Privacy Policy

Last updated: 18 July 2015

Our Privacy Policy explains how we collect and handle your personal information and data. We value your trust and take our privacy obligations seriously. We have developed this Privacy Policy to incorporate several frameworks for protecting personal information (including the US-EU Safe Harbor Framework and the Australian Privacy Act).

We may update our Privacy Policy from time to time. Any changes to our Privacy Policy will be included into a new version and made available on our website. If you have any questions or concerns about our Privacy Policy, or with the handling of your personal information, please contact our Privacy Officer.

The US-EU Safe Harbor Framework

The US-EU Safe Harbor Framework sets out seven Privacy Principles that the US Department of Commerce and the European Commission have agreed will provide adequate privacy protection when US organizations receive personal information about EU citizens. We use the Safe Harbor Principles in our Privacy Policy so that we can provide at least the same level of privacy protection.

If you would like to read more about the US-EU Safe Harbor Framework or the Privacy Principles, please visit: http://export.gov/safeharbor

Why do we have different policies?

Our services are used by both customers (people who subscribe to our [content] or services, or create, conduct or administer surveys using our services) and survey respondents (people who answer surveys). The information we collect about customers and survey respondents, and how we handle that information, may differ. To make it easier for you to understand how our Privacy Policy applies to you, we have split it up into two parts. To quickly access the section that applies to you, use the links below:

Privacy for Customers

Privacy for Survey Respondents

Privacy for Customers

What information do we collect?

We collect information relating to you and your use of our services from a variety of sources. Some of this information is collected directly from you and some of this information is collected from your interaction with our services, or from third parties.

Information we collect directly from you

  • Contact details: When you contact us or subscribe to our content, such as our newsletter, we collect your contact details, including your name and email address.
  • Registration details: When you register an account we collect your name, company name, email address, password and other information.
  • Billing details: If you use a credit card for billing, we may collect information such as the cardholder's name, billing address, email address, credit card number, expiry date and credit card security code.
  • Account settings: You can set or update various preferences and personal details on your account settings page or your profile. For example, your name, email address, default language or timezone.
  • Survey data: We store the survey data (questions and answers) you create using our services.
  • Other data you submit: We may collect your personal information or data if you submit it to us in other contexts. For example, by giving us a testimonial or by entering a contest.

Information we collect from other sources

  • Usage data: We collect usage data about you whenever you interact with our services. This may include which web pages you visit, what you click on, when you performed those actions, and other activities. Our web servers also keep log files that record data each time a device accesses our servers. The log files contain data about the nature of each access, including the originating IP address.
  • Device data: We collect data from the device you use to access our services, such as your IP address and browser type. This information may also tell us your location.
  • Referral data: If you navigate to our website from an external source (such as a link on another website or via an email), we record information about the source that referred you to us.
  • Information from page tags: We use third party tracking services that employ cookies and page tags (also known as web beacons) to collect aggregated and anonymous data about visitors to our website. This data includes usage and user statistics.
  • Interacting with us on social media: We may collect personal information about you when you interact with us using social media. For example, if you post material to our Facebook page or Tweet us on Twitter.
  • Third parties: We may collect your personal information or data from third parties if you give permission to those third parties to share your information with us. For example, you have the option of logging in to our services with your Google account. If you do this, the authentication of your logon details is handled by Google and we only collect information about your Google account that you expressly agree to share with us at the time you give permission for your Culture Amp account to be linked to your Google account.

How do we hold the information we collect?

Security of your information

The security of your information is important to us. All of your data is private and confidential and we take all reasonable steps to ensure that your information is handled securely and in accordance with this Privacy Policy.

However, please note that transmitting information over the Internet is never completely secure. Although we do our best to protect your personal information, we cannot guarantee that your information is absolutely secure in all situations.

Security is a collaborative effort, so we also recommend that you create a sophisticated password for logging in to our services, and keep that password secret.

If you suspect there has been any unauthorized access or misuse of your personal information, please contact our Privacy Officer immediately.

Where your information is located

Our servers are based in the United States, so your personal information will be processed and hosted in the United States. However, as some of our offices and service providers are located outside of the United States, there may be times when your personal information may be transferred, disclosed or processed in another country.

