Privacy Policy

Updated Privacy Policy

If you used Culture Amp's Services prior to 24 May 2018, your use of the Services will be governed by our previous Privacy Policy located at here until 24 May 2018, when that Privacy Policy will be replaced by the Privacy Policy displayed below. For all other users, your use of the Services will be governed by the Privacy Policy displayed below.

Last updated: 24 May 2018

This Privacy Policy explains how Culture Amp collects and handles your personal information, and applies to all of our Services, which includes this website. We value your trust and take our privacy obligations seriously. We have developed this Privacy Policy to provide you with clear answers to your questions so you can understand how your personal information and data is collected, held and processed by Culture Amp.

In this Privacy Policy, a reference to:

  • Administrator means any person who has log in credentials to a Customer account to manage that account, create surveys or review survey results;

  • Confidentiality Notice means the notice given to Respondents at the time of answering a survey conducted by a Customer, including the degree of confidentiality and/or anonymity that the Respondent will have when answering survey;

  • Culture Amp, Culture Amp Group, we, us or our means Culture Amp Pty Ltd (ACN 138 600 987) of Level 10, 31 Queen Street, Melbourne VIC 3000, Australia, and any of its related bodies corporate;

  • Customer means, in relation to you, the person or entity that has contracted with Culture Amp to allow you to use Culture Amp’s Services (for example, your employer);

  • Respondent means any person who accesses our Services to answer surveys (either wholly or partially) conducted by Customer using the Services;

  • Services means all products, services and Websites offered by Culture Amp;

  • Visitor means any person who visits our Websites;

  • Websites means, collectively, www.cultureamp.com as well as the other websites that the Culture Amp operates and that link to this Privacy Policy; and

  • You or your means either an Administrator, Respondent or Visitor, as applicable.

We may update this Privacy Policy from time to time and the most current version will be posted on our website. If we make any material changes, we will notify you by email (to the address associated with your account) or when you next log in to your account prior to the change becoming effective. We encourage you to periodically review this page for the latest information on our privacy practices. If you have any questions or concerns about our Privacy Policy, or with the handling of your personal information, please contact our Privacy Officer at privacy@cultureamp.com.

Privacy concerns

The use of information collected through our Services is limited to the purposes of providing the Services to the Customer or you. If you have an unresolved privacy or data use concern that we have not satisfactorily addressed, please contact TRUSTe at https://feedback-form.truste.com/watchdog/request.

TRUSTe Privacy Certification

What information do we collect?

We collect information relating to you and your use of our Services from a variety of sources. Some of this information is collected directly from you and some of this information is collected from your interaction with our Services, or from third parties. How and what information we collect about you will depend on the way that you use our Services, for example, whether you are an Administrator, Respondent or Visitor.

Information we generally collect

  • Contact information: When you provide us with your contact information, whether through use of our Services, a form on our website, or an interaction with our sales or customer support team, we collect your contact information. This information may include your name and email address.

  • Usage information: We collect usage data about you whenever you interact with our Services. This may include which web pages you visit, what you click on, when you performed those actions, and other activities. Please see our Cookie Policy for more information about the cookies we use in our Services.

  • Device and browser data: We collect data from the device you use to access our Services, such as your IP address and browser type. This information may also tell us your location.

  • Cookies and page tags: We use third party tracking services that employ cookies and page tags (also known as web beacons) to collect aggregated and anonymous data about Visitors to our Websites. This data includes usage and user statistics. Please see our Cookie Policy for more information about cookies and page tags we use on our Websites.

  • Log data: We keep log files that record data each time a device accesses our servers. The log files contain data about the nature of each access, including the originating IP address. We may combine this automatically collected log information with other information we collect about you. We do this to improve our Services, to improve our marketing activities, for system analytics, or to monitor or improve functionality.

  • Referral data: If you navigate to our Websites from an external source (such as a link on another website or via an email), we record information about the source that referred you to us.

  • Other data you submit: We may collect your personal information or data if you submit it to us in other contexts. For example, by giving us a testimonial, attending an event we host or entering a contest.

