Get a 360-degree view of your organization’s health in our beta program
Click here to view a PDF of our Privacy Policy & Commitment to Data Privacy.
Sociometric Solutions, Inc., trading as Humanyze, (“Humanyze” or “we” or “us”) are committed to protecting and respecting your privacy. We are registered in the state of Delaware, United States of America under file number 5047652 and have our registered office at 160 Greentree Drive, Suite 101, Dover, Delaware, 19904 USA and our primary business location at 867 Boylston Street – Suite 500, Boston, MA 02116, USA. If you have any questions regarding this policy, you may contact us at info@humanyze.com.
We are also a participant in the Data Privacy Framework, as operated by the US Department of Commerce. Details of our compliance with the Data Privacy Framework can be found in Section 3 of this policy.
As used in this policy (a) “GDPR” means the General Data Protection Regulation (EU) 2016/679; (b) “UK Data Protection Laws” means the UK GDPR and the UK’s Data Protection Act 2018 (“UK DPA 2018”); (c) “UK GDPR” means the UK equivalent of the GDPR, as defined in section 3(10) (and as supplemented by section 205(4)) of the UK DPA 2018; (d) “European Data Protection Laws” means the GDPR and/or UK Data Protection Laws, in each case to the extent applicable; and (e) “controller” and “processor” shall have the meanings set out in the European Data Protection Laws.
For the purpose of the European Data Protection Laws, we are the data controller of the data set out in this Section 1, and we are data processor of data we receive from your employer as set out in Section 2 below. Please read this policy carefully to understand our practices regarding the processing of your personal data. For the purposes of this policy, “personal data” refers to any information relating to an identified or identifiable natural person.
If an organization with which you are associated, such as your employer, (an “Organization”) signs up to use our services, we may receive information about you in connection with our provision of such services to your Organization including the information set out in Section 2 of this policy. To the extent we process that information solely in order to provide such services to your Organization, we will act as a processor on behalf of your Organization in respect of that information, which means: we will handle that information solely at the direction of your Organization; and your Organization (and not us) is responsible for obtaining all necessary consents and providing you with all requisite information as required by applicable law.
By using our website, services, applications, products and content, and our Humanyze Elements™ software (collectively, the “Platform”), you accept the practices described in this policy.
As used in this policy, the terms “using” and “processing” information include using Cookies (as defined below) on a computer, subjecting the information to statistical or other analysis and using or handling information in any way, including, but not limited to collecting, storing, evaluating, modifying, deleting, using, combining, disclosing and transferring information within Humanyze or among our affiliates within the United States or internationally.
We may collect and use the following information about you:
We use cookies and other similar technologies (e.g. web beacons, Flash cookies, etc.) (“Cookies”) to enhance your experience using the Platform. Cookies are small files which, when placed on your device, enable us to provide certain features and functionality.
We use the following Cookies:
If for any reason you wish to not take advantage of Cookies, you may disable Cookies by changing the settings on your browser. However, if you do so, this may affect your enjoyment of the Platform. Unless you opt out of Cookies, to the extent permitted by applicable law we will assume you consent to the use of Cookies.
For the avoidance of doubt, the Platform uses third-party services (including to help analyze how users use the Platform). These third-party services may place cookies on your computer or mobile device. If you would like to disable “third party” cookies, you may be able to turn them off by going to the third party’s website.
Here are links to the main third-party services we use: Addtoany BambooHR Google Sentry Amplitude Calendly Hotter Stripe Automatic CookiesYes Marketo
We will only use your information to the extent that the law allows us to do so. Legal bases for our processing your information may include (without limitation):
We may also use the information you give us and other information we collect about you in the following ways:
In addition, it is in our legitimate interest to conduct research and as such we may pseudonymize data and process this pseudonymized data for research purposes.
We may share your personal data with selected third parties in or outside the European Economic Area (“EEA”) or United Kingdom (“UK”), including:
We may share your information with law enforcement agencies, public authorities or other organisations if legally required to do so, or if we have a good faith belief that such use is reasonably necessary to:
We may also disclose your information to:
The information that we collect from you may be transferred to, and stored at, a destination outside of your country and the EEA or UK (as applicable), and particularly to the United States of America. It may also be processed by staff operating outside your country or the EEA or UK (as applicable) who work for us, for one of our suppliers or one of our business partners. By submitting your information, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this policy.
Without limitation of the foregoing, you hereby expressly grant consent to Humanyze to: (a) process and disclose your information in accordance with this policy; (b) transfer your information throughout the world, including to the United States or other countries that do not ensure adequate protection for personal data (as determined by the European Commission or the UK Information Commissioner’s Office, as applicable, each, an “Inadequate Jurisdiction”) and/or countries that may not have laws of general applicability regulating the use and transfer of such information; and (c) disclose your information to comply with lawful requests by public authorities, including to meet national security or law enforcement requirements. To the extent required by applicable law: whenever we transfer your personal data to third parties (as described in this policy) located in an Inadequate Jurisdiction, we ensure a similar degree of protection is afforded to it; we may use specific contracts approved by the European Commission (accessible at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj) or the UK Information Commissioner’s Office (accessible at https://ico.org.uk/for-organisations/uk-gdprguidance- and-resources/international-transfers/international-data-transfer-agreement-andguidance/), as applicable, which give personal data the same protection it has in the EEA or UK (as applicable); and if we rely on another basis to transfer your personal data to an Inadequate Jurisdiction, we will keep you updated or contact you if required.
