Under the GDPR legislation we are allowed to process your data for certain reasons only. In the main, we process your data in order to remind you to use our service and get feedback on reported behaviors. We have made our assessment of lawful basis on the grounds that our processing for such purposes is necessary to meet the wishes of users, and to be able to conduct our business in an efficient and effective manner. We also use your personal data (phone number and/or email) to ensure that our administrative and IT systems are secure and robust against unauthorized access. In practice, this means that we use multi-factor authentication when you access Clusjion. Below we categorize the types of data processing and the legal basis for it:
Add your phone number/email to our service to send out reminders and feedback - Your formal consent
To conduct our business and provide our service, ie. ensure that users and customers have access to and can use our service - Our legitimate interest
Ensuring that our administrative and IT systems are secure and robust - Our legitimate interests
What data do we collect?
Clusjion collects as little personal data as possible to deliver best end-users’ experience. Clusjion collects and is the (Personal Data) Controller of the following data:
Phone number (or email)
which the user provides us with when signing up to use our service.
How do we collect your data?
You directly provide us with the data we collect. We collect data when you:
Type in your phone number (or email) on the subscription page to access to Clusjion.
As an extra security measure, companies using Clusjion have the possibility to decide which phone numbers/emails are allowed to sign up. The company then provide Clusjion with a list of the phone numbers/emails who are allowed to sign up, a ”white list". In this process Clusjion works as a (Personal Data) Processor and the handling of the personal data is regulated in a Personal Data Processing Agreement between the company and Clusjion. For more info, contact firstname.lastname@example.org.
Personal data we don’t want to collect
Clusjion is not a whistleblowing tool. Clusjion is build to harness stories on non-inclusive or restricting behaviors. The aim is to look beyond who said what and focus on creating insights on which behaviors can change in order for organization to become more inclusive. In doing that we ask our users to share their stories. These stories might be chosen as examples of non-inclusive behavior and presented in the user feedback. If they are chosen they will be screened and re-written as to not identify any individual or place and ensure anonymity. Clusjion don’t want to collect any personal data in these stories, i e personal information (like names of people, companies or any information that might identify someone. For description of what is considered personal data, click here.). We urge our users not to submit any personal data in the free-text answers. If you want to report something linked to a specific individual you want to name or to report on for example fraud, theft, health & safety breaches, please contact a whistleblowing tool or the appropriate people within/chosen by your organization to handle this types of events.
How do we use your data?
In order to move beyond ”who said what” and create a constructive forward motion, we want everyone who contributes with stories on behaviors that can be improved, to remain anonymous. We also want to remind people to observe and share behaviors, from the seemingly trivial to the more explicit. Because even the things that seem trivial might have a big impact on your company culture. Therefor we send out reminders to our users, asking you to reflect on your workday. To be able to send these reminders and provide a secure access to Clusjion, we need to be able to contact and verify you. That is why we collect your data.
Clusjion collects your data so that we can:
Provide secure access to our service (get reminders and access e-learning, report tool and feedback reports).
NOTE! We only use your data to provide you access and send you reminders. The data is in no way, and cannot be, connected to the stories you tell us about non-inclusive behavior. Also, the stories you share will be manually adjusted and/or rewritten as to maintain your and your colleagues anonymity.
How do we store your data?
Clusjion is built following security best practices to ensure that user data is kept secure. Clusjion has chosen to host our service at Microsoft Azure who are (but not limited to) ISO 27001 (international standard for information security management), ISO 27018 (international standard for protecting personal data in the cloud) and Cloud Security Alliance certified. Read more about Microsoft Azure at Microsoft’s Trust Center.
Technical solution consist of services hosted on the European servers of Microsoft Azure - North Europe Region (Ireland) as primary location and West Europe Region (Netherlands) - as a secondary.
Clusjion integrates with 3rd party services and providers. As GDPR compliant, Clusjion system uses only recognized GDPR complaint 3rd party services. For full and up-to-date list of 3rd party services used by Clusjion please contact Clusjion IT department (email@example.com).
End-user sensitive data (phone number or email) is stored in the Clusjion database and is never exposed to Clusjion users or administrators. Clusjion requires end-user’s email or phone number to setup a secure communication channel between Clusjion and end-user.
Clusjion application is not storing any relations between end-user sensitive data and their activity (submitted responses etc.), so there is no ability to identify end-user by their activity.
What other measures do we take to keep your data safe?
Clusjion aims to be transparent about our security infrastructure and practices to help reassure you that your data is sufficiently protected. The communication is done over a secure, SSL encrypted connection. Clusjion uses SSL connection to secure clients data transfer.
Clusjion doesn’t offer any downloadable resources for end users, so they are secured from malicious content.
Clusjion carefully validates user inputs to prevent any misuse and guarantee accurate result.
When presenting examples of non-inclusive behaviors Clusjion actively re-writes these examples so that details that might identify a person or a physical place is removed. There is no AI involved in this process and everything is manually filtered before it is send out.
How long do we store your data for?
Your data is stored with us from the moment you register with us to the moment you unsubscribe. Then your personal data is removed. If your company has provided us with a white list (see above) of numbers/emails allowed to sign up, your data will be stored in the white list (so that you are allowed to resubscribe if you choose to) for as long as your company uses the service. In the case of the white list Clusjion acts as a Personal Data Processor and the handling of the personal data is regulated in a Personal Data Processing Agreement between the company and Clusjion. If you want to be removed from the white list, contact the responsible people within your company or email at firstname.lastname@example.org.
What are your data protection rights?
Clusjion want to make sure you are aware of your data protection rights. All users are entitled to the following:
The right to access - You have the right to request Clusjion for copies of your personal data (phone number or email).
The right to rectification - you have the right to request that Clusjion correct any information you believe is inaccurate.
The right to eraser - you have the right to request that Clusjion erase your personal data. To do so, unsubscribe from the service.
The right to restrict processing - You have the right to request that Clusjion restrict the processing of your personal data, under certain conditions.
The right to data portability - you have the right to request the Clusjion transfer the data that we have collected to another organization, or directly to you, under certain conditions.
To exercise these rights, please contact us at email@example.com.
If you suspect that data relating to you in a way contravenes the General Data Protection Regulation, you can lodge a complaint with the Swedish Data Protection Authority (firstname.lastname@example.org).
Corporate identity number: 559155-215
Clusjion Services Software Requirements
PC Web Experience
PC: Windows 7, Windows 8, Windows 10 with Chrome 64+, Firefox 60+,
Edge 42+, IE 11+.
Mac: OS 10 (Safari 11+, Chrome 60+)
Mobile Web Experience
iPhone 5s and higher (Safari on iOS 9+, Chrome 64+)
Android 5 and higher (Chrome 64+)
Client network requirements
Https access to Clusjion website and Clusjion vendor services.
If client has whitelist of the accessible domain names, Clusjion IT department will provide up-to-date list of Clusjion and vendors’ domain names.
How to contact us
If you have questions or concerns, send us an email at email@example.com