Privacy Policy
OnePulse is committed to protecting individual’s safety and privacy, and takes its responsibilities regarding the security of individual’s personal data very seriously. This privacy policy explains what personal data we collect about individuals, how and why we use it, who we disclose it to, and how we protect your privacy.
1. This policy
This policy (and any documents referred to in it) sets out the basis on which we process data about individuals including
- users who download the app and respond to Pulses (“Users”);
- clients/customers of OnePulse (“Clients”); and
- anyone else who visits our website (“Website Visitors”).
OnePulse reserves the right to make amendments to this policy from time to time. Any changes to this policy will be posted on this page. Please check back frequently to see any updates or changes to our privacy policy.
2. Who is responsible for your data
Our Privacy Policy applies to the personal data that OnePulse collects and uses.
References in this Privacy Policy to “OnePulse”, “we”, “us” or “our” mean Startpulsing Limited (a company registered in England and Wales with registration no 07716920 and registered office at 1st Floor 143-149 Fenchurch Street, London, England, EC3M 6BL). We control the ways your personal data are collected and the purposes for which your personal data are used by OnePulse. OnePulse is the “data controller” for the purposes of the UK Data Protection Act 1998 (as amended or replaced), the General Data Protection Regulation (EU) 2016/679 (the “GDPR”) and other applicable European data protection legislation (together the “Data Protection Legislation”).
3. Personal data we collect about you
When using the term “personal data” in our Privacy Policy, we mean information that relates to you and allows us to identify you, either directly or in combination with other information that we may hold. Your personal data may include for example your name, your contact details and date of birth.
4. How we collect data about you
We collect data from you in two primary ways: (1) the data that you give to us; and (2) the data that we receive/obtain from other sources (e.g. from our clients and third party sources such as Facebook).
5. Categories of data we collect
Please see the attached appendix for details of the categories of information that we may collect and process about you.
6. Special categories of data
In the course of providing services to you, we may collect information that could reveal your racial or ethnic origin, sexual orientation, political opinions physical or mental health, religious or philosophical beliefs, trade union membership or genetic or biometric data. Such information is considered “special categories of data” under the GDPR and other data protection laws. We only collect this information where you have given your explicit consent or one of the other exemptions apply.
7. Disclosure of your personal information
We may disclose your personal data, in various ways and for various reasons, with the following categories of people:
- Users: we will share your responses to Pulses with our clients. If you choose to include an avatar/image on your account, this will be shared with our clients;
- Tax, audit or other authorities, when we believe in good faith that the law or other regulation requires us to share this data (for example, because of a request by a tax authority or in connection with any anticipated litigation);
- We may disclose your personal information to any member of our group, which means our subsidiaries, our ultimate holding company and/or its subsidiaries;
- a cloud-based storage provider;
- a third party who acquires us or substantially all of our assets;
- Third party service providers who perform functions on our behalf (including professional advisors such as lawyers, auditors, accountants, technical support functions and IT consultants carrying out testing and development work on our business technology systems)
- We share IP addresses with getipintel.net. The purpose of this is to verify the region that our users are in. Our legitimate interest for this is to prevent fraud which may lead to tainted data being sent to our Clients.
- We share data (i.e. demographics and responses to pulses) with Adoreboard that provides emotional sentiment analysis of text. Our legitimate interest for this is to provide unique insights to our Clients.
- Analytics providers in order to either increase engagement with our community or to enhance app or web experience or to assist our sales team. They are:
- Mixpanel, Segment, Facebook, LinkedIn, Adjust (increase engagement w/ community and enhance app experience);
- Google Analytics, Inspectlet (assist sales team by enhancing web experience); and
- Vero, Lead Forensics, Hubspot (assist sales team in client management).
- Digital Marketing Service Providers who conduct marketing activity on our behalf which may result in the compliant processing of personal information. Our appointed data processors include:
- Prospect Global Ltd (trading as Sopro) Reg. UK Co. 09648733. You can contact Sopro and view their privacy policy here: http://sopro.io. Sopro are registered with the ICO Reg: ZA346877 their Data Protection Officer can be emailed at: dpo@sopro.io.
