Version: 2.0
Effective Date: 19/12/2022
Alleo B.V. (“Alleo”, “We”, “Our”, “Us”) provides an integrated platform for employee benefits-as-a-service through a mobile application (hereinafter the “Mobile App”), as well as a website (hereinafter: “Website”) containing relevant information to the services We provide (hereinafter collectively referred to as the “Service(s)”). The Mobile App enables You, the individual (“User(s)”, “You”, “Your”), to make use of experiences and offerings from third party providers (“Partner(s)”) and/or a monthly and/or a one-off budget (“Budget”) as offered to You by Your Employer (“Employer(s)”, “Customer(s)”).
This privacy policy (hereinafter “Privacy Policy”) describes and is intended to help Our Customers, Users, Partners and Our Website visitors understand the principles related to privacy that Alleo holds dear to. This Privacy Policy describes how We collect information (including Personal Data), how We use that information, how We share that information and other relevant information regarding privacy, such as Your possibilities to access and update this information or exercise Your other rights with regard to the General Data Protection Regulation (“GDPR”). Use of Personal Data collected through the Services shall be limited to the purposes of providing the Services for which the User or Customer has engaged Alleo, as described in this Privacy Policy, and otherwise with Your consent.
This Privacy Policy does not apply to any applications, services, products or software provided by Partners through the Services, those are governed by their own respective privacy policies.
Before using the Service or submitting any information to Us, please review this Privacy Policy carefully and contact Us if You have any questions.
We are committed to the protection of Your privacy while you use our services.
By continuing to use Our Services, You acknowledge that You have had the chance to review and consider this Privacy Policy, and You acknowledge that You agree to it. This means that You also consent to the use of Your information and the method of disclosure as described in this Privacy Policy.
Article 1 – Privacy Principles
We follow these principles in order to protect Your privacy:
- We do not collect any more Personal Data than is necessary to provide the Services;
- We only use Your Personal Data for the purposes we specify in this Privacy Policy, unless You agree otherwise;
- We do not process Personal Data of individuals under the age of 16;
- We do not keep Your Personal Data if it is no longer needed; and
- Other than as we specify in this Privacy Policy, we do not share your Personal Data with third parties, except with Your explicit consent to do so.
Article 2 – Purpose and the Personal data we collect
When You interact with us through the Services or through any other means, we may receive personal data as well as other information and data (“Other Information”), as explained in more detail below.
- Information you provide us
- We collect your Personal Data when you or your employer register to use the Mobile App, provide information when using the Services, update your account information, add additional Services, purchasing offers in the Mobile App, submit information to verify Your identity, contact customer support, contact Us with questions or feedback, or otherwise communicate with Us. This Personal Data may vary depending on what You or Your Employer choose(s) to share with Us and the Services You use, and may include identification information, professional or employment-related information, benefits enrollment information, financial information, commercial information, and online activity information. In addition, We may use Your information to send You direct marketing communications regarding the benefits offered and updates to Our Mobile App, with the purpose of ensuring You can optimally use the Mobile App. Through Our Services You always have the ability to unsubscribe from these direct marketing communications.
- Information third parties provide us
We may collect and receive information about You, including Personal Data, from third parties, such as Your Employer, Your Employer’s service providers, Our Partners, and Our own service providers, including for identity verification, fraud protection, and providing, updating, maintaining, and protecting the Services.
- Other information
- We may also collect, generate, and/or receive other information from the Services as follows:
- Services Metadata. When You interact with the Services, metadata is generated that provides additional context about the way Our Users utilize the Services.
- Log Data. As with most websites and technology services delivered over the Internet, Our platform automatically collects information when Our Services are accessed and record it in log files. Such log files may include the Internet Protocol (IP) address, the address of the web page visited before using the Services, browser type and settings, the date and time Services were used, information about browser configuration and plugins, language preferences and cookie data.
- Device Information. We collect information about devices accessing the Services, including type of device, what operating system is used, device settings, application IDs, unique device identifiers and crash data. Whether We collect some or all of this Other Information often depends on the type of device used and its settings.
- Location Information. We may receive information from You, Your Employer or any other third-parties that helps Us approximate Your location. We may, for example, use a business address submitted by Your Employer, or an IP address received from Your browser or device to determine approximate location.
