User Agreement
Privacy Policy
Cookie Policy
GDPR
Security
Our GDPR Commitment
We’re committed to helping you and your organisation understand and, where applicable, comply with the General Data Protection Regulation (GDPR).
The GDPR is the most comprehensive EU data privacy law in decades and came into effect on 25 May 2018. In addition to strengthening and standardising user data privacy across EU member states, it introduces new or additional obligations on all organisations that handle EU citizens’ personal data, regardless of where the organisations located.
Our team has adapted our Services, operations and contractual commitments to help our Members comply with the GSPR regulation. We (who processes data on our Members’ behalf) has implemented the measures below to reflect that commitment.
Table of Content
1. What is the GDPR?
The GDPR is the most comprehensive EU data privacy law in decades and came into effect on 25 May 2018.
The GDPR replaces the EU Data Protection Directive, also known as Directive 95/46/EC, and will apply a single data protection law throughout the EU. In addition to strengthening and standardising user data privacy across EU member states, it introduces new or additional obligations on all organisations that handle EU citizens’ personal data, regardless of where the organisations located.
Data protection laws govern the way that businesses collect, use, and share personal data about individuals. Among other things, they require businesses to process an individual’s personal data fairly and lawfully, allow individuals to exercise legal rights in respect of their personal data (for example, to access, correct or delete their personal data), and ensure appropriate security protections are put in place to protect the personal data they process.
2. Who does the GDPR apply to?
The GDPR applies to all entities and individuals based in the EU and to entities and individuals, whether or not based in the EU, that process the personal data of EU individuals.
The GDPR defines personal data as any information relating to an identified or identifiable natural person. This is a broad definition, and includes data that is obviously personal (such as an individual’s name or contact details) as well as data that can be used to identify an individual indirectly (such as an individual’s IP address).
2.1. Does the GDPR apply to my team or organisation?
Yes, if your my team or organisation is processing the personal data of EU individuals when using TeamCulture.ai Services.
3. What is TeamCulture.ai role under GDPR?
We act as both a data processor and a data controller under the GDPR.
TeamCulture.ai as a data processor: When customers use our products and services to process EU personal data, we act as a data processor. For example, we will be a processor of EU personal data and information that gets shared to our Services. This means we will, in addition to complying with our customers’ instructions, need to comply with the new legal obligations that apply directly to processors under the GDPR.
TeamCulture.ai as a data controller: We act as a data controller for the EU customer information we collect to provide our products and services and to provide timely customer support. This customer information includes things such as customer name and contact information.
4. What have we done to comply with GDPR?
TeamCulture.ai Services are designed to help your organisation meet the GDPR requirements
We conducted an extensive analysis of our operations to ensure compliance with the requirements of the GDPR before it went into effect. We reviewed our products and services, customer terms, privacy notices and arrangements for compliance with the GDPR. Our focus on privacy and compliance efforts are ongoing.
4.1. GDPR Contractual Requirements
We are committed to support your organisation to meet the GDPR contractual requirements.
We offer a Data Processing Agreement that supplements the User Agreement, as GDPR compliance requires data controllers to sign a Data Processing Agreement with any parties that act as data processors on their behalf. Please have an authorised individual to request for a Data Processing Agreement here.
Here are some of the measures that we has put in place to reflect that commitment:
- TeamCulture.ai will prevent unauthorised access to your employees’ personal data and never use your employees’ personal data other than as instructed by you or the employees;
- TeamCulture.ai will continue to improve its security infrastructures and maintain appropriate security measures to protect your employees’ personal information; and
- TeamCulture.ai will assist you with requests from your employees regarding their personal information that is processed using our Services.
4.2. Organisational Security
We are committed to protect and prevent unauthorised access to your employees’ personal data.
We take exhaustive steps to identify and mitigate risks, implement best practices, and constantly develop ways to maintain and improve our infrastructure and measures.
Here are some of the measures that we has put in place to reflect that commitment:
- TeamCulture.ai Services are hosted on DigitalOcean, an industry-leading SOC 2 Type II certified service provider, in data centres located in the United Kingdom.
- TeamCulture.ai ensures that, to the extent possible, your employees’ personal data is pseudonymised;
- TeamCulture.ai can restore the availability and access to your employees’ personal data in a timely manner in the event of a technical or security incident; and
- TeamCulture.ai is putting in place a process for regularly testing, assessing, and evaluating the effectiveness of technical and organisational measures to ensure the security of your employees’ personal data.
For more details regarding TeamCulture.ai’s commitment to invest in its security infrastructures, we invite you to read our Security page.
4.3. International Data Transfer
We committed to ensuring that all transfers of your employees’ personal data are and will be in compliance with the required international data transfer standards.
TeamCulture.ai’s Services are hosted in data centres located in the United Kingdom. In certain circumstances, we will process personal data that originates from the EU and other countries in the United States to provide our services to you. However, your employees’ personal data on our servers will remain within the region where you choose to host such data, unless we inform you otherwise.
5. What is the TeamCulture.ai Data Processing Agreement (“DPA”)?
Customers that handle EU personal data are required to comply with the privacy and security requirements under the GDPR.
As part of this, they must ensure that the vendors they use to process the EU personal data also have privacy and security protections in place. Our DPA outlines the privacy and security protections we have in place. We are committed to GDPR compliance and to helping our customers comply with the GDPR when they use our services. Please have an authorised individual to request for a Data Processing Agreement here.
5.1. Am I required to sign the TeamCulture.ai DPA?
In order to use our products and services, you need to accept our DPA, which you can request here. By agreeing to our terms of service, you are automatically accepting our DPA and do not need to sign a separate document.
5.2. Can I share the TeamCulture.ai DPA with my customers?
Yes. The DPA is a publicly available document and you may feel free to do so if you wish to share it with your customers to confirm our security measures and other terms.
5.3. Do I need to notify anyone upon accepting our DPA?
No. You are not required to notify us or any third party upon accepting our DPA though, as mentioned above, you are free to do so.
5.4. Are there unique DPA needs for individual countries?
The GDPR applies to all of the EU and we offer a DPA that is compliant in all EU countries.
User Agreement
Privacy Policy
Cookie Policy
GDPR
Security
Our GDPR Commitment
We’re committed to helping you and your organisation understand and, where applicable, comply with the General Data Protection Regulation (GDPR).
The GDPR is the most comprehensive EU data privacy law in decades and came into effect on 25 May 2018. In addition to strengthening and standardising user data privacy across EU member states, it introduces new or additional obligations on all organisations that handle EU citizens’ personal data, regardless of where the organisations located.
Our team has adapted our Services, operations and contractual commitments to help our Members comply with the GSPR regulation. We (who processes data on our Members’ behalf) has implemented the measures below to reflect that commitment.
Table of Content
1. What is the GDPR?
The GDPR is the most comprehensive EU data privacy law in decades and came into effect on 25 May 2018.
The GDPR replaces the EU Data Protection Directive, also known as Directive 95/46/EC, and will apply a single data protection law throughout the EU. In addition to strengthening and standardising user data privacy across EU member states, it introduces new or additional obligations on all organisations that handle EU citizens’ personal data, regardless of where the organisations located.
Data protection laws govern the way that businesses collect, use, and share personal data about individuals. Among other things, they require businesses to process an individual’s personal data fairly and lawfully, allow individuals to exercise legal rights in respect of their personal data (for example, to access, correct or delete their personal data), and ensure appropriate security protections are put in place to protect the personal data they process.
2. Who does the GDPR apply to?
The GDPR applies to all entities and individuals based in the EU and to entities and individuals, whether or not based in the EU, that process the personal data of EU individuals.
The GDPR defines personal data as any information relating to an identified or identifiable natural person. This is a broad definition, and includes data that is obviously personal (such as an individual’s name or contact details) as well as data that can be used to identify an individual indirectly (such as an individual’s IP address).
2.1. Does the GDPR apply to my team or organisation?
Yes, if your my team or organisation is processing the personal data of EU individuals when using TeamCulture.ai Services.
3. What is TeamCulture.ai role under GDPR?
We act as both a data processor and a data controller under the GDPR.
