The only thing more important than data quality and validity is data protection. OrgVitals captures sensitive data like employee sentiment and information. We take data protection very seriously, both in a security sense and also in regards to privacy.
In our mission to help organizations understand and improve their organizational culture, OrgVitals collects data from organizations and its employees, oftentimes through consultants deploying our systems, for the purpose of experts leveraging this data for the benefit of cultivating organizational culture and improving outcomes for employees.
Trust is the foundation of organizational culture and nothing could undermine an organization’s culture like sensitive employee sentiment and culture data being exposed in inappropriate manners. These main values guide our principles of how to handle OrgVitals data. Upholding these values are a commitment we make to our customers, the organizations, and the survey participants using the OrgVitals system, services, and platform:
OrgVitals gets data from many sources, including:
OrgVitals stores various types of data, including:
If you would like to ask about data, make a request relating to data, or complain about how we process your data, you can contact us by email at privacy [at] orgvitals.com, or at the address below:
℅ Unitnomy Inc.
900 East Main Street
Louisville, KY 40206
The Company often provides the Services to an entity or organization (the “Employer”) that controls the information related to the Services and then provides certain individuals access to the Services (an “End User”) and the information controlled by the Employer (e.g. an employer who provides access to the Services to its employees). Employers typically also work with business consultants (“Consultants”) that have access to certain Services and often jointly own the information that is generated through the use of the Services. Where an Employer or Consultant controls the information related to an Account (as defined below), the Services are administered for the End User by the Employer or Consultant as the Administrator (as defined below). The Employer or Consultant, as applicable, may appoint one or more individuals to act as the Administrator on its behalf. In that case, certain provisions of this Policy regarding the handling and request for Personal Information will not apply and the End User may need to contact the Employer or Consultant as Administrator to assist with requests made pursuant to this Policy. For more information, please see “Notice to End Users” below. End Users can inquire with the Company at any time at firstname.lastname@example.org about any request described herein and the Company will advise whether an administrator must be contacted.
I. Information That We Collect
A. Information provided by the user
When an Employer or Consultant registers for the Services and establishes an account (your “Account”), we collect certain Personal Information such as name, email address, contact information and other details relevant to the registration. In connection with certain aspects of the Services, we may request, collect and/or display some of your Personal Information. We will not send your Personal Information outside of our system without your approval. If there are any Services provided that you elect to utilize that requires a fee to be collected directly by the Company, then we will collect certain personal and financial information in order to process the transaction.
The Employer or Consultant with an Account will determine the End Users to which it gives access to certain Services related to the work of the Employer and/or Consultant. The Employer or Consultant will often have the End Users complete assessments, which generally consist of two types (together, the “Assessments”): 1) Assessments generated by the Company and made available to all users of the Services (the “Company Assessments”) and 2) Assessments (the “Research Assessments”) generated by Consultants or other users of the Services (an “Assessment Provider) and made available to users of the Services. Assessments are completed by End Users who provide information related to the End User’s Work Information (as defined below) (the “Assessment Data”). The Company will compile the Assessment Data and utilize it in the course of providing the Services. The Assessment Data contains personalized information about End Users and is owned by: (i) the Employer and Consultant jointly in the case where the Consultant pays the Company the fee for utilizing the Services (the “Data Fee”); and (ii) solely by the Employer when the Employer pays the Company the Data Fee. The applicable owner(s) of the Assessment Data determine who has access to the Assessment Data. The Company will compile the Assessment Data and utilize it in the course of providing the Services. The Company never shares the Assessment Data except as directed by the Employer or Consultants, as applicable, such as with third party service providers that the Employer or Consultant, as applicable, has separately engaged and granted access to similar data through such engagement.
The Assessment Data will be kept on the Company’s system for so long as the Employer or Consultant is subscribed to the Services. The Company will purge the personalized Assessment Data from its system within six months of the Employer or Consultant, as applicable, terminating the Services, provided, however, that the Company will purge such data within the timeline required by applicable law if requested by the Employer or Consultant (in the case of the Consultant paying the Data Fee, the Consultant and Employer decide together when the Assessment Data will be deleted and in the case of the Employer paying the Data Fee, the Employer alone makes this determination).