- Cookie Information. We use cookies and similar technologies to operate and administer Our Services, gather and analyze usage, and improve Your experience. We may also allow third party service providers to use cookies or similar technologies to collect information about Your browsing activities over time and across different websites following Your use of the Services. For example, We use Google Analytics, a web analytics service provided by Google, Inc. Google Analytics uses cookies to help Us analyze how Users use the Website and enhance Your experience when You use the Service. For more information on how Google uses this data, go to https://www.google.com/policies/privacy/partners. Cookies can be stored on Your computer for different periods of time. Some cookies expire after a certain amount of time, or upon logging out (session cookies), others survive after Your browser is closed until a defined expiration date set in the cookie (as determined by the third party placing it), and help recognize Your computer when You open Your browser and browse the internet again (persistent cookies). For more details on cookies please visit https://www.allaboutcookies.org.
- Additional Information Provided to Us. We also may receive Other Information when submitted to Our Website or in other ways, such as if You apply for a job, request support, interact with Our social media accounts or otherwise communicate with Us.
In addition to the above purposes, We use Your Personal Data for compliance with applicable laws and protection of Our legitimate business interests and legal rights, including but not limited to, Our right to use Your Personal Data in connection with legal claims, compliance, legal research purposes (including disclosure of such information in connection with legal proceedings or litigation).
Your Personal Data can be categorized as follows:
- Contact details
- Information used to verify/register You as a person using Our Mobile App. Generally this information is supplied by Your Employer to Us. This includes:
- First name;
- Last name;
- Date of birth;
- Hire date;
- Location;
- IP address;
- Business email address;
- Private email address upon controller request;
- Benefit transactions made;
- Employee ID.
- We may, additionally, receive the following information, depending on the agreement between Alleo and the Employer for providing You with Our Services:
- Flexible Salary module
- Gross hourly salary;
- Gross monthly salary;
- Gross monthly holiday allowance;
- Statutory leave balance;
- Non statutory leave balance.
- Communication details
- We record Your IP address and unique device ID (MAC Address) and may assign other electronic identifiers to properly provide the Services or for security purposes. This includes (depending on the type of device used):
- Mobile carrier
- Device ID
- Mobile advertising ID
- Operating system
- Browser type
- IP address
- MAC address
- Support details
- In the event that You submit a support request, We may need to collect the relevant support data to fulfill Your support request. This support data may include contact or authentication information, personalization of chat sessions or other data We need to fulfill Your support request. For some services, We may record usage data to assist Us with Your request for support.
- Payment details
- In order to purchase any of the Services on the Mobile App, You will be asked to provide certain credit information, billing address information, and possibly additional specific information such that You may be properly charged for Your purchases.
- User details
- We may record statistical information about Your use of the Services for Our business operations and to protect Our legal interests, in particular to improve the User experience and identify performance problems or other failures in the Service. This includes:
- Geolocation information such as approximate location derived from IP address;
- Internet activity information such as login and logout activities;
- Pages You visit before, while, and after, using Our Services;
- Pages You visit, content You view, and links You click, while on Our Website;
- Demographic information;
- Your particular preferences;
- Combined or aggregated information, consisting of (some) of Your Personal Data in order to better serve You and to enhance and update Our Mobile App for You and other Users’ use.
Article 3 – Exchange and transfer of your Personal Data
We may provide Your Personal Data to other companies such as Partners and suppliers of Alleo and to other organizations providing services pursuant to an agreement with Us, for example for Our Services, to enable You to exercise Your ability to accept offerings and/or experiences from Our Partners, to provide support, to provide technical assistance, to resolve problems or to comply with legal requirements.
Article 4 – Contact Us
If You have any questions about Our Privacy Policy or information practices, please feel free to contact us at privacy@alleo.nl or by mail addressed to:
Alleo
Omval 300
1096 HP Amsterdam
The Netherlands
Article 5 – Data Location
Depending on the Services You use, Your Personal Data may be stored on servers of Our sub-processors located in different data centers. All data, including Personal Data, of Alleo is processed within the European Economic Area, more specifically in Ireland or the Netherlands.