  • Interacting with us on social media: We may collect personal information about you when you interact with us using social media. For example, if you post material to our Facebook page or Tweet us on Twitter.

  • Third parties: We may collect your personal information or data from third parties if you give permission to those third parties to share your personal information with us or where you have made that information publically available online. This use will generally not apply to Respondents.

Information specific to Administrators

We may collect the following information about Administrators:

  • Registration details: When you register an account or another Administrator creates an account for you, we collect your name, company name, email address, password and other information. If you choose to register or login using a third party account (such as Google or the Customer’s SSO provider), the authentication of your login details are handled by that third party and we only collect the information you expressly agree to share with us at the time you give permission to link your Culture Amp account with the third party account.

  • Survey data: When you create and launch surveys using our services, we will store those survey questions and other information related to those surveys.

  • Billing details: If you use a credit card for billing, our credit card processor may collect information such as the cardholder's name, billing address, email address, credit card number, expiry date and credit card security code.

  • Account settings: You may be able to set or update various preferences and personal details on your account settings page or your profile. For example, your name, email address, default language or timezone. Please see our Cookie Policy for more information about the cookies we use in our Services.

Information specific to Respondents

We may collect the following information about Respondents:

  • Demographic data: In addition to your contact information, some Customers may provide us with additional demographic information so they can better analyze and understand their survey results. The information that each Culture Amp customer provides us is different, but in most cases, this will include your name, work email address and information about your role or employment with the customer.

  • HRIS data: If the Customer uses a third party human resource information system (for example, Workday or BambooHR) to import information into Services, we will also receive information from that third party (for example, your name, email address, employment and demographic data).

  • Survey data: When you answer a Customer survey, we will store your survey answers and comments.

Who is the data controller or processor?

Data protection law in certain jurisdictions differentiates between the “controller” and “processor” of information. For Administrators and Respondents, the Customer will generally be the controller of your personal information and Culture Amp will be the processor (unless indicated otherwise in this Privacy Policy). For Visitors, Culture Amp will generally be the controller of your personal information.

How do we hold the information we collect?

Security of your personal information

The security of your personal information is very important to us. All your data is private and confidential and we take reasonable steps to ensure that your personal information is handled securely and in accordance with this Privacy Policy. We follow generally accepted standards to protect the personal information submitted to us, both during transmission and once it is received.

However, please note that transmitting information over the Internet is never completely secure. Although we do our best to protect your personal information, we cannot guarantee that your personal information is absolutely secure in all situations.

Security is a collaborative effort, so we also recommend that you create a sophisticated password for logging in to our services, and keep that password secret. If you suspect there has been any unauthorized access or misuse of your personal information, immediately contact our Data Protection Officer at privacy@cultureamp.com.

Where your personal information is located

Our servers are based in the United States, so your personal information will generally be processed and hosted in the United States. However, as some of our offices and service providers are located outside of the United States, there may be times when your personal information may be transferred, disclosed or processed in another country, such as Australia, Ireland and the United Kingdom. For example, if you contact our Customer Success team for support or questions, any information you provide us in the support request (including personal information such as your name and email address) will be processed and hosted in Ireland by the service provider we use to manage support requests.

European Union or Swiss users

If you live in the European Union, we will use the following safeguards to transfer your personal information to a country not currently deemed adequate under applicable data protection law:

  • European Union Standard Contractual Clauses: Culture Amp offers the European Union Standard Contractual Clauses (EU SCC), also known as Model Clauses, to meet the adequacy and security requirements for our Customers that operate in the European Union, and other international transfers of information. We also use the EU SCC when transfer your personal information to a member of the Culture Amp Group located in a country not currently deemed adequate under applicable data protection law. A copy of our standard data processing addendum, incorporating the EU SCC, is available on request.

How do we use the information we collect?

How we use your personal information

We use your personal information for a variety of purposes. How and what information we collect about you will depend on the way that you use our Services, for example, whether you are an Administrator, Respondent or Visitor. In each case, the information we collect and hold is reasonably necessary for our business, including providing you with the Services you would expect from us.

