Qulture.Rocks’ mission is to help you and your company unlock potentials. For this to happen on our Platform, it is important that you entrust your data to us. We take this responsibility very seriously and go to great lengths to protect your information.
Version 1.0 – Effective from March, 1st, 2020.
The Qulture Platform works on a B2B system, that is, the partners that hire our services are companies and, potentially, all employees of a partner company will become users. In this way, we collect both personal and professional data of the employees of those partner companies that hire our performance management services.
There are some types of users on the Platform, one of them is the administrator of the partner who contracts the services provided by Qulture. This user has the power to manage others. The only way someone can become a Platform user is when the administrator registers the employees in the Qulture system.
A user has several fields with information regarding him and they must be filled out so that the user can have the complete experience on the Platform. Some of these are mandatory and must be validly completed and others are optional. Availability and obligation will depend on each partner. In addition, the system allows partners to create custom fields for users to fill in information, such as “Linkedin URL” or “T-shirt size”.
Apart from name and email address, all fields are subject to visibility permission and editing setting. This means that it is possible for an administrator to create a field that you cannot edit or view. To learn more about which fields your company has, contact firstname.lastname@example.org.
When registering a user, the administrator must enter the name and email address compulsorily. If the company uses login by CPF, the email address becomes optional and this field becomes mandatory instead.
We recommend that you keep your password for accessing the Platform completely confidential and never share it with third parties. We do not ask the user to tell us their password outside the website, by phone, email or any other means of communication.
Your personal data and information are collected as follows:
Além dos campo obrigatórios (nome e email), a Plataforma possui os seguintes campos opcionais:
In addition to the mandatory fields (name and email address), the Platform has the following optional fields:
I. User fields utilized for register management:
II. User fields utilized for: (i) performance analysis and professional development of employees and (ii) behavioral analysis while using the platform:
We also collect data from the optional fields.
Through the Platform, you can insert content such as feedbacks, comments, OKRs / Goals, performance reviews, annotations in 1: 1s, public praise, tasks, feeling of the week, Career planning or individual development plan, depending on the Products activated by your partner. This information is used by you and your company to perform performance management and professional development.
The Platform also allows you to insert a photo to facilitate its identification. For example, when a colleague sends you feedback, they can see your photo.
When you interact with the Platform, we also collect your access data, such as browser information (name, version), operating system (name and version), when applicable, monitor resolution, city, country, IP address (which allows us to know the city from which the access was made), URLs visited, components of the interface with which you interacted, as well as the date and time of each action. We use this data to record both the activities of users and the platform, as well as to investigate possible problems. We may also use this information in cases where it is necessary to prove to the administrator of your company any actions taken and also to better understand the integration of users with the Platform so that we can always improve it.
With each update or change in these documents, you will need to reread and accept again to continue using the Platform. We may make updates or changes, for example, if we change the purposes for which we collect your data.
We may also send notices and notifications to your email address regarding the operation of the Platform.
Whenever you wish, you can withdraw your consent by sending the request to email@example.com. Your company’s administrator will be notified and your data will be removed from the Platform within 30 days.
To request a change or correction of personal data on the Platform, you may get in touch with your company’s administrator, or you may contact us – send an email to firstname.lastname@example.org or call in the chat. We will contact your company’s administrator so that your data can be corrected.
You can request access to your data whenever you want by sending a request to email@example.com. We can take up to 30 days to send the report.
You can request the deletion of your data or prevent the processing of some of that data at any time. Just send a request to firstname.lastname@example.org. Before deleting your data, we will notify your company’s Platform administrator and verify that there is no legal reason why this action should not be carried out. The deadline for deleting the data is up to 30 days. Your data will be deleted from the Platform’s official environment database. Even after the exclusion, carried out as explained here, Qulture, for legal reasons, will keep part of your name and CPF.
In order to guarantee the recovery of our services, we have an automated database backup system. These files are stored with encryption and retained for 6 months. It would be extremely complex for us to delete all of your data from all backups. Encryption ensures that, even if a third party were able to access the files, they would not be able to read the data without deciphering the encryption.
We emphasize here that your data will only be recovered by Qulture in the event of information security incidents (such as data leakage) or if Qulture is required to comply with legal and contractual obligations. Rest assured that this never happened and has a very low chance of occurring. Even so, we guarantee that we will keep the commitment to delete your data after the incident or the fulfillment of the legal obligation if these procedures are carried out.
We also store backups of server log files, that is, records of interactions that users have had with our Platform. The same rule applies: your data will not be deleted from these backups, due to the high technical complexity, but will not be recovered and will be destroyed when the backups are deleted.
If needed, you can request the export of your data to transfer to another system by sending an email to email@example.com. We will notify the Administrator of your company and send you the content within 30 days.
