Last updated: 7th October 2020

Where we get your data from:

Culture Shift collects data through our website. We collect data in the following ways:

When you give it to us directly – you may provide data directly through the website to request a call, send us a message or sign up to a newsletter. We will always give you the option to unsubscribe from our communications and you can request to have your data deleted.

When you opt-in to certain cookies – tracking cookies are a type of cookie that can be shared by more than one website or service and commonly used to improve web services and for marketing and advertising purposes. We give you the option to opt-out of these cookies, but you can find out more in our cookie policy.

Where provided to us by our digital marketing agents Prospect Global Ltd (trading as SoPro – registered UK company 0964873) who collect this information from public domain and social media sources where there is a belief you will be interested in our service. You can contact SoPro and view their privacy policy on their website. SoPro are registered with the ICO (registration number Z123456) their Data Protection Officer can be emailed at

We don’t collect data relating to bullying and harassment through the Culture Shift website, only though the Report + Support platform.

What data we collect:

Privacy is really important to Culture Shift, so we only take personal data with permission and only ask for what is necessary.

If you want to sign up for our newsletter we’ll need:

Your name*
Your email address*

If you send us a message through our website we’ll need a little more information so we can get back to you. Some of this information is mandatory, which means you’ll need to supply it to be able to contact us, but some of it might not be relevant to you specifically so it’s up to you if you provide it. We’ll ask for:

First name*
Last name*
Email address*
Phone number
Company name
Job role

If you request a call through the website we’ll need to take some information about you so one of the team gets back to you. Again, some of this information will be mandatory as we’ll need it to contact you. We’ll ask for:

First name*
Last name*
Email address
Phone number*
Company name
Job role

The information that is mandatory is marked with a *.

Where your data is provided to us by SoPro for prospective sales outreach:

First name
Last name
Email address
Company name
Job role

Where we store your data:

All the data processed through the Culture Shift website is stored in HubSpot. HubSpot is a full platform of marketing, sales, customer service, and CRM software that is hosted on Amazon Web Services (AWS) in the United States East region.

HubSpot uses the Google Cloud Platform (GCP) in the EU (Frankfurt, Germany region) to support the processing of local customer data in Europe. This includes leads, email events, and analytics.

Customer data where we are not a controller is processed and secured in the EU before being transmitted and stored in the US.

The cloud infrastructure hosted on Google Cloud Platform (GCP) provides additional redundancy for all HubSpot customers. Various HubSpot services are routed through the GCP EU data center before being securely transferred to the US and securely stored in AWS.

There is no obligation under the GDPR for data to be stored in the EU. The GDPR permits transfers of personal data outside of the EU subject to certain conditions.

You can find out more about HubSpot’s own GDPR compliance here:

How we use your data:

We only use personal data for marketing and communication purposes. We never sell data on to third parties, and you can opt out of any and all communications at any time, either by unsubscribing or contacting us directly.

We work with third-party marketing agencies to help us with our marketing activities. In addition to HubSpot, these third parties are:

* Digital 22 Online Limited
* Prospect Global Ltd (trading as SoPro)

How we keep your data safe and up to date:

In accordance with UK and European data protection laws, we take measures to secure all personal data.

We maintain physical, electronic, and procedural safeguards in connection with the collection, storage, and disclosure of personal customer data. We are Cyber Essentials certified.

The software we use to store customer data is penetration tested regularly and we assign retention periods to all personal data.

Lawful basis for processing:

Under Article 6 of the General Data Protection Regulation we have a legitimate interest to process personal data for communication and marketing purposes.

How we uphold your rights:

The General Data Protection Regulation (GDPR) provides the following rights for individuals:

The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
Rights in relation to automated decision making and profiling

You can request any of the above, or request further information about privacy and security by contacting us directly either through the website or directly to our Data Protection Officer:

Our ICO registration number is ZA391317.
You can contact our data protection officer by email at

You have the right to lodge a complaint with the Information Commissioners Office (ICO) if you believe we have not adequately upheld these rights.