We are InChorus Group Ltd, a company registered with Companies House in England and Wales under number 11755917 (“InChorus”/“we”/“us”/”our”).
You may withdraw such consent at any time by letting us know at firstname.lastname@example.org. At that time, you may also want to remove any cookies which have been placed on any device used to access the Website / Web App and/or Services.
Your withdrawal of consent will not affect the lawfulness of any processing carried out by us prior to such withdrawal.
Through our Website, we provide a third-party platform to anonymously tag, measure, and resolve incidents of bias and harassment in your organisation. This requires us to collect personal information from you. However, we want to put you in control of that personal information. We want you to be aware at all times where and how your personal information is being used. This is of paramount importance to us.
So, let’s describe what this Policy tells you. It explains:
• what information we may collect about you;
• what we may do with the information we collect about you;
• whether we share your information with anyone else;
• where we store your information;
• the types of cookies we use and how you can reject these cookies;
• how we keep your information secure; and
• your rights in relation to your information.
At InChorus we take your privacy seriously. We operate on the principle that your personal information belongs to you and only you can decide who you want to share it with and why. This is fundamental to the way we work and we’re committed to providing a secure environment for you to store your personal information.
WHEN DOES THIS POLICY APPLY?
HERE IS THE INFORMATION WE MAY COLLECT ABOUT YOU:
- Information you voluntarily provide
• If you contact us (by phone, email or through the Website), we may keep a record of that correspondence for two years in case we need to contact you in relation to the issue for which you contacted us, for operational performance improvement and/or nuisance caller management. We will not use it for marketing purposes.
• If you report a problem with the Website and/or the Services, we may keep that information for two years in case we need to contact you in relation to the issue you for which you contacted us, for operational performance improvement and/or nuisance caller management.
We will not use it for marketing purposes. The information you give may include your name, address, telephone number and email address.
- Information we collect about you and your device When you use the Website and interact with our Services, we may use technology such as that provided by Google Analytics to collect information about your visit to our Website. You can find more information about Google Analytics here: https://analytics.google.com/analytics/web.
In essence, Google Analytics enables us to analyse how you and others interact with our Website and Web App.
The information we collect may include:
• your IP address;
• the type of browser you use (e.g. are you using the Chrome or Safari browser?);
• the number of sessions per browser on each device;
• the type of device (eg Samsung) and operating system (eg Android) you are using;
• referrer information;
• time zone;
• user preferences; and
• which pages you visited.
Additionally, when you use our Services, we may collect information about your:
• company email address
• ethnicity and/or race;
• sexual orientation;
• age range;
• any disability you may choses to declare;
THIS IS WHAT WE DO WITH THE INFORMATION WE COLLECT ABOUT YOU
We use the information you provide to us to:
• enable us to provide the Services;
• ensure that content from our Website is presented in the most effective manner for you and for your device to achieve the most user-friendly navigation experience;
• defend our servers against malicious attacks.
Where we propose using your personal information for any other uses we will ensure that we notify you first. You will also be given the opportunity to withhold or withdraw your consent for the use of your personal information for purposes other than those listed above.
All users of the InChorus Platform are only ever identified for verification purposes, to prove that you are an employee, agent or consultant at a client organisation. Once we have verified that is the case your information is stored in separate tables, and databases, when necessary, from any Personal Data you input. The link between your Personal User Data and the identifying email address is hashed and encrypted.
Due to our strict adherence to the EU’s stringent GDPR legislation we hold the email identifier for your benefit; should you ever decide you would like to delete any data you have inputted, we can do that by decrypting the link between your email address and Personal Data - this link can only be made when you correctly answer questions about the specifics of the data originally entered, i.e. only you can unlock the encryption, were it ever necessary. Clever hey!
Your anonymity was our priority, and we built a system that ensures that. We are a solution that has not added security layers and strict data policies to existing software, we were designed and built with those considerations as instrumental cornerstones of what we went on to build.
All data is encrypted using OpenSSL to provide AES-256 and AES-128 encryption. We use 2 factor authentication for any access to the product, either as a User or Client, and, finally, we continuously work with experts to test our technology in order to find & address any security vulnerabilities.
OUR USE OF AGGREGATED AND ANONYMISED INFORMATION
We may share anonymised usage data which does not identify you specifically with third parties. We may combine your data with those of other users of our Website and share this information in aggregated and anonymised form with third parties to help us improve the design and delivery of our software tools, increasing the effectiveness for all users.
