This policy sets out the basis, under applicable data protection law (including the General Data Protection Regulation (EU 2016/679), on which we will process any personal data we collect from you, or that you or your employer provides to us through your use of the Tydy online software platform and the accompanying software apps (together the “Platform”).
OUR PROCESSING OF PERSONAL DATA
In the normal course of our business we collect and process data in respect of
- Invited employees who are typically new hires, managers, existing employees, recruiters, contractors or consultants who have been granted access to our Platform by their employer (where their employer is an existing client) and who are invited to join the company (“Employees”);
- administrative users of the Platform who are acting on behalf of their relevant employer (where their employer is an existing client) (“Client Users”); and
- trial users or potential new users of the Platform, including those who we have identified as possible future clients and to whom we are marketing or promoting the Platform and our services (“Marketing Contacts”).
When we refer to “personal data” in this policy, we mean any information relating to you from or in relation to which you may be identified (directly or indirectly). This might include, for instance, your contact details, your biographical details, work & education history, bank details, your preferences & nominations, online identifiers, and factors specific to your physical, mental, economic, cultural or social identity. Your personal data may also include any comments or opinions made by you or about you.
Please read this policy carefully to understand our views and practices regarding your personal data and how we will treat it. By visiting https://tydy.co or using the Platform you are accepting and consenting to the activities and data usage as described in this policy.
OUR STATUS AND RESPONSIBILITIES
In the case of Employees and Client Users, Tydy and/or one its subsidiary companies has entered into an agreement with your employer to grant you access to the Platform and / or to the campaign content and data capture forms completed on or via the Platform or by other mediums such as email or text messaging (the “Employer Agreement”), and your employer is the data controller of your personal data. We will process your personal data on behalf of your employer and in accordance with its lawful instructions. The information you provide to us and/or upload to the Platform (whether or not it constitutes personal data) will also be governed by the Employer Agreement.
In the case of Marketing Contacts, we are the data controller in respect of your personal data.
We are also the data controller in respect of contact information for each client contact which we hold for account and contract management purposes, including for contract queries and billing purposes.
References in this policy to “your employer” shall refer to the entity who has entered into the Employer Agreement with us, whether or not as a matter of law you are an employee, consultant or contractor of that entity, and such references are not intended to characterize or prejudice your status vis-à-vis that entity.
INFORMATION WE COLLECT ABOUT YOU
For Employees and Client Users: we will collect and process the following data about you as follows.
Information you give us. You may give us information about you:
when using the Platform’s functions, including by filling in forms or completing surveys on or via the Platform. The extent of the information collected is set by your employer. This information may include your name, age, company email address, company telephone number, job title, level of seniority, department, work start date, salary and primary office location, as well as any views you provide to us about you or your performance in your role, or information regarding your employer, your colleagues or other third parties during the course of completing engagement surveys or otherwise using the Platform;
if you contact or correspond with us (for example, using any support function made available by us) and we may keep a record of that correspondence (either directly or through our service providers).
Information your employer gives us. Your employer may give us information about you:
when creating a user profile for you in order to enable you to access the Platform under the Employer Agreement (whether on a trial or full basis) or to enable us to send engagement surveys and similar communications to you. This information may include your name, age, company email address, company telephone number, job title, level of seniority, department, work start date, salary and primary office location;
otherwise in the course of your employer’s use of the Platform.
Information we collect about you. Each time you complete an action such as read content, watch a video, respond to a survey or otherwise use the Platform we may automatically collect the following information:
when you use the Platform, we will keep a record of the details of that usage, including the date, time, location, frequency and duration of the usage;
if you are a Client User (using the Platform as a representative of your employer), we may obtain further information about you from your employer, for example to verify your eligibility to access and use the Platform;
any comments, opinions and/or feedback you provide to us regarding the Platform, for example during any trial period that you may participate in or thereafter;
technical information about your computer or mobile device for system administration and analysis, including your IP address, URL clickstreams, unique device identifiers, operating system, and network and browser type;
other information about your use of the Platform, including the pages you have viewed, the duration spent on the Platform and data files you have uploaded to the Platform. This information may be linked to your user profile (where relevant).