We will not transfer your personal information to a country or organisation that does not implement privacy obligations that are at least comparable to those set out in this Privacy Policy.

How do we use the information we collect?

How we use your information

We use your personal information for a variety of purposes. In each case, the information we collect and hold is reasonably necessary for our business, including providing you with the services you would expect from us. We use your personal information to:

  • Create an account with us: We need to collect and use your personal information to allow you to create an account and log in to that account. This also includes when you use your Google account to register and log in to our services.
  • Provide you with our services: This includes providing you with access and use of the Culture Amp platform and customer support, which may require us to access your information so that we can assist you with survey design or technical issues.
  • Create anonymous aggregated benchmark data: To provide you with a better understanding of your survey results, we use your survey data in an anonymous aggregated form to compare your results to the results of other surveys. We also use your survey data to continually improve and [adapt] our survey benchmarks. None of your survey data will be disclosed to other unrelated customers in a non-aggregated or identifiable form.
  • Manage our services: We use your information internally to measure and analyze user behaviour so we can provide our services and improve those services. Some of these purposes include:
    • To monitor, maintain and improve our services and features.
    • To personalize or customize your experience when you use our services (including presenting our website in the best format for you or a device you use to access our website).
    • To create new services or features.
    • To enforce our Terms when we are made aware of potential breaches.
    • To prevent potentially illegal, undesirable or abusive activities.
    • To investigate complaints about you, or made by you.
  • Contact you about services or your account: At times we may need to contact you via email, mail or telephone to tell you about matters, such as changes to our services, terms or policies.
  • Contact you for marketing purposes: We may also send you news and information about our products or services that you either request from us, or we believe may interest you. In most cases, we will contact you via email.
  • Respond to legal requests and prevent harm: If we receive a legal request or are informed of a situation that may cause harm, or potential harm, to someone, we may need to inspect your personal information or data to respond appropriately to that request or threat.

Anonymity and pseudonyms

In most cases it will be very difficult for us to provide you with our services if you do not provide us with your real name and contact details (primarily email). Situations where we might have difficulty interacting with you anonymously, or via a pseudonym, are when you purchase a subscription to our services or create a survey and send that survey to potential respondents.

If lawful and practicable, you may use a pseudonym (or simply not identify yourself) when dealing with us. For example, if you have a complaint or concern about our site, or a general question about our services or this Privacy Policy, you are welcome to contact us without identifying yourself. In some cases, however, if you do not provide us with information, we may not be able to provide you with our products or services, or respond adequately to you.

Who has access to your information?

To provide you with our services we will often need to disclose your personal information to our staff or service providers that we use to operate our business. Examples of our service providers include: hosting services; project management software; email service providers; system monitoring services; customer support; and website analytics.

In most cases, the personal information that we disclose to our staff or service providers will be directly necessary to provide our services to you. However, there may be occasions where we may need to disclose your personal information to other people or organizations, including to:

  • Our staff, suppliers or professional advisors: We may need to disclose your personal information to people who work for us or for one of our suppliers. These disclosures may be related to activities such as filling orders, processing payments and mail-outs, storing and managing documents, research, or providing professional advice.
  • Enforce or apply our Terms: If you engage in or threaten any unlawful activity, we may reasonably believe that it is necessary to disclose your information to the police, a relevant authority or enforcement body, or your internet service provider, employer, supervisor or network administrator.
  • Protect our rights or the rights of our staff: There may be situations where disclosing your information is necessary to protect the property, health or safety of Culture Amp or its staff, customers or others. For example, exchanging information with other organizations to protect against fraud and to reduce credit risk.
  • Keep other entities associated with us informed: In some cases we may need to disclose your information to our agents, business affiliates, joint venture entities, partners, investors or any applicable subsidiaries or holding companies. The need to disclose your information to these entities may arise from a legal obligation we owe that entity, or to assist our or their legitimate business interests.
  • Run competitions and promotions: We may need to disclose your personal information to sponsors and promoters when you enter any competition that we conduct or promote.
  • Fulfill requests from you: You may specifically authorize us to disclose your personal information to a third party. For example, to resolve a dispute regarding our Privacy Policy or to integrate a third party service.
  • Comply with legal requests: In some situations we may be compelled to disclose your information to third parties such as law enforcement officials or to comply with court orders, such as subpoenas.