Article 6 – Data Retention
We retain Your Personal Data for the term of the contractual relationship You or Your Employer has with Us, and, to the extent permitted, after the end of that relationship for as long as necessary to carry out the purposes described in this Privacy Policy. Laws may require Us to retain certain Personal Data for a specified period of time. Payment transactions related to the Services You use, for example, are retained for seven years pursuant to applicable tax laws.
Article 7 – Your Rights
You have the right to ask Us for a copy of Your Personal Data, to correct it, to delete or limit its processing, or to ask Us to transfer (some of) Your Personal Data to other organizations. You also have the right to object to certain processing activities, and to the extent that We have requested Your consent to process Your Personal Data, You have the right to withdraw this consent at any time.
These rights may be limited in certain situations, such as when We can prove that We are legally obliged to process Your Personal Data. If You wish to exercise Your rights, please contact Us using the contact details provided in this Privacy Policy.
Article 8 – Sub-processors
We engage sub-processors to provide (parts of) the Service(s) and process Your Personal Data. These sub-processors are prohibited from using Personal Data for purposes other than those specified in this Privacy Policy, and We contractually guarantee that the sub-processors and their employees maintain confidentiality with respect to the Personal Data and comply with the necessary instructions and security measures under this Privacy Policy or any relevant Data Processing Agreement between Us and the sub-processor.
The following sub-processors are engaged:
Sub-processor |
Location |
Scope of Service |
Amazon Web Services |
Ireland |
Hosting and infrastructure services, data storage, compute resources |
Intercom |
Ireland |
Customer support and engagement platform, live chat, email messaging |
Google Workspaces |
Europe |
Productivity and collaboration tools: email, document storage, video conferencing, calendar services |
Slack |
Germany |
Team collaboration and communication platform: messaging, file sharing, project collaboration |
Firebase Analytics |
Europe |
Mobile and web application analytics: user interactions, engagement, performance tracking |
Article 9 – Security
To protect Personal Data from unauthorized access, use, modification and accidental loss or destruction, Alleo has implemented technical and organizational measures to secure the processing of Your Personal Data. In the event of a security breach affecting Your Personal Data, You will be notified without unreasonable delay as soon as the breach is identified. “Security breach” means any breach of security measures described in this Privacy Policy that accidentally or unlawfully results in the accidental or unlawful destruction, loss, alteration or unauthorized disclosure of, or the unauthorized access to, Personal Data that has been transmitted, stored or otherwise processed by Us. These measures include, but are not limited to:
- preventing unauthorized persons from accessing data processing systems (physical access control);
- preventing unauthorized use of processing systems (logical access control);
- ensuring that persons authorized to use a data processing system have access to Personal Data only to the extent they are authorized to do so in accordance with their access rights and that Personal Data cannot be read without authorization, copied, modified or deleted during processing or use and after storage (access control to data);
- ensure that Personal Data cannot be read, copied, modified or deleted without authorization, modified or erased during electronic transmission, circulation or storage on storage media, and that for any transfer of Personal Data, the target entities for data transport can be identified and verified (data transfer control);
- ensure that measures are implemented for subsequent verification of whether Personal Data has been input, modified or deleted (erased), and by whom (input control);
- ensure that Personal Data is processed only in accordance with instructions (job control);
- ensure that Personal Data is protected against accidental destruction or loss (availability control)
- ensure that Personal Data collected for different purposes can be processed separately (separation control).
Article 10 – Applicants
Alleo processes applicants' Personal Data that could potentially be relevant to going through an application process, including information about the applicant's educational background and employment history. These data are processed because Alleo has a legitimate interest in being able to assess whether the applicant's qualities match the job description.
The Personal Data that Alleo receives as part of an application procedure will be deleted no later than 4 weeks after the end of this procedure, unless the applicant requests this earlier or if Alleo has obtained permission to keep the data longer. In case the application procedure leads to the conclusion of an employment contract, the Personal Data will be kept for as long as necessary. For information on the processing of internal Alleo employee personal data, please refer to the internal employee regulations of Alleo.
Article 11 – Changes
We reserve the right to modify this Privacy Policy. Changes to this Privacy Policy are effective upon posting on Our Website and/or in Our Mobile App, and We will update the “Effective Date” at the top of this Privacy Policy. Also We will present any updated Privacy Policy to Our Users if and when it changes. Your continued use of the Services will be considered acknowledgement of the modified Privacy Policy.