Data Processing Information Sheet  

This Data Processing Information Sheet sets out the type of data processing information the Customer agrees to the Provider to process in compliance with the EU General Data Protection Regulation (GDPR), in force from 25 May 2018.

1.      Categories of data subject

  • Employees, contractors and suppliers of customers whom are provided access to the system
  • Those named and/or described in formal reports or intelligence reports (anonymous reports or messages) by users

2.      Types of Personal Data

  • Names
  • Location
  • Email address and any further contact details provided
  • Any personal characteristics volunteered in free text fields which the user has control of, this may include protected characteristics and will be at the users’ discretion
  • Device details (e.g. IP address, location, cookie IDs)
  • Any photos or images provided by users within reports

3.      Purposes of processing

  • Provide Customers the ability to look into and investigate potential or alleged workplace malfeasance, e.g. harassment, discrimination, workplace violence, mismanagement, bullying and other types
  • Support and assist users seeking help
  • Create business intelligence using aggregated data allowing Customers to positively improve workplace safety and culture

4.      Security measures for Personal Data

  • Encryption at rest and in transit
  • Firewalls
  • Malware scans
  • Antivirus
  • Patches and software updates on release
  • Frequent penetration testing
  • Access rights
  • Information security policies
  • Awareness and training
  • Reviews and audits

5.      Sub-processors of Personal Data

  • Cloud infrastructure providers

6. Variation of terms

  • The Company reserves the right to vary these terms from time to time. You will be notified of any proposed variation and will be deemed to have accepted said variation unless you provide written rejection of said variations within 15 business days.