fbpx

Privacy Policy – v1.0

Qulture.Rocks’ mission is to help you and your company unlock potentials. For this to happen on our Platform, it is important that you entrust your data to us. We take this responsibility very seriously and go to great lengths to protect your information.

This Privacy Policy intends to help you understand what information we collect on the Qulture.Rocks Performance Management Platform (“Platform”), the website (“Site”) and the Qulture.Rocks Academy (“Teachable”), why we collect them and how you can manage and delete them.

Version 1.0 – Effective from March, 1st, 2020.

Introduction

The Qulture.Rocks Platform enables performance management services to partners and users in order to provide them with the following functionalities (i) Performance Evaluation; (ii) Instant Feedback and Instant Compliments; (iii) Goals Management / OKRs; (iv) Conversations between leader and team member and (v) Individual development plan (IDP). Read more about the Platform’s services in the Terms of Use: https://qulture.rocks/en/terms-and-conditions-of-use.

What data we collect

The Qulture Platform works on a B2B system, that is, the partners that hire our services are companies and, potentially, all employees of a partner company will become users. In this way, we collect both personal and professional data of the employees of those partner companies that hire our performance management services.

There are some types of users on the Platform, one of them is the administrator of the partner who contracts the services provided by Qulture. This user has the power to manage others. The only way someone can become a Platform user is when the administrator registers the employees in the Qulture system.

A user has several fields with information regarding him and they must be filled out so that the user can have the complete experience on the Platform. Some of these are mandatory and must be validly completed and others are optional. Availability and obligation will depend on each partner. In addition, the system allows partners to create custom fields for users to fill in information, such as “Linkedin URL” or “T-shirt size”.

Apart from name and email address, all fields are subject to visibility permission and editing setting. This means that it is possible for an administrator to create a field that you cannot edit or view. To learn more about which fields your company has, contact legal@qulture.rocks.

When registering a user, the administrator must enter the name and email address compulsorily. If the company uses login by CPF, the email address becomes optional and this field becomes mandatory instead.

We recommend that you keep your password for accessing the Platform completely confidential and never share it with third parties. We do not ask the user to tell us their password outside the website, by phone, email or any other means of communication.

How we collect your data

Your personal data and information are collected as follows:

  1. Platform: your data and information will be collected when the partner enters your data on our platform or when you do;
  2. Website: your data and information will be collected when you register with our newsletter; and
  3. Teachable: your data and information will be collected when you register.

Optional fields

Além dos campo obrigatórios (nome e email), a Plataforma possui os seguintes campos opcionais:

In addition to the mandatory fields (name and email address), the Platform has the following optional fields:

I. User fields utilized for register management:

  1. Nickname;
  2. CPF;
  3. Date of admission;
  4. Date of birth;
  5. Photo;
  6. Identifier; and
  7. RG.

II. User fields utilized for: (i) performance analysis and professional development of employees and (ii) behavioral analysis while using the platform:

  1. Job title;
  2. Last Career Move Date;
  3. Termination date;
  4. Department;
  5. Salary range;
  6. Education;
  7. Location;
  8. Termination reason;
  9. Level;
  10. Country;
  11. Sex; and
  12. Area.

We also collect data from the optional fields.

Other collected data

Through the Platform, you can insert content such as feedbacks, comments, OKRs / Goals, performance reviews, annotations in 1: 1s, public praise, tasks, feeling of the week, Career planning or individual development plan, depending on the Products activated by your partner. This information is used by you and your company to perform performance management and professional development.

The Platform also allows you to insert a photo to facilitate its identification. For example, when a colleague sends you feedback, they can see your photo.

When you interact with the Platform, we also collect your access data, such as browser information (name, version), operating system (name and version), when applicable, monitor resolution, city, country, IP address (which allows us to know the city from which the access was made), URLs visited, components of the interface with which you interacted, as well as the date and time of each action. We use this data to record both the activities of users and the platform, as well as to investigate possible problems. We may also use this information in cases where it is necessary to prove to the administrator of your company any actions taken and also to better understand the integration of users with the Platform so that we can always improve it.

