Data Privacy Policy

Humanyze is committed to protecting your personal privacy.

With the increase of data in the workplace, it’s critical to develop and abide by data privacy policies to protect personally identifiable information (PII), and private confidential information (PCI).

We abide by three main principles:
1. Give employees the choice to opt-in/opt-out
2. Aggregate and anonymize all data
3. Do not record any communication content

Our privacy policy describes:

Section 1: Where we are data controller

Sociometric Solutions, Inc., trading as Humanyze, (“we” or “us”) are committed to protecting and respecting your privacy. We are registered in the state of Delaware, United States of America under file number 5047652 and have our registered office at 160 Greentree Drive, Suite 101, Dover, Delaware, 19904 USA and our primary business location at 18 Tremont Street, Suite 605, Boston, Massachusetts 02108 USA. Our data protection officer can be contacted at info@humanyze.com.

For the purpose of EU data protection laws, we are the data controller of the data set out in this Section 1, and we are data processor of data from your employer – including the Device data – as set out in Section 2 below. Please read the following carefully to understand our views and practices regarding your personal data and how we will treat it.

By using our website, services, applications, products and content, our sensing devices (Sociometric® Badges and Bluetooth Low Energy beacons (together, the “Devices”)) and our Humanyze Elements™ software (collectively, the “Platform”), you accept the practices described in this policy.

i. The types of personal data we use

We may collect and use the following information about you:

  • Information you give us.You may give us information about you by using our Platform or by corresponding with us by email or otherwise. This includes information you provide when you register on the Platform, such as your email address.
  • Information we collect about you. We automatically collect certain data from you when you use the Platform, including IP address or other unique device identifiers, Cookies (as defined below), and information regarding your use of our Platform such as log of site visits and page views. 
  • Device Data and other data provided by your employer. Data that we obtain from our customers through use of the services, as more fully set out in Section 2.

ii. Cookies

We use cookies and other similar technologies (e.g. web beacons, Flash cookies, etc.) (“Cookies”) to enhance your experience using the Platform. Cookies are small files which, when placed on your device, enable us to provide certain features and functionality.

We use the following Cookies:

  • Strictly necessary Cookies.These are Cookies that are required for the operation of the Platform. They include, for example, Cookies that enable you to log into secure areas of the Platform.
  • Analytical/performance Cookies.They allow us to recognise and count the number of visitors and to see how visitors move around the Platform when they are using it. This helps us to improve the way the Platform works, for example, by ensuring that users are finding what they are looking for easily.
  • Functionality Cookies.These are used to recognise you when you return to the Platform. This enables us to personalise our content for you and remember your preferences (for example, your choice of language or region).

If for any reason you wish to not take advantage of Cookies, you may disable Cookies by changing the settings on your browser. However, if you do so, this may affect your enjoyment of the Platform. Unless you opt out of Cookies, we will assume you consent to the use of Cookies.

iii. How we use your personal data

We will use the information in the following ways:

  • As it is in our legitimate interests to be responsive to you and to ensure the proper functioning of our Platform and organization, we may use information you give us and information we collect about you to:
    • notify you about changes to our service;
    • provide you with user support;
    • enforce our terms, conditions and policies;
    • communicate with you;
    • improve and administer our services;
    • for internal operations, including troubleshooting, data analysis, testing, research, statistical, and survey purposes;
    • keep our services safe and secure;
    • develop our services and conduct product development.
  • It is in our legitimate interest to conduct research and as such we may anonymize Device data and process this anonymized data for research purposes.

iv. How we share your personal data

We may share your personal data with selected third parties in or outside the European Economic Area (“EEA”), including:

  • our suppliers and subcontractors who help us run the Platform;
  • analytics providers that assist us in the improvement and optimization of the Platform.

