[Security] Betterworks Engage Privacy Policy

This privacy policy (“Policy”) explains how we collect, use and disclose information about our users when you use our mobile application (the “App”), our Web site (the “Site”) and other Betterworks Engage online products and services that link to this Policy (collectively, the “Service”). We refer throughout this Policy to our users as “User,” “you,” or “your,” and we also refer to users as, “Potential Customers” to denote those visiting or site or requesting information regarding our Services, “Customer Company” to denote our organizational clients, and “Employee User” to denote individual employees of Customer Company who are users of the App, the Site, and the Service through their employer. By using the Service, you consent to our collection, use and disclosure of your personal information as described in this Policy.

Through the Service, you can create questions anonymously, vote on questions anonymously, comment on questions anonymously and see other anonymous questions and comments from other users of the Service. When you share a Question through the app, you are anonymously sharing your Question with the users also using our Service and who have connected with the same Company Group as you. We may also choose to feature certain Questions, in which case such Questions may be anonymously shared with all users of the Service.

We take your privacy seriously. If you have any questions about this Policy or about privacy at Betterworks Engage, please contact us at security@betterworks.com.

What Data Do We Collect?

Personal Data

Personal Data We Collect from Customer Companies

When a Customer Company indicates interest in our Service, we collect the following information via our sign-up form: full name, email address, company name, phone number, and size of company. We collect this information through a landing page which an interested Customer Company might access through forms on various directory services detailed in our Third Party Provider.

Personal Data We Collect from Employee Users

We collect certain human resource (“HR”) information, and other information about Employee Users, from the Customer Company, and at the Customer Company’s option, such as: region of origin, name, email address, phone number, education, demographic data, and gender. This Data is provided by the Customer Company’s HR department, and is loaded and maintained in our system to allow for segmentation analytics.
As noted above, we collect certain HR information about Employee Users directly from the Customer Company.
When Employee Users answer surveys or engage in conversations with peers on the App, Site, or System by voting on surveys or engaging in text conversations between peers, we collect employee opinions from Employee Users. Employee User votes or comments are connected to their authors.

Tracking Data

When a User visits our Site, we use certain tracking data (“Tracking Information”). We use Intercom, Perspective API by Google Jigsaw, Mixpanel, Google Analytics, and Freshdesk for Tracking Information.
The following Tracking Information is collected: email address, device ID, IP address. We collect your email address, and our analytics provider, Mixpanel, collects other Tracking Information, such as IP addresses and device information, directly through inclusion of their sdk/pixel. Tracking Information is collected via the Site and our web-applications, as well as via our ios and android implementations.

Cookies and Use of Other Tracking Technology

When you visit our Site we use cookies, or similar technologies like single-pixel gifs and web beacons, to record log data. We use cookies, which are small data files stored on your hard drive or in device memory that help us to improve our Service and your experience, see which areas and features of our Service are popular, and count visits. We require cookies to keep Users logged in to our System; this is required to access the Service. We use both session-based and persistent cookies. Session-based cookies last only while your browser is open and are automatically deleted when you close your browser. Persistent cookies last until you or your browser delete them or until they expire. They are unique and allow us to do site analytics and customization, among other similar things. If you access our Site through your browser, you can manage your cookie settings.
We may also collect information using web beacons, also known as “tracking pixels.” Web beacons are electronic images that may be used in our Service or emails and help deliver cookies, count visits, understand usage, and campaign effectiveness, and determine whether an email has been opened and acted upon.

MixPanel uses code embedded in our site to track site pages visited for purposes of onboarding and serving our Company Customers and improving the Services. It collects name, contact information and uses code to track use of our Sites. Data is processed in the United States. Mixpanel is self-certified under the US-EU Privacy Shield and the Swiss-U.S. Privacy Shield framework to process data in the United States and data is only shared subject to a Data Protection Addendum. For more information please check out Mixpanel’s privacy policy.

How Do We Use Your Data?

We may use information about you for various purposes, including to:

  • Provide, maintain and improve our Service;
  • Provide and deliver the Service Customer Company requests and configures, process transactions and send you related information, including confirmations;
  • Investigate system issues that impact our ability to provide the Service to Users;
  • Send you technical notices, updates, confirmations, security alerts and support and administrative messages;
  • Respond to your comments, questions and requests and provide customer service;
  • Communicate to Customer Companies with you about products, services, offers, promotions, rewards and events offered by Betterworks and others, and provide news and information we think will be of interest to you;
  • Monitor and analyze trends, usage and activities in connection with our Service and improve and personalize the Service;
  • Personalize and improve the Service, content or features that match user profiles or interests;
  • Link or combine with information we get from others to help understand your needs and provide you with better service; and
  • Connect you with other users in your Contacts.

We will not sell, rent, or share Personal Data with third parties outside of our company without your consent, except in the following ways:

Law Enforcement and Internal Operations

Personal Data may be provided where we are required to do so by law, or if we believe in good faith that it is reasonably necessary (i) to respond to claims asserted against Betterworks or to comply with the legal process (for example, discovery requests, subpoenas or warrants); (ii) to enforce or administer our policies and agreements with users; (iii) for fraud prevention, risk assessment, investigation, customer support, product development and de-bugging purposes; or (iv) to protect the rights, property or safety of Betterworks, its users or members of the general public. We will use commercially reasonable efforts to notify users about law enforcement or court ordered requests for data unless otherwise prohibited by law. However, nothing in this Privacy Policy is intended to limit any legal defenses or objections that you may have to any third-party request to compel disclosure of your information.

Business Transfer

Betterworks may sell, transfer or otherwise share some or all of its assets, including your Personal Data, in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy. Under such circumstances, Betterworks will use commercially reasonable efforts to notify its users if their personal information is to be disclosed or transferred and/or becomes subject to a different privacy policy.

Third-Parties

We sometimes contract with other companies and individuals to perform functions or services on our behalf, such as software maintenance, data hosting, sending email messages, etc. We necessarily have to share your Personal Data with such third-parties as may be required to perform their functions. We take steps to ensure that these parties take protecting your privacy as seriously as we do, including entering into Data Processing Addendum(s), EU Model Clauses and/or ensuring these third-parties have EU-U.S. and Swiss-US Privacy Shield certification.

Third Party Service Providers

The following third-party processors collect personal data on our behalf and transmit it to us.

We use the following third-party providers:

Type of Provider Third-Party Provider Details
CRM and Support Heroku
Personal Information Collected: Name, Email Address, Employers, Purchase History
Purpose: Customer Relationship Management
Location of the Processing: United States
Privacy Policy: https://www.salesforce.com/company/privacy/
Basis for Processing: EU-U.S. Privacy Shield Certified, Swiss-U.S. Privacy Shield Certified, Data Processing Addendum,
Binding Corporate Rules, EU Standard Contractual Clauses.Intercom
Personal Information Collected: IP Address, Name, Email Address, Support Content
Location of the Processing: United States
Privacy Policy: https://www.intercom.com/privacy
Basis for Processing: EU-US Privacy Shield Certified, Swiss-US Privacy Shield CertifiedMixpanel
Personal Information Collected: IP Address, Email Address
Location of the Processing: United States
Privacy Policy: https://mixpanel.com/legal/privacy-policy/
Basis for Processing: EU-US Privacy Shield Certified, Swiss-US Privacy Shield CertifiedFreshdesk
Personal Information Collected: IP Address, Name, Email Address, Support Content
Location of the Processing: United States
Privacy Policy: https://www.freshworks.com/privacy/ and https://freshdesk.com/gdpr
Basis for Processing: EU-US Privacy Shield Certified, Swiss-US Privacy Shield Certified.
Web Analytics Google Analytics
Personal Information Collected: Cookies, IP Address
Purpose of Use: Analytics
Location of the Processing: United States
Privacy Policy: https://www.google.com/intl/en/policies/privacy/
Basis for Processing: EU-US Privacy Shield Certified, Swiss-US Privacy Shield Certified.New Relic
Personal Information Collected: Cookies
Location of the Processing: United States
Privacy Policy: https://newrelic.com/privacy
Basis for Processing: EU-US Privacy Shield Certified, Swiss-US Privacy Shield Certified.
Marketing Hubspot
Personal Information Collected: Name, Email Address
Location of the Processing: United States
Privacy Policy: https://legal.hubspot.com/privacy-policy
Basis for Processing: EU Standard Contractual Clauses, EU-US Privacy Shield Certified,
Swiss-US Privacy Shield Certified, Binding Corporate Rules.ZenProspect
Personal Information Collected: Name, Email Address
Location of the Processing: United States
Privacy Policy: https://www.zenprospect.com/privacy-policy
Basis for Processing: Data Processing Addendum with EU Standard Contractual ClausesMixmax
Personal Information Collected: Name, Email Address
Location of the Processing: United States
Privacy Policy: https://mixmax.com/legal/gdpr/, https://mixmax.com/privacy, and https://mixmax.com/eu-privacy
Basis for Processing: Data Processing Addendum, EU-US Privacy Shield Certified.Zapier
Personal Information Collected: Name, Email Address
Location of the Processing: United States
Privacy Policy: https://zapier.com/privacy/
Basis for Processing: EU-US Privacy Shield Certified, Swiss-US Privacy Shield Certified.

How is My Data Protected?

We have implemented reasonable administrative, technical and physical security measures to protect your personal information against unauthorized access, destruction or alteration. For example:

  • SSL encryption (https) where we deal with personal data. Personal Data is encrypted in transit using https/ssl/tls and encrypted at rest. Our database is encrypted and data transferred via sftp is encrypted using PGP.
  • Password protection on your account.
  • Rotating verification codes to access by some parties
  • Data is kept on secure, encrypted servers, located in the US.
  • Restricting staff access to Personal Data, protected by password logs and two factor authentication.
  • Non-Disclosure Agreements with vendors
  • Regular staff privacy and security training

However, because no security system can be 100% effective, we cannot completely guarantee the security of any information we store, process or transmit.

Payments Encryption: Betterworks utilizes only PCI-DSS compliant payment processing to ensure the security of your personal information.

Special Note Regarding Processing Employee User Data for Company Customers

Our Services involves the processing of Personal Data on behalf of our Customer Companies. When we do so, we are acting as processors for the controllers of such data. As such, we take steps to ensure that Personal Data subject to GDPR is processed in accordance with controller instructions and GDPR; such as entering into a Data Processing Addendum incorporating EU Standard Contractual Clauses governing the processing, transmission and use of such Employee User Personal Data. Customer Companies determine what data on Employee Users are collected and how it is used. If you wish to exercise your data subject rights to review, rectify, delete or port your Employee User Personal Data, please contact the controller to make such request. If you make the request to us, we will work with the controller to process and evaluate such request to confirm whether deletion is required by GDPR.

Your Choices

The foregoing rights apply to persons located in the European Economic Area and Switzerland

Right to Review and Rectify Your Personal Data

Customer Companies or Potential Customers can opt in or out of sharing certain Data either with us or with third parties via email, or via a “reply: to unsubscribe” response.

If you require assistance to change or delete inaccuracies within your Personal Data or would like to know what information about you was collected, please contact us at support@betterworks.com to initiate this process. We reserve the right to charge for copies of data requested. We will inform you by email of changes in the use of Personal Data.

Right to Remove or Withdraw Consent

Customer Companies and their authorized representatives have the right to withdraw consent where such consent is required to share or use data and you may request that we delete your Personal Data. If you receive communications from us and no longer wish to receive them, please follow the removal instructions in the email or change your account settings. Customer Companies can delete Personal Data by emailing us at support@betterworks.com to let us know they wish to terminate their Betterworks Engage engagement. Employee Users wishing to delete data should contact the applicable Company Customer. Deleting your Personal Data does not mean that all of it will be removed. We take steps to delete Personal Data that is no longer necessary in relation to provide the Services by deleting it within 90 days of you terminating your account.. We may be required by law to retain it, or to exercise or defend legal claims, or contractual obligations with our Company Customers to retain some information in connection with our obligation to provide the Services. We also may de-identify and anonymize some data for purposes of retaining it.

Data Portability

If you would like us to transmit your Personal Data to another company providing similar services, we will work with them to do so upon request and verification of such request with both the requestor and the company receiving the Personal Data.

Right to Redress

If you are located in the European Economic Area (EEA) and you believe we have violated any data protection laws you may file a complaint with the Information Commissioner’s Office in the United Kingdom.

Transnational Transfer of Data

If you are providing your Personal Data to us directly to use our Services, we will transmit your data, including your Personal Data, to the United States in order to fulfill our contractual obligations to you.

Your California Privacy Rights

California residents who have an established business relationship with Betterworks may make a written request to Betterworks about whether Betterworks has disclosed any Personal Information to any third-parties for the third-parties’ direct marketing purposes during the prior calendar year. To make such a request, please send an email or write us:

Name: Betterworks Engage
Address: 999 Main Street, Suite 200, Redwood City, CA 94063
Email: support@betterworks.com

Third Party Websites

We may link to other websites. When you click on one of these links, you are ‘clicking’ to another website. Betterworks does not control the data collection or privacy practices of such third-party sites. We encourage you to read the privacy policies of any third-party sites, as their collection, use and storage practices, and policies may differ from ours.

Minors Under 16 Years of Age

Betterworks does not knowingly collect or store any personal information from or about children under the age of 13.

If you believe a child under the age of 13 has under any circumstances provided us with personal information and data, a parent or legal guardian can email us at support@betterworks.com to request that their children’s information be deleted from our records.

Do Not Track

Do Not Track” or DNT is a feature enabled on some browsers that send a signal to request that a web application disable its tracking or cross-site user tracking. At present, our Site does not respond to or alter its practices when a DNT signal is received.

Changes to Privacy Policy

Betterworks reserves the right to amend this Privacy Policy at any time. If Betterworks makes material changes to its Privacy Policy, we will notify you by (1) changing the Effective Date on our Privacy Policy and provide additional notification either (1) via email or other means as we may deem commercially reasonable.

Questions?

If you ever have any questions about our online Privacy Policy, please contact us. We respect your rights and privacy and will be happy to answer any questions or concerns you might have. Questions about our Products and Services can be directed to support@betterworks.com.

Questions about our security or privacy practices can be directed to security@betterworks.com.

Version Number: 1.00 Last Updated: March 26, 2020