The Company compiles aggregated, anonymized versions of the Assessment Data that do not contain any personally identifiable information of the End User (the “Aggregated Data”). The Company will keep this Aggregated Data indefinitely and use it in the course of administering its Services and the Website, and as it otherwise deems appropriate in the course of its business, including, but not limited to, sharing the Aggregated Data with other companies with whom the Company is jointly developing certain services and offerings. The Company is the sole and exclusive owner of the Aggregated Data that is derived from the Company Assessments. Assessment Providers are the sole owners of the Aggregated Data that is derived from the Research Assessments, provided, however, all Assessment Providers grant to the Company, an irrevocable, perpetual, non-exclusive, fully-paid, worldwide license to use, reproduce, publicly display and distribute such Aggregated Data, and to prepare derivative works of, or incorporate into other works, such Aggregated Data, and to grant and authorize sub-licenses of the foregoing
The Company may from time to time conduct voluntary surveys of users. We encourage users to participate in the surveys because they provide important information to us regarding the types of Services that we offer and the manner in which the Services are delivered. If you participate in a survey, then we will collect the information contained in your survey answers. Surveys are strictly optional.
B. Information that we collect automatically when you use the Services
We collect information that does not personally identify you, such as what site referred you to ours. We collect certain information about your visit to use the Services, which we may use to customize individual communications with you or to tailor your experience using the Services. Generally, the Services automatically collect usage information, such as the number of times that you login to the Services. This data may be used in aggregate form or other anonymous forms that does not personally identify you. This data is used to analyze how the Services are used so that we can improve the Services.
We automatically record information from your device when you interact with the Services, which may include cookies, IP address and other mobile identifiers. Additionally, we may collect some information that is specific to the device that you use to access the Services, which may include, among other things, network information, how the device interacts with the Services and unique device identifiers. We do not make this information public but we may share this information with our business partners, service providers and other agents and representatives with whom we conduct business.
We also gather certain demographic data and statistical information about both registered and unregistered users, some of which may be derived from Personal Information. This information is aggregated and analyzed. We do this by collecting information from large numbers of visits to the Services and studying the information as a whole to draw conclusions about trends across users. The trends relate to, among other things, the frequency with which users access particular parts of the Services. Based on conclusions we draw from this information we may tailor the display and functionality of the Services. The information we gather about your visits to the Services could be a part of this general, aggregated data.
Some Services may include features based on your actual, physical location (the “Location Services”). To the extent you use any Location Services, we may collect and store information about your location at the time you use those Location Services. We also may receive and/or collect your location information from your use of the Services generally.
C. Information that we collect from third parties
If you access the Services or register using a third party service not owned by us, then we may receive Personal Information from that third party service. You acknowledge and agree that by providing us with Personal Information either directly or indirectly through another source that you allow us and others to identify you. If you share your login credentials to third party services with us, then we may use such information to post content on those third party services on your behalf. You acknowledge that some of your information from your Account and the accounts on these other services may be transmitted and shared by the Company and the providers of these other services. We also collect information from Employers and its related End Users, Consultants and advisers (collectively, a “Work Group”) in the course of using the Services, including information related to your work for the Employer, such as your job functions, performance, satisfaction with the work environment and related matters (collectively, the “Work Information”). Other users of our Services that are in your Work Group may provide information about you when they utilize the Services and submit content. Certain members of a Work Group will have access to all of the Employer’s information related to the Services, including Personal Information; the Employer or Consultant designates who within the Work Group has such access and the individuals designated to act as an Administrator for the Employer or Consultant. We will not send your Work Information outside of our system without the approval of the Employer or Consultant, as applicable.
If you connect our Services to a third party service not owned by the Company, then the third party service will inform you of the permissions that are being granted. When this type of information sharing occurs, the third party service providers are not subject to this Policy and likely have policies that differ from this Policy. We encourage you to read the policies, including privacy policies, of all applicable third party service providers.
II. How We Use the Information
A. Provide the Services
The Company’s primary use of the Personal Information that you provide is to provide the Services, including to provide customer support, process transactions with you and operate and improve the Services. For example, if there is a problem processing the payment transaction for fee-based Services, then we will use the Personal Information that you provide to contact you in order to resolve the processing problems. We also may include features tailored to you to enhance your experience and improve your ability to collaborate effectively with others.
