Privacy Policy

Welcome to the Truthsayers’ Privacy Policy. Please read this Privacy Policy carefully, it will only take you approximately 10 to 15 minutes to read.

Our mission at Truthsayers Ltd (“Truthsayers” or “we”) is to challenge how employers and organisations listen and act, allowing both employees and customers to share views and opinion anonymously in an open and honest environment. Using the unique insight provided by our Neurotech® platform we develop products and tools that allow employers and organisations to tap into an individual’s automatic and intuitive responses to evaluate how they truly feel about their surroundings, their employer, the product and the people they come into contact with.

You are probably reading this privacy policy because you have been asked to complete one of our surveys (“a participant”), or you may be a survey administrator (“an administrator”) or a customer or prospective customer of Truthsayers (“a customer”). In the sections below we will refer back to these categories. It is important to note that Truthsayers will not always act as a data controller (a term which is described in more detail in the Glossary) and Truthsayer’s role as a data controller is also explained in more detail below.

Truthsayers Ltd  is a company established in England with its registered address at 6 Fairview Close, Watledge, Nailsworth, Gloucestershire GL6 0AX United Kingdom (company number 11553657). We are registered with the ICO as a data controller.

This statement was last updated on 14 Sept 2022. Please check back to this page regularly as we may need to make changes to this statement from time to time.

Purpose of this privacy policy

The purpose of this privacy policy is to provide you with important information about what personal data is collected and processed by Truthsayers, what we do with it and why. We understand that it is important for everyone in the survey process to trust our methods and practices and to have confidence in how we use data. In particular we would like you to be confident in four important messages:

  1. We may share, or license aggregated or anonymised Neurotech® Data to other organisations, but we will never share or license data that allows you to be personally identified by any other organisation, unless your consent has been specifically obtained.

  2. We will never use or share participant or administrator data to send you direct marketing.

  3. Whilst our surveys may gather your responses relating to your health or wellbeing, especially in the workplace, this information cannot be used in a way that would allow you to be identified or singled out, and is only retained as anonymised Neurotech® Data. We do not collect any information about criminal convictions and offences.

  4. We will never share Neurotech® Data or participant data for the purposes of credit scoring or share data with credit reference agencies.

Important Information about how we work

The majority of our surveys are created for, and on behalf of organisations, and it is the organisation who decides (with our help and guidance) what outcomes it wants to achieve. For example, an organisation may wish to learn about what customers think about one particular product or an organisation may want to gain insight from their entire workforce. A survey sample (or ‘cohort’) may represent the views and opinions of less than a hundred individuals and upwards to many thousands.

Once the survey sample has been agreed, the organisation will select the administrators (these are the individuals who will perform certain administrative tasks within the organisation in relation to the survey) and importantly identify the survey participants. In some circumstances we may interact directly with survey participants.

For the purposes of data protection law, where we process administrator and participant data on the instructions of our customers we act only as “data processors”. As an administrator or participant, if you have any concerns about how your personal data is shared with Truthsayers, or how the organisation is processing your personal data you should contact them directly.

Where we do influence or determine the data processing we act as “data controllers”.  We have distinguished the small number of activities where we believe we act as a data controller below. More information is provided about both of these terms in the Glossary below.

Contact details 

If you have any questions about this privacy policy, including any requests to exercise your legal rights, please contact Truthsayers using the details set out below. You can contact us by post and email at:

6 Fairview Close, Watledge, Nailsworth, Gloucestershire GL6 0AX United Kingdom

Email to: contact@truthsayers.io

You have the right to make a complaint at any time to the Information Commissioner’s Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk). We would, however, appreciate the chance to deal with your concerns before you approach the ICO so please always contact us first.

Important Terms

We process three very different types, or categories, of data as set out below:

The Neurotech® or ‘Anonymised Data’

This is anonymised and aggregated data that sits within our Neurotech® platform. Importantly, it does not contain any information that would allow you as a survey participant to be identified, unless your explicit consent has been obtained, before participating, in order to provide you with your personal report.

Once you have submitted your survey the unique link created for the survey is destroyed. The remaining Neurotech® data is stored within a secure data-store and is encrypted with a randomly generated sequence of letters and numbers. The key to unlock the sequence is only held by a limited number of colleagues here at Truthsayers.

The Contact Data

This is data that we process legitimately for our own purposes; for example to take the steps necessary to run our business including agreeing contracts, maintaining records of our customers and raising invoices. Contact Data is kept separately from the Neurotech® Data and cannot be linked together.

Where we process Contact Data for our own purposes we act as data controllers.

The Customer Data

This is data provided and processed on behalf of our customers and necessary to ensure the survey is generated and sent to each individual participant. It will also include the names of administrators.

We may need to keep Customer Data until such time as we have completed our survey report but at all times it is kept separately from the Neurotech® Data and deleted or returned at the customer’s request.

Where we process Customer Data we act as data processors.

What categories of data do we collect and why?

As explained above of all of our products are used or deployed in a similar way and your role within the process determines what personal data we may collect and process about you and why. The table below sets out the three categories of data providers.


