<img src="https://www.companydetailscompany.com/797693.png" style="display:none;">

Privacy Notice

We understand that your privacy is important to you and that you care about how your Personal Data is used. This page sets out how we will collect and process any Personal Data we collect about you after completing a survey, visiting our website or enquiring about our Services.

By visiting www.workbuzz.com or using our Services, you are accepting and consenting to the practises described in this notice.

In this Privacy notice, a reference to:

 
 
  • WorkBuzz, we, us or our means WorkBuzz Analytics Limited of 5 Linford Forum, Rockingham Drive, Milton Keynes, MK14 6LY, UK and any of its related bodies
  • Employer or Service Provider means, in relation to you, the person or entity that has contracted with WorkBuzz to allow you to use WorkBuzz services
  • Survey respondent or invitee means the person providing information through a WorkBuzz survey or our Platform
  • Services mean our technology Platform, employee or service provider surveys or consulting services, and our website workbuzz.com
  • Platform means our survey tool, dashboards and analytics modules where you may administer surveys, complete these or access the results
  • Data Protection Legislation refers to the Data Protection Act 2018, the UK General Data Protection Regulation (UK GDPR), and any successor legislation or amendments to the Data Protection Act 2018 or UK GDPR, along with any other applicable laws and regulations concerning the processing of personal data and privacy in the UK
  • Personal Data, Data Controller, Data Processor, Data Subject and Process are as defined in the Data Protection Legislation

The person with responsibility for our data protection compliance is the Data Privacy Manager Ian Barrow, and they can be contacted via emailing: support@workbuzz.com.

We will act in respect of Personal Data to comply with the six principles of the GDPR, which are:

  • Lawfulness, fairness and transparency;
  • Purpose limitation;
  • Data minimisation;
  • Accuracy;
  • Storage limitation;
  • Integrity and confidentiality.

You have rights in respect of how your Personal Data can be Processed, which are detailed below.

Data and Information security

 
 

We have put in place measures to prevent your Personal Data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your Personal Data to those of our people and other third parties who have a business need to know. They will only Process your Personal Data on our instructions and where they have agreed to treat the information confidentially and to keep it secure. We have put in place procedures to deal with any suspected data security breach and will notify you and the ICO of a suspected breach where we are legally required to do so.

WorkBuzz complies with industry best practices:

  • ISO27001 certified
  • RS 256-bit encryption for all data in transit and at rest
  • Data stored on secure Amazon Web Services
  • All laptops and computers are set up with full disk encryption by default

WorkBuzz is also Cyber Essentials certified. This means that WorkBuzz’s ICT defences have been assessed against a commodity-based cyber-attack. WorkBuzz also regularly undergoes independent penetration tests, by CREST approved testers, using the OWASP Application Security Verification Standard.

Our Compliance

GDPR Badge

GDPR - General Data Protection Regulation

WorkBuzz is compliant with the GDPR and the latest EU laws with our handling of personal data.

Workbuzz ISO 27001 Certification Badge

ISO/IEC 27001

WorkBuzz is certified to ISO/IEC 27001, the globally recognised standard for Information Security Management System (ISMS).

View our certificate here

CCPA Badge

CCPA - California Consumer Privacy Act

WorkBuzz is compliant with the California Consumer Privacy Act (CCPA).

Cyber Essentials Certified Badge

Cyber Essentials

WorkBuzz is Cyber Essentials certified.

View our certificate here

Your rights

Under certain circumstances, you have the right by law to:

 
 
  • Request access to your Personal Data. This enables you to ask to receive a copy of the Personal Data that we hold about you and to check that we are lawfully processing it.
  • Request correction of the Personal Data that we hold about you
  • Request erasure of your Personal Data
  • Object to Processing of your Personal Data where we are relying on our legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground. You also have the right to object to where we are processing your personal information for direct marketing purposes.
  • Request the restriction of processing of your Personal Data
  • Request the transfer of your Personal Data to another party

Collection, use and disclosure of personal data

We collect and Process data for the following reasons:

 
 
  1. Personal Data collected and created in relation to our employee or service provider survey services; and
  2. Personal Data relating to people who have asked to receive our newsletters and other information services or marketing materials; and
  3. Personal Data relating to our people, which means those people working for our company, or providing services to us, including employees, consultants, temporary or casual workers and contractors.

