Privacy Policy
1. Purpose
Culturequest (also referred to as “the Platform,” “we,” “our,” or “us”) is a well-being and culture measurement platform that provides data-driven insights to employees, teams, and organizations based on employee survey responses. As such, we are required to process personal data. In accordance with the General Data Protection Regulation (“GDPR”), we are obligated to inform you about certain aspects related to our processing of personal data, which are outlined below.
This Privacy and Data Policy explains how we process information about you when you:
- Use our platform (app.culturequest.io) as a private individual, interact with our marketing activities, or access our information website (culturequest.io);
- Participate in a team or organizational survey, where we act as the data processor on behalf of your employer or organization.
We collect and store personal data only when it is relevant and necessary. We place high demands on the security of our IT systems and on our employees’ handling of personal data to ensure that such data is always protected in accordance with applicable data protection laws.References in this Privacy Policy to “your employer” refer to the department that has entered into an agreement with us.
Your employer is the data controller for the processing of personal data under this Privacy Policy. We will process your personal data on behalf of your employer and in accordance with their lawful instructions, including those pursuant to the GDPR.
If there are any specific aspects you need to be aware of when using certain services, you will be informed accordingly at the time of use.
Below, you can read more about how we collect and process your personal data. For information on how to contact us, please refer to the “Contact” section below.
2. Personal Data We Collect
You may provide us with information about yourself when using the Platform:
- When you use the features of the Platform, including by filling out forms or completing surveys on or through the Platform. This information may include your name, photo, date of birth, gender, primary country of employment, company email address, company phone number, department, as well as any comments you provide about yourself or your colleagues’ performance in your respective roles. It may also include information about your employer, colleagues, or other third parties in the course of completing surveys or using other features of the Platform.
- If you contact or correspond with us (for example, by using any support function available on our site), we may retain a record of such correspondence (either directly or through our service providers). This may include any comments, opinions, and/or feedback you provide regarding the Platform, for instance during a trial period.
Your employer may provide us with information about you:
- When your employer creates a user profile for you in order to enable access to the Platform, allowing us to send you surveys, requests for individual feedback, and similar communications. This information may include your name, date of birth, gender, company email address, company phone number, and department.
- We may receive additional information from your employer, for example, to verify your eligibility to access and use the Platform.
Each time you complete a survey or otherwise use the Platform, we may automatically collect the following information:
- Technical information about your computer or mobile device for system administration and analytical purposes, including IP address, URL clickstreams, unique device identifiers, operating system, and network and browser type.
- Other usage-related data about your interaction with the Platform, such as pages viewed, time spent on the Platform, and data files uploaded to the Platform. This information may be linked to your profile or license.
We work closely with third parties (including, for example, business partners, subcontractors, and analytics providers) and may receive information about you from them. Information about third-party providers is outlined in the section below titled "Who We Share Your Personal Data With."
3. How We Use Personal Data
Please note that we collect, use, disclose, and/or otherwise process all information except personal data—including datasets you upload to the Platform—without limitation.
Once we have collected, received, or generated personal data from or about you, we may use such data for the purposes outlined below:
- To fulfil our obligations under the cooperation agreement with your employer
This includes providing your employer with aggregated and anonymized insights related to well-being and culture and, if necessary, preparing reports and analyses.
This includes data you have provided while using the Platform, such as during well-being surveys, combined with information from other employees and departments. These data sets may be compared with historical or future employee responses and/or industry benchmarks.
- To contact you based on individual responses that indicate concern or signs of distress
which may warrant a conversation with an external coach or your immediate manager. It is important to note that we can only encourage you to make use of such services in these situations. As a rule, we do not share this information with your employer unless you provide explicit consent.
- To contact you for your feedback
To contact you for your feedback regarding our services.
- To notify you of changes to the Platform
and any other services you are using from us, including informing you about new versions of the Platform, new features, functionalities, or service offerings.
- To handle any inquiries, correspondence, concerns, or complaints
raised by you or on your behalf, or by third parties (such as your employer) involving you, including any issues caused by your use of the Platform.