TeamCulture.ai as a data processor: When customers use our products and services to process EU personal data, we act as a data processor. For example, we will be a processor of EU personal data and information that gets shared to our Services. This means we will, in addition to complying with our customers’ instructions, need to comply with the new legal obligations that apply directly to processors under the GDPR.
TeamCulture.ai as a data controller: We act as a data controller for the EU customer information we collect to provide our products and services and to provide timely customer support. This customer information includes things such as customer name and contact information.
4. What have we done to comply with GDPR?
TeamCulture.ai Services are designed to help your organisation meet the GDPR requirements
We conducted an extensive analysis of our operations to ensure compliance with the requirements of the GDPR before it went into effect. We reviewed our products and services, customer terms, privacy notices and arrangements for compliance with the GDPR. Our focus on privacy and compliance efforts are ongoing.
4.1. GDPR Contractual Requirements
We are committed to support your organisation to meet the GDPR contractual requirements.
We offer a Data Processing Agreement that supplements the User Agreement, as GDPR compliance requires data controllers to sign a Data Processing Agreement with any parties that act as data processors on their behalf. Please have an authorised individual to request for a Data Processing Agreement here.
Here are some of the measures that we has put in place to reflect that commitment:
- TeamCulture.ai will prevent unauthorised access to your employees’ personal data and never use your employees’ personal data other than as instructed by you or the employees;
- TeamCulture.ai will continue to improve its security infrastructures and maintain appropriate security measures to protect your employees’ personal information; and
- TeamCulture.ai will assist you with requests from your employees regarding their personal information that is processed using our Services.
4.2. Organisational Security
We are committed to protect and prevent unauthorised access to your employees’ personal data.
We take exhaustive steps to identify and mitigate risks, implement best practices, and constantly develop ways to maintain and improve our infrastructure and measures.
Here are some of the measures that we has put in place to reflect that commitment:
- TeamCulture.ai Services are hosted on DigitalOcean, an industry-leading SOC 2 Type II certified service provider, in data centres located in the United Kingdom.
- TeamCulture.ai ensures that, to the extent possible, your employees’ personal data is pseudonymised;
- TeamCulture.ai can restore the availability and access to your employees’ personal data in a timely manner in the event of a technical or security incident; and
- TeamCulture.ai is putting in place a process for regularly testing, assessing, and evaluating the effectiveness of technical and organisational measures to ensure the security of your employees’ personal data.
For more details regarding TeamCulture.ai’s commitment to invest in its security infrastructures, we invite you to read our Security page.
4.3. International Data Transfer
We committed to ensuring that all transfers of your employees’ personal data are and will be in compliance with the required international data transfer standards.
TeamCulture.ai’s Services are hosted in data centres located in the United Kingdom. In certain circumstances, we will process personal data that originates from the EU and other countries in the United States to provide our services to you. However, your employees’ personal data on our servers will remain within the region where you choose to host such data, unless we inform you otherwise.
5. What is the TeamCulture.ai Data Processing Agreement (“DPA”)?
Customers that handle EU personal data are required to comply with the privacy and security requirements under the GDPR.
As part of this, they must ensure that the vendors they use to process the EU personal data also have privacy and security protections in place. Our DPA outlines the privacy and security protections we have in place. We are committed to GDPR compliance and to helping our customers comply with the GDPR when they use our services. Please have an authorised individual to request for a Data Processing Agreement here.
5.1. Am I required to sign the TeamCulture.ai DPA?
In order to use our products and services, you need to accept our DPA, which you can request here. By agreeing to our terms of service, you are automatically accepting our DPA and do not need to sign a separate document.
5.2. Can I share the TeamCulture.ai DPA with my customers?
Yes. The DPA is a publicly available document and you may feel free to do so if you wish to share it with your customers to confirm our security measures and other terms.
5.3. Do I need to notify anyone upon accepting our DPA?
No. You are not required to notify us or any third party upon accepting our DPA though, as mentioned above, you are free to do so.
5.4. Are there unique DPA needs for individual countries?
The GDPR applies to all of the EU and we offer a DPA that is compliant in all EU countries.