Type of data What data we collect Purpose How
Contact Data Company name, full name and contact details (telephone numbers, email addresses and postal addresses) and where applicable personal data provided in relation to bank account or payment details. We may hold records of key contacts within an organisation and records of any contact you have with us for examples notes from calls and emails. We will also hold information about the products we have provided you with and other statistical information about our products including for example the percentage of successfully completed surveys. This information is needed to allow us to operate as an organisation, including agreeing contractual relationships, invoicing and keeping records of our business relationships. By analysing anonymous survey performance and statistics we are able to improve our products and services. When you contact us directly by post, phone or email or complete our online form.

Customer Data (including participant and administrator data) Full name and email address and in relation to employee surveys we may hold other information for example about your position and role within the organisation. If you act as an administrator we also hold a record of your unique user name and an encrypted copy of your password. To allow us to send participants a unique link by email to open and complete the survey, or, with consent, to receive a personal Neurotech data report. Administrators are responsible for ensuring the survey process works and the names of participants. created by the administrator to ensure the surveys are sent to the correct participants and to allow the administrator to send email communications to participants. Contact Information is provided by your organisation.

Website Visitor Name and contact details (telephone numbers, email addresses and postal addresses). You may be interested in one of our services. When you contact us directly by post, phone or email or complete our online form.

Other 3rd parties and mailing lists

We may use a 3rdparty CRM software to store your contact data to allow us to communicate and do business with you.

In addition to this, as part of the registration process for our monthly e-newsletter, we collect personal information. We use that information for a couple of reasons: to tell you about stuff you’ve asked us to tell you about; to contact you if we need to obtain or provide additional information; to check our records are right and to check every now and then that you’re happy and satisfied. We don’t rent or trade email lists with other organisations and businesses and you will always need to give us explicit consent initially for us to send you information.

We use a third-party provider, HubSpot, to deliver our newsletter. We gather statistics around email opening and clicks using industry standard technologies to help us monitor and improve our e-newsletter. For more information, please see HubSpot’s privacy notice. You can unsubscribe to general mailings at any time of the day or night by clicking the unsubscribe link at the bottom of any of our emails or by emailing our Data Protection Controller at Truthsayers.

Cookies

See our cookie policy for how we use cookies on our website

Where Truthsayers process Contact Data as Data Controllers

We act as a data controller where we determine and influence the use of Contact Data for our own purposes.

As a reminder:

  • Neurotech® Data is excluded from this table as it does not identify you or allow you to be identified or singled out.

  • Customer Data is also excluded because we only process this on data on behalf of our customers.

The glossary at the end of this table provides further information on the lawful basis referred to in this table.

Activity Lawful basis for processing including basis of legitimate interest
To provide our products and services, including agreeing contracts with you, providing invoices and keeping records of our business activities. Identifying and making improvements to our products and services. Use of data for fraud detection, debt recovery and legal claims. Necessary for our legitimate interests including: for running our business, provision of administration and IT services, network security, to prevent fraud and in the context of a business reorganisation or group restructuring exercise; to keep our records updated and to study how customers use our products/services; to grow our business
To respond to participants and administrators who contact us directly with an enquiry or question. Necessary for our legitimate interests to respond to individual questions.
To use data analytics to improve our website, products/services, marketing, customer relationships and experiences Necessary for our legitimate interests to develop our products/services and grow our business.

International transfers

We do not transfer personal data outside the jurisdiction it was collected and processed.

Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. Neurotech® Data is held in a secure data-store and encrypted. All access to personal data is limited to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are required to do so under applicable laws.

Data retention

To the extent that we retain any personal data about you we will only hold it for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Your Data Protection Rights

Where Truthsayers act as a data controller you have the following data protection rights. If you have any questions please contact us by email on: contact@truthsayers.io

Right of Access: Commonly known as a “data subject access request” this enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.

Right of Correction: This enables you to have any incomplete or inaccurate data we hold about you corrected.

Right of Erasure: This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it or where you have successfully exercised your right to object to processing.

Right to object to processing: Where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms.

Right to request restriction of processing: This enables you to ask us to suspend the processing of your personal data in a number of specific scenarios including; where you want to establish the data’s accuracy and where you wish us to hold it our use of the data is unlawful but you do not want us to erase it, where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims and where you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.

Right to Transfer: We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.

Who do we share Contact Data With?

We could merge with or be acquired by another business. If this happens we share the information that relates to you. You will be sent notice of such an event where required by applicable laws.

In the unlikely event that it is necessary, we reserve the right to disclose your personal data in order to comply with the law, applicable regulations and government requests. We also reserve the right to use such information in order to protect our operating systems and integrity as well as other users.

Glossary

Data Controller

A data controller is an organisation that determines a processing activity and who decides to collect personal data and decide the purpose or purposes the data is used for. A data controller will also be responsible for upholding an individual’s rights and for keeping data accurate and up to date.

Data Processor

A data processor is an organisation that processes certain personal data on the instructions of the data controller.

Legitimate Interest

Legitimate Interest means the interest of our business in conducting and managing our business to enable us to give you the best service/product and the best and most secure experience. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law). You can obtain further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities by contacting us.