About Pulsely

Read here about our Privacy Policy

Pulsely, May 5 2020

[insert full designation] (hereinafter referred to as “Pulsely”) is D&I analytics tools that unveils data insights for companies to create a more inclusive workplace for all employees. Pulsely will use surveys to collect employee responses and then interpret their answers to provide the company with insights based on Diversity & Inclusion metrics, that can be used to address challenges related with employee well-being in the company. Pulsely is committed with the anonymity of this Data, only disclosing data when there is no risk of employee identification.


Scope and purpose of processing

This Privacy and Cookies policy regulates the processing of personal data of Clients, Employees and any third party that accesses the Website, as defined below (hereinafter referred to as “User” or jointly as “Users”), collected through the use of the website [insert link to website] (hereinafter referred to as the “Website”). Pulsely is the owner and provider of the Website. 

In what concerns D&I analytics projects, Pulsely acts as data processor, processing data on behalf of the Client who acts as a data controller (“Controller”) for the purposes of conducting D&I analytics projects within the Client’s  workplace, in order to unveil data insights to create a more inclusive workplace for all the Client’s Employees. Pulsely is acting solely in accordance with the instructions given by the Controller.

For the purpose of managing the contractual relationship with clients, Pulsely may collect personal data of the Client’s representative responsible for accessing the Website. In this situation Pulsely will act as Controller. This means that Pulsely in these circumstances alone determines the purposes for which, as well as the manner in which the Data is processed.

Pulsely takes the privacy of the Users’ information very seriously. At Pulsely, we are committed to our Users data privacy and information security. We’ve aligned our security programs with (i) ISO 27001, followed secure development practices, provided ongoing training for our employees, and more. Our policies and procedures are reviewed and compliant with (ii) The General Data Protection Regulation (GDPR).

All third-party services that Pulsely uses in order to process Data and deliver the core specialty of its products are also compliant with (i) and (ii).


Definitions and interpretation

In this privacy policy, the following definitions are used:

Data

Collectively all personal information that the User submits to Pulsely via the Website. Personal information shall have the meaning defined in the Data Protection Laws.

Pulsely

Company Incorporated in England and Wales with register number 253400246.

Client

A third-party that hires Pulsely services for the purpose of conducting D&I analytics projects within their workplace, in order to unveil data insights to create a more inclusive workplace for all Employees.

Employee

Any third-party that has a contractual relationship with the Client, irrespective of the legal character of the relationship, which accesses the Website, for the purpose of participating in a D&I analytics project within the workplace of the Client, in order to unveil data insights to create a more inclusive workplace for all employees.

Cookies

Cookies are information that is automatically placed in the Users computer or mobile device when they access certain Websites or apps. Cookies identify the browser program on the server, allowing the storage of information in order to improve the Users experience as well as analyze and review the Website’s performance.

Website

The Website that the User is currently using, mostly, and any subdomains of this site unless expressly excluded by their own terms and conditions

Data Protection Laws

Any applicable Law related to the protection of personal data, including but not limited to GDPR, and any national implementing laws, regulations and secondary legislation.

Partner Consultants

Pulsely individual partner that serves as implementation agent of Pulsely’s pipeline of actions. Partners located (or with availability to travel) in the country where the company that hires Pulsely services is located.

GDPR

The general data protection regulation (EU) 2016/679.


In this Privacy Policy, unless the context requires a different interpretation:

  1. the singular includes the plural and vice versa
  2. references to sub-clauses, clauses, schedules or appendices are to sub-clauses, clauses, schedules or appendices of this privacy policy;
  3. a reference to a person includes firms, companies, government entities, trust and partnerships;
  4. “including” is understood to mean “including without limitation”
  5. reference to any statutory provision includes any modifications or amendment of it;
  6. the headings and subheadings do not form part of this privacy policy.

This privacy policy applies only this Website. It does not extend to any websites that can be accessed from this Website including, but not limited to, any links we might provide to social media websites.


Data Collected

We may collect, when having the Users’ consent, the following Data:

  1. Name
  2. Tenure
  3. Gender Identity/Sexual Orientation
  4. Ethnicity
  5. Disability
  6. Education
  7. Function within the company
  8. Nationality
  9. Family Status/Care Giver Status
  10. Socioeconomic mobility

How we collect Data

We collect data in the following ways:

  1. Data is given by the User;
  2. Personal data submitted by the Employees;
  3. Data is received from the Client’s workforce database (HRIS or HRMS);
  4. Data is received from other sources, such as surveys or gamified initiatives.