How consent works

When you access the Platform for the first time, we show you a screen explaining that, to use our service, it is necessary that you accept our Terms of Use and our Privacy Policy. It is very important that you read both documents before accepting.

With each update or change in these documents, you will need to reread and accept again to continue using the Platform. We may make updates or changes, for example, if we change the purposes for which we collect your data.

We may also send notices and notifications to your email address regarding the operation of the Platform.

Withdrawal of consent

Whenever you wish, you can withdraw your consent by sending the request to legal@qulture.rocks. Your company’s administrator will be notified and your data will be removed from the Platform within 30 days.

We emphasize that the withdrawal of consent means that you will not be able to use the Platform as described in the Terms of Use.

Management of your data

To request a change or correction of personal data on the Platform, you may get in touch with your company’s administrator, or you may contact us – send an email to help@qulturerocks.com or call in the chat. We will contact your company’s administrator so that your data can be corrected.

Access to data

You can request access to your data whenever you want by sending a request to legal@qulture.rocks. We can take up to 30 days to send the report.

Data exclusion – right to be forgotten

You can request the deletion of your data or prevent the processing of some of that data at any time. Just send a request to legal@qulture.rocks. Before deleting your data, we will notify your company’s Platform administrator and verify that there is no legal reason why this action should not be carried out. The deadline for deleting the data is up to 30 days. Your data will be deleted from the Platform’s official environment database. Even after the exclusion, carried out as explained here, Qulture, for legal reasons, will keep part of your name and CPF. 

Backup data

In order to guarantee the recovery of our services, we have an automated database backup system. These files are stored with encryption and retained for 6 months. It would be extremely complex for us to delete all of your data from all backups. Encryption ensures that, even if a third party were able to access the files, they would not be able to read the data without deciphering the encryption.

We emphasize here that your data will only be recovered by Qulture in the event of information security incidents (such as data leakage) or if Qulture is required to comply with legal and contractual obligations. Rest assured that this never happened and has a very low chance of occurring. Even so, we guarantee that we will keep the commitment to delete your data after the incident or the fulfillment of the legal obligation if these procedures are carried out.

We also store backups of server log files, that is, records of interactions that users have had with our Platform. The same rule applies: your data will not be deleted from these backups, due to the high technical complexity, but will not be recovered and will be destroyed when the backups are deleted.

Data export

If needed, you can request the export of your data to transfer to another system by sending an email to help@qulturerocks.com. We will notify the Administrator of your company and send you the content within 30 days.

Use of data

Your data is used only by your company and Qulture. Your company will be able to use the collected data to analyze its performance, assist in its professional development and make professional decisions. Get in touch with your company’s Administrator on the Platform to clarify about how they use your data.

Qulture uses your data to: (1) help with technical support, (2) analize product usage and (3) create analytical reports for your company and (4) business reports.

If you have any questions about how your data is used, just send an email to help@qulturerocks.com.

Technical support

In order to offer you high quality technical support, Qulture employees who are responsible for the service have access to your personal data and actions taken on the Platform, as well as any data you enter, feedbacks, compliments, IDPs, OKRs, Comments, Tasks, or performance evaluations. Our staff is properly trained and qualified to take care of the confidentiality of your data with maximum security. That way, whenever you need help and call our support, they can know what company you work for, what you were trying to do and then help you more quickly and efficiently.

Platform usage analysis

In order to update the Platform’s features, identify opportunities for improvement and any problems, we also need to look at the Platform’s usage data. To carry out these analyzes, we look at users’ information in an anonymous way. We analyze usage statistics, without looking at the data that can identify you, such as shipping numbers feedbacks, compliments, performance evaluations, OKRs, IDPs, comments, tasks, component clicks, receipt, opened emails and click in emails.

