to verify the accuracy of such personal data;
    • The processing is unlawful and, rather than requesting their deletion, you prefer to restrict their use;
    • Oneleaf no longer needs your personal data for the purposes of the processing, but you need them for the establishment, exercise or defense of legal claims;
  • You have objected to the processing, which is thus restricted pending the verification of whether the compelling legitimate grounds of Oneleaf may override your interests, rights and freedoms.

• You can withdraw your consent when it has been obtained, without this withdrawal affecting the lawfulness of the processing operations previously carried out.
• You can ask to receive your personal data in a structured, commonly used and machine-readable format and also can request their transmission to another controller where technically feasible. This right is not exercised in all circumstances, it applies only if it fulfills all the following conditions:
• Your request is only related to your personal data (excluding anonymous or third party data);
• Your request does not adversely affect the rights or freedoms of others, in particular those of Oneleaf (including trade secrets or intellectual property);
• The processing is carried out by automated means (paper files are therefore not included);
• The processing is based on consent or the performance of a contract (to check if it is the case, you can see the section 2 of this policy).

• You can request the deletion of your personal data (or right to be forgotten), where one of the following legal grounds applies:
• You object to the processing of your personal data and there are no overriding legitimate reasons justifying to maintain the processing of your personal data (such as an obligation for Oneleaf to keep certain personal data);
• You decide to withdraw your consent on which the processing is based;
• Your personal data are no longer useful for the original purposes for which they were collected or for any other type of processing;
• The use that is made of your data does not comply with the applicable legal or regulatory provisions.
‍
It is specified that the exercise of these rights is based on the legal basis of the processing as indicated in section 2 of this policy, as follows:
‍

Under certain circumstances, Oneleaf may ask you for specific information in order to confirm your
identity and ensure the exercise of your rights. This is another appropriate security measure to ensure
that personal data is not disclosed to an individual who does not have the right to receive it.
‍
If you have any questions or wish to exercise your rights, you may directly contact Oneleaf by
sending an email to [email protected]
‍
If needed, you may also lodge a complaint with your national data protection authority. This right
may be exercised at any time and free of charge, at the exclusion of potential postal fees or expenses
related to legal representation or assistance should you choose to engage third party assistance for the
procedure.
‍
8. CHILDREN’S PRIVACY
Our Website is not intended for children under 13 years of age. We do not knowingly collect information, including personal information as defined by the Children's Online Privacy Protection Act, from children under the age of 13 without parental consent. If you are a parent or guardian of a child under the age of 13 and believe he or she has disclosed personal information to us without your consent, you may contact us to request that we delete and stop use of that information (our contact information is at the end of this Privacy Policy). If we learn that we have received any information directly from a child under age 13 without first receiving his or her parent's verified consent, we will use that information only to respond directly to that child (or his or her parent or legal guardian) to inform the child that he or she cannot use the Services. We will then subsequently delete that child's information.
‍
California residents under 16 years of age may have additional rights regarding the collection and sale of their personal information. Please see Your State Privacy Rights for more information.

9. YOUR STATE PRIVACY RIGHTS
State consumer privacy laws may provide their residents with additional rights regarding our use of their personal information. To learn more about California residents' privacy rights, visit [HYPERLINK TO CCPA AND CPRA PRIVACY NOTICE FOR CALIFORNIA RESIDENTS]. California's "Shine the Light" law (Civil Code Section § 1798.83) permits users of our Tele-hypnosis Application that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to [email protected]

Colorado (beginning July 1, 2023), Connecticut (beginning July 1, 2023), Virginia (beginning January 1, 2023), and Utah (beginning on December 31, 2023) each provide their state residents with rights to:
• Confirm whether we process their personal information.
• Access and delete certain personal information.
• Data portability.
• Opt-out of personal data processing for targeted advertising and sales.
‍
Colorado, Connecticut, and Virginia also provide their state residents with rights to:
• Correct inaccuracies in their personal information, taking into account the information's nature processing purpose.
• Opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects.

To exercise any of these rights please send us an email at [email protected]. To appeal a decision regarding a consumer rights request send us an email at [email protected]
‍
Nevada provides its residents with a limited right to opt-out of certain personal information sales. Residents who wish to exercise this sale opt-out rights may submit a request to this designated address: [email protected]

The following states require that you opt-in before Oneleaf shares your personal information with third-parties for marketing, sales, or solicitation purposes: Colorado, Connecticut, Delaware, Indiana, Montana, Oregon, Tennessee, Texas, and Virginia. If you are a resident of these states and believe that you have not opted in to such sharing of your personal information, please contact us at [email protected]

Residents of the following states may, at any time, submit a request to opt out as to Oneleaf's sharing of personal information, receiving communications from Oneleaf, or any other opt out rights set forth in this privacy policy. California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, and Viginia. To submit an opt out request, please contact us [email protected]
‍
10. CHANGES TO THIS POLICY
This privacy policy may be amended from time to time, in particular to reflect the changes in the services provided by the Tele-hypnosis Application or the applicable regulations. Therefore, we recommend you to review this privacy policy each time you use the Tele-hypnosis Application. If we make material changes to this policy, we will make reasonable attempts to notify you.