We take compliance with the GDPR very seriously. Our platform is informed by advice from independent experts and the Information Commissioner’s Office (ICO).
Personal Data is gathered by the system to help organisations determine the rates of harassment, abuse and assault within the organisation on the ground of Legitimate Interest.
You can read more about how you can collect anonymous data, and still comply with the GDPR, in this blog post.
You are responsible for ensuring data is retained in line with your own retention policy. The Culture Shift platform enables data redaction which allows for reports to be archived indefinitely.
Culture Shift use 3 sub-processors to provide our service to you: Amazon Web Services, Mixpanel, and Sentry (Functional Software Inc). In all of these cases these companies act as sub-processors and do not have any direct access to personal data, and the reports themselves are only stored within an Amazon Web Services database, with Mixpanel and Sentry only handling the names and email addresses of administrators and caseworkers. All of these sub-processors are either based in the EU, or we have standard contractual clauses in place to ensure compliance with the GDPR.