Last updated: 7th October 2020
Where we get your data from:
Culture Shift collects data through our website. We collect data in the following ways:
When you give it to us directly – you may provide data directly through the website to request a call, send us a message or sign up to a newsletter. We will always give you the option to unsubscribe from our communications and you can request to have your data deleted.
We don’t collect data relating to bullying and harassment through the Culture Shift website, only though the Report + Support platform.
What data we collect:
Privacy is really important to Culture Shift, so we only take personal data with permission and only ask for what is necessary.
If you want to sign up for our newsletter we’ll need:
Your email address*
If you send us a message through our website we’ll need a little more information so we can get back to you. Some of this information is mandatory, which means you’ll need to supply it to be able to contact us, but some of it might not be relevant to you specifically so it’s up to you if you provide it. We’ll ask for:
If you request a call through the website we’ll need to take some information about you so one of the team gets back to you. Again, some of this information will be mandatory as we’ll need it to contact you. We’ll ask for:
The information that is mandatory is marked with a *.
Where your data is provided to us by SoPro for prospective sales outreach:
Where we store your data:
All the data processed through the Culture Shift website is stored in HubSpot. HubSpot is a full platform of marketing, sales, customer service, and CRM software that is hosted on Amazon Web Services (AWS) in the United States East region.
HubSpot uses the Google Cloud Platform (GCP) in the EU (Frankfurt, Germany region) to support the processing of local customer data in Europe. This includes leads, email events, and analytics.
Customer data where we are not a controller is processed and secured in the EU before being transmitted and stored in the US.
The cloud infrastructure hosted on Google Cloud Platform (GCP) provides additional redundancy for all HubSpot customers. Various HubSpot services are routed through the GCP EU data center before being securely transferred to the US and securely stored in AWS.
There is no obligation under the GDPR for data to be stored in the EU. The GDPR permits transfers of personal data outside of the EU subject to certain conditions.
You can find out more about HubSpot’s own GDPR compliance here: https://www.hubspot.com/data-privacy/gdpr/product-readiness
How we use your data:
We only use personal data for marketing and communication purposes. We never sell data on to third parties, and you can opt out of any and all communications at any time, either by unsubscribing or contacting us directly.
We work with third-party marketing agencies to help us with our marketing activities. In addition to HubSpot, these third parties are:
* Digital 22 Online Limited
* Prospect Global Ltd (trading as SoPro)
How we keep your data safe and up to date:
In accordance with UK and European data protection laws, we take measures to secure all personal data.
We maintain physical, electronic, and procedural safeguards in connection with the collection, storage, and disclosure of personal customer data. We are Cyber Essentials certified.
The software we use to store customer data is penetration tested regularly and we assign retention periods to all personal data.
Lawful basis for processing:
Under Article 6 of the General Data Protection Regulation we have a legitimate interest to process personal data for communication and marketing purposes.
How we uphold your rights:
The General Data Protection Regulation (GDPR) provides the following rights for individuals:
The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling
You can request any of the above, or request further information about privacy and security by contacting us directly either through the website or directly to our Data Protection Officer:
You have the right to lodge a complaint with the Information Commissioners Office (ICO) if you believe we have not adequately upheld these rights.