The Company’s primary use of the Assessment Data and the Aggregated Data is to provide the Services and enhance the offerings of the Company. The Company will never share the Assessment Data except as directed by the Employer or Consultant that is the owner of the Assessment Data, including, if applicable, sharing with third party service providers that the Employer or Consultant has separately engaged and are granted access to similar data through such engagement. The Company and Assessment Providers each own certain portions of the Aggregated Data and may share this Aggregated Data but never in a manner that personally identifies any End User.
B. Provide Support to Users and Communicate with Users About the Services and Updates to the Services
The Company reserves the right to contact you, using the Personal Information that you provide, and send communications relating to the Services, such as administrative messages and announcements about the Services, such as updates and Services offerings. We do not offer the option to opt out of receiving these communications as they are necessary for proper administration of the Services we provide to you. We may, in our discretion, communicate with you via email, SMS, MMS, other text message or push notification and we may collect information regarding such communications, such as confirmation when you read a message or open an email. This information is used to improve our customer service and the Services.
C. Improve the Services Including Research and Development
In an effort to improve our Service offerings we use Personal Information and feedback about how people use our Services to identify trends and usage patterns, troubleshoot, develop new products and features and undertake any other research and development that will benefit our users. We automatically analyze and aggregate certain information in furtherance of the aforementioned objectives. We also may test certain features on certain segments of our users before providing those features to all of our users.
D. Conduct Analytics
We use standard log files and IP addresses to administer the Services and, if there are problems in the operation of the Services, to diagnose problems. Your IP address and referring URLs may also be used to gather broad demographic information that could be distributed to advertisers. This information is disclosed only in aggregate form and would not contain information that identifies individual users of the Services.
All of the usage information, demographic data and other statistical information that we collect is aggregated and anonymized and does not personally identify you. We use this data to analyze how the Services are used so that we can improve the Services. Based on our analysis we may tailor the display and functionality of the Services.
E. Comply with law, protect our business interest and legal rights, provide security, prevent fraud and monitor the services
If we are required by applicable law or regulation, or where we believe it is necessary to protect our legal rights and/or the interests of other parties, we may use Personal Information about you in connection with legal claims, compliance and regulatory matters and disclosures related to audit functions or a business transaction involving the ownership of the Company and/or its assets. We also use your Personal Information to take security measures to protect and verify your Account and detect, prevent, and respond to potential or actual security incidents and to monitor and protect against other deceptive, illegal or prohibited activity.
F. User referrals
If you choose to refer a friend to our Services and provide contact information to us we will contact your friend inviting him or her to use our Services. The information that you provide will be used solely for contacting your referrals.
G. Other specific services not listed if user provides consent
We will use your Personal Information for any other specific purpose for which you provide us with consent.
III. Who we share information with
A. Other Users of the Services
The Personal Information that you share as part of the Assessments is incorporated in the Assessment Data that we share with your Employer and/or Consultant and Administrators and, if applicable, with third party service providers that the Employer or Consultant has separately engaged and are granted access to similar data through such engagement. The Employer and/or Consultant owns the Assessment Data and controls who has access to that data. The Company never shares the Assessment Data except as directed by the Employer or Consultant, as applicable, and, if applicable, with third party service providers that the Employer or Consultant has separately engaged and are granted access to similar data through such engagement. The Company and Assessment Providers each own certain portions of the Aggregated Data and may share this Aggregated Data with other users of the Services and outside parties but never in a manner that personally identifies any End User.
Certain Personal Information related to your Account, such as your username and avatar, may be displayed to other users of the Services. Additionally, some of your activity on the Services may be public such as any content that you post through your use of the Services or any content that you post in other public forums, such as social media accounts. You should be aware that any content you post on public portions of the Services or other third party services, such as social media accounts, will be publicly available and available to be seen and further disclosed by other users and search engines. Thus, all users should carefully consider the information that is posted in public areas and users may not want to post any private information in these public forums.
B. Vendors and service providers that help us operate
We may disclose your information, including Personal Information and Work Information, with service providers that perform functions on our behalf. We share this information in order to provide the Services to you. Examples of such disclosure are customer service representatives that work on our behalf and providing financial information to third payment processors to process fee-based transactions. Any information disclosed to such third parties would be treated as confidential and only used in the course of providing the Services.