European Union users

When you use our Services as an Administrator or Respondent, we process your personal information either:

  • with your consent;

  • to fulfill our contractual responsibility to deliver the Services to the Customer; or

  • to pursue Culture Amp’s legitimate interests of improving our Services or developing new products and features.

When you use our Services as a Visitor, we process your personal information either:

  • with your consent; or

  • to pursue Culture Amp’s legitimate interests of improving our Services or developing new products and features.

Administrators

When you use our Services as an Administrator we may use your personal information to:

  • Create an account with us: We need to collect and use your personal information to allow you to create an account and log in to that account. This also includes when you use your Google or SSO account to register or log in to our services.

  • Provide you with our Services: This includes providing you with access and use of our platform and customer support, which may require us to access your personal information so that we can assist you with survey design or technical issues.

  • Manage our Services: We use your personal information internally to measure and analyze user behaviour so we can provide our Services and improve those Services. Some of these purposes include:

    • monitor, maintain and improve our Services and features;

    • personalize or customize your experience when you use our Services (including presenting the Culture Amp platform in the best format for you or a device you use to access the Culture Amp platform);

    • create new services or features;

    • enforce our contracts and policies when we are made aware of potential breaches;

    • prevent potentially illegal, undesirable or abusive activities; or

    • investigate complaints about you, or made by you.

  • Contact you about Services or your account: At times we may need to contact you via email, mail or telephone to tell you about matters, such as changes to our Services, terms or policies.

  • Marketing purposes: We may also send you news and information about our products or Services that you either request from us, or we believe may interest you. In most cases, we will contact you via email. As part of our marketing efforts, we may combine information about you from third party sources with information we hold about you to create a user profile, which will help us to make our sales and marketing efforts more relevant to you and to personalize and improve your experience.

  • Respond to legal requests and prevent harm: If we receive a legal request or are informed of a situation that may cause harm, or potential harm, to someone, we may need to inspect your personal information or data to respond appropriately to that request or threat.

Respondents

When you use our Services as a Respondent we may use your personal information to:

  • Provide our Services to the Customer: When and how we use your personal information is controlled and managed by the Customer (including any Administrators that act on its behalf).

  • Manage our Services: We use your personal information internally to measure and analyze user behaviour so we can provide our Services and improve those Services. Some of these purposes include:

    • monitor, maintain and improve our Services and features;

    • personalize or customize your experience when you use our Services (including presenting our Services in the best format for you or a device you use to access our Services);

    • create new services or features;

    • enforce our contracts and policies when we are made aware of potential breaches;

    • prevent potentially illegal, undesirable or abusive activities; or

    • investigate complaints about you, or made by you.

  • Create de-identified aggregated data: To provide customers with a better understanding of their survey results, we use survey data in a de-identified aggregated form to compare customers’ results to the results of other surveys or types of customers. We also use your survey data to continually improve our Services, including our de-identified aggregated data sets. None of your survey data will be disclosed to other unrelated customers in a non-aggregated or identifiable form.

  • Respond to legal requests and prevent harm: If we receive a legal request or are informed of a situation that may cause harm, or potential harm, to someone, we may need to inspect your personal information or data to respond appropriately to that request or threat.

Visitors

When you use our Services as a Visitor we may use your personal information to:

  • Contact you for marketing purposes: We may send you news and information about our products or Services that you either request from us, or we believe may interest you (unless prevented by law). In most cases, we will contact you via email.

  • Manage our Services: We use your personal information internally to measure and analyze user behaviour so we can provide our Services and improve those Services. Some of these purposes include to:

    • monitor, maintain and improve our Services and features;

    • personalize or customize your experience when you use our Services (including presenting our Websites in the best format for you or a device you use to access our Websites);

    • create new services or features;

    • enforce our contracts and policies when we are made aware of potential breaches;

    • prevent potentially illegal, undesirable or abusive activities; or

    • respond to legal requests such as subpoenas, warrants or other mandatory information requests.