- To report to your employer
in relation to the use of the Platform.
We will use this information to:
- Administer and improve the Platform and our other services
including ensuring that content is presented in the most effective manner for you and your device.
We may combine information from various sources and use it together with the information you provide to us or that we collect about you. We use this data for the purposes outlined above.
In doing so, we process your personal data based on what your employer has determined, or where it is necessary for our legitimate interests. This includes fulfilling our agreements with your employer.
We will not investigate or analyze data with specific references to special categories of personal data without the express request and consent of your employer. For well-being surveys, we will not disclose employee identities to the employer unless strictly necessary. The data we collect is often used to generate comparisons with other companies in the same industry; however, in such analyses, your information will remain anonymous.
We share your personal data with selected third parties in accordance with applicable data protection laws:
Third parties and service providers we engage who provide tools and functionalities for the Platform and its related services;
Third partyServicePurpose
One.comHostingHosting af website
SentrySentryBug reporting
UsercentricsCookiebotCookie handtering
StorylaneDemoDemo
ApolloCRM and emailingCRM system
HerokuCloud hostingHosting and database
TwilioSendGridE-mail notifications
StripeStripePayment platformDetailed information and descriptions of the above-mentioned service providers can be found in Appendix 1 to this Policy.
We use external services on both our informational website and the Platform. Service providers are third-party services used on our sites for various purposes, such as embedding videos, ensuring website security, and more. When these services are used, personal data may also be disclosed to the respective providers of these external services. If we do not have a legitimate interest in using such services, we will obtain your prior and voluntary consent, as a visitor to our website, before doing so (Article 6(1)(a) of the GDPR).
Government or law enforcement authorities in connection with the investigation of unlawful activities or for other lawful reasons, including potential location data. We require our third-party service providers to implement appropriate and robust security measures to safeguard our users’ personal data, in accordance with our internal policies and applicable data protection legislation. We do not permit our third-party providers to use your personal data for their own purposes and only allow them to process our users’ personal data for specified purposes in accordance with our instructions.
4. Culture Surveys
In exceptional circumstances, your employer may request disclosure of your identity, or we may find it appropriate to do so without a specific request. This will only occur in extraordinary cases, such as situations involving a risk of physical harm or in order to prevent unlawful actions.
We will always strive to minimize the extent of any disclosure and limit the content to only the information strictly necessary. If required, we may ask for your consent before sharing your identity with your employer.
5. Where We Store Personal Data
When we use certain data processors and other partners, personal data may be transferred to recipients located in so-called third countries. Unless the third country has been approved by the European Commission as providing an adequate level of protection (including companies in the United States that are certified under the EU-U.S. Data Privacy Framework), the legal basis for such transfers is the European Commission’s Standard Contractual Clauses.
As a general rule, we do not transfer personal data to these service providers in the U.S. or other third countries for the purpose of delivering our services via the Platform. Data hosted by our service providers is located within the EU. We store personal data that we collect from or about you on servers located within the EU and the EEA.
If you would like more information about our transfer of personal data outside the EU/EEA, including a copy of the relevant transfer mechanism, you may request it by contacting us (see below).
6. How Long We Retain Your Data
We retain your personal data for as long as necessary to protect your rights, fulfil our contractual obligations to you or your employer, and comply with applicable legal requirements.
Data that can identify you will be deleted from the Platform within one month upon request from either the company or yourself. In the event of termination or deactivation of our relationship with your employer, your personal data will be anonymized or deleted within one month. Survey responses will then be retained in a fully anonymized format so that the anonymized data can contribute to our future data foundation.
We will not retain your personal data for longer than is reasonably necessary to use it in accordance with this Privacy Policy or with our legal rights and obligations.
7. Your Obligation to Provide Accurate Information
You have certain obligations under data protection law to provide us with accurate personal data and to ensure that it is kept up to date. We kindly ask that you always ensure the information you provide to us is accurate and complete.