Our use of Data

 We will only use the Data for the above purposes if we have the Users´ consent. The User is not compelled to accept our Privacy Policy, in which case we will not use the User’s Data in any circumstances. If a User chooses not to accept our Privacy Policy, the aggregated Data will be affected, however this does not invalidate the overall results of our services. 

When the Client registers with us and sets up an account to receive our services, the legal basis for this processing is the performance of a contract between the Client and Pulsely and/or taking steps, at the Client´s request to enter into such a contract. In what concerns D&I analytics projects, the Client acts as Controller and the legal basis for the processing the Employee's Data is their consent.

Who we share Data with?

We may share the User's Data with the following groups of people for the following reasons:

  1. Partner Consultants who will be responsible to help interpret the Data and to design methods to implement insights that generated by the same Data.; access for partner consultants will be granted only when:
  2. Client gives express written permission to Pulsely when contracting with Pulsely directly;
  3. Client contracts for Pulsely product directly with the partner consultant. 
  4. The Client's internal Pulsely project manager who will have access to the dashboard and be able to generate a report.

In each case, in accordance with this privacy policy.

Keeping Data secure

We will use technical and organizational measures to safeguard the Users’ Data, for example:

  1. Access to accounts is controlled by a password and a username that is unique to the User.
  2. We store User Data on secure servers.

We have aligned our data security efforts with the ISO 27001 certification. This family of standards help us manage the Data and keep it secure.

Technical and organizational measures including measures to deal with any suspected data breach. If the Users suspect any misuse, loss or authorized access to the Data, the User should immediately contact us via this email address: askpulsely@pulsely.io

Data location and retention

Unless a longer retention period is required for legal or regulatory purposes, we will only retain the Users’ Data on our systems for as long as necessary to meet the purposes for which the data was collected. 

The Data will be hosted on AWS Servers in Europe.  

Links to third-party websites

The links on this Website may lead to other websites managed by third parties. Pulsely is not responsible, does not approve or in any way supports or subscribes to the content of these websites. Pulsely is not responsible for damages resulting from viruses that may infect the User’s device or network, or other assets, due to access to third party websites. This privacy statement is only applicable to Information collected on Pulsely’s website.

User’s rights

The User has the following rights in relation to their Data:

  1. Right to access the Data – the right to obtain a confirmation of whether or not Data is being processed and when is the case access to the Data;
  2. Right to rectification - the right to have the Data rectified if it is inaccurate or incomplete;
  3. Right to erasure - the right to request the erasure of Data; 
  4. Right to restriction of processing - the right to obtain the restriction of processing of the Data;
  5. Right to data portability - the right to request the copy, or transfer of Data;
  6. Right to object - the right to object to the processing of the Data.

To exercise any of the rights above, or to withdraw the consent for the processing given, the User should contact us via email here: askpulsely@pulsely.io.

The Users have the right to lodge a complaint before the competent supervisory authority should they believe that their Data is not being processed in accordance with the Data Protection Laws. 


Changes to the Privacy Policy

Pulsely reserves the right to alter this privacy policy at any time. These changes will be duly publicized through the Website and, if they imply a substantial change in the way the User’s data will be processed, Pulsely will notify the User of such changes through the contact details provided. 

  1. Cookie Policy

This cookie policy is intended to be used on websites and platforms that use this type of technologies. Through this text Pulsely provides users with information on the use of cookies and, to the extend that there is a collection of personal data, on the terms of the processing of personal data through cookies.

This policy was prepared considering the obligations arising from the GDPR. We note that in Portugal, the cookie regime is contained in the e-Privacy Law (Law no. 41/2004, of 18 August), which is currently under review. For the purpose of elaborating this policy, we have considered the latest version of the e-Privacy Regulation Proposal made public, available at [https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CONSIL:ST_6543_2020_INIT&from=PT]. In this sense, to the extent that (i) the GDPR provides that the national legislation and/or the national data protection authority may regulate specific terms concerning the use of cookies and (ii) the approved version of the e-Privacy Regulation will differ from the proposal, it may be necessary to proceed to adaptations and revisions of the present policy.