We are InChorus Group Ltd, a company registered with Companies House in England and Wales under number 11755917 (“InChorus”/“we”/“us”/”our”). We are committed to protecting your privacy.
This policy sets out the basis, under applicable data protection law (including the General Data Protection Regulation (EU 2016/679), on which we will collect and process personal information through your use of the InChorus online software platform and the accompanying software App (together the “Platform”).
IN THE NORMAL COURSE OF OUR BUSINESS WE COLLECT AND PROCESS DATA IN THE FOLLOWING WAYS:
- App users who are typically employees, contractors or consultants who have been granted access to our Platform by their employer (where their employer is an existing client) (“App Users”);
- administrative users of the Platform dashboard who are acting on behalf of their relevant employer (where their employer is an existing client) (“Client Users”); and
- trial users or potential new users of the Platform, including those who we have identified as possible future clients and to whom we are marketing or promoting the Platform and our services (“Marketing Contacts”).
When we refer to “personal data” in this policy, we mean any information relating to you from or in relation to which you may be identified (directly or indirectly).
OUR STATUS AND RESPONSIBILITIES
In the case of App Users, Client Users, and Marketing Contacts, we are the data controller in respect of your personal data.
We are also the data controller in respect of contact information for each client contact which we hold for account and contract management purposes, including for contract queries and billing purposes.
INFORMATION WE COLLECT ABOUT YOU
For App Users and Client Users will collect and process the following data about you:
- INFORMATION YOU MAY VOLUNTARILY PROVIDE:
- When using the Platform to log a report via the InChorus App we may collect personal information that you choose to share including your:
- Company email address
- Ethnicity and/or race
- Sexual orientations
- Age range
- And disability you chose to declare
- If you contact us (by phone, email, or through the Website) we may keep a record of that correspondence for two years in case we need to contact you in relation to the issue for which you contacted us, for operational performance improvement and/or nuisance caller management. We will not use it for marketing purposes.
- If you report a problem with the Website and/or the Services, we may keep that information for two years in case we need to contact you in relation to the issue you for which you contacted us, for operational performance improvement and/or nuisance caller management. We will not use it for marketing purposes. The information you give may include your name, address, telephone number and email address.
- INFORMATION WE COLLECT ABOUT YOU.
- When you use the website and interact with our Services, we automatically collect the following information.
- We use technology such as Google Analytics to collect information about your visit to our Website. You can find more information about Google Analytics here: : https://analytics.google.com/analytics/web . In essence, Google Analytics enables us to analyse how you and others interact with our Website and Web App. The information we collect may include:
• IP address;
• the type of browser used(e.g. Chrome or Safari browser);
• the number of sessions per browser on each device;
• the type of device (eg Samsung) and operating system (eg Android) used;
• referrer information;
• time zone;
• user preferences; and
• which pages were visited.
For Marketing Contacts, we will collect and process personal data which you provide when you complete an enquiry via a website or register for a trial or otherwise contact us to request information about our products and services. We will typically obtain contact information such as your name, employer, work email address and work telephone number. We may also receive further personal data about you which is publicly available, such as your seniority, years of experience and employment history and similar work-related background, from third party service providers. We shall also store and process data relating to your communications with us and your responses to our marketing emails and attendance at our events.
WHAT DO WE DO WITH THE PERSONAL DATA WE COLLECT ABOUT YOU? WHAT IS OUR LEGAL BASIS FOR DOING SO?
Where we have collected or generated personal data from or about you, we may use this for the purposes, and on the legal bases, as set out below.
We use the information you provide to us to:
• enable us to provide the Services;
• ensure that content from our Website is presented in the most effective manner for you and for your device to achieve the most user-friendly navigation experience;
• defend our servers against malicious attacks
Where we propose using your personal information for any other uses we will ensure that we notify you first. You will also be given the opportunity to withhold or withdraw your consent for the use of your personal information for purposes other than those listed above.
- INFORMATION YOU GIVE TO US. WE WILL USE THIS INFORMATION TO:
For Client Users
- provide you with information, products and services you request from us.
- contact you for your feedback on our services and to help us evaluate and improve our services
- notify you about changes to the Platform and any other services of ours that you use
For App Users – our use of aggregated and anonymized information
- We will only use your email and company code identify you in order to prove that you are an employee, agent or consultant at a client organisation. Once we have verified that is the case this information is stored in separate tables, when necessary, from any Personal Data you input. The link between your Personal User Data and the identifying email address is hashed and encrypted.