Our Services allow you to anonymously tag incidents of bias that you may have experienced in your organisation. We may share anonymised data with your organisation on the type of incident including where it occurred, what occurred, when it occurred, but we do not share your name or other personal identifiers.
The purpose of anonymously sharing the data is to allow your organisation to improve upon and kick off data-driven initiatives, ultimately resulting in a happier, healthier and more successful organisation.
We will never share your work email address, nor any part of your name that is within your work email address, for they are encrypted and stored completely separately from the anonymous, aggregated, and broad data we share with your employers. And of equal importance, we never take the names of the perpetrator, and therefore this can never be shared, completely maintaining your safety and security in the workplace when utilising the InChorus Platform.
THIS IS WHO WE SHARE YOUR INFORMATION WITH
We will only share your information with other organisations where we have your permission to do so in accordance with this Policy or where we believe it is necessary for a legitimate reason connected with the Website or our Services. We work with analytics providers and we may receive information about you from them. Below is a non-exhaustive list of third parties we work with. We may work with third parties not listed below or stop working with the third parties listed below.
NAME OF THIRD PARTY WHY WE WORK WITH THEM
- Google Analytics To monitor Web App and] Website performance & user experience.
- Digital Ocean To host our website and data storage
- Laravel PHP code platform
- In addition, we may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request.
Cookies are small pieces of data that are stored on your computer, mobile phone or other device. Pixels are small blocks of code on web pages that do things like allow another server to measure viewing of a Web page and are often used in connection with cookies. HTML5 Local Storage is a small database located inside your browser which web pages can use to store data to speed up their processing.
We have outlined below the individual cookies we use and why we use them:
Cookie Name: XSRF-TOKEN
24 hours expiry period to prevent attacks on the all website forms.
More info here: https://laracasts.com/lessons/sessions-cookies-caching
Cookie Name: InChorus_session
24 hours expiry period used for capturing some user session info.
More info: https://laracasts.com/lessons/sessions-cookies-caching.
Please refer to your device’s help material to learn what controls you can use to remove or block cookies. Please remember that if you do this, it may affect your ability to use the Website/ Web App and/or the Services.
THIS IS WHERE WE STORE YOUR INFORMATION
The information that we collect from you may be processed outside the European Economic Area (EEA), but we have ensured that there is an adequate level of protection for such information.
KEEPING INFORMATION SECURE
All information you provide to us is stored on servers owned and operated by [Digital Ocean Inc. More information on this provider is available at https://www.digitalocean.com/
HERE ARE YOUR RIGHTS
We think it is important that you are able to control your personal information. You have the right to ask us not to process your personal information for marketing purposes.
You can exercise your right to prevent such processing at any time by contacting us at email@example.com.
The law gives you the right to request a copy of the personal information we hold about you. We first require you to prove your identity with 2 pieces of approved identification.
We will supply, correct or delete personal information about you on our files. In addition, you may request rectification or erasure of personal information as well as the restriction of processing of your personal information. We will comply with your requests in accordance with the applicable law.
If you wish to complain about the processing of your personal information then please contact us first, but if we do not satisfactorily deal with your complaint, then you may contact the Information Commissioner. If you want to stop using the Website and the Services, you may do so. If you do, you may also want to remove any cookies that we have placed on any device used to access the Website and the Services.
THIRD PARTY PROPERTIES ACCESSED FROM THE WEBSITE EG OTHER WEBSITES
Our Website and Services may contain links to and from the online properties of third parties. If you follow a link to any of these online properties, please note that these online properties have their own privacy policies which will govern use of any personal information that they process. Please check these policies carefully before you click on any links and/or submit any personal information to these online properties.
CHANGE OF CONTROL
If the ownership of our business changes, we may transfer your information to the new owner so they can continue to operate the Website and provide the Services. The new owner will be obliged to comply with this Policy.
CHANGES TO OUR POLICY
Any changes we may make to this Policy will be posted on this page. Where it makes sense because the changes are material, we will notify you by e-mail or in another appropriate manner such as when you next interact with the Website.
CONTACTING US IS EASY AND WE WANT TO HEAR FROM YOU
We really do welcome any questions, comments and requests you may have regarding this Policy. You can contact us by emailing us at firstname.lastname@example.org.