Introduction and Definitions
The sources from which we collect and receive information about users of our Services (“users,” “you,” or “your”) include (i) information you provide through your user account when registering for Services (your “Account”), (ii) information provided by your employer (“Organisation” or “Company”), (iii) information captured via our websites, (iv) information submitted as support requests, or (v) information supplied during a Heartstyles event or direct conversation.
In terms of the HSi, your responses (“participant”) and anonymised responses from others (“respondents”) are available via logging into your Account and/or downloading reports (“PDG”, TDG” and “CDG”) at any time. The term “administrator” is used to refer to individuals who have been mandated to set up and manage survey campaigns to which you may be invited. In some cases, individuals who will be facilitating in-person Heartstyles programs (“facilitators”) can also undertake the administrative role.
Information which describes your role or the position in which you are employed is collectively referred to as “demographics”.
Information We Collect
Information Your Organisation Provides
Name and Email address: Prior to completing the Heartstyles Indicator Survey your email address and name will be supplied by your organisation in order for a survey invitation to be emailed to you.
Demographics: Your organisation may also input information describing where you fit in terms of job function, role, the region you work in, the department or team you are a part of and other information describing your area of contribution within the business.
Information You Provide
Personal Information: When you are invited to your first survey, you will be asked to select a password for your account. Your user name and password will serve as protection for the information stored in your user account, and will identify you as the individual to whom access to the information stored will be granted. Before providing your responses to the survey, you will be asked to enter the following information:
(i) The Country you work in
(ii) Your Gender
(iii) Your Year of Birth
Heartstyles endeavours to maintain the security of your information, and does not share any personally identifiable information with third parties, unless we are required to do so by law.
Survey Respondents: Should your organisation select a Heartstyles survey where the input of people who work in proximity to you, or other people who know you, is required (also known as “360-degree feedback” or “multi-rater feedback”), you will be asked to select these respondents by entering their name and email address. You can also include a short invitation message to the respondents you have selected. Respondent feedback is confidential and anonymised.
Survey Responses: The answers you provide to the Heartstyles survey, including multiple choice questions and free text fields, are stored by Heartstyles for the purposes of creating reports. Your behavioural responses are categorised and grouped together, and not displayed as individual answers post the completion of the survey. The survey response data we hold within our system is kept private. Only the administrator or facilitator selected by your organisation to set up your campaign may have access to your information in order to print reports for distribution to you during facilitated programs.
Support Communication: Should you contact Heartstyles directly for the purposes of technical support or to assist with the survey process, we will store the content of your message/s as support tickets. Should we need to ask clarifying questions to supply you an effective resolution, the reasons for the information request will be clearly stated.
Marketing Communication: Depending upon your interaction with our Services, and whether you have opted in to receive email communication from Heartstyles, we will store the information you have supplied for the purposes of providing you with service updates, offers, events or announcements which would be relevant to your interests. You can unsubscribe from such communications at any time.
Cookies and Log files: In order for our web servers to recognise you, a cookie may be set on your computer. These cookies contain a small amount of information that help us to record your preferences. Log files which keep a record of your actions (such as logging in, selecting certain options and downloading reports) are also stored on our servers as a part of an audit trail. The information we record could also include the type of browser you use, your operating system and your internet protocol (IP) address and the frequency of your visits. In certain countries, this information can be considered personal information under applicable data protection laws. However, we do not store any of this data in a way which can be used to personally identify you.
How We Use Information
The information we collect is used as follows:
- To secure your data on our system.
- To keep track of your preference for user interface language and other customisable user interface features.
- To produce and provide you with a Personal Development Guide (PDG) report
- To produce an anonymised Team Development Guide (TDG) or a Culture Development Guide (CDG) report.
- To provide anonymised organisation-wide information from which customised reports can be generated.
- To develop new products, services, features, and functionality.
- To communicate with you regarding Heartstyles’ services and updates to our technologies.
- To process your organisation’s transactions
- To keep a detailed audit log, specifically regarding the downloading of reports
- Heartstyles may, at times, undertake trend-based research using the data you have provided in non-identifiable format. This means that we might examine survey responses in connection with statistical analysis of a large group of individuals who have completed the HSi. You will not be identifiable in any such research, nor will you be contacted by Heartstyles or our research team in this regard.
How We Share Information
Heartstyles will not share your information with any third parties. Should the organisation you work for request a copy of all the data we hold for their business, the information will be supplied in an encrypted format according to our contractual obligations with your employer. Your data will not contain any personally identifiable information. Should the information be sent to your organisation in a country whose data protection laws may not be as extensive as those in the European Economic Area (EEA), we will take appropriate steps to ensure the same level of protection for the processing carried out in such countries as within the EEA.
Legal Basis for Processing Personal Information
Heartstyles have a legitimate interest in operating our Services and storing your information in order to provide value to you and your organisation. We may also need to communicate with you as necessary to effectively provide these Services, supply you with timeous support, improve our platform or undertake marketing activities where you have requested such communications.
Heartstyles is committed to protecting your information. To carry out this task as effectively as possible, we employ a variety of security protocols and best-practice measures designed to protect information from unauthorised access or use. Unfortunately, no data transmission over the internet can be guaranteed to be totally secure. However, the measures we use are designed to provide a level of security appropriate to the risk of processing your personal information. This includes encryption of both the Internet connection between you and the Heartstyles Indicator Web Application and the data that is stored on the Heartstyles servers. Access to Heartstyles systems is restricted to authorised personnel and networks and there is a security monitoring and alerting system in place along with access and change auditing.
Your personal information is stored by Heartstyles where we have an ongoing, legitimate business interest to do so. Historical HSi results are maintained in our database in order for users and businesses to create year-on-year comparisons and track growth.
When we have no ongoing legitimate business need to process your personal data, we will either delete or anonymise this information.
Under the General Data Protection Regulation (GDPR) citizens of the EEA have the right to request access, correction, updating and deletion of their personal information. If you are a registered Heartstyles user, you have access to all the information that you have supplied to Heartstyles, including survey outcomes, by means of securely accessing our Services via your Account credentials.
Should you, or your Company, wish to have your personal information removed from our systems, or require any additional information regarding the information we hold, you can lodge a formal Subject Access Request by sending an email to firstname.lastname@example.org
Heartstyles will comply with reasonable requests within 30 days of receiving an email notification. Should we require further information to fulfil your request, we will contact you with details regarding what we require, and how the information you supply will be used.
You have the right to opt-out of marketing emails or other communications we send to you at any time. This right can be exercised by clicking on the “unsubscribe” link in the marketing emails we send you. Should you wish to opt out of any other form of marketing contact, please send an email message to email@example.com
All requests received from individuals wishing to exercise their data protection rights is dealt with in accordance with applicable data protection laws.