All of our employees are required to abide by our Privacy notice when handling Personal Data and will be provided with appropriate data protection training. Any breach of data protection will be taken seriously and may result in disciplinary action. Our Data Privacy Manager will provide advice and guidance to our people on data protection issues, as is required.

 

Links from our website

 
Our websites may, from time to time, contain links to and from the websites of third parties that we permit to make such links. If you follow a link to any of these websites, please note that these websites have their own privacy policies and that we do not accept any responsibility or liability for these policies. We recommend that you check these policies before you submit any Personal Data to these websites.

Cookies

 
 

Like almost all other professional websites, we use cookies to improve your experience. A cookie is a small file that asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyse web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

A cookie in no way gives us access to your computer or any personally identifiable information about you, other than the data you choose to share with us.

For more information, please see the WorkBuzz Cookie Policy.

Changes to your personal data

 
 

It is important that the personal information that we hold about you is accurate and current. Please tell us if your personal information changes during your relationship with us.

 Where we store your personal data and how this is processed

 
 

The way your data is stored and Processed will depend on the nature of it and how we have received it:

  • All Personal Data directly related to performing our Services and provided by survey respondents is only processed within the UK and EEA.  Section B (For our Survey Respondents) provides more information, including when this data is disclosed to third parties and how long it is retained for

  • Some Personal Data gathered through other sources, such as when you download an eBook or guide through our website, may be Processed outside of the UK and EEA, provided this is adequately protected, as required by UK and EU GDPR, by trusted suppliers under the UK and EU Standard Contractual Clauses (SCCs) and Binding Corporate Rules (BCRs). See Section C.

 

The grounds on which we hold personal data

 
 

In order to Process Personal Data, we must have valid legal grounds to hold and manage it in accordance with Data Protection Legislation.

In relation to our clients, it is likely that our legal ground will be that we are processing personal data, for which they are the Controller, in order to perform the services under our contract with them.

In relation to our employees, our grounds for Processing their Personal Data may be both (1) under contract; and (2) our legitimate interest in holding the data (for example, the need to hold certain employee records).

Where individuals have asked to be added (or opted-in) to our database, our reason for holding their data may be based on their consent (as well as in certain circumstances on our legitimate interest).

Where our processing of Personal Data is based on the Data Subject’s consent, it may be possible for the Data Subject to withdraw that consent (and thereby our ground for holding their Personal Data). In that event, we will stop the processing of their Personal Data.

We will only share your Personal Data with third parties on the same basis: where we have valid legal grounds to do so. We may share your Personal Data where necessary to perform a contract with you, where it is in our legitimate interest to do so or when you have specifically consented to it.

Finally, there are some other valid grounds for Processing (or sharing) Personal Data:

  1. where there is a legal obligation that we must;
  2. where it is of vital interest that we should share the Personal data (to protect someone’s life); or
  3. where it is part of a public task or official function.
 

Section B: For our survey respondents

 
 

We are the Data Processor of the Personal Data supplied to us by our clients, who remain the Data Controller in respect of their Personal Data. We are therefore responsible for making sure that our systems, processes and people comply with the relevant data protection laws as a Data Processor of that Personal Data.

 

Collection

 
 

When entering into an agreement with WorkBuzz, your employer or service provider may share with us, or upload directly to our Platform, certain demographic and Personal Data, which may, for example, include name, age, gender, email address, job title, level of seniority, department, work or service start date, and primary location.

The other data we collect about you is provided by you in the survey itself:

  • Survey data: we store the survey data (questions and answers) respondents complete or submit via our Platform
  • Other data you submit: we may collect your personal information or data if you submit it to us in other contexts. For example, by giving us a testimonial, by entering a contest or entering into correspondence with us.

Each time you complete a survey or use our Platform, we may collect information about you including, when and how you use the Platform; any comments or feedback you provide to us; technical information about your computer or mobile device for analysis and system administration, such as your IP address, operating system and browser type.

