WorkBuzz Privacy Notice

 

The way your data is stored and Processed will depend on the nature of it and how we have received it:

• All personal data directly related to performing our services and provided by survey respondents is only processed within the UK and EEA. Section B (For our Survey Respondents or WorkBuzz Dialogue Loop contributors) provides more information, including when this data is disclosed to third parties and how long it is retained for. 

• Some personal data gathered through other sources, such as when you download an eBook or guide, through our website, may be processed outside of the UK and EEA, provided this is adequately protected, as required by UK and EU GDPR, by trusted suppliers under the UK and EU Standard Contractual Clauses (SCCs) and Binding Corporate Rules (BCRs). See Section C. 

 

WorkBuzz are the Data Processor of the personal data supplied to us by our clients or provided to us by Dialogue Loop contributors, who remain the Data Controller in respect of their personal data. We are therefore responsible for making sure that our systems, processes and people comply with the relevant data protection laws as a Data Processor of that personal data. 

 

We may use the personal information we hold in the following ways:

• To provide your employer or service provider with reports and analysis, summarising the information gathered through our platform, surveys and Dialogue Loops. This may include demographic analysis, based on the respondent’s survey answers or demographic information provided by you. 
• For surveys, we will take all reasonable steps to protect respondents’ confidentiality, like merging their feedback with other employees’ to create aggregated data and ensuring that no individual can be identified from that data – please see our Confidentiality Promise for more information. 
• For contributors who choose to participate in a WorkBuzz Dialogue Loop and choose to respond anonymously, we will take all reasonable steps to protect contributors’ confidentiality. 
• To notify you about changes to our platform or our services that you use
• To deal with any enquires, correspondence or complaints you have raised or have been raised by other parties relating to your use of our platform or services
• To compile usage reports of our platform or services 

In order to process personal data, WorkBuzz must have valid legal grounds to hold and manage the data in accordance with Data Protection Legislation. 

 

• In relation to our clients, it is likely that our legal ground will be that we are processing their personal data in order to perform the services under our contract with them.
• In relation to our employees, our grounds for processing their personal data may be both:
  • under contract; and
  • our legitimate interest in holding the data (for example, the need to hold certain employee records)
• Where individuals have asked to be added to our database, our reason for holding their data may be based on their consent (as well as in certain circumstances on our legitimate interest).
• Where our processing of personal data is based on the data subject’s consent, it may be possible for the data subject to withdraw that consent (and thereby our grounds for holding their personal data). In that event, we will stop the processing of their personal data.
• We may only share any personal data with third parties on the same basis i.e. where we have valid legal grounds to do so. So, we may share your personal data where necessary to perform a contract with you, where it is in our legitimate interest to do so or when you have specifically consented to it.
• Finally, there are some other valid grounds for processing (or sharing) personal data
  • where there is legal obligation that we must;
  • where it is of vital interest that we should share the personal data (to prrotect someone's life); or
  • where it is part of a public task or official function

Disclosure

We may also disclose your information:

• In the event that we sell or buy any business or assets, in which case we may disclose your personal data to the prospective seller or buyer of such business or assets
• If WorkBuzz Analytics Limited or substantially all of its assets are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets
• If for the purposes of delivering our services, a third party is required to comply with the UK GPDR. For example, if we require to print, post and capture large amounts of paper surveys outside of the UK
• If we are under a duty to disclose or share your Personal Data in order to comply with any legal obligation, or in order to enforce or apply our Terms of Use or Terms of Subscription and other agreements; or to protect the rights, property, or safety of WorkBuzz Analytics Limited, our customers, or others.

In respect of all disclosures of personal data, we will only share the personal information which is necessary for the particular purpose for which it is provided, or where we have another legitimate interest in doing so (weighed up against your rights to have your data protected), and we will ensure that the personal data is appropriately protected. 

