Information we collect
The following types of personal information may be collected, stored, and used:
- Information about your computer: when you use our system and log-in to the website, your IP address is stored. Other information, such as operating system, browser type and version, is available to us as long as you are logged in, but not saved or stored;
- Information about your visits to and use of the website including the length of visit and page views. We can also monitor your progress in different tasks assigned to you;
- Personal information details provided to us by the controller of the process (mostly the organization you work for/associated with, or one of its sub-units) and/or by you (via your answers to specific questions in our system). This details may include: your employee number/ID, Email, cellular number,organizational unit, geographic location of work place, organizational/professional sector, managers’ names, age, seniority, role/job name, managerial/professional level, score/rating in organizational performance measures, information from different organizational metrics (such as, but not limited to- scope of position, number of sick leave/vacation days).
- Your survey/evaluation/form data – anything you write in response to questions or assignments when you are logged in to our system.
- Your personal username and password (to log in to our system to use our service) is usually automatically generated by the system. In some cases, depending on the characterization of the process’s controller, you can change the user name and password. Either way, the username and password are stored in the system.
Using your personal information
We use the information we collect for the following purposes:
Provide and maintain the services- using the information we collect, we are able to deliver the services to the controller of the process and honor our contract with it. For example, we need to use the information to provide the controller statistical analysis of the process’s results and to give you customer support.
Communicate with you – We use your email and/or cellular number to send you service notifications and respond to you when you contact us. We do not use these personal details for marketing purposes.
Customer support – We use the data (which can include your communications) to investigate, respond to and resolve complaints and service issues (e.g., bugs).
Aggregate insights – We use your data to produce aggregated insights (that do not identify you) for the controller. For example, we may use your data to generate statistics about survey’s results according to seniority groups, age groups, sectors and managerial levels.
Promote safety and security – We use the information we collect to promote the safety and security of the services, our users, and other parties. For example, we may use the information to authenticate users, protect against fraud and abuse, respond to a legal request or claim, conduct audits, and enforce our terms and policies.
General Data Protection Regulation
The General Data Protection Regulation (GDPR) refers to the regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC. See official text at https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:32016R0679
For personal data subject to the GDPR, we rely on several legal bases to process the data. These include:
- When you have given your consent, which you may withdraw, under some restrictions, at any time by contacting the process owner (the controller) in your organization;
- When the processing is necessary to perform a contract with the process’s controller. For example, when an organization is hiring our services to perform an organizational survey and analyze the survey’s results
- Our legitimate business interests, such as in improving and developing the services, promoting safety and security as described above.
How information is shared
We do not share your personal information except in the limited circumstances described below.
O.D. Consulting Employees
Personal information is accessible to the relevant employees who are involved in the management and execution of the process, in the framework of which we have received your personal information. These employees are obligated not to disclose or use it for other purposes.
We transfer information to our corporate affiliates, service providers, and other partners who process it for us, based on our instructions, and in compliance with this policy and any other appropriate confidentiality and security measures. These partners provide us with services, including for hosting, maintenance, customer support, information technology, information security. They will have access to your information as reasonably necessary to perform these tasks on our behalf and are obligated not to disclose or use it for other purposes.
Law and the Public Interest
We may preserve or disclose information about you to comply with a law, regulation, legal process, or governmental request; to assert legal rights or defend against legal claims; or to prevent, detect, or investigate illegal activity, fraud, abuse, violations of our terms, or threats to the security of the services.
Affiliates and Change of Ownership
If we are involved in a merger, acquisition, or sale of assets, we may share your information with the purchaser or new partner as long as it accepts our obligations to safeguard the privacy and security of the information.
We may share non-personal information that is aggregated or de-identified so that it cannot reasonably be used to identify an individual. We may disclose such information publicly and to third parties, for example, as part of a benchmarking information we provide.
Retaining personal information
Personal information that we store and process for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. We retain your personal information for the time required to fulfil our contractual obligations with our costumer- the controller of the process.
We also keep information about you and your use of the services for as long as necessary for our legitimate business interests, for legal reasons, and to prevent harm, including as described in the Using your personal information and How Information Is Shared sections.
Security of your personal information
- We will take reasonable technical and organizational precautions to prevent the loss, misuse, or alteration of your personal information.
- We will store all the personal information you provide on our secure (password- and firewall-protected) servers.
- You acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet.
- You are responsible for keeping the password you use for accessing our website confidential.
Some users of our services (European users in particular) have certain legal rights to obtain information about whether we hold personal information about them, to access personal information we hold about them, and to obtain its correction, update, amendment or deletion in appropriate circumstances. Some of these rights may be subject to some exceptions or limitations.
Where you have responded to a survey, form or questionnaire sent to you using our services, you will need to reach out directly to the individual or organization who is the controller of the process to discuss managing, deleting, accessing, restricting access to or otherwise withdrawing consent for use of, the information which the controller provided about you or the information which you provided in your responses. O.D. Consulting does not control your response data and, accordingly, is not in a position to directly handle these requests in relation to that data. If you are having difficulties finding this controller you can contact us and we will try our best to help you.
Rights which you are entitled to are:
- Data access rights
- Right to restrict processing
- Right of Rectification
- Right to Erasure (Right to be Forgotten)
- Right to object to processing
- Right to withdraw consent; and
- Data portability rights
International data transfers
Wherever your personal information is transferred, stored or processed by us, we will take reasonable steps to safeguard the privacy of your personal information. Additionally, when personal information is transferred from the European Union, we will take reasonable steps to ensure that the controller of the data safeguards the information and obtains your consent.
We may update this policy from time to time by publishing a new version on our website. We will provide notice to you if these changes are material and, where required by applicable law, we will obtain your consent. Notice may be by email to you at the last email address that was provided to us, by posting notice of such changes on our services, or by other means, consistent with applicable law.
How to contact us
For any Inquiry or complaint about how your personal data is being processed by us you can contact the controller of the data- the person or organization who is the initiator of the process (survey/evaluation/other form or questionnaire), or contact the Data Protection Representative at O.D. Consulting: