hremia
Hremia

Política de privacidad

Cómo Hremia trata los datos personales de su acompañante de bienestar con IA y su canal confidencial de expresión — prioridad a la UE y diseñado conforme al RGPD.

Última actualización: 2026-06-27

Plantilla — revísela con su asesoría jurídica antes de basarse en ella. Este documento se proporciona solo con fines informativos y no constituye asesoramiento legal.

1. Who we are

Hremia provides an AI wellbeing companion and a confidential speak-up channel for employers and their teams across the EU. Where we determine the purposes and means of processing our own service and account data, we act as a data controller. When we process workforce data on behalf of an employer customer, we act as a data processor under that customer's instructions (see our Data Processing Addendum). You can reach us at privacy@hremia.eu.

2. Data we process

We deliberately minimise what we collect:

  • Account data — names, work email addresses, organisation, role and authentication credentials needed to provision and secure access.
  • Usage metadata — aggregated, de-identified signals such as feature usage, timing and volume, used to operate, secure and improve the service.
  • Never raw employee chat content. The substance of an employee's conversations with the companion is encrypted and isolated. It is not exposed to the employer, is not used to build profiles, and is not used to train shared models.

3. Lawful bases (GDPR Art. 6 / 9)

Where Hremia is a controller, we rely on: contract (Art. 6(1)(b)) to deliver the service you request; legitimate interests (Art. 6(1)(f)) to secure, maintain and improve it; legal obligation (Art. 6(1)(c)) where the law requires; and consent (Art. 6(1)(a)) where we ask for it. Any special-category data (Art. 9) — for example wellbeing-related signals an employee chooses to share — is processed only on an applicable Art. 9(2) basis, such as explicit consent, and with heightened safeguards.

4. Data residency (EU)

Personal data is hosted and processed within the European Union. We do not route production personal data outside the EU/EEA in the ordinary course of providing the service.

5. Sub-processors

We use a small, vetted set of EU-based sub-processors for hosting, infrastructure and operational tooling. Each is bound by a written data-processing agreement with confidentiality and security obligations no less protective than ours. A current list is available on request, and material changes are notified in advance so customers may object.

6. Retention

We keep personal data only as long as necessary for the purposes above or as required by law, then delete or irreversibly anonymise it. Retention periods follow the customer's configuration and instructions for workforce data; account data is retained for the life of the relationship and a limited period thereafter.

7. Your rights

Subject to the GDPR, you have the right to access, erasure, portability and objection, as well as rectification and restriction. To exercise these rights or submit a data-subject access request (DSAR), contact privacy@hremia.eu. Where Hremia acts as a processor, we will route your request to the relevant employer controller and support its response. You may also lodge a complaint with your supervisory authority.

8. Cookies (essential only)

We use strictly necessary cookies to keep you signed in and to secure the service. We do not use advertising or cross-site tracking cookies.

9. Contact

For any privacy question, or to reach our Data Protection Officer, write to privacy@hremia.eu.

EU-first · GDPR-by-design · Support, not surveillance.