8. Your Rights
As a user, you have certain rights under data protection legislation in relation to our processing of your personal data. These include:
- Right of access
You have the right to request a copy of the personal data we hold about you and to ensure that your information is accurate and up to date.
- Right to rectification
You have the right to request that we correct or delete personal data that you believe is inaccurate.
- Right to erasure
In certain circumstances, you have the right to request the deletion of your personal data before our standard retention period has expired.
- Right to object
In certain cases, you have the right to object to our otherwise lawful processing of your personal data. You may also object to the processing of your data for direct marketing purposes.
- Right to restriction of processing
In specific circumstances, you have the right to request that the processing of your personal data be restricted. If processing is restricted, we may—apart from storage—only process the data with your consent, for the establishment, exercise, or defence of legal claims, to protect another person, or for important public interest reasons.
- Right to data portability
In certain situations, you have the right to receive your personal data in a structured, commonly used, and machine-readable format and to have this data transmitted to another data controller without hindrance.
- Right to lodge a complaint with a supervisory authority
You have the right to lodge a complaint with the Danish Data Protection Agency if you are dissatisfied with how we process your personal data. You can find the Agency’s contact information at www.datatilsynet.dk.
If you wish to exercise any of your rights, please contact us using the contact information provided below. Please note that we may require proof of identity before we can act on your request. This is to ensure that we protect personal data and prevent unauthorized access.
9. Changes to Our Policy
Any future changes we make to this Policy will be published on our Platform, and you will be notified via email or another appropriate communication channel. Please check our Platform regularly for any updates or changes to our Privacy and Data Policy.
10. Contact
If you have any questions regarding the above or your rights under data protection legislation, you are always welcome to contact us at: info@culturequest.io.
11. Appendix 1
This appendix lists the service providers currently used by Culturequest:
Hosting of the information website culturequest.io.
- Our information website is hosted by:
One.com Group AB
Carlsgatan 3
211 20 Malmö, Sweden - New Relic
Our information website uses the New Relic service. The provider of this service is New Relic Germany GmbH, Neuturmstraße 5, Suite 02-101, 80331 Munich, Germany.
The use of this service may result in the transfer of data to a third country (USA). The provider of this service is certified under the EU-U.S. Data Privacy Framework and therefore ensures an adequate level of data protection.
Further information can be found in the provider’s privacy policy at the following URL: https://newrelic.com/termsandconditions/privacy
To comply with the requirements of the General Data Protection Regulation, we use a consent management tool on our information website. This tool allows us to obtain the necessary consents for setting cookies or using external services. We then store these consents.
The processing of data is necessary for compliance with a legal obligation to which the data controller (website operator) is subject. Article 6(1)(c) GDPR is therefore the legal basis for the processing.
If you wish to withdraw your consent, you may do so by contacting us directly using the information provided at the bottom of the page.
If you choose to withdraw your consent, this does not affect the lawfulness of our processing of your personal data based on the consent you previously provided up to the time of withdrawal. If you withdraw your consent, it will only take effect from that point forward.
- Cookiebot
Our information website uses the Cookiebot service. The provider of this service is Usercentrics A/S, Havnegade 39, 1058 Copenhagen, Denmark.
Further information can be found in the provider’s privacy policy at the following URL: https://www.cookiebot.com/de/privacy-policy/
A content management system enables the creation, editing, organization, and presentation of digital content. We use a CMS to create content for our information website. This allows us to design a more attractive website.
This processing is based on our legitimate interest (Article 6(1)(f) GDPR). Our legitimate interest is the technically correct presentation and optimization of our website.
- Webflow
Our information website uses the service Webflow. The provider of this service is Webflow, Inc., 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA.
Webflow may use global hosting services; however, when hosted locally on the web server, no data is transferred to third parties unless necessary for functionality. Further information can be found in Webflow’s privacy policy at: https://webflow.com/legal/privacy
Software frameworks facilitate interaction on our website by creating a standardized interface. Frameworks are used to reduce development effort for recurring software requirements and to ensure code and functionality reuse. Some frameworks implement security features to prevent misuse of the site. Frameworks can increase functionality, availability, security, and performance with minimal effort. Other use cases may also be covered by frameworks.
