top of page

IT security Holistal

Introduction/Background 

Holistal's primary purpose for collecting data is to ensure the relevance of content and usage, to support the development of previous components, and to provide personal support or troubleshooting in the event of an error report. Holistal does not share any information with third parties for commercial purposes.

 

Currently, user data is stored on encrypted servers as described below, with limited access granted only to the founders and developers at PIJA Media Management AB. Some data is stored via the Mixpanel service, an American software company, to optimize the user experience, ensure content relevance, and provide personal support or troubleshooting for the service.

There are agreements in place under applicable regulations, specifically a Data Processor Agreement with Mixpanel.

1. IT SECURITY
The company operates under the Privacy Shield framework, an agreement between the EU and the USA regarding user data and transatlantic data transfers.

We neither collect nor store biometric data, which in our case is defined as health data, from users. Should Holistal in the future expand its services to include the collection of biometric data, users will be informed of this, what it means for them, and how such data will be managed.

 

Where Are the Servers Located?

Currently, the servers are hosted on Heroku and Mongo Atlas. These servers are located in Ireland (EU-west). We have the option to choose where the data is stored and can switch to other providers if desired.

Who Has Access to the Data? The CEO of Holistal and developers at PiJa have access to the data. The “processors” are Heroku, Atlas, and Mixpanel.

What Data Is Collected?

  • Email address (user's corporate email or another address provided by the customer)

  • Dietary preferences

  • Goals

  • Language preferences

  • Points status

  • Account activation date

  • Date of last visit to the app

  • Responses to questions

  • Completed and selected actions and challenges

Please refer to sections 1.1 and 1.3 of the Privacy Policy for further details.

 

What Can the Company vs. Employees See and Access?

Employees
Employees can view personally related data such as:

  • Health Index

  • Selection and prioritization of goals

  • Points balance

  • Rewards

  • Challenges (activated, paused, or available)

Employees always have the right to request an export or deletion of their personal data.

 

Company Administrators
Company administrators can view:

  • Email addresses

  • Points balance

  • Account activation date

  • Date of last visit to the app

  • Usage statistics at an aggregated level (not personal data), including:

    • Participation Rate (% Active Employees)

    • Number of Users

    • Created vs. Active Users

    • Health Habit Index (Aggregated)

    • Goals Breakdown

    • Challenge Engagement

Aggregated data is only unlocked when more than 10 users have activated the service, for confidentiality reasons.

bottom of page