Effective Date: 20 November 2019
Perked! Inc. (“Perked!“) offers tools and platform commercialised as “Perked!” which provide the means to measure and increase employee engagement by giving them a voice within their organization (the “Perked! Platform” or “Platform”). Perked! understands the importance of protecting Personal Information (as defined below). For this reason, Perked! strives to have business procedures and security safeguards in place to protect Personal Information under its control.
1. Application and Scope
2. Definition of Personal Information
“Personal Information” is defined as any information about an identifiable individual. This may include, for example, email addresses and contact details and any similar information provided to Perked! in the course of its business operations, or which Perked! may receive from business inquiries. Personal Information that is aggregated or that cannot be associated with an identifiable individual is not considered to be Personal Information.
3. International Compliance
Perked! complies with: (i) data protection laws applicable to Perked!; and (ii) applicable industry standards concerning data protection, confidentiality or information security. Perked! has global operations and therefore, in some cases, information managed by Perked! may be transferred, processed and stored to other countries, although at all times Perked! will ensure that Personal Information is protected by confidentiality and security procedures and protections that are, at a minimum, equivalent to those employed by Perked! itself.
Perked! also complies with the General Data Protection Regulation (Regulation (EU) 2016/679). Where applicable, our commitment to such regulation may be found in our Data Processing Addendum (Terms & Conditions Appendix C). Perked! (or third parties acting on Perked!’s behalf) may transfer Personal Information that Perked! collects to countries outside of the European Economic Area. Where such transfer occurs, Perked! will take steps to ensure that Personal Information is protected. Perked! will do this using several methods including:
· transferring Personal Information only to countries which have been deemed by European data protection authorities to have adequate levels of data protection. You can find out more about this ; and
· transferring Personal Information only to those companies in the United States which are certified under the “Privacy Shield”. The Privacy Shield is a scheme under which companies certify that they provide an adequate level of data protection. You can find out more about the Privacy Shield .
4. Collection and Use of Personal Information through the Services
We collect information relating to you and your use of our Services from a variety of sources. Some of this information is collected directly from you and some of this information is collected from your interaction with our Services, or from third parties.
Information we collect directly from you
Information we collect from other sources
We use your personal information for a variety of purposes. In each case, the information we collect and hold is reasonably necessary for our business, including providing you with the services you would expect from us. We use your personal information to:
We will not undertake any surveys or analysis via the Platform by specific reference to any special categories of personal data (including racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic or biometric data, health data, sex life or sexual orientation), unless this has been expressly requested or configured by the Customer. Where this is the case, it is the Customer’s responsibility to ensure they have obtained the employees’ explicit consent to such processing or that they have another lawful basis for such processing. However, you might, in the course of providing comments or feedback in a survey, provide personal data within one of the above categories where this has not been requested. By providing this data to us, you will be deemed to have consented to our processing such data as part of the survey results and disclosing such data to your employer.
Security of your information
We maintain appropriate technical and organisational measures to ensure that an appropriate level of security in respect of all personal data we process. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted to the Platform and you acknowledge that any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features which are appropriate to the type of personal data you have provided to try to prevent unauthorised access or inadvertent disclosure, which may include two factor authentication and end-to-end encryption.
Sharing of Personal Information
Perked! will not sell, rent or trade Personal Information to any third party. However, Perked! may share Personal Information when authorized and/or required by law or as follows:
· Service Providers. Perked! may grant access to Personal Information to third party service providers in connection with the performance or the improvement of its website and Services. Before sharing any Personal Information with any of its third party service providers, Perked! will ensure that the third party maintains reasonable data management practices for maintaining the confidentiality and security of Personal Information and preventing unauthorized access.
· As Permitted or Required by Law. Perked! may disclose Personal Information as required by applicable law or by proper legal or governmental authority. Perked! may also disclose information to its accountants, auditors, agents and lawyers in connection with the enforcement or protection of its legal rights. Perked! may also release certain Personal Information when it has reasonable grounds to believe that such release is reasonably necessary to protect the rights, property or safety of others and itself, in accordance with or as authorized by law. In the event Perked! receives a governmental or other regulatory request for any Personal Information, Perked! will promptly notify Customer, unless it is prohibited to do so, in order that Customer shall have the option to defend such action. Perked! shall reasonably cooperate with Customer in such defense.
· Business Transaction. Perked! may disclose Personal Information to a third party in connection with a sale or transfer of business or assets, an amalgamation, re-organization or financing of parts of our business. However, in the event the transaction is completed, Personal Information will remain protected by applicable data protection laws. In the event the transaction is not completed, Perked! will require the other party not to use or disclose the Personal Information received in any manner whatsoever and to delete such Personal Information.
5. Your Rights
To the extent that Perked!’s processing of Personal Information is subject to the General Data Protection Regulation (Regulation (EU) 2016/679), Perked! relies on its legitimate interests, described above, which are not overridden by your data protection interests, to process Personal Information. You have the following rights in regards to your personal information:
· Access. You have the right to access information about the personal data we hold about you. We reserve the right to charge a reasonable fee in response to unreasonable or repetitive requests, or requests for further copies of the same information.
· Right to object to processing. You have the right to object to processing of your personal data where that processing is being undertaken by us on the basis of our (or a third party’s) legitimate interest. In such a case we are required to cease processing your data unless we can demonstrate compelling grounds which override your objection. You also have the right to object at any time to the processing by us of your personal data for direct marketing purposes.
· Rectification. You have the right to request that we rectify any inaccurate personal data that we hold about you.
· Erasure. You have the right to request that we erase any personal data that we hold about you, based on one of a number of grounds, including the withdrawal of your consent (where our processing of that data is undertaken on the basis of your consent), or if your object to our continued processing (as mentioned above). This right does not extend to information which is not personal data. Please also note that it is likely to be necessary for us to retain your personal data for the purposes of assessing and verifying data that is submitted and/or held on the Platform, and your rights under applicable law to request erasure may be limited accordingly. We also reserve the right to retain your personal data in an anonymised form for statistical and benchmarking purposes.
· Request to restriction of processing. This enables you to ask us to restrict the processing of your personal data in certain circumstances, for example if you want us to establish its accuracy or the reason for processing it.
· Portability. You have the right to obtain copies of your personal data to enable you to reuse your personal data across different services and with different companies.
· Change of preferences. You can change your data processing preferences at any time. For example, if you have given your consent to direct marketing, but have changed your mind, you have the ability to opt out of receiving marketing communications by emailing us at firstname.lastname@example.org or clicking the relevant link in any communication you receive.
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is another appropriate security measure to ensure that personal data is not disclosed to any person who has no right to receive it.
Please note that if you exercise any of the above rights to require us to restrict or cease processing or to delete personal data, and this type of processing is required in order to facilitate your use of the Platform, you will no longer be able to use the Platform following the date on which we action your request. This does not include your right to object to direct marketing which can be exercised at any time without restriction. Please allow at least 5 working days for your request to be actioned.