Information we receive from other sources. We work closely with third parties (including for example, business partners, other companies within our group, subcontractors and analytics providers) and may receive information about you from them. Details of third party providers are set out in the section below entitled “Disclosure Of Your Information”.
For Marketing Contacts, we will collect and process personal data which you provide us when you complete an enquiry via a website or register for a trial or otherwise contact us to request information about our products and services. We will typically obtain contact information such as your name, employer, work email address and work telephone number. We may also receive further personal data about you which is publicly available, such as your seniority, years of experience and employment history and similar work-related background, from third party service providers who provide contact enrichment and lead generation services to us. We shall also store and process data relating to your communications with us and your responses to our marketing emails and attendance at our events.
HOW WE USE YOUR PERSONAL DATA AND OUR LEGAL BASIS FOR DOING SO
Please note that we are permitted to collect, use, disclose and/or otherwise process any information other than personal data, including data sets you upload to the Platform or otherwise provide to us, to the fullest extent permitted by the Employer Agreement.
Where we have collected, received or generated personal data from or about you, we may use this for the purposes, and on the legal bases, as set out below.
For Employees and Client Users
Information you give to us. We will use this information to:
if you are a Client User, process your application to become a registered user of the Platform and verify your eligibility to use the Platform;
carry out our obligations arising from the Employer Agreement. This includes providing your employer with reports and analysis summarising information provided during your use of the Platform, including your content consumption, survey responses and other actions taken on the platform, aggregated with information from other employees and personnel, and (where relevant) comparing this data with past or future employee responses and/or industry benchmarks. All responses are entirely optional: content, individual questions (or the entire survey) may be skipped and there is no requirement for any surveys to be completed;
provide you with information, products and services you request from us. We will not contact you for promotional or marketing purposes, such as to inform you of new products or services that we offer, unless you specifically consent to this at the time you provide your details to us or you expressly request (or provide explicit consent for) us to do so at a later date;
contact you for your feedback on our services and to help us evaluate and improve our services, for example by acting on any information you have provided to us;
notify you about changes to the Platform and any other services of ours that you use, including informing you about new versions of the Platform and about new features, functionality and service offerings; or
deal with any enquiries, correspondence, concerns or complaints you have raised, or that have been raised by or concerning third parties (such as your employer) involving you and any issues caused by your use of the Platform.
Information we collect about you. We will use this information:
to administer and improve the Platform and other services, including ensuring that content is presented in the most effective manner for you and for your computer;
to report to your employer relating to the use of the Platform, as may be required under the Employer Agreement;
for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
to allow you to participate in interactive features of the Platform, when you choose to do so;
as part of our efforts to keep the Platform safe and secure; or
to compile reports (which do not personally identify you) of usage of the Platform.
Information we receive from other sources. We may combine information from other sources with the information you give to us or we collect about you and use this information as specified above.
In relation to the above uses, we shall process your personal data on the legal basis that it is necessary for the purposes of our legitimate interests or of your employer’s legitimate interests, including: to enable us to perform our contractual obligations under the Employer Agreement, to improve or optimize our services, to maintain the security of our computer systems, to understand how the Platform is use and to improve the user experience of the Platform, to protect and defend our legal rights, for troubleshooting, and for data analysis, testing and research purposes. Please also note:
- We will not undertake any analysis via the Platform by specific reference to any special categories of personal data (including racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health data, sex life or sexual orientation), unless this has been expressly requested or configured by your employer. Where this is the case, it is your employer’s responsibility to ensure they have obtained your explicit consent to such processing or that they have another lawful basis for such processing (please contact your employer if you have any questions). However, you might, in the course of providing comments or feedback in a survey, provide personal data within one of the above categories where this has not been requested. By providing this data to us, you will be deemed to have consented to our processing such data as part of the survey results and disclosing such data to your employer.
- Data collected from you and other employees or personnel may be used by us in an aggregated and anonymised form for statistical and benchmarking purposes including enabling comparisons to other organizations within the same industry.