 

Use

 
 

We may use the personal information we hold in the following ways:

  • To provide your employer or service provider with reports and analysis, summarising the information gathered through our Platform and surveys.  This may include demographic analysis, based on the respondent’s survey answers or demographic information provided by you
  • We will take all reasonable steps to protect respondents’ confidentiality, like merging their feedback with other employees’ – please see our Confidentiality Promise for more information
  • To notify you about changes to our Platform or our Services that you use
  • To deal with any enquires, correspondence or complaints you have raised or have been raised by other parties relating to your use of our Platform or Services
  • To compile usage reports of our Platform or Services
 

The Grounds on which we Process Personal Data

 
 
  • In order to Process Personal Data, we must have valid legal grounds to hold and manage it in accordance with Data Protection Legislation
  • In relation to our clients, it is likely that our legal ground will be that we are Processing their Personal data in order to perform the services under our contract with them
  • In relation to our employees, our grounds for Processing their Personal Data may be both (1) under contract; and (2) our legitimate interest in holding the data (for example, the need to hold certain employee records)
  • Where individuals have asked to be added to our database, our reason for holding their data may be based on their consent (as well as in certain circumstances on our legitimate interest)
  • Where our processing of Personal Data is based on the Data Subject’s consent, it may be possible for the Data Subject to withdraw that consent (and thereby our grounds for holding their Personal Data). In that event, we will stop the processing of their Personal Data.
  • We may only share your Personal Data with third parties on the same basis: where we have valid legal grounds to do so. So, we may share your Personal Data where necessary to perform a contract with you, where it is in our legitimate interest to do so or when you have specifically consented to it.
  • Finally, there are some other valid grounds for Processing (or sharing) Personal Data: (i) where there is a legal obligation that we must; (ii) where it is of vital interest that we should share the Personal data (to protect someone’s life); or (iii) where it is part of a public task or official function

Disclosure

We may share your personal information to other third parties inside the EEA:

 
 

We may also disclose your information:

  • In the event that we sell or buy any business or assets, in which case we may disclose your Personal Data to the prospective seller or buyer of such business or assets
  • If WorkBuzz Analytics Limited or substantially all of its assets are acquired by a third party, in which case Personal Data held by it about its customers will be one of the transferred assets
  • If for the purposes of delivering our services, a third party is required who complies with the GPDR.  For example, if we require to print, post and capture large amounts of paper surveys outside of the UK
  • If we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation, or in order to enforce or apply our Terms of Use or Terms of Subscription and other agreements; or to protect the rights, property, or safety of WorkBuzz Analytics Limited, our customers, or others.

In respect of all disclosures of Personal Data, we will only share the personal information which is necessary for the particular purpose for which it is provided, or where we have another legitimate interest in doing so (weighed up against your rights to have your data protected), and we will ensure that the Personal Data is appropriately protected.

3rd party providers 3rd party policies
Alchemer We may use Alchemer (.eu for EU servers) to host bespoke surveys, such as research whitepapers or competitions.
“With Alchemer, you can have a peace of mind that data is collected, stored, and processed with the appropriate levels of sensitivity – always meeting or exceeding GDPR compliance.”(Alchemer, n.d.)
Amazon Web Services WorkBuzz websites are hosted on Amazon Web Services (AWS) in London and Dublin. Amazon confirms that all AWS services can be used in compliance with the General Data Protection Regulation (GDPR).
(Amazon, n.d.)
bakergoodchild Where large numbers of paper surveys are required, we will work with bakergoodchild to print, distribute and data capture paper surveys. For projects outside of the UK, we reserve the right to work with local partners after carrying out due diligence.
Datadog Datadog provides WorkBuzz with infrastructure monitoring so our engineering teams can maintain, optimize and secure our cloud environments. Datadog is confirmed as compliant with General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). Please see their Privacy Policy for more details.
FireText WorkBuzz may use FireText to support projects that require an SMS campaign to distribute survey links or similar.
“In order to fully comply with EU GDPR, FireText shall […] Keep all personal information (including employee information) secure, regardless of its format or category, or the process or activities which use it, so as to prevent accidental or unauthorised loss, theft or breach.”
(FireText, n.d.)
MailJet We use MailJet to send our survey email invitations, using their European servers.
“We are proud to announce our complete implementation of all GDPR’s rigid requirements as of December 2017.”
(Mailjet, 2018)
Microsoft Provides Office 365 and email, which we will use when corresponding with you
Salesloft WorkBuzz uses Salesloft to engage with prospects. Please refer to their Privacy Policy.
Vidyard WorkBuzz uses Vidyard to send personalised video messages. Please refer to their Privacy Policy.
 