An example of these analyzes is the use of data entered by users to answer questions such as “How many feedbacks were exchanged this month?” or “How long does a performance evaluation last?”.

Analytics for your business

Qulture highly values the growth of its clients. For this, we generate several analyses of usage and results of the Platform for our customers and partners. For example, after a performance evaluation, we can create a report by crossing response data with demographic data to answer questions such as “Which area received the best averages in leadership?”. We only generate these reports when requested by our customers or partners.

In such cases, your data may be used in a non-anonymous way, but only your company will be able to see it. That is, your data and personal information will not appear in the reports for other Qulture clients or partners. For more information about these analyzes, send an email to: legal@qulture.rocks.

Business analysis

Qulture is proud to be building a large community focused on high performance and professional development. In this context, we take part in events, consult with other companies and add behavioral analysis in performance management to our Platform. In these cases, we only use anonymized data, that is, data that does not identify any user. At no time does Qulture give up protecting the personal data of users’ collected data.

Cookies policy

Cookie, in the context of the internet, is a text that the server sends to your browser with some information that optimizes its use.

How we use cookies

In our Platform, we keep your user ID in an encrypted form in order to control your session as a user logged into the system, for example, to find out how long you have been logged in. If this file is changed, it becomes invalid.

In this Site, we use cookies to optimize your experience. For example, we use cookies to store and remember your language preferences and to anonymously track website usage, such as how many visitors each page has and the source from which users come.

Transferring your data to other services

As stated in our Terms of Use, Qulture uses the services of Amazon Web Services in the United States region. Thus, by using the Platform you agree that your data is transferred and stored under the terms and conditions used by these services.

Qulture does not exchange or sell your data to any third party. All third parties to which Qulture sends its data aim to improve the User experience on the Platform, improvements in information security and Platform improvements.

Third Party Dependencies

To deliver a quality service, we rely on third-party services. This section provides a description of all the services to which we send the data and information of the users we collect on the Platform and for what purposes.

  1. Heroku:
    1. Server and database used by Qulture.Rocks that uses Amazon Web Services infrastructure.
    2. To provide its services, Qulture.Rocks needs a database for storing information. For that, Qulture.Rocks sends Heroku user’s data and information collected on the Platform.
  2. Hotjar: 
    1. A tool that analyzes the interaction between Users and the Platform to identify user behavior and implement improvements. In addition, Hotjar also triggers satisfaction surveys within the Platform itself.
    2. In order to provide its services, Hotjar requires identified data and information the Platform users. The data and information sent to Hotjar enables improvements to be implemented by the Qulture.Rocks team.
  3. Intercom: 
    1. Customer support service, help and communication center, to enhance users’ personalized service and communication experience.
    2. In order to provide its services, Intercom requires identified data and information of the Platform users. The identified data and information sent to Intercom is what allows tailored user service by the Qulture.Rocks team.
  4. Mixpanel: 
    1. Analysis service of user interaction with the Platform to make improvements to the Platform and solve problems, based on the collected information.
    2. In order to provide its services, Mixpanel requires identified data and information of the Platform users. The identified data and information from users sent to Mixpanel is what enables the implementation of improvements by the Qulture.Rocks team and the resolution of problems on the Platform.
  5. Papertrail: 
    1. Service for registering calls (requests) made by users to the Platform.
    2. In order to provide its services, Papertrail requires the sending of parameters for each call, so that users’ actions are triggered. We emphasize that encrypted data, such as passwords, are encrypted before being sent by Qulture.Rocks. The sending of each call’s parameters is what allows the user to interact with the Platform, either by reading or writing data. The stored logs allow the recovery of data that is not saved in the database, as well as the action record of each user.
  6. Planhat: 
    1. This service assists Qulture.Rocks in customer service, aiming to reduce the risk of cancellation of services, sale of Products and maximize the customer’s stay.
    2. In order to provide its services, Planhat requires the sending of identified data and information of the Platform’s users. The identified user data and information sent is what enables Qulture.Rocks to provide customer support services and carry out analyzes to implement improvements to the Platform.
  7. Segment: 
    1. Service that centralizes the monitoring of platform usage data. It feeds the other services used by Qulture.Rocks, namely Mixpanel, Intercom and Hotjar.
    2. In order to provide its services, Segment requires the sending of identified data and information of the Platform’s users. Segment is one of the tools that helps Qulture.Rocks to maintain the inviolability of user’s data and information, by monitoring access to the Platform. For that, Segment requires the sending of user’s identified data and information.
  8. Sendgrid: 
    1. E-mails sending service.
    2. To provide its services, Sendgrid requires the following user data: name, company and e-mail.
  9. Sentry: 
    1. Platform error tracking service.
    2. To provide its services, Sentry requires the following user data: IP. This data allows Qulture.Rocks to monitors the Platform and allows consequent errors monitoring.
  10. New Relic: 
    1. Platform error tracking service.
    2. In order to provide its services, New Relic requires the following user data: IP. This data allows Qulture.Rocks to monitors the Platform and allows consequent errors monitoring.
  11. Scout:
    1. Platform performance monitoring service.
    2. In order to provide its services, Scout requires the following user data: name, company and e-mail.

