Comment Hremia traite les données personnelles pour son compagnon de bien-être par IA et son canal d'expression confidentiel — priorité à l'UE et conçu pour le RGPD.
Dernière mise à jour: 2026-06-27
Modèle — à examiner avec votre conseil juridique avant de vous y fier. Ce document est fourni à titre informatif uniquement et ne constitue pas un avis juridique.
Hremia provides an AI wellbeing companion and a confidential speak-up channel for employers and their teams across the EU. Where we determine the purposes and means of processing our own service and account data, we act as a data controller. When we process workforce data on behalf of an employer customer, we act as a data processor under that customer's instructions (see our Data Processing Addendum). You can reach us at privacy@hremia.eu.
We deliberately minimise what we collect:
Where Hremia is a controller, we rely on: contract (Art. 6(1)(b)) to deliver the service you request; legitimate interests (Art. 6(1)(f)) to secure, maintain and improve it; legal obligation (Art. 6(1)(c)) where the law requires; and consent (Art. 6(1)(a)) where we ask for it. Any special-category data (Art. 9) — for example wellbeing-related signals an employee chooses to share — is processed only on an applicable Art. 9(2) basis, such as explicit consent, and with heightened safeguards.
Personal data is hosted and processed within the European Union. We do not route production personal data outside the EU/EEA in the ordinary course of providing the service.
We use a small, vetted set of EU-based sub-processors for hosting, infrastructure and operational tooling. Each is bound by a written data-processing agreement with confidentiality and security obligations no less protective than ours. A current list is available on request, and material changes are notified in advance so customers may object.
We keep personal data only as long as necessary for the purposes above or as required by law, then delete or irreversibly anonymise it. Retention periods follow the customer's configuration and instructions for workforce data; account data is retained for the life of the relationship and a limited period thereafter.
Subject to the GDPR, you have the right to access, erasure, portability and objection, as well as rectification and restriction. To exercise these rights or submit a data-subject access request (DSAR), contact privacy@hremia.eu. Where Hremia acts as a processor, we will route your request to the relevant employer controller and support its response. You may also lodge a complaint with your supervisory authority.
We use strictly necessary cookies to keep you signed in and to secure the service. We do not use advertising or cross-site tracking cookies.
For any privacy question, or to reach our Data Protection Officer, write to privacy@hremia.eu.
EU-first · GDPR-by-design · Support, not surveillance.