C. Attorneys, law enforcement agencies and government authorities
D. Change of company ownership
We may sell the Company or substantially all of the Company’s assets and depending on the nature of the transaction, your Personal Information and Work Information may be a part of the assets that are transferred. If the entire business is sold to another company, then your Personal Information and Work Information will likely become the property of the acquiring company. Additionally, if we go out of business or enter bankruptcy your Personal Information and Work Information may be acquired by a third party. The acquiring company may have privacy policies different from those stated in this Policy. You acknowledge that such transfers may occur and that any such acquirer may continue to use your Personal Information and Work Information according to their policies.
E. Other Information Sharing
If you are a company or organization that uses the Services then we may disclose to the general public that the company or organization is a customer of the Company.
F. Links to Third Parties
IV. How we protect your information
A. Industry Standard Safeguards
The security of the Personal Information that you provide is extremely important to us. We will exercise reasonable care in maintaining secure transmission of information from your computer to our servers, however, we cannot guarantee the security of any information, including Personal Information and/or Work Information. We store all information using industry-standard techniques. We do not warrant the security of the information that you transmit to us and accept no liability for the unintentional disclosure of such information. You are responsible for the security of your Account and preventing unauthorized access to your Account.
B. Where we process your information and store
The Company is based in the United States but we are a remote company with a team of employees and contractors located in other countries and we offer Services to domestic and international business clients. Information that we collect, including Personal Information, may be transferred to our employees and contractors in the United States and other countries as we provide the Services and undertake our legal and contractual obligations. As a result, Personal Information may be transferred to and stored on servers located in the United States and in countries different from the country in which that information was initially collected. Similarly, information we collect may be accessed by Company personnel and our third-party service providers from countries other than the ones in which the information is stored.
VI. Opt-out; Account Update and Deletion; Access to Information
Users of the Services have the option to receive periodic communications from the Company regarding, among other things, new features/products offered and information about events related to our Services. All users can be removed from the Company’s mailing lists that involve promotional communications by sending an email to email@example.com. All promotional email communication will contain the “unsubscribe” email address link. Despite any opt-out to promotional communications, we may send you Service related communications.
If you are an Account holder, then your information related to the Account can be updated by accessing your Account and following the directions. You can also email customer service at firstname.lastname@example.org indicating the information that you would like to have updated. If you would like to delete your Account you may do so by sending a request to delete your account to email@example.com. In order to delete your Account we will need to verify that you have the authority to delete the Account. Upon terminating your Account, any association between your Account and information we store will no longer be accessible by you, however, certain information may remain in our records and activity generated prior to deletion of your Account will remain stored by the Company.
Certain applicable laws, such as the State of California and the European Economic Area (“EEA”), may provide certain rights to residents of those areas regarding the Personal Information that has been provided to the Company, including access to the information that we have collected, use and/or disclose. You may be entitled to request that the Company delete or remove your Personal Information. Notwithstanding the foregoing, the Company may not be able to comply with your request to delete Personal Information for specific legal reasons. In that case, you will be notified at the time that you make the request. In order to protect Personal Information from unauthorized access or deletion, the Company may require users to provide additional information for verification. If we cannot verify a user’s identity, then we will not provide or delete Personal Information.
A. Notice to End Users
Many of the Services are intended for use by Employers and Consultants, who then provide access to the Services to End Users; an example of this situation is where an Employer or Consultant procures the Services and provides employees with access to the Services. The Employer or Consultant, as applicable, controls all the information related to its Account and the End Users to whom it provides access, including all information provided directly by an End User. The Employer or Consultant is the administrator (the “Administrator”) of the Services responsible for the applicable Accounts and/or Service sites over which it has control. The Employer or Consultant determines the individual people that may act as Administrators on its behalf. If you are an End User, please direct your data privacy questions to the Employer or Consultant as your administrator, as your use of the Services is subject to the Employer’s or Consultant’s policies. The Company is not responsible for the privacy or security practices of an Employer or Consultant, which may be different from this Policy. If you are not an End User associated with an Employer or Consultant, but you access the Services with an email address provided by a third party, then the owner of the domain associated with the applicable email address may assert administrative control over the Account associated with the email address and thus the Services provided thereunder.