We also implement reasonable steps to ensure that any personal information we disclose is subject to a privacy policy comparable to our Privacy Policy, or contractual obligations that will provide a comparable level of protection to our Privacy Policy.

What are your rights to your information?

We will respond to requests to access and correct (if necessary) your personal information as soon as possible. You have the following options regarding accessing, correcting or limiting the use or disclosure of your personal information:

  • Update your account details: You can update your registration and other account information on your account setting page or your profile. Information is updated immediately. To update any other information, please contact our Privacy Officer or customer support.
  • Access and correct your personal information: If you want to review and correct (if necessary) personal information that we have collected and hold on you, please contact our Privacy Officer.
  • Limiting use or disclosure: If you want to limit our use or the disclosure of your information to third parties, please contact our Privacy Officer. However, please note that by limiting the use of your personal information by us, or its disclosure to third parties, you may also limit our ability to provide you with our services.

How do you make a complaint?

Contacting our Privacy Officer

Please contact our Privacy Officer if you have any complaints about our compliance with this Privacy Policy, the Safe Harbor Framework, or the Australian Privacy Act. We will treat your complaint seriously, and will investigate any alleged breach, including how it occurred, and how best to prevent future breaches (if relevant).

You can contact our Privacy Officer at privacy@cultureamp.com

Safe Harbor complaints

If you live in the European Union, and have any complaints regarding our compliance with the Safe Harbor Principles, please contact our Privacy Officer. However, if you are dissatisfied with our handling of your complaint, please contact the relevant EU Data Protection Authority in your country. We will cooperate with the DPA in your country regarding the investigation and resolution of your complaint, and any specific actions they require for us to comply with the Safe Harbor Principles (if relevant).

Australian Privacy Act complaints

If you live in Australia, and have any complaints regarding our compliance with the Australian Privacy Act, please contact our Privacy Officer. However, if you are dissatisfied with our handling of your complaint, you may complain to the Office of the Australian Information Commissioner by contacting them at: http://www.oaic.gov.au/about-us/contact-us-page

Privacy for Survey Respondents

What information do we collect?

As a survey respondent, most of the personal information that we collect about you will be from your survey responses, and any information uploaded by a customer to conduct a survey using our services. However, we also collect information relating to you and your use of our services from other third parties.

Information we collect directly from you

  • Survey responses: We store the survey answers you submit to customers using our services. This includes both survey answers and any written comments to survey answers.

Information we collect from other sources

  • Information from customers: Customers use our services to conduct surveys and analyse the survey responses. This may require the customer to upload your personal information to our services so they can contact you and analyse survey results using additional information (for example, employment or demographic information). In most situations, a customer will be your employer, and you may have consented to your personal information being collected, used and disclosed by your employer (for purposes such as conducting employee surveys using Culture Amp) at the time of your employment.
  • Usage data: We collect usage data about you whenever you interact with our services. This may include which web pages you visit, what you click on, when you performed those actions, and other activities. Our web servers also keep log files that record data each time a device accesses those servers. The log files contain data about the nature of each access, including the originating IP address.
  • Device data: We collect data from the device you use to access our services, such as your IP address and browser type. This information may also tell us your location.
  • Referral data: If you navigate to our website from an external source (such as a link on another website or in an email), we record information about the source that referred you to us.
  • Information from page tags: We use third party tracking services that employ cookies and page tags (also known as web beacons) to collect aggregated and anonymous data about visitors to our websites. This data includes usage and user statistics.

Sensitive Information

Unless specifically instructed by customers, we do not intentionally collect any sensitive information about you. Where a customer informs us that they intend to collect sensitive information about you through a survey, we will notify you before collecting your sensitive information.

However, we do not inspect the data that customers upload or collect using our services, so we cannot guarantee that we will not receive sensitive information relating to you from a customer or via a survey.