For Marketing Contacts, we will collect and use data to contact you of about our news, updates, events, developments, products and services from time to time and for the purposes of entering into discussions with you in connection with your purchase of licenses from us to use or have access to the Platform. This data is processed by us on the basis that it is necessary for the purposes of our legitimate interests, namely undertaking targeted marketing and business development activities in connection with our business.
DISCLOSURE OF YOUR INFORMATION
We may share your personal data with other companies in our group, where necessary or desirable to do so in the course of the provision of services to you or your employer.
We may also share your personal data with selected third parties in accordance with this policy, including:
service providers, for example of IT services, business partners, suppliers and/or sub-contractors, for the performance of any contract that we enter into with your employer (such as the Employer Agreement) or in the course of undertaking product development activities, including the following:
Amazon Web Services, Inc and Cloudfront Inc; who provide cloud hosted infrastructure and services used by us to operate the Platform as a hosted solution;
SendGrid, Inc, Intercom, Inc. and Twillio, Inc, who provide product tools and functionality used by us in delivery of the Platform and associated services; and
analytics and search engine providers that assist us in the improvement and optimisation of our marketing activities and the analysis of data supplied via the Platform for contact enrichment and lead generation purposes, including Google Analytics, LinkedIn, Facebook and Clearbit; and
government or other law enforcement agencies, in connection with the investigation of unlawful activities or for other legal reasons (this may include your location information).
We require all our third party service providers and all other companies within our group to take appropriate and stringent security measures to protect your personal data in line with our policies. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes in accordance with our instructions.
We may also disclose your personal data to other third parties in the following circumstances:
if we sell or buy any business assets or receive investment into our business, we may disclose your personal data to the prospective or actual buyer, seller or investee of such business or assets;
if Tydy or substantially all of its assets are acquired by a third party, in which case personal data held by us, including your data and data about our customers, suppliers and correspondents will be one of the transferred assets;
if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our Terms of Service or other contracts between us and you or your employer; or to protect the rights, property or safety of us, our customers or others.
If you are an Employee please note that:
feedback and comments provided by you during your participation on the Platform are collated and conveyed to your employer in a listed or otherwise anonymised form (if your employer has chosen to make your response anonymous). Please also note that we merely report the feedback and comments and do not undertake any investigation or assessment into their veracity or legality;
the Platform may include an automated keyword flagging function, using a list of keywords which are pre-agreed by your employer. Any word in comments contained in your response which matches a keyword is automatically reported to your employer, without revealing your identity. We do not, however, notify you when any keywords originating from you are reported to your employer. This keyword flagging function operates automatically and we do not carry out any manual checks or otherwise monitor, supervise or exercise any discretion over the transmission of keywords to your employer. We do not assume any responsibility to you (in your capacity as a Employee) in respect of the keyword flagging function, and we expressly disclaim, to the fullest extent permissible by law, any and all responsibility and liability in respect of (a) any failure or delay by us in reporting keywords, and (b) any acts or omissions of your employer as a consequence of or in connection with the reporting of such keywords;
By way of further example, we may consider (based on your or others’ comments) that disclosure of your identity to your employer is necessary to prevent or detect an unlawful act (such as fraud or other criminal act), and that we cannot request your consent since this would prejudice the purpose of the disclosure.
Except as explained above, we will not disclose your personal data to any third parties for any other purpose unless we have a legal right or obligation to do so.
INTERNATIONAL DATA TRANSFERS
A number of our service providers are based outside the European Economic Area (“EEA”), predominantly in the United States. We may transfer your personal data to those services providers in the United States or other countries outside the EEA in order to provide our services via the Platform or (in respect of Marketing Contacts) in order to undertake marketing activities.
We have put in place appropriate measures to ensure that your personal data are treated by those third parties in a way that is consistent with and which respects the EU laws on data protection, including verifying that the recipient is certified under the EU-US Privacy Shield, or in putting in place written contractual agreements to meet EU-approved data protection obligations. If you require further information about these protective measures, please contact us at firstname.lastname@example.org.