- Our Services allow you to anonymously tag incidents of bias that you may have experienced in your organisation. We may share anonymised data with your organisation on the type of incident including where it occurred, what occurred, when it occurred, but we do not share your name or other personal identifiers.
- The purpose of anonymously sharing the data is to allow your organisation to improve upon and kick off data-driven initiatives, ultimately resulting in a happier, healthier and more successful organisation.
- We will never share your work email address, nor any part of your name that is within your work email address, for they are encrypted and stored completely separately from the anonymous, aggregated, and broad data we share with your employers. And of equal importance, we never take the names of the perpetrator, and therefore this can never be shared, completely maintaining your safety and security in the workplace when utilising the InChorus Platform.
- Data collected from you and other employees or personnel may be used by us in an aggregated and anonymised form for statistical and benchmarking purposes including enabling comparisons to other organisations within the same industry.
- INFORMATION WE COLLECT ABOUT YOU. WE WILL USE THIS INFORMATION:
- to share anonymised usage data which does not identify you specifically with third parties. We may combine your data with those of other users of our Website and share this information in aggregated and anonymised form with third parties to help us improve the design and delivery of our software tools, increasing the effectiveness for all users.
- to administer and improve the Platform and other services, including ensuring that content is presented in the most effective manner for you and for your computer;
- for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
- as part of our efforts to keep the Platform safe and secure
In relation to the above uses, we shall process your personal data on the legal basis that it is necessary for the purposes of our legitimate interests including: to enable us to perform our contractual obligations under the Client Agreement, to improve or optimise our services, to maintain the security of our computer systems.
For Marketing Contacts, we will collect and use data to contact you of about our news, updates, events, developments, products and services from time to time and for the purposes of entering into discussions with you in connection with your purchase of licences from us to use or have access to the Platform. This data is processed by us on the basis that it is necessary for the purposes of our legitimate interests, namely undertaking targeted marketing and business development activities in connection with our business.
WHO DO WE SHARE YOUR INFORMATION WITH?
We will only share your information with other organisations where we have your permission to do so in accordance with this Policy or where we believe it is necessary for a legitimate reason connected with the Website or our Services. We work with analytics providers and we may receive information about you from them. Below is a non-exhaustive list of third parties we work with. We may work with third parties not listed below or stop working with the third parties listed below.
- service providers, for example of IT services, business partners, suppliers and/or sub-contractors, for the performance of any contract that we enter into with your employer (such as the Client Agreement) or in the course of undertaking marketing activities, including the following:
- Laravel PHP code platform
- Digital Ocean LLC who provide cloud hosted infrastructure and services used by us to operate the Platform as a hosted solution;
- Google LLC, Dropbox, who provide product tools and functionality used by us in delivery of the Platform and associated services; and
- Hubspot who provide marketing and CRM management
- analytics and search engine providers that assist us in the improvement and optimisation of our marketing activities and the analysis of data supplied via the Platform for contact enrichment and lead generation purposes, including Google Analytics, LinkedIn, Instagram, Facebook; and
- we may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request.
We require all our third party service providers and all other companies within our group to take appropriate and stringent security measures to protect your personal data in line with our policies. We do not allow our third party service providers to use your personal data for their own purposes and only permit them to process your personal data for specified purposes in accordance with our instructions.
We may also disclose your personal data to other third parties in the following circumstances:
- we may disclose your personal data to our legal advisers if they need to have access to this information in order to advise us on our legal rights and obligations; and
Except as explained above, we will not disclose your personal data to any third parties for any other purpose unless we have a legal right or obligation to do so.
Cookies are small pieces of data that are stored on your computer, mobile phone or other device. Pixels are small blocks of code on web pages that do things like allow another server to measure viewing of a Web page and are often used in connection with cookies. HTML5 Local Storage is a small database located inside your browser which web pages can use to store data to speed up their processing.
We have outlined below the individual cookies we use and why we use them:
Cookie Name: XSRF-TOKEN
24 hours expiry period to prevent attacks on the all website forms.
More info here: https://laracasts.com/lessons/sessions-cookies-caching
Cookie Name: InChorus_session
24 hours expiry period used for capturing some user session info.
More info: https://laracasts.com/lessons/sessions-cookies-caching.
Please refer to your device’s help material to learn what controls you can use to remove or block cookies. Please remember that if you do this, it may affect your ability to use the Website/ Web App and/or the Services.