We may share your information with law enforcement agencies, public authorities, or other organizations if legally required to do so, or if we have a good faith belief that such use is reasonably necessary to:

  • comply with legal obligation, process or request;
  • enforce our terms of service and other agreements, policies, and standards, including investigation of any potential violation thereof;
  • detect, prevent, or otherwise address security, fraud or technical issues;
  • protect the rights, property, or safety of us, our users, a third party, or the public as required or permitted by law (including exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction).

We may also disclose your information to third parties:

  • in the event that we sell or buy any business or assets, in which case we may disclose your data to the prospective seller or buyer of such business or assets; or
  • if we sell, buy, merge, or partner with other companies or businesses, or sell some or all of our assets. In such transactions, user information may be among the transferred assets.

v. Where we store your personal data

The information that we collect from you may be transferred to, and stored at, a destination outside of your country and the European Economic Area (“EEA“), and particularly to the United States of America. It may also be processed by staff operating outside your country or the EEA who work for us, for one of our suppliers or one of our business partners. By submitting your information, you agree to this transfer, storing, or processing. We will take all steps reasonably necessary to ensure that your information is treated securely and in accordance with this policy.

vi. The security of your personal data

Unfortunately, the transmission of information via the internet is not completely secure. Your data is secured during transmission with industry standard encryption techniques (TLS v 1.2 or greater), and it is secured at rest with AES 256 encryption and “least privilege” user access controls. Your data resides in Amazon Elastic Compute Cloud (EC2) servers and is continuously backed up. Only Humanyze authorized personnel can access these servers. Our system is actively monitored for indicators of intrusion or abnormal activity, and all activities are logged. Although we will do our best to protect your personal data, we cannot guarantee the security of your information transmitted through the Platform; any transmission is at your own risk.

vii. Data Retention

After you terminate the use of our services, we will retain your information as follows and as required under applicable laws:

  • Information you give to us: for up to 30 days.
  • Information we collect about you: for up to 30 days.

After you have terminated your use of our services, we may store your information in an aggregated and anonymized format. After the data has been anonymized and aggregated, we may use the data for research purposes.

viii. Data Retention

  • Data rights. You have the right to access personal data we hold about you, to rectify any personal data held about you that is inaccurate and to request the deletion of personal data held about you. You can exercise your rights by contacting us at help@humanyze.com.
  • In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance at help@humanyze.com and we will endeavor to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with your data protection authority.

ix. Your rights

  • Data rights. You have the right to access personal data we hold about you, to rectify any personal data held about you that is inaccurate and to request the deletion of personal data held about you. You can exercise your rights by contacting us at help@humanyze.com.
  • In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance at help@humanyze.com and we will endeavor to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with your data protection authority.

x. Changes

Any changes we may make to this policy in the future will be posted on this page. Please check back frequently to see any updates or changes to this policy. If we make any material changes to this Privacy Policy, we will post the updated Privacy Policy here and notify our users.

Questions, comments, and requests regarding this policy are welcomed and should be addressed to help@humanyze.com.

Section 2: Where we are data processor

Our customers, usually your employer, engage Humanyze to provide individual-level and management-level feedback to better understand the interactions and communications of their workforce. As part of our contract with our customers, we may process data on their behalf such as:

i. Device Data and Data provided by the customer

  • Device Data. The Devices gather the following data: (i) speech characteristics including volume, pitch, and turn-taking; (ii) body movement along x, y, and z coordinates; (iii) Bluetooth signal strength, which helps us understand proximity to others wearing a Device and to other Bluetooth-enabled beacons. The information that each Device collects from another Device is limited to the Device’s unique identifier, the approximate distance between the Devices, the length of time during which the Devices were in proximity to one another, and the date and time of the interaction. The Device does not record speech or conversational content.
  • Data Provided by Customer: In some instances, our customers may share with us additional data such as anonymized email logs (no content is shared with us), anonymized instant messaging logs (no content is shared with us), anonymized calendar events, and limited anonymized HR data such as gender and organizational role or job title.

Our customers are the data controller of this data and questions about their data handling processes should in the first instance be addressed to them. At all times, we act as a service provider to our customers, and process data on their behalf.

 

Download PDF