  • Profiling for marketing purposes: As part of our marketing efforts, we may combine information about you from third party sources with information we hold about you to create a user profile, which will help us to make our sales and marketing efforts more relevant to you and to personalize and improve your experience.

Anonymity and pseudonyms

In most cases, it will be very difficult for us to provide you with our Services if you do not provide us with your real name and contact details (primarily email). Situations where we might have difficulty interacting with you anonymously, or via a pseudonym, are when you use our Services as an Administrator or Respondent.

If lawful and practicable, you may use a pseudonym (or simply not identify yourself) when dealing with us. For example, if you have a complaint or concern about our site, or a general question about our Services or this Privacy Policy, you are welcome to contact us without identifying yourself. In some cases, however, if you do not provide us with information, we may not be able to provide you with our products or Services, or respond adequately to you.

Who has access to your personal information?

We will share your personal information with third parties only in the ways that are described in this Privacy Policy. To provide you with our Services we will often need to disclose your personal information to our staff or the service providers we use to operate our business. Examples of our service providers include: hosting services; project management software; email service providers; system monitoring services; customer support services; and website analytics. These companies are only authorized to use your personal information as necessary for us to provide our Services to you and/or the Customer.

In most cases, the information that we disclose to our staff or service providers will be directly necessary to provide our Services to you. However, there may be occasions where we need to disclose your personal information to other third parties or for other purposes, including to:

  • Our staff, suppliers or professional advisors: We may need to disclose your personal information to people who work for us or for one of our suppliers. These disclosures may be related to activities such as filling orders, processing payments and mail-outs, storing and managing documents, research, or providing professional advice. Transfers of Respondent information to our service providers are covered by our agreement with the Customer.

  • Prevent illegality or enforce our terms and policies: If you engage in or threaten any unlawful activity, we may reasonably believe that it is necessary to disclose your personal information to the police, a relevant authority or enforcement body, or your internet service provider, employer, supervisor or network administrator.

  • Protect our rights or the rights of our staff: There may be situations where disclosing your personal information is necessary to protect the property, health or safety of Culture Amp or its staff, the Customers or others. For example, exchanging information with other organizations to protect against fraud.

  • Keep other entities associated with us informed: In some cases, we may need to disclose your personal information to our agents, business affiliates, joint venture entities, partners, investors or any applicable subsidiaries or holding companies. The need to disclose your personal information to these entities may arise from a legal obligation we owe that entity, or to assist our or their legitimate business interests.

  • Run events, competitions and promotions: We may need to disclose your personal information to sponsors and promoters when you register or attend an event or enter any competition that we conduct or promote. This disclosure will generally not apply to Respondents.

  • Perform actions you request or consent to: You may specifically authorize us to disclose your personal information to a third party. For example, to resolve a dispute regarding our Privacy Policy or to integrate a third party service. We may also disclose your personal information to a third party with your prior consent.

  • Comply with legal requests: In some situations, we may be compelled to disclose your personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may disclose your personal information to third parties such as law enforcement officials or to comply with court orders, such as subpoenas or other legal processes.

  • Merge or sell our business: If Culture Amp is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your personal information, and choices you may have regarding your personal information.

When we disclose your personal information to third parties such as our suppliers, we sign confidentiality and data processing agreements with them to ensure they maintain confidentiality and have privacy and security standards to protect your personal information.

Disclosures specific to Administrators

When you use our Services as an Administrator we may also disclose your personal information to other Administrators. If you are an Administrator that is part of a team using our Services, your account information and data may be shared with the account owner or other Administrators. Your survey data may also be visible to other members in your team with whom you share your surveys or with whom you collaborate or provide feedback.

Disclosures specific to Respondents

When you use our Services as a Respondent we may also disclose your personal information to:

  • Customer or Administrators: When you answer Customer surveys, we will disclose that information to the Customer and Administrators. How your answers are displayed and what information may be used to analyze and report your answers (either in an aggregate or individual form) may vary from survey to survey. It is important that you read the Confidentiality Notice before answering a survey so you understand how your survey answers will be used and the ways they might be shared (if at all).

