In which areas does Culture Intelligence process personal data?

Mapping of organizational culture

Culture Intelligence provides a software (SaaS) solution for mapping organizational culture. The survey takes place by sending out an e-mail with a link to a survey to which the recipient responds. It is typically the following personal data that is collected: name, email, employer’s name, age, gender, job position and nationality. Your value priorities are also collected.

The purpose of the survey is to measure the actual culture of an organization by aggregating the responses of all its members. Personal data is processed anonymously and cannot be shared across an organization. An organization can also define a desired culture. By defining a desired culture, the organization can use the software solution to identify gaps between actual culture and desired culture. By having knowledge of such a gap, the organization can work actively to change their culture and thus close the gap.

All details of how your personal data is handled in relation between Culture Intelligence (Data Processor) and data controller are defined in a separate data processing agreement. The agreement provides detailed information about how data is stored, secured, and deleted. The list of sub processors used specifically in connection with this software (SaaS) is listed in the Data Processing Agreement. The data processing agreement is based on a standard template from the Norwegian Data Protection Authority. Culture Intelligence’s standard data processing agreement is available here.

Customer and vendor information

Culture Intelligence processes personal data related to customers and suppliers, in addition to any third parties where this is required to fulfil contract obligations.

The legal basis for such processing is Section 8, first paragraph and Section 8 a), b) or f) and Section 9 a), b) and f) of the Norwegian Personal Data Act. The personal data is stored in a separate database and deleted five years after the end of the customer relationship.

Sub-processors

Culture Intelligence may use sub-processors. As a result of our services, we act as a data processor for many customers. We therefore rely on general permission to use sub-processors, cf. GDPR Article 28. This is agreed with the customer in our data processing agreement.

When using sub-processors, we confirm that these are subject to the same obligations regarding protection and use of personal data and other customer data in the same manner as Culture Intelligence.

Suppliers acting as sub-processors for Culture Intelligence shall be able to document good internal procedures for privacy and information security through certifications, report from independent audit of the supplier, or other relevant documentation. Culture Intelligence may carry out security audits to ensure that the supplier processes personal data in accordance with the requirements of the GDPR.

An overview of sub-processors used by Culture Intelligence as of 21 September 2021 is included in the table below.

Processing of personal data in connection with the marketing and use of cultureintelligence.io

Culture Intelligence processes personal data for marketing purposes. Such information is not exchanged with other businesses.

Newsletters and seminar invitations

It is possible to voluntarily subscribe to newsletters, seminar invitations and other subject matter from Culture Intelligence. If there is no existing customer relationship, this means that you agree to regularly receive e-mail with the newsletters you have chosen to subscribe to. The legal basis for this processing is Article 6 (a) of the GDPR. You can withdraw your consent at any time for the retention of your contact information. Culture Intelligence will then delete your contact information from the mailing list.

In cases where there is an existing customer relationship, Culture Intelligence has a legitimate interest in marketing itself to its customers. The legal basis for this processing is Article 6 (f) of the GDPR. You can request to be deleted from our email list at any time.

To send the newsletters to the right person, it is necessary to register with your name and email address, company name and job title, and when registering for one of our seminars we will also ask for your telephone number. This information is stored in a separate database and will not be disclosed to others. You can request access to this information at any time and request that the information is deleted. The personal data we have stored about you, that has consented to receive our newsletters and seminar invitations, is stored as long as you are a subscriber.

Requests via the website

When using the “Contact Us” form on the cultureintelligence.io, you must provide your name and email address. The information is stored in the website’s database administered by Culture Intelligence’s web editor and will not be disclosed to others outside Culture Intelligence. The information is deleted continuously from the database.

It is possible to purchase services from cultureintelligence.io. For us to process your order, it is necessary that you provide information about you and your company.

The legal basis for this processing is Article 6 (b) of the GDPR.

Web analysis and cookies

On Culture Intelligence’s website The Culture Analytics Platform – Culture Intelligence, we log information about all visitors using Google Analytics, Google Tags Manager and Albacross. The information is collected to better understand how our users use the website, so that we can adapt the pages optimally for you as a user. Like most other websites, we use a method where the information is stored in a cookie in your browser. Most browsers are set to accept cookies from websites. You can delete stored cookies by following the instructions for deletion in your browser. Information about this can be found in the help function of your browser. Please note that restricting access to cookies may affect the functionality of our website.

Visitors’ IP addresses are normally not stored, with some exceptions:

• Application error; error log and IP address are created in order to investigate the error.
• If the system user log and tracing (EMS) is enabled.
• Actions and IP addresses of back-end users, such as web editors and administrators, are stored.

Google Analytics

The cookie on our website is from Google Analytics (first-party cookie). It is set to be deleted automatically after 24 months if you do not return to the site. It is possible to opt out of all registration in Google Analytics by installing an add-on in the browser: Google Analytics Opt-out Browser Add-on

Culture Intelligence uses the Google Analytics tool to study traffic, usage patterns and trends on the website. The data collected is used to optimize the user experience and customize the content of the website. Google’s Google Analytics Policy does not collect personal information about users. The data collected is stored on Google’s servers.  You can read more about how Google collects and protects data here.

Google Tag Manager

In combination with Google Analytics, we use Google Tag Manager to help us distribute different code snippets on the website, which sets a cookie to safeguard information about the current session.

Google Display Advertising

The DoubleClick cookie is a third-party cookie that allows third-party providers, including Google, to display their own targeted ads from Culture Intelligence on several websites on the internet that are part of Google’s content network. This is also known as remarketing. You can read more about the benefits of remarketing here

This is used to personalize ads for users based on interests and past site usage. This targeting contributes to more relevant marketing for you as a user. Google’s privacy policy does not collect or use information that can be used to identify individuals.  You can opt out of targeted Google Display ads here.

Children’s privacy

Our website is not designed for or aimed at children under the age of 13 and we will never knowingly collect or maintain information about children under the age of 13.

Processing of personal data related to job seekers

When registering and/or subscribing to vacancies with Culture Intelligence, as well as when submitting CVs, applications and other relevant documents in connection with job applications, personal data is collected. Personal data processed in connection with recruitment include personal data and job and education details. In some cases, electronic cultural analysis of relevant candidates is carried out, and Culture Intelligence processes results related to the tests. The personal data is collected from the job seekers.

In cases where Culture Intelligence uses a recruitment service provider, the processing will be bound by a data processing agreement. The information will not be used for any purpose other than processing related to job search.

Personal data about applicants for positions is deleted one year after the person applied for a position at Culture Intelligence unless they are hired or consent to the data being retained for longer. It is emphasized that job seekers can have their information deleted at any time.

Transfer/disclosure of personal data

Transfer to third countries

We do not transfer personal data to countries outside the EU/EEA without the written approval of data controllers. When transferring to third countries, agreements shall be entered into based on transfers, for example the Data Inspectorate’s standard contracts for the transfer of personal data outside the EU/EEA.

Extradition

Culture Intelligence does not disclose personal data to others unless required by law

Version 8.0, 22.09.2022