Last Revised: April 2020
Information about the Controller
This statement (“Privacy Statement”) provides you with information about our collection and use of your personal data.
Your employer (on behalf of itself, its parent company or an affiliate, each referred to as “Employer”) is responsible for this initiative. Humu Inc (“Humu”) is a third party service provider acting on your Employer’s behalf. Your Employer controls the personal data shared with Humu and how such personal data is collected and used as part of the Humu survey project. Humu does not sell your data.
Collection & Use of the Personal Information
Humu is a service aimed at assessing certain workforce characteristics, such as happiness, and supporting behavior change within your Employer’s workforce. To begin the Humu service, your Employer shares with Humu certain information such as your name, email address, and details about your position at your Employer from its internal HR database.
Responding to Humu surveys is entirely voluntary. If you choose to provide responses, Humu shall process your information and survey responses for the following purposes:
- Asking you to participate in surveys about, among other items, your thoughts about aspects of your workplace, including for example, your workplace culture or line manager’s development;
- Creating insight reports based on aggregated answers;
- Sending you feedback and nudges;
- Monitoring your interactions with the Humu service;
- Creating a manager profile which is accessed by that manager through a development dashboard;
- Creating dashboard tools for managers and human resources personnel to access data gathered based on aggregated answers; and
- Evaluating behavior changes through the Humu service.
Participation in the Humu service is completely optional. Choosing not to participate means that your input will not be gathered and used for the purposes above; you will miss a chance to voice your opinions.
To the extent that you have opted in to the Humu service, your Employer may rely on your explicit consent to process your survey data in accordance with this Privacy Statement. You can withdraw such consent at any later time by contacting firstname.lastname@example.org.
Your Employer should not be able to associate a particular response with the individual who provided it except where you are explicitly told otherwise prior to providing your response.
Recipients of the Personal Information
Access to your data processed in Humu is restricted to:
- authorized users at your Employer who have accountability and/or responsibility for managing the data internally; and
- authorized staff of Humu’s may also have access to your personal information when carrying out data analysis or technical maintenance on the service. Disclosure of your personal information is subject to appropriate technical and organizational protections of your personal information set out in a written contract. You may request a copy of such contractual clauses by contacting your Employer’s human resources department.
- a small number of service providers that may perform some tasks as part of providing our service; not all providers are used for all Employers. The types of services are:
- Cloud hosting: Our data, processing, and service are hosted in the cloud.
- Email delivery: we use a service to send you email, such as invitations to take the survey, your results, and nudges
- Support tickets:: we use several providers to route and handle trouble tickets that you file
- Log analysis: we use a service to analyze a limited amount of site traffic and weblog data (e.g. to alert engineers when a server isn’t working correctly, to plan when we should buy more server capacity) and debug issues
Except where you are explicitly told otherwise prior to providing your response, your survey answers are anonymized and your line manager, as well as other Employer personnel, will not have access to those individual responses. Only aggregated data will be presented to your Employer, in such a way that no answer should be tracable back to an individual.
Your Employer and Humu also reserves the right to disclose your personal information as required by law, or when disclosure is necessary to protect our rights and/or comply with a judicial proceeding, court order, request from a regulator or any other legal process served on your Employer. In the event that your Employer or Humu is subject to a takeover, divestment or acquisition, they may disclose employees’ personal information to the new owner of the business.
Site traffic information, cookies and log data
Humu uses certain cookies. They enable the site to keep track of your movement from page to page within the site so you don’t get asked for the same information you’ve already provided, so you don’t have to re-authenticate over and over again, and for secure, reliable, and robust performance of the site.
Humu receives information when you visit the Humu website or use Humu Services, which are referred to as “Log Data,” even if you have not created an account. This Log Data includes information such as your IP address, browser type, operating system, the referring web page, pages visited, location, your mobile carrier, device information (including device and application IDs), search terms, and cookie information. We also receive Log Data when you click on, view, or interact with links on our Services. We use Log Data to operate our Services and ensure their secure, reliable, and robust performance. For example, we use Log Data to protect the account security for our Registered Users.
Transfer of the Personal Information outside of your country or region
Humu’s services are available globally and our servers may be located outside of your region. Humu is based in the United States of America. Where this is the case, your personal data shall remain at all times protected by your Employer’s corporate rules and policies which provide an adequate level of data protection. Your Employer has ensured that such transfer is subject to appropriate safeguards by, for example, putting in place standard data protection clauses adopted by the European Commission.
Your Humu responses, as well as any associated personal information held by the Humu service, will be deleted or aggregated so that it no longer identifies you after a period no longer than twelve (12) months after the termination of your Employer’s contract with Humu, unless you request for it to be removed at an earlier stage.
Rights of Access, Rectification and Erasure
In accordance with our internal policies you may ask us to provide you with access to any personal data Humu processes about you. You are also entitled to request for any incomplete or inaccurate personal data which relates to you to be corrected, or to have your data completely deleted from the Humu service. Humu will respond to such requests after consultation with your Employer. If you wish to exercise any of the above rights relating to your personal information, please contact email@example.com.
If you are in a country with a national or regional data protection authority, you also have the right to lodge a complaint with your data protection supervisory authority. If your Employer has an EU-approved complaint resolution mechanism under its Binding Corporate Rules, you should consult those.
We review this privacy statement regularly and may modify it from time to time. This privacy statement was last updated in April 2020.
Data protection officer
Privacy at Humu
100 View St.
Mountain View, CA 94041