  • Share aggregated de-identified data: We may share aggregated de-identified data for any purpose. For example, we may share aggregated de-identified data with customers, prospects, partners for business or research purposes, such as our survey benchmarks.

  • Fulfill Customer requests: Because the Customer is the controller of your personal information, we hold and process your personal information on behalf of the Customer. There may be occasions when the Customer instructs us to disclose your personal information to a third party, such as a consultant or a new service provider. If instructed by the Customer to transfer your personal information to a third party, we generally sign a data transfer agreement with the Customer and third party to ensure that they continue to observe the Confidentiality Notice for each survey.

  • Prevent harm: We may also disclose your personal information to the Customer or relevant authorities if your use of our Services indicates an imminent risk of harm to you or the others around you.

What are your rights to your personal information?

If you live in certain countries (for example, European Union member states) you may have rights regarding your personal information, including the right to access, correct, delete or limit or stop the use or disclosure of your personal information.

We will respond to requests to access and correct (if necessary) your personal information as soon as possible. You have the following options when exercising your rights:

  • Update your account details: You may be able to update your registration and other account information on your account setting page or your profile. Information is updated immediately. To update any other information, please contact our Privacy Officer at privacy@cultureamp.com or customer support.

  • Access, correction and deletion: Upon request, we will provide you with information about whether we hold, or process on behalf of a third party, any of your personal information. To request this information, please contact us at privacy@cultureamp.com. If you want to review, correct (if necessary) or delete the information that we have collected and hold about you, please contact our Privacy Officer at privacy@cultureamp.com.

  • Limiting or stopping use or disclosure: If you want to limit or stop our use or the disclosure of your personal information to third parties, please contact our Privacy Officer at privacy@cultureamp.com. However, please note that by limiting or stopping the use of your personal information by us, or its disclosure to third parties, you may also limit our ability to provide you with our Services.

  • Data exports: While we can provide you with the information we hold about you in a standard CSV format, this data format may not be applicable or compatible with all uses. Please contact our Privacy Officer at privacy@cultureamp.com if you would like to obtain a data export of the information we hold about you.

  • Newsletter and other communications: If you subscribe to our newsletter(s) or other communications, you may choose to stop receiving those communications by using the unsubscribe instructions included our emails, or by contacting us at privacy@cultureamp.com.

  • Other queries or requests: If you have a question or want to make a request that is not listed above, please contact our Privacy Officer at privacy@cultureamp.com.

Requests from Administrators and Respondents

If you are an Administrator or Respondent, we collect, hold and process information about you on behalf, and under the direction, of the Customer. This information includes data uploaded to our Services by the Customer (for example, your name, email address, employment and demographic data) and your survey responses and comments submitted through our Services.

Because we collect, hold and process your personal information on behalf of the Customer, you will need to contact the Customer if you want to:

  • access, correct, amend or delete any information we hold about you; or

  • stop receiving emails sent to you by the Customer using our Services.

You may contact the Customer directly, or our Privacy Officer at privacy@cultureamp.com to exercise your rights or stop receiving Culture Amp platform emails, however, in most cases we will not be able to fulfill your request, and we will forward your request to the Customer to seek their permission and/or instructions. Please note that by sending us a request, we may need to identify you and/or your survey responses to the Customer. We will respond to your request within a reasonable timeframe.

How long do you retain my information?

Administrator and Respondents

We retain your personal information for as long as we provide our Services to the Customer, or as needed to comply with our legal obligations, resolve disputes or enforce our legal rights.

Visitors

We will retain your personal information for as long as is necessary to provide our Services to you, or to comply with our legal obligations, resolve disputes, and enforce our legal rights.

How do you make a complaint?

Contacting our Privacy Officer

Please contact our Privacy Officer if you have any complaints about our compliance with this Privacy Policy or relevant privacy laws. We will treat your complaint seriously, and will investigate any alleged breach, including how it occurred, and how best to prevent future breaches (if relevant). You can contact our Privacy Officer at privacy@cultureamp.com.