 

Retention

 
 

Reasonable measures are taken by each WorkBuzz employee who is responsible for client relationships to adhere to the WorkBuzz retention schedule:

  • After a project has finished, there may be cause to review the Personal Data which was shared as part of the project, in order to deal with any queries. For that reason, the client’s Personal Data will be stored for up to 12 months after the project has finished or the company has terminated their contract with WorkBuzz unless specifically requested. This will be audited internally every December to ensure compliance.
  • If a client has signed up for continuous pulse surveys and decides to cancel their account, we will delete all Personal Data within 90 days of receiving this instruction
  • Email inboxes are continually monitored by the mailbox owner with an annual review taking place in December. For that reason, data may be stored in Mailboxes for up to 12 months.
 

Section C: For our non-survey respondents

 
 

We are the Data Controller of the Personal Data supplied to us through our websites. We are therefore responsible for making sure that our systems, Processes and people comply with the relevant data protection laws in respect of that Personal Data.

Collection

 
 

We collect and process the following data about you:

  • Information you give us:
  • When you contact us or subscribe to our content, such as our newsletter, we collect your contact details, including your name and email address
  • We may collect your personal information or data if you submit it to us in other contexts. For example, by giving us a testimonial, by entering a contest or entering into correspondence with us.
  • Personal Data may also be collected from you during the application and selection Process should we advertise any vacancies (for example via your application form and CV)

We may receive information about you if you use other websites we operate. We also work with third parties, including affiliate partners, sub-contractors, advertising networks, search engine providers and analytics providers and may receive information about you from them.

 

Use

 
 

We may use the personal information we hold in the following ways:

  • For marketing activities
  • For recruitment purposes
  • To deal with any enquires, correspondence or complaints you have raised or have been raised by other parties relating to your use of our Platform or Services

If you have opted in to receive our newsletters, other information services or marketing materials, we will use your personal information to distribute this/these to you.

If you have applied for a role with WorkBuzz, either advertised or speculatively, Personal Data will be used for HR administration and management in respect of the selection of people to work for us (including suitability, eligibility and/or fitness to work).

Disclosure

 
 
GoDaddy We use GoDaddy to host our websites.

“We will only share information about you that is necessary for the third party to provide the requested service. These companies are prohibited from retaining, sharing, storing or using your personally identifiable information for any secondary purposes.”

(GoDaddy, n.d.)

Client Success We use the Client Success platform to help manage all customers SOC 2 and GDPR compliant
Crowe LLP Our Accountants for all WorkBuzz related accounting information

Subject to the ICAEW Code of Ethics and authorised and regulated by the Financial Conduct Authority. Crowe U.K. LLP comply with the EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework.

HubSpot We use HubSpot as our CRM system.

“The HubSpot platform is hosted in trusted third-party data centre providers in the US, and the data stored by HubSpot is stored in the US. HubSpot partners with the world’s leading data centre providers in order to provide our services to you. Currently, the primary HubSpot infrastructure is hosted with Amazon Web Services in the US-East-1 region. Amazon Web Services maintains ISO 27001, SOC 2 Type II, and several other certifications to demonstrate the rigor of their hosting and infrastructure management program.”

(HubSpot, n.d.)

Zendesk We use Zendesk as our customer support ticketing system.

We provide our customers compliance with high security standards, such as encryption of data in motion over public networks, auditing standards (SOC 2, ISO 27001, ISO 27018), Distributed Denial of Service (“DDoS”) mitigations, and a Support team that is on-call 24/7.

For more information, please see Zendesk’s privacy policy, here

 

Retention

 
 

Data provided to WorkBuzz via any of our websites are provided in full knowledge of its future use, with explicit consent in relation to each of the proposed uses. Those who leave their details may opt-in to receive marketing updates from WorkBuzz. Until a person in our marketing database unsubscribes or requests to be forgotten, they will remain a part of it.

Upon unsubscribing, Personal Data will be retained for up to 90 days prior to deletion from our systems.

If you have shared your Personal Data in the form of a role application, WorkBuzz will keep the Personal Data of applicants who we do not employ for up to 12 months after we receive it.

Changes to this privacy notice

 
 

Any changes we may make to our privacy notice in the future will be posted on our website, so please ensure that you are viewing the correct version. Please contact us if you have any questions, comments or requests regarding this privacy notice.