THIS IS WHERE WE STORE YOUR INFORMATION
The information that we collect from you may be processed outside the European Economic Area (EEA), but we have ensured that there is an adequate level of protection for such information.
SECURITY OF INFORMATION
You will only require your company email address and company code to gain access to the InChorus App. Where we have given you a username, password and/or security information which enables you to access particular features of the Platform as a Client User you are responsible for keeping these access credentials confidential. You must not share these details with anyone, or store them in a way that may allow a third party to access them.
We maintain appropriate technical and organisational measures to ensure that an appropriate level of security in respect of all personal data we process. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Platform and you acknowledge that any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features which are appropriate to the type of personal data you have provided to try to prevent unauthorised access or inadvertent disclosure. This includes encrypting data using OpenSSL to provide AES-256 and AES-128 encryption and 2 factor authentication for any access to the product, either as a User or Client.
Where consent is required for our use of your personal data, by ticking the appropriate consent box or otherwise communicating your consent to us (whether by phone, email or other means), you consent to our use of that personal data as set out in this policy.
RETAINING YOUR INFORMATION
We will not store your personal data for longer than is reasonably necessary to use it in accordance with this policy or with our legal rights and obligations. For the avoidance of doubt, aggregated and anonymised data and any information other than personal data can be stored indefinitely.
- For App Users, we will retain your personal data for a period 30 days after our relationship with your employer has ended. After this period, your personal data will be anonymised or deleted.
- For Client Users, we will retain personal data for a period of 1 year after our relationship with the employer has ended.
- For Marketing Contacts: we will retain your personal data for a period for so long as necessary to continue to provide you with updates or other marketing emails or other communications in circumstances in which you have consented (where necessary) or else not unsubscribed to receiving such communications and in which we have a continued legitimate interest in undertaking that marketing.
We think it is important that you are able to control your personal information. You have the right to ask us not to process your personal information for marketing purposes.
You can exercise your right to prevent such processing at any time by contacting us at firstname.lastname@example.org.
You have the following rights in regards to your personal information:
- Access. You have the right to access information about the personal data we hold about you. The law gives you the right to request a copy of the personal information we hold about you. We first require you to prove your identity with 2 pieces of approved identification to ensure your right to access your personal data (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We reserve the right to charge a reasonable fee in response to unreasonable or repetitive requests, or requests for further copies of the same information.
- Right to object to processing. You have the right to object at any time to the processing by us of your personal data for direct marketing purposes.
- Rectification. You have the right to request that we rectify any inaccurate personal data that we hold about you.
- Erasure. You have the right to request that we erase any personal data that we hold about you, based on one of a number of grounds, including the withdrawal of your consent. This right does not extend to information which is not personal data. We also reserve the right to retain your personal data in an anonymised form for statistical and benchmarking purposes.
- Request to restriction of processing. This enables you to ask us to restrict the processing of your personal data in certain circumstances, for example if you want us to establish its accuracy or the reason for processing it.
- Portability. You have the right to obtain copies of your personal data to enable you to reuse your personal data across different services and with different companies. You may also request that your personal data is transmitted directly to another organisation where this is technically feasible using our data processing systems.
- Change of preferences. You can change your data processing preferences at any time. For example, if you have given your consent to direct marketing, but have changed your mind, you have the ability to opt out of receiving marketing communications by emailing us at email@example.com.
- If you wish to complain about the processing of your personal information then please contact us first, but if we do not satisfactorily deal with your complaint, then you may contact the Information Commissioner. If you want to stop using the Website and the Services, you may do so. If you do, you may also want to remove any cookies that we have placed on any device used to access the Website and the Services.
THIRD PARTY PROPERTIES ACCESSED FROM THE WEBSITE EG OTHER WEBSITES
Our Website and Services may contain links to and from the online properties of third parties. If you follow a link to any of these online properties, please note that these online properties have their own privacy policies which will govern use of any personal information that they process. Please check these policies carefully before you click on any links and/or submit any personal information to these online properties.
CHANGE OF CONTROL
If the ownership of our business changes, we may transfer your information to the new owner so they can continue to operate the Website and provide the Services. The new owner will be obliged to comply with this Policy.
Any changes we may make to this Policy will be posted on this page. Where it makes sense because the changes are material, we will notify you by e-mail or in another appropriate manner such as when you next interact with the Website.
CONTACTING US IS EASY AND WE WANT TO HEAR FROM YOU
We really do welcome any questions, comments and requests you may have regarding this Policy. You can contact us by emailing us at firstname.lastname@example.org.