European Union complaints

If you live in the European Union, and have any complaints regarding our compliance with our Privacy Policy, please contact our Privacy Officer at privacy@cultureamp.com. However, if you are dissatisfied with our handling of your complaint, please contact the relevant EU Data Protection Authority in your country or the Irish Data Protection Commissioner (our lead supervisory authority) at:

Irish Data Protection Commissioner
Office of the Data Protection Commissioner
Canal House, Station Road, Portarlington, Co. Laois, R32 AP23, Ireland
Phone +353 57 868 4757
Fax: +353 57 868 4757
Email: info@dataprotection.ie

We will cooperate with the Irish Data Protection Commissioner or the DPA in your country regarding the investigation and resolution of your complaint, and any specific actions they require for us to comply with our Privacy Policy or applicable law.

Australian Privacy Act complaints

If you live in Australia, and have any complaints regarding our compliance with the Australian Privacy Act, please contact our Privacy Officer at privacy@cultureamp.com. However, if you are dissatisfied with our handling of your complaint, you may raise your complaint with the Office of the Australian Information Commissioner by contacting them at: http://www.oaic.gov.au/about-us/contact-us-page.

Additional Information

Cookies and tracking technologies

We and our marketing partners, affiliates, or analytics or service providers, use technologies such as cookies, beacons, tags, and scripts, to analyze trends, administer the website, tracking users’ movements around the website, and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies by these companies on an individual and aggregated basis. This use does not apply to Respondents.

We use cookies to remember users’ settings and preferences, and for session management. Users can control the use of cookies at the individual browser level. If you reject cookies, you may still use our Websites, but your ability to use some features or areas of our Websites may be limited.

We use Local Storage, such as HTML5, to store content information and preferences. Third parties with whom we partner to provide certain features on our Websites or to display advertising based upon your web browsing activity also use Flash cookies and HTML5 to collect and store information. Various browsers may offer their own management tools for removing HTML5. To manage Flash cookies, please click here: http://www.macromedia.com/support/documentation/en/flashplayer/help/settings_manager07.html. This use does not apply to Respondents.

We partner with a third party to manage our advertising on other sites. Our third party partner may use technologies such as cookies to gather information about your activities on this website and other sites in order to provide you advertising based upon your browsing activities and interests. If you wish to not have this information used for the purpose of serving you interest-based ads, you may opt-out by clicking here: http://preferences-mgr.truste.com/. Or if you are located in the European Union click here http://www.youronlinechoices.eu/. Please note this does not opt you out of being served all ads. You will continue to receive generic ads. This use does not apply to Respondents.

Please see our Cookie Policy for more information on what cookies and tracking technologies we use in our Services.

Social media widgets

Our Websites may include social media features or widgets, such as the Facebook Like or Share buttons. Use of these features may collect your IP address, detect which page you are visiting on our Websites, and set a cookie to enable the feature to function properly. Your interactions with these features are governed by the privacy policy of the third party providing these features.

Links to other websites

Our Websites may include links to other websites (for example, our Slack channel for people geeks). The privacy practices of those other websites may differ from Culture Amp’s privacy practices. If you submit personal information to any of those websites, your personal information is governed by their privacy policy. We encourage you to carefully read the privacy policy of any website you visit.

Testimonials

We display Customer or user testimonials and other endorsements on our Websites. With your consent, we may post your testimonial along with your name. If you wish to update or delete your testimonial or any other endorsement, please contact us at privacy@cultureamp.com.

Blog and forums

Our Websites offer publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them. To remove your personal information from our blog or community forum, please contact us at privacy@cultureamp.com. In some cases, we may not be able to remove your personal information, in such cases we notify you and explain why we are unable to fulfil your request.

Contact Details

Culture Amp
Email: privacy@cultureamp.com
Level 10, 31 Queen Street, Melbourne VIC 3000, Australia