Click here to view a PDF of our Privacy Policy & Commitment to Data Privacy

Humanyze – Privacy Policy
Last Updated: July 28th, 2021

Section 1: Where we are data controller

Sociometric Solutions, Inc., trading as Humanyze, (“we” or “us”) are committed to protecting and respecting your privacy. We are registered in the state of Delaware, United States of America under file number 5047652 and have our registered office at 160 Greentree Drive, Suite 101, Dover, Delaware, 19904 USA and our primary business location at 100 Cambridge St, Boston Massachusetts 02114.  Our data protection officer can be contacted at daniel.olguin@humanyze.com.

We are also a participant in the EU-US Privacy Shield Framework, as operated by the US Department of Commerce (“Privacy Shield”). Details of our compliance with the Privacy Shield can be found at https://www.privacyshield.gov/.

For the purpose of EU data protection laws, we are the data controller of the data set out in this Section 1, and we are the data processor of data from your employer. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

By using our website, services, applications, products and content, and our software (collectively, the “Platform”), you accept the practices described in this policy.

The Types of Personal Data We Use

We may collect and use the following information about you:

  • Information you give us.You may give us information about you by using our Platform or by corresponding with us by e-mail or otherwise. This includes information you provide when you register on the Platform, such as your user profile, name, and email address. We may use your email address to give you access to aggregate data through the Microsoft® PowerBI platform.

How We Use Your Personal Data

We will use the information in the following ways:

  • As it is in our legitimate interests to be responsive to you and to ensure the proper functioning of our Platform and organisation, we may use information you give us and information we collect about you to:
    • notify you about changes to our service;
    • provide you with user support;
    • enforce our terms, conditions and policies;
    • communicate with you;
    • improve and administer our services;
    • for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
    • keep our services safe and secure;
    • and develop our services and conduct product development;

How We Share Your Personal Data

We may share your personal data with selected third parties in or outside the European Economic Area (“EEA”), including:

  • our suppliers and subcontractors who help us run the Platform; and
  • analytics providers that assist us in the improvement and optimisation of the Platform.

We may share your information with law enforcement agencies, public authorities or other organisations if legally required to do so, or if we have a good faith belief that such use is reasonably necessary to:

  • comply with legal obligation, process or request;
  • enforce our terms of service and other agreements, policies, and standards, including investigation of any potential violation thereof;
  • detect, prevent or otherwise address security, fraud or technical issues; or
  • protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law (including exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction).
  • Humanyze reserves the right to share your Information to respond to authorized information requests of governmental authorities or where required by law. Humanyze reserves the right to use or disclose personal information provided to Humanyze in response to a lawful request by public authorities, including to meet national security or law enforcement requirements, or if Humanyze reasonably believes that use or disclosure is necessary to protect Humanyze’s rights and/or to comply with a judicial proceeding, court order, or legal process. In exceptionally rare circumstances where national, state, or company security is at issue, Humanyze reserves the right to share our entire database of visitors and clients with appropriate government authorities.

We may also disclose your information to third parties:

  • in the event that we sell or buy any business or assets, in which case we may disclose your data to the prospective seller or buyer of such business or assets; or
  • if we sell, buy, merge or partner with other companies or businesses, or sell some or all of our assets. In such transactions, user information may be among the transferred assets.

Storage of Personal Data

The information that we collect from you may be transferred to, and stored at, a destination outside of your country and the European Economic Area (“EEA“), and particularly to the United States of America. It may also be processed by staff operating outside your country or the EEA who work for us, for one of our suppliers or one of our business partners. By submitting your information, you agree to this transfer, storing or processing. We will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this policy.

Your email addresses will be stored within the Humanyze Microsoft® Environment.  For additional information on how Microsoft stores and secures your personal data please visit their privacy page found here.

Data Retention

After you terminate the use of our services, we will retain your information as follows and as required under applicable laws:

  • Information you give to us: for up to 30 days.

After you have terminated your use of our services, we may store your information in an aggregated and anonymised format. After the data has been anonymised and aggregated, we may use the data for research purposes.