Sensitive information is personal information that reveals racial or ethnic origin, political opinions or membership, religious or philosophical beliefs, trade or professional association membership, trade-union membership, criminal records, sex life, and health, genetic or biometric information.

How do we hold the information we collect?

Security of your information

The security of your personal information is important to us. All of your data is private and confidential and we take all reasonable steps to ensure that your information is handled securely and in accordance with this Privacy Policy.

However, please note that transmitting information over the Internet is never completely secure. Although we do our best to protect your personal information, we cannot guarantee that your information is absolutely secure in all situations.

If you suspect there has been any unauthorized access or misuse of your personal information, please contact our Privacy Officer immediately.

Where your information is located

Our servers are based in the United States, so your personal information will be processed and hosted in the United States. However, as some of our offices and service providers are located outside of the United States, there may be times when your personal information may be transferred, disclosed or processed in another country.

We will not transfer your personal information to a country or organisation that does not implement privacy obligations that are at least comparable to those set out in this Privacy Policy.

How do we use the information we collect?

Your survey responses are owned and managed by the customer, and we treat that as confidential information of the customer. Please contact the customer directly to understand how they will use your survey responses. In most cases, the customer will be your employer or a representative of your employer.

If you live in the European Union, the customer will be responsible for complying with any relevant European Union data protection laws before sending your personal information to us for processing. We will work with customers to help them provide notice to survey respondents concerning the purpose for which personal information is collected.

To understand how Culture Amp handles survey responses, please see the customer section of this Privacy Policy. We do not sell survey responses to third parties and we do not use any contact details collected in our customers' surveys to contact survey respondents.

We also use the information we collect from, and about you (including usage data, device data, referral data and information from page tags), to manage and improve our services, for research purposes, and for the various purposes described in the customer section of this privacy policy.

Anonymity and pseudonyms

In most cases it will be very difficult for us to conduct a survey on behalf of a customer if the customer does not provide us with your personal information (primarily your email, employment and demographic information).

If lawful and practicable, you may use a pseudonym (or simply not identify yourself) when contacting us. For example, if you have a complaint or concern about our site, or a general question about our services or this Privacy Policy, you are welcome to contact us without identifying yourself. In some cases, however, if you do not provide us with information, we may not be able to provide you with an adequate response.

What third parties do we disclose information to?

We host surveys for customers, but they are really the primary curator and recipient of survey data. Unless a customer specifically requests to make a survey respondent's survey answers identifiable, we do not display your individual survey answers to customers. However, we will notify you of the details of each survey before you answer that survey, including whether your individual survey answers will be displayed to the customer. Any comments to survey answers you submit are provided to customers exactly as you submitted them. If you include any personal information in a comment, then you might be identifiable via that comment.

Please contact the customer directly to understand how they might share your survey responses. Also, please see the customer section of this Privacy Policy to understand what we tell customers about how we handle survey responses and personal information, and to whom we may disclose survey responses or personal information (for example, our staff and service providers).

What are your rights to your information?

Because we process personal information (including survey responses) on behalf of customers, you will need to contact the customer if you have any questions about the survey, or if you want to access, update, or delete anything in your responses.

You may request access to and correction of the personal information we hold about you by contacting our Privacy Officer, but in most cases we cannot provide you with this access because we hold that information on behalf of the customer, and any access or alteration to that information may be contrary to the customer's interests or our contractual obligations to the customer. If we are unable to fulfill your request, we will pass it on to the customer for them to process or to provide us with permission to fulfill your request. However, please be aware that this process might identify you and your survey responses to the customer.

We will respond to your request for access or correction within a reasonable time, and where reasonable and practicable to do so, we will provide access to your personal information as requested by you.

If you want to stop receiving email invitations to surveys sent by customers via Culture Amp, please contact the customer.

How do you make a complaint?

If you have a complaint about the personal information we process on behalf of a customer, we suggest that you first contact the customer.

Alternatively, please see the customer section of this Privacy Policy for how to make a complaint regarding this Privacy Policy or our compliance with the Safe Harbor Framework or the Australian Privacy Act.