3rd party providers	3rd party policies
Amazon Web Services (AWS)	WorkBuzz websites are hosted on Amazon Web Services (AWS) in Dublin and London. Amazon confirms that all AWS services can be used in compliance with the General Data Protection Regulation (GDPR). (Amazon, n.d.)
Anthropic	Anthropic is an AI safety and research company that's working to build reliable, interpretable, and steerable AI systems. For full details on how they collect, use, disclose, and process personal data please visit their Privacy Policy
bakergoodchild	Where large numbers of paper surveys are required, we will work with bakergoodchild to print, distribute and data capture paper surveys. For projects outside of the UK, we reserve the right to work with local partners after carrying out information security due diligence.
Datadog	Datadog provides WorkBuzz with infrastructure monitoring so our engineering teams can maintain, optimise and secure our cloud environments. Datadog is confirmed as compliant with General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA). Please see their Privacy Policy for more details.
Deepl Translate	Free text responses provided by survey respondents can be translated into a number of languages by our translation service (“Free Text Translator”). Deepl Translate data centres is held in their data centre in Sweden.
FireText	WorkBuzz may use FireText to support projects that require an SMS campaign to distribute survey links or similar. “In order to fully comply with EU GDPR, FireText shall […] Keep all personal information (including employee information) secure, regardless of its format or category, or the process or activities which use it, so as to prevent accidental or unauthorised loss, theft or breach.” (FireText, n.d.)
Google Cloud	Google Cloud provides WorkBuzz with a hosting platform and complies with European, UK, EU-US and Swiss-US regulations and frameworks. For full details, please visit their Privacy & Terms.
Google Translate	Free text responses provided by survey respondents can be translated into a number of languages by our translation service (“Free Text Translator”). We specify that Google Translate holds data in their EEA data centres
MailJet	We use Mail Jet to send our survey email invitations, using their European servers. “We are proud to announce our complete implementation of all GDPR’s rigid requirements as of December 2017.” (Mailjet, 2018)
Microsoft	Provides Office 365 and email, which we will use when corresponding with you.
Vidyard	WorkBuzz uses Vidyard to send personalised video messages. Please refer to their Privacy Policy.
Sendgrid	We use Sendgrid to send out email invites to WorkBuzz Dialogue contributors and is simply a processing engine rather than a permanent storage provider, message bodies are only temporarily held (up to 72 hours) until delivery is confirmed and this is done via AWS within the US. Sendgrid is certified for GDPR, CCPA, and the EU-US Data Privacy Framework (DPF).
HeyGen	WorkBuzz use HeyGen to generate avatars and all servers are based in the US on AWS. HeyGen follows industry-standard SOC 2 practices and is certified for GDPR, CCPA, and the EU-US Data Privacy Framework (DPF). The creation of avatars does not use any personal data.
Langfuse	WorkBuzz use Langfuse to trace, evaluate, and monitor the performance and latency of our AI. Langfuse host their data in the Langfuse Cloud which is hosted on AWS in Dublin, Ireland.
PostHog	PostHog is an all-in-one product analytics and user behaviour tool that helps the WorkBuzz teams understand exactly how users interact with their apps and websites. Hosted on AWS servers in Frankfurt, Germany.
Clearfeed	WorkBuzz use ClearFeed as an internal ticketing system. ClearFeed is certified for GDPR,SOC 2 Type II and HIPAA.

We are the data controller of the personal data supplied to us through our websites. We are therefore responsible for making sure that our systems, processes and people comply with the relevant data protection laws in respect of that personal data.

 

Services in the EU. Amazon Web Services maintains ISO 27001, SOC 2 Type II, and several other certifications to demonstrate the rigor of their hosting and infrastructure management program.”

GoDaddy	We use GoDaddy to host our websites. “We will only share information about you that is necessary for the third party to provide the requested service. These companies are prohibited from retaining, sharing, storing or using your personally identifiable information for any secondary purposes.” (GoDaddy, n.d.)
Planhat	Planhat is our Client Relationship Management system. They adhere to GDPR compliant procedures and process data according to EU Data Protection Laws. For more information, visit their Legal page.
Crowe LLP	Our Accountants for all WorkBuzz related accounting information. Subject to the ICAEW Code of Ethics and authorised and regulated by the Financial Conduct Authority. Crowe U.K. LLP comply with the EU-U.S. Data Privacy Framework and Swiss-U.S. Data Privacy Framework.
HubSpot	We use HubSpot as our CRM system. “The HubSpot platform is hosted in trusted third-party data centre providers in the EU, and the data stored by HubSpot is stored in the EU. HubSpot partners with the world’s leading data centre providers in order to provide our services to you. Currently, the primary HubSpot infrastructure is hosted with Amazon Web Services in the EU. Amazon Web Services maintains ISO 27001, SOC 2 Type II, and several other certifications to demonstrate the rigor of their hosting and infrastructure management program.” (HubSpot, n.d.)
Zendesk	We use Zendesk as our customer support ticketing system. We provide our customers compliance with high security standards, such as encryption of data in motion over public networks, auditing standards (SOC 2, ISO 27001, ISO 27018), Distributed Denial of Service (“DDoS”) mitigations, and a Support team that is on-call 24/7. For more information, please see Zendesk’s privacy policy, here.

 

Any changes we may make to our Privacy Notice will be posted on our website, so please ensure that you are viewing the correct version. Please contact us if you have any questions, comments or requests regarding this privacy notice.

Updated 26th May 2026