The processing is based on our legitimate interest in ensuring that the website functions as smoothly and reliably as possible for the user. The legal basis is Article 6(1)(f) GDPR.
- Storylane
Our information website uses the Storylane service. The provider of this service is Storylane Inc., 2261 Market St #4813, San Francisco, CA 94114, USA.
The use of this service may result in the transfer of data to a third country (USA). The data processing is based on the European Commission’s Standard Contractual Clauses. Further information can be found in the provider’s privacy policy at the following URL: https://www.storylane.io/privacy-policy
We use a customer relationship management system to better manage our customer relationships. This enables us to clearly organize relationship processes with existing and potential clients. As a result, personal data such as a customer's name and address is processed.
Processing occurs only if you have given prior, specific, and voluntary consent to this data processing (via our consent banner on the website). The legal basis for this processing is consent under Article 6(1)(a) GDPR. Without your consent, data processing as described will not take place. If you withdraw your consent (e.g., via the consent banner or other available options on this website), we will cease the processing. The lawfulness of processing carried out before the withdrawal remains unaffected.
- Apollo.io
Our website uses the Apollo.io service. The provider of this service is Apollo.io, Inc., 835 Howard Street, San Francisco, CA 94103, USA.
The use of this service may result in the transfer of data to a third country (USA). The provider is certified under the EU-U.S. Data Privacy Framework and ensures an adequate level of data protection.
Further information can be found in the provider’s privacy policy at the following URL: https://www.apollo.io/privacy-policy
Hosting of platform app.culturequest.io
- Our platform is hosted by:
Heroku
A Salesforce company
415 Mission Street, 3rd Floor
San Francisco, CA 94105, USA - Heroku
Our platform uses Heroku for cloud hosting and storage. The provider is Salesforce.com, Inc., 415 Mission Street, 3rd Floor, San Francisco, CA 94105, USA.
The use of this service may result in the transfer of data to a third country (USA). The provider is certified under the EU-U.S. Data Privacy Framework and provides mechanisms to ensure an adequate level of data protection.
Further information can be found in the provider’s privacy policy at the following URL: https://www.salesforce.com/company/privacy
- Auth0
Our platform uses the Auth0 service for authentication and user management. The provider is Auth0 Inc., 10800 NE 8th St, Suite 600, Bellevue, WA 98004, USA. Use of this service may result in data being transferred to a third country (USA). Auth0 is certified under the EU-U.S. Data Privacy Framework and provides a high level of security and compliance.
Further information can be found in the provider’s privacy policy at the following URL: https://auth0.com/privacy
- Twilio (SendGrid)
Our platform uses the SendGrid service provided by Twilio Inc. The provider is Twilio Inc., 375 Beale Street, Suite 300, San Francisco, CA 94105, USA.
Use of this service may result in the transfer of data to a third country (USA). The provider is certified under the EU-U.S. Data Privacy Framework, ensuring an adequate level of data protection.
Further information can be found in the provider’s privacy policy at the following URL: https://www.twilio.com/en-us/legal/privacy
- Stripe
Our platform uses the payment service Stripe. The provider is Stripe, Inc., 510 Townsend Street, San Francisco, CA 94103, USA.
The use of this service may result in the transfer of data to a third country (USA). Stripe is committed to maintaining a high level of data protection and undergoes annual SOC I and SOC II audits, ensuring an adequate level of protection.
Further information can be found in the provider’s privacy policy at the following URL: https://stripe.com/privacy
- Sentry
Our information website uses the Sentry service. The provider of this service is Functional Software, Inc., 45 Fremont Street, 8th Floor, San Francisco, CA 94105, USA.
The use of this service may result in the transfer of data to a third country (USA). The provider of this service is certified under the EU-U.S. Data Privacy Framework and therefore ensures an adequate level of data protection.
Further information can be found in the provider’s privacy policy at the following URL: https://sentry.io/privacy
Curious about more?