Your Rights

  • Data rights. You have the right to access personal data we hold about you, to rectify any personal data held about you that is inaccurate and to request the deletion of personal data held about you. You can exercise your rights by contacting us at help@humanyze.com.
  • In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance at help@humanyze.com and we will endeavour to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with your data protection authority.

Changes

  • Any changes we may make to this policy in the future will be posted on the Humanyze Website. Please check back frequently to see any updates or changes to this policy. If we make any material changes to this Privacy Policy, we will post the updated Privacy Policy here and notify our users.

Contact

  • Questions, comments and requests regarding this policy are welcomed and should be addressed to help@humanyze.com.

Section 2: Where we are the Data Processor

Our customers, usually your employer, engage Humanyze to provide aggregated and anonymised management-level feedback to better understand the interactions and communications of their workforce.  As part of our contract with our customers, we may process data on their behalf such as:

  • Communication metadata captured from communication and collaboration technologies, such as Microsoft Exchange, Microsoft Teams, Google Suite, Zoom, and Slack (“communication tools”). These communication tools store metadata such as from/to/cc/timestamp/meeting invite with respect to a group of participants. Communication metadata is hashed and pseudonymized prior to transfer to Humanyze.
  • Participant demographic metadata such as participants’ primary teams, manager level, department, etc. Direct identifiers, such as name or email, are removed from the participant demographic metadata prior to being made available to Humanyze.  Our customers leverage an alias that allows them to pseudonymize the participant demographic metadata internally prior to transferring it to Humanyze.  Once the pseudonymized participant metadata is transferred to Humanyze, although such pseudonymized data remains identifiable to our customer through use of the alias, there is no method available to Humanyze to enable Humanyze to trace the alias back to an individual.
  • Device metadata in the form of building entry data. This type of metadata is pseudonymized prior to transfer to Humanyze.

Our customers are the data controller of this data and questions about their data handling processes should in the first instance be addressed to them. At all times, we act as a service provider to our customers, and process data on their behalf.

Privacy Shield Statement

 Sociometric Solutions, Inc., trading as Humanyze, (“we” or “us”) are committed to protecting and respecting your privacy. We are registered in the state of Delaware, United States of America under file number 5047652 and have our registered office at 160 Greentree Drive, Suite 101, Dover, Delaware, 19904 USA and our primary business location at 100 Cambridge Street, Suite 1310, Boston, Massachusetts 02114 USA.

We recognise that Europe has established strict protections for the processing of European personal data, including the requirements to provide adequate protection for such data when transferred outside the European Economic Area (“EEA”). To provide adequate protection for all personal data received from the EEA, we have elected to self-certify to the EU-US Privacy Shield Framework, as operated by the US Department of Commerce (“Privacy Shield”).

Humanyze complies with the EU-US Privacy Shield Framework as set forth by the US Department of Commerce regarding the collection, use, and retention of personal information from European Union members countries. Humanyze has certified that it adheres to the Privacy Shield Principles. If there is any conflict between the policies in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/

A full list of companies who have self-certified with the Privacy Shield is available at https://www.privacyshield.gov/.

  1. Our commitment to the Principles

We commit to comply with the EU-US Privacy Shield Principles (the “Principles”) with respect to all personal data that we receive from the EEA. Individuals whose personal data is received by us from other non-EEA jurisdictions do not have the rights set out in this statement.

  1. Types of personal data collected

The types of personal data collected are set out in the section titled “The types of personal data we use” in the Privacy Policy:

  • Information you give us.You may give us information about you by using our Platform or by corresponding with us by e-mail or otherwise. This includes information you provide when you register on the Platform, such as your user profile, name, and email address.
  1. The purposes for collection and use

The purposes for collection and use are set out in the section titled “How we use your personal data” in the Privacy Policy:

  • As it is in our legitimate interests to be responsive to you and to ensure the proper functioning of our Platform and organisation, we may use information you give us and information we collect about you to:
    • notify you about changes to our service;
    • provide you with user support;
    • enforce our terms, conditions and policies;
    • communicate with you;
    • improve and administer our services;
    • for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
    • keep our services safe and secure;
    • and develop our services and conduct product development;
  1. Types of third parties to whom we disclose personal data and purposes for disclosure

The types of third parties to whom we may disclose personal data is set out in the section titled “How we share your personal data” in the Privacy Policy:

We may share your personal data with selected third parties in or outside the European Economic Area (“EEA”), including:

  • our suppliers and subcontractors who help us run the Platform; and
  • analytics providers that assist us in the improvement and optimisation of the Platform.

