Last updated 30th July 2020

The type of personal information we collect

Culture Shift collects data as part of your use of the Culture Shift platform. We collect the following personal data through your usage of the platform:

  • Your name
  • Your e-mail address
  • If using single sign-on, your username within the single sign-on system
  • The name of the licensing organisation you belong to (which may be your employer), and any teams within that organisation you are in
  • The IP address of the computer you are using to access the platform

In addition, we collect and process data on behalf of the licensing organisation as a data processor whilst managing reports submitted through the Report + Support tool. For more information on this, please see the licensing organisation’s privacy policy.

How we get the personal information and why we have it

Most of the personal information we process is provided to us directly by you as part of your account management screen, or by another user within your licensing organisation as part of the creation of your account. If you are using single sign on, this information is also provided to us by the single sign on system used at the licensing organisation.

We also collect information based on your usage of the platform, for example, which screens you view, any errors you experience, and information on your web browser such as version and screen resolution.

We use this information in order to fulfill our contractual obligations to the licensing organisation, to be able to ensure security of the platform, and to help us gain insight into how the product is used and performs so that we can improve it.

We may share this information with the following organisations:

  • Amazon Web Services, Inc is a secure cloud services platform, offering compute power, database storage, content delivery and other functionality. We use Amazon as the host for our platform, and they provide security features to help protect your user account.
  • Google, Inc is used as our email provider and cloud storage system. Any content you submit to us during the onboarding process (for example, lists of users to be added to the system) or communications you have with us will be stored and processed through Google’s servers.
  • HubSpot, Inc provide a full platform of marketing, sales, customer service, and CRM software. We use HubSpot to manage our ongoing relationships with the licensing organisation and our users.
  • Mixpanel, Inc provide a tool that captures information when certain features of the site are used. This is to allow us to understand how the admin dashboard is used to identify if we need to improve the usability of the product and help direct how we improve the service.
  • Functional Software Inc provide Sentry, a tool that allows us to capture and monitor any errors that occur whilst the product is used. We use Sentry to help proactively identify any bugs in the front-end, and help diagnose any issues which are reported via Supportbee.
  • Slack Technologies Inc provide an internal communications tool used by Culture Shift to discuss support requests and co-ordinate onboarding activities. We may use a Slack chat in order to help us respond to a support request which you have submitted.
  • SupportBee, Inc provide an email support software solution that can help companies manage their support emails effectively and efficiently. Support requested submitted to us are hosted and processed by SupportBee.
  • Atlassian Corporation Plc provide Trello, a project management tool that we use to manage the onboarding process and any ongoing major changes which we share with the licensing organisation.

At no point do any of these third parties have permission to access or use any of your data, or any reports submitted through the Report + Support tool, but they act as data processors on behalf of Culture Shift to help us use your data.

Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
(a) Your consent. You are able to remove your consent at any time. You can do this by using the opt-out on your account page.
(b) We have a contractual obligation with the licensing organisation (normally your employer) in order to deliver this service

How we keep your data safe and up to date

In accordance with UK and European data protection laws, we take measures to secure all personal data. Your personal data is stored within the UK. Where data is shared with third party processors (listed above) we ensure a contractual arrangement is in place to ensure they meet all legal requirements. We maintain physical, electronic, and procedural safeguards in connection with the collection, storage, and disclosure of personal and special category data. We are Cyber Essentials certified and have the application penetration tested regularly.

We will only retain data for as long as you remain part of a licensing organisation.

How we uphold your rights

The General Data Protection Regulation (GDPR) provides the following rights for individuals:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling

If you have any concerns about our use of your personal information, you can make a complaint to us by contacting our Data Protection Officer

You have the right to lodge a complaint with the Information Commissioners Office (ICO) if you believe we have not adequately upheld these rights. 

Our ICO registration number is ZA391317.
You can contact our Data Protection Officer via email to

Cookie Policy

We use cookies to provide this platform to you. A cookie is a small text file that is downloaded onto ‘terminal equipment’ (eg a computer or smartphone) when the user accesses a website. It allows the website to recognise that user’s device and store some information about the user’s preferences or past actions.

We use cookies to make our website work. Some of these are necessary, but some are optional and help us with analytics which we use to improve the site. We won’t set optional cookies unless you enable them. You can disable these cookies at any time using your account page.

Functional Cookies

Necessary cookies enable core functionality such as security, authentication, and saving settings. You can disable these by changing your browser settings, but this may affect how the website functions.

Name Purpose Expires
CognitoIdentityServiceProvider* (multiple cookies starting with this name)
amplify-* (multiple cookies starting with this name)
This stores an authentication token that is used to identify you once you have signed in when you sign out or you are prompted to log in again
__mp_opt_in_out This stores whether or not you are opted in or out of analytics (this is also stored in your user account) never

Analytics Cookies

We set analytics cookies to help us to improve our service by collecting and reporting information on how you use it. These cookies will be associated with your user account so can be used to identify you. You can read more about how we use this data in the privacy notice section above.

Name Purpose Expires
mp_[random letters]_mixpanel This identifies you to the Mixpanel analytics service after one year