Dashboard privacy notice
Last updated 30th July 2020
The type of personal information we collect
Culture Shift collects data as part of your use of the Culture Shift platform. We collect the following personal data through your usage of the platform:
- Your name
- Your e-mail address
- If using single sign-on, your username within the single sign-on system
- The name of the licensing organisation you belong to (which may be your employer), and any teams within that organisation you are in
- The IP address of the computer you are using to access the platform
How we get the personal information and why we have it
Most of the personal information we process is provided to us directly by you as part of your account management screen, or by another user within your licensing organisation as part of the creation of your account. If you are using single sign on, this information is also provided to us by the single sign on system used at the licensing organisation.
We also collect information based on your usage of the platform, for example, which screens you view, any errors you experience, and information on your web browser such as version and screen resolution.
We use this information in order to fulfill our contractual obligations to the licensing organisation, to be able to ensure security of the platform, and to help us gain insight into how the product is used and performs so that we can improve it.
We may share this information with the following organisations:
- Amazon Web Services, Inc is a secure cloud services platform, offering compute power, database storage, content delivery and other functionality. We use Amazon as the host for our platform, and they provide security features to help protect your user account.
- Google, Inc is used as our email provider and cloud storage system. Any content you submit to us during the onboarding process (for example, lists of users to be added to the system) or communications you have with us will be stored and processed through Google’s servers.
- HubSpot, Inc provide a full platform of marketing, sales, customer service, and CRM software. We use HubSpot to manage our ongoing relationships with the licensing organisation and our users.
- Mixpanel, Inc provide a tool that captures information when certain features of the site are used. This is to allow us to understand how the admin dashboard is used to identify if we need to improve the usability of the product and help direct how we improve the service.
- Functional Software Inc provide Sentry, a tool that allows us to capture and monitor any errors that occur whilst the product is used. We use Sentry to help proactively identify any bugs in the front-end, and help diagnose any issues which are reported via Supportbee.
- Slack Technologies Inc provide an internal communications tool used by Culture Shift to discuss support requests and co-ordinate onboarding activities. We may use a Slack chat in order to help us respond to a support request which you have submitted.
- SupportBee, Inc provide an email support software solution that can help companies manage their support emails effectively and efficiently. Support requested submitted to us are hosted and processed by SupportBee.
- Atlassian Corporation Plc provide Trello, a project management tool that we use to manage the onboarding process and any ongoing major changes which we share with the licensing organisation.
At no point do any of these third parties have permission to access or use any of your data, or any reports submitted through the Report + Support tool, but they act as data processors on behalf of Culture Shift to help us use your data.
Under the General Data Protection Regulation (GDPR), the lawful bases we rely on for processing this information are:
(a) Your consent. You are able to remove your consent at any time. You can do this by using the opt-out on your account page.
(b) We have a contractual obligation with the licensing organisation (normally your employer) in order to deliver this service
How we keep your data safe and up to date
In accordance with UK and European data protection laws, we take measures to secure all personal data. Your personal data is stored within the UK. Where data is shared with third party processors (listed above) we ensure a contractual arrangement is in place to ensure they meet all legal requirements. We maintain physical, electronic, and procedural safeguards in connection with the collection, storage, and disclosure of personal and special category data. We are Cyber Essentials certified and have the application penetration tested regularly.
We will only retain data for as long as you remain part of a licensing organisation.
How we uphold your rights
The General Data Protection Regulation (GDPR) provides the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
If you have any concerns about our use of your personal information, you can make a complaint to us by contacting our Data Protection Officer
You have the right to lodge a complaint with the Information Commissioners Office (ICO) if you believe we have not adequately upheld these rights.
Necessary cookies enable core functionality such as security, authentication, and saving settings. You can disable these by changing your browser settings, but this may affect how the website functions.
|CognitoIdentityServiceProvider* (multiple cookies starting with this name)
amplify-* (multiple cookies starting with this name)
|This stores an authentication token that is used to identify you once you have signed in||when you sign out or you are prompted to log in again|
|__mp_opt_in_out||This stores whether or not you are opted in or out of analytics (this is also stored in your user account)||never|
We set analytics cookies to help us to improve our service by collecting and reporting information on how you use it. These cookies will be associated with your user account so can be used to identify you. You can read more about how we use this data in the privacy notice section above.
|mp_[random letters]_mixpanel||This identifies you to the Mixpanel analytics service||after one year|