Privacy Policy

Last updated: August 5, 2024

Author: Pedro da Cunha (Data Protection Officer, DPO)

This Privacy Policy outlines how Pulsely Limited collects, uses, and discloses your information. It applies to all users of our Services, including employees, Admins, and website visitors. "Services" refers to the Diversity and Inclusion data analytics and tools provided by Pulsely, including the Pulsely Platform and Enterprise Solutions.


Definitions and Interpretation

In this privacy policy, the following definitions are used:

Pulsely Limited, Pulsely, we, us or our means Pulsely Limited registered in the UK with the number 13745452 36, Edith Grove, London, SW10 0NJ United Kingdom.

Customer, Client, Company, or Employer means the person or entity that has contracted with Pulsely to allow you to use Pulsely’s Services. As a user this will generally be your employer, or an identified subgroup (i.e., division, department, etc.) within your employer;

Respondent, User, Employee, or Data Subject means any person who accesses our Services to answer surveys (either wholly or partially), conducted by Customer using the Services; 

Admin or Manager means any person who has login credentials to a Customer account to manage that account, create surveys, review and share survey results, or manage the account to enable individual users to provide feedback;

Partner Consultant means an external company/consulting firm/individual partner that serves as an implementation agent of Pulsely’s pipeline of actions.

Visitor means any person who visits our Websites;

Websites means, collectively, www.pulsely.io as well as the other websites that Pulsely operates and that link to this Privacy Policy; and

You or your means either a Client, Admin, Respondent, or Visitor, as applicable.

Legal Basis for Processing

We process your personal data on one or more of the following types of legal basis:

In this Privacy Policy, unless the context requires a different interpretation:

  • Consent: When you provide consent (e.g., for processing sensitive personal data).
  • Contract: To fulfill our contractual obligations with you or your employer.
  • Legitimate Interests: For purposes such as improving our services, ensuring security, and communicating with users.

Data processed by Pulsely

We collect information relating to you and your use of our Services from a variety of sources. Some of this information is collected directly from you and some of this information is collected from your interaction with our Services, your Company, other individuals at your Company, or from third parties.
How and what information we collect about you will depend on the way that you use our Services, for example, 1) whether you visit the Website, 2) whether your Company chooses to collect data using the Pulsely Platform or 3) through an Enterprise Solution, and 4)  whether you are a Respondent or 5) Admin.

  1. Data processed in our Website
    1. Contact information (your name and email address) provided through a form on our website, or an interaction with our sales or customer support team.
    2. Cookies and Tracking Technologies: We use cookies and similar technologies to enhance your experience on our website. You can manage your cookie preferences through our cookie preferences manager. For more information, please refer to our Cookie Policy.
    3. Referral data: If as a Visitor, you navigate to our Websites from an external source (such as a link on another website or via an email), we record information about the source that referred you to us.
  2. Data processed in the Pulsely Platform can be classified into three categories;
    1. Information provided by employees;
    2. Employee information uploaded to Pulsely by employers;
    3. Information Pulsely collects when employees use the platform.
  3. Data processed in Enterprise Solutions can be classified into two categories;
    1. Information provided by employees when they respond to an email survey;
    2. Employee information uploaded to Pulsely by employers (name, email, information related to your role in the company).
  4. Respondents: Employees provide information via their surveys responses and user profiles (which may contain sensitive information on demographic categories selected by their employers).
    1. Employee data is aggregated and anonymized to ensure no individual can be identified.
    2. Sensitive data is processed only with explicit consent and used strictly for providing and improving our services.
    3. We obtain your consent through clear affirmative actions, such as ticking a box or clicking an "I agree" button. You can withdraw your consent at any time by contacting us at askpulsely@pulsely.io.
    4. You can exercise your rights by contacting us at askpulsely@pulsely.io. We will respond to your requests within 30 days. For more details on how to exercise your rights, please refer to our Data Subject Rights section.
  5. Admins: Employers provide information about their employees such as length of tenure, department, job title, location etc. in addition to basic contact information, such as employee email address for the survey to be sent to.

Pulsely automatically collects certain information when the platform is used for systems administration purposes, and to ensure the right access is given to users based on the access rights that the account administrator has set. If you use a credit card for billing, our credit card processor may collect information such as the cardholder’s name, billing address, email address, credit card number, expiry date and credit card security code.

Children's Data

Our services are not intended for children under 16, and we do not knowingly process their data.

Automated Decision-Making and Profiling

We do not engage in automated decision-making or profiling that significantly affects you. Any such activities will be disclosed, and explicit consent will be obtained where necessary.

Data Controller

Data protection law in certain jurisdictions differentiates between the “controller” and “processor” of information. For Respondents and Admins, your company, which is Pulsely’s Customer, will be the controller of your personal information and Pulsely will be the processor. For Website visitors, Pulsely will generally be the controller of your personal information.