We may share your information with law enforcement agencies, public authorities or other organisations if legally required to do so, or if we have a good faith belief that such use is reasonably necessary to:

  • comply with legal obligation, process or request;
  • enforce our terms of service and other agreements, policies, and standards, including investigation of any potential violation thereof;
  • detect, prevent or otherwise address security, fraud or technical issues; or
  • protect the rights, property or safety of us, our users, a third party or the public as required or permitted by law (including exchanging information with other companies and organisations for the purposes of fraud protection and credit risk reduction).
  • Humanyze reserves the right to share your Information to respond to authorized information requests of governmental authorities or where required by law. Humanyze reserves the right to use or disclose personal information provided to Humanyze in response to a lawful request by public authorities, including to meet national security or law enforcement requirements, or if Humanyze reasonably believes that use or disclosure is necessary to protect Humanyze’s rights and/or to comply with a judicial proceeding, court order, or legal process. In exceptionally rare circumstances where national, state, or company security is at issue, Humanyze reserves the right to share our entire database of visitors and clients with appropriate government authorities.

We may also disclose your information to third parties:

  • in the event that we sell or buy any business or assets, in which case we may disclose your data to the prospective seller or buyer of such business or assets; or
  • if we sell, buy, merge or partner with other companies or businesses, or sell some or all of our assets. In such transactions, user information may be among the transferred assets.
  1. Choice

If you do not wish us to pass your personal data to a third party who subsequently uses your data for its own purposes or if you wish to opt out from using our services, you may contact us via the details set out at “Contact us” section below.

  1. Accountability for Onward Transfer

Where required by the Principles, we will enter into written agreements with third parties requiring them to provide the same level of protection that the Privacy Shield required and limiting their use of the data to the specified services provided on our behalf.

Under certain circumstances, we may remain liable for the acts of our third party agents or service providers who perform services on our behalf for their handling of EU personal data that we transfer to them.

  1. Security

We maintain reasonable and appropriate measures to protect personal data from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking into due account the risks involved in processing and the nature of the personal data.

  1. Data Integrity and Purpose Limitation

We limit the collection, usage and retention of information to that which is relevant for the intended purposes for which it was collected, and takes reasonable steps to ensure that all data are reliable, accurate, complete and current.

  1. Access

You have certain rights under the Principles to access the personal data about you that we process. To access such personal data, please make a request in writing to the contact details set out in “Contact Us” below. We will responds to your request in accordance with the Principles.

  1. FTC’s investigatory and enforcement powers

Our commitments under the Privacy Shield, and compliance with the Principles, are subject to the investigatory and enforcement powers of the US Federal Trade Commission.

  1. Complaints

If you have any complaint regarding our compliance with the Principles, please contact us using the details set out at “Contact Us” below. We will respond to your complaint within 45 days.

  1. Independent dispute resolution body

In compliance with the Privacy Shield Principles, Humanyze commits to resolve complaints about your privacy and our collection or use of your personal information. European Union individuals with inquiries or complaints regarding this privacy policy should first contact Humanyze at: help@humanyze.com.

Humanyze has further committed to refer unresolved privacy complaints under the Privacy Shield Principles to an independent dispute resolution mechanism, the BBB EU PRIVACY SHIELD, operated by the Council of Better Business Bureaus. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit http://www.bbb.org/EU-privacy-shield/for-eu-consumers for more information and to file a complaint.

Under certain limited conditions you may invoke binding arbitration before the Privacy Shield Panel to be created by the U.S. Department of Commerce and the European Commission.

  1. Document revisions

This Statement may be revised from time to time to reflect changes in data privacy laws, regulations and requirements. All revised Statements will be published here.

  1. Contact us

If you have any questions about our adherence to the Principles or our participation in the Privacy Shield, please contact us at help@humanyze.com.