SECURITY OF INFORMATION
You will ordinarily require a username or password to gain access to participate or share information via the Platform. Where we have given you a username, password and/or security information which enables you to access particular features of the Platform (for example, as an administrator or senior manager of your employer), you are responsible for keeping these access credentials confidential. You must not share these details with anyone, or store them in a way that may allow a third party to access them.
Please see the Terms of Service for more details on not sharing your access credential with third parties and how doing so may affect your ability to use the Platform: https://www.tydy.co/tos
We maintain appropriate technical and organisational measures to ensure that an appropriate level of security in respect of all personal data we process. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Platform and you acknowledge that any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features which are appropriate to the type of personal data you have provided to try to prevent unauthorised access or inadvertent disclosure, which may include two factor authentication and end-to-end encryption.
Where consent is required for our use of your personal data, by ticking the appropriate consent box or otherwise communicating your consent to us (whether by phone, email or other means), you consent to our use of that personal data as set out in this policy. If you disclose someone else's personal data to us, you confirm that you have their consent to disclose this to us and for us to use and disclose it in accordance with this policy.
RETAINING YOUR INFORMATION
We will not store your personal data for longer than is reasonably necessary to use it in accordance with this policy or with our legal rights and obligations. For the avoidance of doubt, aggregated and anonymised data and any information other than personal data can be stored indefinitely.
For Employees and Client Users
: we will retain your personal data for a period of 5 years or until six months after our relationship with your employer has ended (whichever is sooner). After this period, your personal data will be anonymised or deleted.
For Marketing Contacts
: we will retain your personal data for a period for so long as necessary to continue to provide you with updates or other marketing emails or other communications in circumstances in which you have consented (where necessary) or else not unsubscribed to receiving such communications and in which we have a continued legitimate interest in undertaking that marketing.
You have the following rights in regards to your personal information:
Access. You have the right to access information about the personal data we hold about you. We reserve the right to charge a reasonable fee in response to unreasonable or repetitive requests, or requests for further copies of the same information.
Right to object to processing. You have the right to object to processing of your personal data where that processing is being undertaken by us on the basis of our (or a third party’s) legitimate interest. In such a case we are required to cease processing your data unless we can demonstrate compelling grounds which override your objection. You also have the right to object at any time to the processing by us of your personal data for direct marketing purposes.
Rectification. You have the right to request that we rectify any inaccurate personal data that we hold about you.
Erasure. You have the right to request that we erase any personal data that we hold about you, based on one of a number of grounds, including the withdrawal of your consent (where our processing of that data is undertaken on the basis of your consent), or if your object to our continued processing (as mentioned above). This right does not extend to information which is not personal data. Please also note that it is likely to be necessary for us to retain your personal data for the purposes of assessing and verifying data that is submitted and/or held on the Platform, and your rights under applicable law to request erasure may be limited accordingly. We also reserve the right to retain your personal data in an anonymised form for statistical and benchmarking purposes.
Request to restriction of processing. This enables you to ask us to restrict the processing of your personal data in certain circumstances, for example if you want us to establish its accuracy or the reason for processing it.
Portability. You have the right to obtain copies of your personal data to enable you to reuse your personal data across different services and with different companies. You may also request that your personal data is transmitted directly to another organisation where this is technically feasible using our data processing systems.
Change of preferences. You can change your data processing preferences at any time. For example, if you have given your consent to direct marketing, but have changed your mind, you have the ability to opt out of receiving marketing communications by emailing us at email@example.com or clicking the relevant link in any communication you receive.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
Please note that if you exercise any of the above rights to require us to restrict or cease processing or to delete personal data, and this type of processing is required in order to facilitate your use of the Platform, you will no longer be able to use the Platform following the date on which we action your request. This does not include your right to object to direct marketing which can be exercised at any time without restriction. Please allow at least 5 working days for your request to be actioned.
Save as set out above, your rights detailed above can be exercised free of charge in accordance with applicable data protection laws. Please contact your employer directly if you would like to exercise any of these rights. (other than a change to your marketing preferences, which should be notified directly to us as described above).
If for any reason you are not happy with the way that we have handled your personal data, you also have the right to make a complaint to the relevant supervisory authority in your country. In the UK, the relevant authority is the Information Commissioner’s Office.