How Pulsely processes the data

Information that respondents input to Pulsely is aggregated with information from other respondents, and compared to data from past or future employee responses and/or industry benchmarks. This aggregated information provides managers with views on the levels of inclusion of their employees and sentiment related to their working lives.
Identifiable information isn’t made available to anyone other than the individual who entered their data; no one in the employer organization will have access to personal profile information.
Pulsely may also contact users to gain feedback on how to improve the product, as well as informing our users of new features, versions of the product, or service offerings. We also use this data to handle queries, concerns and complaints.

Access to Data

We may share your data with the following groups of people for the following reasons:

  1. Partner Consultants who will be responsible to help interpret the data and to design methods to implement insights that were generated by the same data. Access for partner consultants will be granted only when:
    1. Client gives express written permission to Pulsely when contracting with Pulsely directly;
    2. Client contracts for Pulsely’s product directly with the Partner Consultant.
  2. The Client's Admin who will have access to the dashboard and be able to generate a report of aggregate results.

In each case, in accordance with this privacy policy.

Data Retention

We retain data for as long as necessary to fulfill the purposes outlined in this policy. Different categories of data may have different retention periods based on contractual obligations and legal requirements. The standard data retention period for Pulsely data is 5 years. In the event that an organization stops using Pulsely, data will be anonymized no later than 6 months after the expiration of the service period. We will not store personal data for longer than is reasonably necessary to use it in accordance with our contractual agreement with the customer or with our legal rights and obligations.

Data Subject Rights

Pulsely commits to respect the following data subjects’ rights of data subjects. The Respondent has the following rights in relation to their Data:

  • Right to access the Data – the right to obtain a confirmation of whether or not Data is being processed;
  • Right to rectification - the right to have the Data rectified if it is inaccurate or incomplete;
  • Right to erasure - the right to request the erasure of Data;
  • Right to restriction of processing - the right to obtain the restriction of processing of the Data;
  • Right to data portability - the right to request the copy, or transfer of Data;
  • Right to object - the right to object to the processing of the Data.
  • Respondents have the right to lodge a complaint before the competent supervisory authority should they believe that their Data is not being processed in accordance with the Data Protection Laws.
  • It is also possible for employees to unsubscribe from Pulsely emails, by clicking on the unsubscribe option on the email. This will result in employees not receiving email notifications from Pulsely.

To exercise any of the rights above, or to withdraw the consent for the processing given, the Respondent should contact us via email here: askpulsely@pulsely.io.

Data hosting and sub-processors

We may transfer your personal data to countries outside the EEA, including the United States, under safeguards such as Standard Contractual Clauses approved by the European Commission.

For Services provided via our Pulsely Platform or Website, our standard third-party subprocessors include:

  • Analytics: Google Analytics 4, Posthog (USA)
  • Web Hosting: AWS (Europe)
  • Payments: Stripe (USA)
  • Email Distribution: Mailgun (USA)
  • Support Chat: Crisp (France)

For Services provided via our Pulsely Platform or Website, our standard third-party subprocessors include:

  • Enterprise Solutions/Custom Surveys data collection: Survey Monkey (EU)
  • Analytics: AWS (Europe)
  • Email Distribution: Mailgun (USA)
  • Data Storage:
    • Google Workspace (EU)
    • Figma: AWS (US)

Data protection

Appropriate technical and organizational measures are in place to mitigate against accidental, unauthorized or unlawful loss, destruction, alteration, disclosure or access to Personal Data. We have aligned our data security efforts with the ISO 27001 requirements. This family of standards help us manage the Data and keep it secure.

Measures implemented by Pulsely include:

  • Encryption of Personal Data.
  • Access to accounts is controlled by a password and a username that is unique to the User.
  • Data storage on secure servers. 
  • Backup and disaster recovery arrangements.
  • The ability to ensure ongoing confidentiality, integrity, availability and resilience of the IT infrastructure and environment.
  • Regular testing and evaluation of the effectiveness of such measures.

In the event of a data breach, Pulsely will notify affected data subjects and relevant authorities within 72 hours, as required by law. We will provide information on the nature of the breach, affected data, and steps taken to mitigate the impact.

If the Users suspect any misuse, loss or authorized access to the Data, the User should immediately contact us via this email address: askpulsely@pulsely.io

Links to third-party websites

‍The links on Pulsely’s website or in the App may lead to other websites managed by third parties. Pulsely is not responsible, does not approve or in any way supports or subscribes to the content of these websites. Pulsely is not responsible for damages resulting from viruses that may infect the User’s device or network, or other assets, due to access to third party websites. This privacy statement is only applicable to information collected on Pulsely’s website or in the App.

Updates to Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any significant changes by posting the new policy on our website and, where feasible, via email. This policy is reviewed annually.

These additions and clarifications can help ensure that Pulsely's privacy policy is robust, clear, and compliant with relevant data protection regulations.

Contact

Pulsely Limited
36 Edith Grove, London, SW10 0NJ, United Kingdom

If you have any questions about this article, please contact Pulsely Support at askpulsely@pulsely.io.