Unless agreed otherwise in writing, Administrators generally have the authority to:
• access, retain and/or change all of the information related to the Employer’s or Consultant’s Account and stored as a part of the Account, including Personal Information;
• determine the End Users that have access to the Assessments and the Services, including restricting such access; and
• reset Account passwords and change the email address associated with the Account.
If you are an End user, please review the applicable Employer’s or Consultant’s policies for more information.
B. European Economic Area
If you are an individual in the EEA, the Company will collect and process information about you only where we have legal bases for doing so under applicable laws. Those legal bases depend on the Services you use and how you use them. As such, we collect and use your information only where: 1) we need it to provide you the Services, including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services; 2) the collection and use of the information satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote the Services and to protect our legal rights and interests; 3) the user gives the Company consent to use the information for a specific purpose; or 4) the Company needs to process your information data to comply with a legal obligation. If the user has consented to the Company’s use of information about the user for a specific purpose, the user has the right to revoke the consent at any time, provided that the revocation will not affect any processing that has already been conducted. Where the Company uses the information because it or a third party (e.g. your Work Group) has a legitimate interest to do so, the user has the right to object to that use though, in some cases, this may mean no longer using the Services. An individual in the EEA has the following rights to request: (i) access to Personal Information, (ii) that any inaccuracies be rectified or incomplete information be completed, (iii) erasure, (iv) that processing be restricted (under certain circumstances), and (v) that your Personal Information be transferred to you or another organization (under certain circumstances). Individuals in the EEA also have the right to object to processing of your Personal Information under certain circumstances.
С. California Privacy Notice
This section of the Policy (the “California Privacy Notice”) is for California residents and supplements the information contained in the rest of this Policy. This California Privacy Notice applies solely to all visitors, users, and others who reside in the State of California (“California Residents” or “you”). The Company adopts this California Privacy Notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”). Any terms defined in the CCPA have the same meaning when used in this California Privacy Notice.
Your Rights and Choices
The CCPA provides California Residents with specific rights regarding their personal information. This California Privacy Notice describes the CCPA rights and explains how to exercise those rights.
Access to Specific Information and Data Portability Rights
California Residents have the right to request that we disclose certain information about our collection and use of their personal information over the past 12 months. Once we receive and confirm the verifiable consumer request from you, we will disclose to you the following: 1) the categories of personal information we collected about you; 2) the categories of sources for the personal information we collected about you; 3) our business or commercial purpose for collecting or selling that personal information; 4) the categories of third parties with whom we share that personal information; 5) the specific pieces of personal information we collected about you (also called a data portability request); 6) if we sold or disclosed your personal information for a business purpose, two separate lists disclosing: a) sales, identifying the personal information categories that each category of recipient purchased; and b) disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
Deletion Request Rights
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.
We may deny your deletion request if retaining the information is necessary for us or our service providers to:
Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
Debug products to identify and repair errors that impair existing intended functionality.
Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
Comply with a legal obligation.
Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
Exercising Access, Data Portability, and Deletion Rights
To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by either calling us at +1 909-506-2357 or emailing us at firstname.lastname@example.org.
Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child.
You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must: 1) provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and 2) describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.
Response Timing and Format
The Company endeavors to respond to a verifiable consumer request within 45 days of its receipt. If we require more time (up to 90 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:
Deny you goods or services;
Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties;
Provide you a different level or quality of goods or services;
Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
Changes to Our Privacy Notice
We reserve the right to amend this California Privacy Notice at our discretion and at any time. When we make changes to this privacy notice, we will notify you by email or through a notice on our website homepage.
If you have any questions or comments about this California Privacy Notice, our Policy, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, please do not hesitate to contact us at:
Postal Address: OrgVitals Inc.
900 E. Main St. Louisville, KY 40206
VIII. Policy Updates
We reserve the right to make changes to this Policy and will periodically make such changes. Use of information that we collect is subject to the Policy in effect at the time of such collection. All users of the Services should regularly review this Policy for the latest information on our policies. If we make material changes to this Policy we will notify you in the Services or by other means at our discretion. You are bound by any changes to the Policy when you use the Services after such changes have been first posted.
This Policy was last revised on June 15, 2021.