For specific information regarding how we handle personal data received from the EEA, Switzerland, or the UK to the United States, please see Section 3 below.
We want your personal data to remain secure. We strive to provide transmission of your personal data from your computer or mobile device to our servers through techniques that are consistent with commercially reasonable standards and to employ administrative, physical, and electronic measures designed to protect your personal data from unauthorized access.
Notwithstanding the above, you should be aware that there is always some risk involved in transmitting information over the Internet. There is also some risk that others could find a way to thwart our security systems. As a result, while we strive to protect your personal data, we cannot ensure or warrant the security or privacy of any information you transmit to us, and you do so at your own risk.
We will only retain your personal data for as long as necessary to fulfill the purposes for which we collected it or as otherwise permitted by applicable law.
To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of that personal data, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.
Any changes we may make to this policy in the future will be posted on this page. Please check back frequently to see any updates or changes to this policy. If we make any material changes to this policy, we will post the updated policy here and notify our users by posting the updated policy at humanyze.com.
Questions, comments and requests regarding this policy are welcomed and should be addressed to info@humanyze.com.
We are committed to protecting the privacy of children. The Platform is not designed for or directed to children under the age of 13. We do not collect information from any person we actually know is under the age of 13.
Our customers, usually your employer, engage Humanyze to provide individual-level and management-level feedback to better understand the interactions and communications of their workforce. As part of our contract with our customers, we may process data on their behalf such as pseudonymous email logs (no content is shared with us), pseudonymized instant messaging logs (no content is shared with us), pseudonymized calendar events, and limited pseudonymized HR data such as gender and organisational role or job title.
Our customers are the data controller of this data and questions about their data handling processes should in the first instance be addressed to them. At all times, we act as a service provider to our customers, and process data on their behalf.
Humanyze complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Humanyze has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Humanyze has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. The EU-U.S. DPF Principles and Swiss- U.S. DPF Principles shall be referred to collectively herein as the “Principles”.
If there is any conflict between the terms in this policy and the Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/ and https://www.dataprivacyframework.gov/list. Humanyze commits to subject all personal data received from the European Union, the United Kingdom (and Gibraltar), and Switzerland under the DPF to the Principles.
For the categories of personal data collected by Humanyze, please see Section 1, Subsections 1 and 2 and Section 2 of this policy; for the purposes for which Humanyze collects and uses personal data, please see Section 1, Subsections 2 and 3 and Section 2 of this policy; for the categories of third parties to which Humanyze discloses personal data and our purposes for doing so, please see Section 1, Subsections 3 and 4 of this policy; and for more information regarding your right to access your personal data and your choices and the means Humanyze offers you for limiting the use and disclosure of your personal data, please see Section 1, Subsection 8 of this policy.
With respect to the categories of data set out in Section 2 of this policy that Humanyze receives under this Section 3: Humanyze collects and uses such data only on the instructions of the applicable thirdparty controller and will work with the applicable third-party controller to facilitate your data subject rights. Notwithstanding any other provision of this policy, and for the avoidance of doubt, with respect to personal data processed by Humanyze solely on behalf of a third-party controller, the provisions of this policy specific to such data, including Section 2, continue to apply in accordance with the DPF, but may be limited to working with the respective controller, given our role as a processor.
In compliance with the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, Humanyze commits to resolve complaints about our collection or use of your personal data transferred to the U.S. pursuant to the EU-U.S. DPF and the UK extension to the EU-U.S. DPF, and the Swiss-U.S. DPF. EU, UK, and Swiss individuals with inquiries or complaints should first contact Humanyze at info@humanyze.com.
Humanyze has further committed to refer unresolved DPF Principles-related complaints to a U.S.- based independent dispute resolution mechanism, BBB NATIONAL PROGRAMS. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf.
Before Humanyze discloses your personal data to a third party, we will require that such third party provide the same level of privacy protection as is required by the Data Privacy Framework. Humanyze remains liable under the Data Privacy Framework if third-party agents that it retains to process your personal data on our behalf process your personal data in a manner inconsistent with the Data Privacy Framework, unless Humanyze can prove that it is not responsible for the event giving rise to the damage. For more information regarding Humanyze’s disclosure of personal data to third parties, please see Section 1, Subsection 4 of this policy.
Adherence by Humanyze to the Principles and the provisions set forth in this Section 3 may be limited (a) to the extent necessary to comply with a court order or meet public interest, law enforcement, or national security requirements, including where statute or government regulation create conflicting obligations; (b) by statute, court order, or government regulation that creates explicit authorizations; or (c) if the effect of the European Data Protection Laws, to the extent applicable, is to allow exceptions or derogations, under the conditions set out therein, provided that such exceptions or derogations are applied in comparable contexts.
In certain circumstances, Humanyze may be required to disclose your personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Finally, note that the Federal Trade Commission has jurisdiction over Humanyze’s compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.