Your data is used only by your company and Qulture. Your company will be able to use the collected data to analyze its performance, assist in its professional development and make professional decisions. Get in touch with your company’s Administrator on the Platform to clarify about how they use your data.
Qulture uses your data to: (1) help with technical support, (2) analize product usage and (3) create analytical reports for your company and (4) business reports.
If you have any questions about how your data is used, just send an email to firstname.lastname@example.org.
In order to offer you high quality technical support, Qulture employees who are responsible for the service have access to your personal data and actions taken on the Platform, as well as any data you enter, feedbacks, compliments, IDPs, OKRs, Comments, Tasks, or performance evaluations. Our staff is properly trained and qualified to take care of the confidentiality of your data with maximum security. That way, whenever you need help and call our support, they can know what company you work for, what you were trying to do and then help you more quickly and efficiently.
In order to update the Platform’s features, identify opportunities for improvement and any problems, we also need to look at the Platform’s usage data. To carry out these analyzes, we look at users’ information in an anonymous way. We analyze usage statistics, without looking at the data that can identify you, such as shipping numbers feedbacks, compliments, performance evaluations, OKRs, IDPs, comments, tasks, component clicks, receipt, opened emails and click in emails.
An example of these analyzes is the use of data entered by users to answer questions such as “How many feedbacks were exchanged this month?” or “How long does a performance evaluation last?”.
Qulture highly values the growth of its clients. For this, we generate several analyses of usage and results of the Platform for our customers and partners. For example, after a performance evaluation, we can create a report by crossing response data with demographic data to answer questions such as “Which area received the best averages in leadership?”. We only generate these reports when requested by our customers or partners.
In such cases, your data may be used in a non-anonymous way, but only your company will be able to see it. That is, your data and personal information will not appear in the reports for other Qulture clients or partners. For more information about these analyzes, send an email to: email@example.com.
Qulture is proud to be building a large community focused on high performance and professional development. In this context, we take part in events, consult with other companies and add behavioral analysis in performance management to our Platform. In these cases, we only use anonymized data, that is, data that does not identify any user. At no time does Qulture give up protecting the personal data of users’ collected data.
Cookie, in the context of the internet, is a text that the server sends to your browser with some information that optimizes its use.
In our Platform, we keep your user ID in an encrypted form in order to control your session as a user logged into the system, for example, to find out how long you have been logged in. If this file is changed, it becomes invalid.
Qulture does not exchange or sell your data to any third party. All third parties to which Qulture sends its data aim to improve the User experience on the Platform, improvements in information security and Platform improvements.
To deliver a quality service, we rely on third-party services. This section provides a description of all the services to which we send the data and information of the users we collect on the Platform and for what purposes.
The security of your data is critical to Qulture. For this, we use the best technologies, always updated in their latest stable versions and we only keep partners with a high commitment to data security.
To avoid accidents and violations regarding your personal data, we have a checklist that the engineering team needs to follow whenever dealing with the infrastructure and software development. Checks range from strict permissioning to backup policy settings.
If you want to learn more about software development practices at Qulture, send an email to firstname.lastname@example.org.
All Qulture employees who have access to user data are trained and only access the data when necessary. All access to User data on the Platform made by these employees is recorded with identification, action taken and time of access.
Whenever possible, we use the Qulture login with a double authentication factor (2FA). It is a simple measure that significantly lowers the chance of improper access to your data. For more information just check the link: https://qulture.rocks/add-ons/seguranca-avancada.
We have a weekly practice of mandatory information security study by all Qulture employees. Every week, all employees take courses, readings, watch videos and respond to assessments on various security-related topics, such as legislation, hacker attack methods, good password practices, among others.
Although we have never had a data leak, we know that, regardless of the daily effort, a small gap is enough for a data leak. We want to continue with this statistics, but in case it happens, we have the following policy:
To report security incidents, send an email to email@example.com describing as many details as possible. We will make every effort to respond as quickly as possible, within 24 hours.
As long as the service provision contract is valid, the users’ data will be stored in the system to guarantee the Platform functioning.
After the term of the contract, the Partner has up to 30 days to extract the data it needs. After this period, Qulture will destroy all data except for the full name of the collaborators and employees as well as the CPFs, or part of their name and CPF to fulfill legal obligations, which will be kept for 5 (five) years to fulfill their legal obligations.
Children under 16 are not allowed to register on the Platform. If you are aware of data related to people under the age of 16 on the Platform, please contact us at firstname.lastname@example.org and we will verify and delete the data.
To contact us, just send an email to email@example.com or firstname.lastname@example.org. You can also talk to us via chat accessing the Platform.
Data Protection Officer (DPO): Francisco Mello (email@example.com).