How we keep your data safe

The security of your data is critical to Qulture. For this, we use the best technologies, always updated in their latest stable versions and we only keep partners with a high commitment to data security.

To avoid accidents and violations regarding your personal data, we have a checklist that the engineering team needs to follow whenever dealing with the infrastructure and software development. Checks range from strict permissioning to backup policy settings.

If you want to learn more about software development practices at Qulture, send an email to legal@qulture.rocks.

All Qulture employees who have access to user data are trained and only access the data when necessary. All access to User data on the Platform made by these employees is recorded with identification, action taken and time of access.

Whenever possible, we use the Qulture login with a double authentication factor (2FA). It is a simple measure that significantly lowers the chance of improper access to your data. For more information just check the link: https://qulture.rocks/add-ons/seguranca-avancada.

We have a weekly practice of mandatory information security study by all Qulture employees. Every week, all employees take courses, readings, watch videos and respond to assessments on various security-related topics, such as legislation, hacker attack methods, good password practices, among others.

How we handle suspected personal data breaches

Although we have never had a data leak, we know that, regardless of the daily effort, a small gap is enough for a data leak. We want to continue with this statistics, but in case it happens, we have the following policy:

  1. Employees who notice a suspected leak should send an email to Qulture’s technology leader (CTO) with a copy to legal@qulture.rocks;
  2. The CTO will investigate the suspicion and, if confirmed, will notify the affected companies and users within 24 hours;
  3. The CTO will contact the engineering team so that the breach is eliminated as soon as possible;
  4. The engineering team will prepare a post-mortem report, describing, as far as possible, what the reason for the leak, who had access to the data, which users had the data exposed, what data was exposed, what actions will be taken to avoid a new leak with the same characteristics; and
  5. The CTO will send by email a report to the companies affected.

Security incidents

To report security incidents, send an email to security@qulture.rocks describing as many details as possible. We will make every effort to respond as quickly as possible, within 24 hours.

Data retention

As long as the service provision contract is valid, the users’ data will be stored in the system to guarantee the Platform functioning.

After the term of the contract, the Partner has up to 30 days to extract the data it needs. After this period, Qulture will destroy all data except for the full name of the collaborators and employees as well as the CPFs, or part of their name and CPF to fulfill legal obligations, which will be kept for 5 (five) years to fulfill their legal obligations.

Age limit

Children under 16 are not allowed to register on the Platform. If you are aware of data related to people under the age of 16 on the Platform, please contact us at legal@qulture.rocks and we will verify and delete the data.

Contact details

To contact us, just send an email to help@qulturerocks.com or legal@qulturerocks.com. You can also talk to us via chat accessing the Platform.

Data Protection Officer (DPO): Francisco Mello (dpo@qulture.rocks).