Pulsely, May 5 2020, rev. Nov 13 2023
Pulsely Limited, registered in the UK wih the number 13745452 (hereinafter referred to as “Pulsely”) is a D&I analytics tools that unveils data insights for companies to create a more inclusive workplace for all employees. Pulsely will use surveys to collect employee responses and then interpret their answers to provide the company with insights based on Diversity & Inclusion metrics, that can be used to address challenges related with employee well-being in the company. Pulsely is committed with the anonymity of this Data, only disclosing data when there is no risk of employee identification.
Scope and purpose of processing
This Privacy and Cookies policy regulates the processing of personal data of Clients, Employees and any third party that accesses the Website, as defined below (hereinafter referred to as “User” or jointly as “Users”), collected through the use of the website https://pulsely.io/ (hereinafter referred to as the “Website”). Pulsely is the owner and provider of the Website.
In what concerns D&I analytics projects, Pulsely acts as data processor, processing data on behalf of the Client who acts as a data controller (“Controller”) for the purposes of conducting D&I analytics projects within the Client’s workplace, in order to unveil data insights to create a more inclusive workplace for all the Client’s Employees. Pulsely is acting solely in accordance with the instructions given by the Controller.
For the purpose of managing the contractual relationship with clients, Pulsely may collect personal data of the Client’s representative responsible for accessing the Website. In this situation Pulsely will act as Controller. This means that Pulsely in these circumstances alone determines the purposes for which, as well as the manner in which the Data is processed.
Pulsely takes the privacy of the Users’ information very seriously. At Pulsely, we are committed to our Users data privacy and information security. We’ve aligned our security programs with (i) ISO 27001, followed secure development practices, provided ongoing training for our employees, and more. Our policies and procedures are reviewed and compliant with (ii) The General Data Protection Regulation (GDPR).
All third-party services that Pulsely uses in order to process Data and deliver the core specialty of its products are also compliant with (i) and (ii).
Definitions and interpretation
Collectively all personal information that the User submits to Pulsely via the Website. Personal information shall have the meaning defined in the Data Protection Laws.
Company Incorporated in England and Wales with register number 253400246.
A third-party that hires Pulsely services for the purpose of conducting D&I analytics projects within their workplace, in order to unveil data insights to create a more inclusive workplace for all Employees.
Any third-party that has a contractual relationship with the Client, irrespective of the legal character of the relationship, which accesses the Website, for the purpose of participating in a D&I analytics project within the workplace of the Client, in order to unveil data insights to create a more inclusive workplace for all employees.
Cookies are information that is automatically placed in the Users computer or mobile device when they access certain Websites or apps. Cookies identify the browser program on the server, allowing the storage of information in order to improve the Users experience as well as analyze and review the Website’s performance.
The Website that the User is currently using, mostly, and any subdomains of this site unless expressly excluded by their own terms and conditions
Data Protection Laws
Any applicable Law related to the protection of personal data, including but not limited to GDPR, and any national implementing laws, regulations and secondary legislation.
Pulsely individual partner that serves as implementation agent of Pulsely’s pipeline of actions. Partners located (or with availability to travel) in the country where the company that hires Pulsely services is located.
The general data protection regulation (EU) 2016/679.
- the singular includes the plural and vice versa
- a reference to a person includes firms, companies, government entities, trust and partnerships;
- “including” is understood to mean “including without limitation”
- reference to any statutory provision includes any modifications or amendment of it;
We may collect, when having the Users’ consent, the following Data:
- Gender Identity/Sexual Orientation
- Function within the company
- Family Status/Care Giver Status
- Socioeconomic mobility
How we collect Data
We collect data in the following ways:
- Data is given by the User;
- Personal data submitted by the Employees;
- Data is received from the Client’s workforce database (HRIS or HRMS);
- Data is received from other sources, such as surveys or gamified initiatives.
Our use of Data
When the Client registers with us and sets up an account to receive our services, the legal basis for this processing is the performance of a contract between the Client and Pulsely and/or taking steps, at the Client´s request to enter into such a contract. In what concerns D&I analytics projects, the Client acts as Controller and the legal basis for the processing the Employee's Data is their consent.
Who we share Data with?
We may share the User's Data with the following groups of people for the following reasons:
1. Partner Consultants who will be responsible to help interpret the Data and to design methods to implement insights that generated by the same Data.; access for partner consultants will be granted only when:
1.a. Client gives express written permission to Pulsely when contracting with Pulsely directly;
1. b. Client contracts for Pulsely product directly with the partner consultant.
2. The Client's internal Pulsely project manager who will have access to the dashboard and be able to generate a report.
Keeping Data secure
We will use technical and organizational measures to safeguard the Users’ Data, for example:
- Access to accounts is controlled by a password and a username that is unique to the User.
- We store User Data on secure servers.
We have aligned our data security efforts with the ISO 27001 certification. This family of standards help us manage the Data and keep it secure.
Technical and organizational measures including measures to deal with any suspected data breach. If the Users suspect any misuse, loss or authorized access to the Data, the User should immediately contact us via this email address: firstname.lastname@example.org
Data location and retention
Unless a longer retention period is required for legal or regulatory purposes, we will only retain the Users’ Data on our systems for as long as necessary to meet the purposes for which the data was collected.
The Data will be hosted on AWS Servers in Europe.
Links to third-party websites
The links on this Website may lead to other websites managed by third parties. Pulsely is not responsible, does not approve or in any way supports or subscribes to the content of these websites. Pulsely is not responsible for damages resulting from viruses that may infect the User’s device or network, or other assets, due to access to third party websites. This privacy statement is only applicable to Information collected on Pulsely’s website.
The User has the following rights in relation to their Data:
- Right to access the Data – the right to obtain a confirmation of whether or not Data is being processed and when is the case access to the Data;
- Right to rectification - the right to have the Data rectified if it is inaccurate or incomplete;
- Right to erasure - the right to request the erasure of Data;
- Right to restriction of processing - the right to obtain the restriction of processing of the Data;
- Right to data portability - the right to request the copy, or transfer of Data;
- Right to object - the right to object to the processing of the Data.
To exercise any of the rights above, or to withdraw the consent for the processing given, the User should contact us via email here: email@example.com.
The Users have the right to lodge a complaint before the competent supervisory authority should they believe that their Data is not being processed in accordance with the Data Protection Laws.