8. Transferring your information internationally
OnePulse is an international organisation and needs to transfer your information globally to be able to provide services to you. We want to make sure your information is stored and transferred in a way which is secure. We will therefore only transfer data outside for the European Economic Area (“EEA”) (i.e. the member states of the European Union, together with Norway, Ireland and Liechenstein) where it is compliant with data protection legislation and the means of transfer provides adequate safeguards in relation to your data, for example:
- By way of data transfer agreement, incorporating the current standard contractual clauses adopted by the European Commission for the transfer of personal data by controllers in the EEA to controllers and processors in jurisdictions without adequate data protection laws;
- By signing up to the EU-US Privacy Shield Framework for the transfer of personal data from entities in the EU to entities in the USA or any equivalent agreement in respect of other jurisdictions; or
- Transferring your data to a country where there has been a finding of adequacy by the European Commission in respect of that country’s levels of data protection via its legislation; or
- Where it is necessary for the performance of a contract between ourselves and you or the implementation of pre-contractual measures taken at your request;
- Where it is necessary for the conclusion or performance of a contract between ourselves and a third party and the transfer is in your interests for the purposes of that contract (for example, if we need to transfer your data to a benefits provider based outside the EEA); or
- Where you have consented to the proposed transfer, after having been informed of the possible risks of such transfers.
9. Retaining/Deleting your information
Your personal information is kept for as long as OnePulse your account is active.
Once your account has been deleted, we will delete your profile information that is held on our general servers as soon as is possible and in any event within 30 days.
In relation to your responses to pulses which our Clients have access to:
(a) We will delete your avatar/image (if applicable) as soon as possible and in any event within 30 days; and
(b) After your account is deleted, your answers to Pulses are retained by us in an anonymous form.
10. Security
We will use technical and organisational measures to safeguard your information, for example:
- When we transfer your information to third parties, we use encryption to protect your information; and
- All of your personal data is stored on servers owned and operated by Amazon using its Amazon Web Services. More information on this provider’s security measures are available at https://aws.amazon.com/whitepapers/overview-of-security-processes/.
Where we need to process your payments, payments are processed by Braintree (a payment platform that enables payments online) which uses encryption technology aligned to industry best practice. We store your bank account details to enable payments to be made. We encrypt such details whilst they are stored. When a payment needs to be made they are decrypted to enable that payment to be made. Card details are only ever stored and seen by Braintree other than some partial card details which we can see within the client’s dashboard.
Where we have given you (or where you have chosen) a password that enables you to access the App, you are responsible for keeping this password confidential. Please do not share a password with anyone.
Please remember that the transmission of information via the internet is not completely secure. We will do our best to protect your information, but we cannot guarantee the security of your data. Any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorised access.
11. Cookies Pixels, Local Storage and other similar technologies
Cookies are small pieces of data that are stored on your computer, mobile phone or other device. Pixels are small blocks of code on web pages that do things like allow another server to measure viewing of a Web page and often are used in connection with cookies. HTML5 Local Storage is a small database located inside your browser which web pages can use to store data to speed up their processing. We may use all three technologies from time to time, to help improve your user experience.
Cookies do lots of different jobs, like letting you navigate between pages efficiently, storing your preferences, and generally improving your experience of our Website. Cookies make the interaction between you and our Website faster and easier. We use cookies to distinguish you from other users of the Website and our Services. This helps us to provide you with a good experience when you use the Website and also allows us to improve the Website and Services. Cookies and things like local storage also help us authenticate you to deliver personalised content.
We have outlined below the individual cookies we use and why we use them:
| Cookie name | Expiry period | Purpose | More information |
| ga | 2 years | Used by Google Analytics to distinguish users | Google Analytics Cookie Usage |
| _gat | 10 minutes | Used by Google Analytics to throttle request rate. | Google Analytics Cookie Usage |
Please refer to your browser’s help material to learn what controls you can use to remove or block cookies, or other similar technologies; or block or remove other data stored on on you. Please remember that if you do this, it may affect your ability to use the Website and/or the Services. As you use our website, you may encounter third parties that make use of cookies and similar technologies. We are not responsible for those third parties or what they may place in your browser.
a. Advertising
We may:
- Send you promotional messages, marketing, advertising, and other information that may be of interest to you based on your preferences and social media advertising through social media platforms such as Facebook or Google.
- Personalise, measure, and improve our advertising.
- Administer referral programs, rewards, surveys, sweepstakes, contests, or other promotional activities or events sponsored or managed by OnePulse or its third party partners.
We will process your personal information for the purposes listed in this section given our legitimate interest in undertaking marketing activities to offer you products or services that may be of your interest. You can opt-out of receiving marketing communications from us by following the unsubscribe instructions included in our marketing communications.
Please note that you may, at any time ask OnePulse to cease processing your data for these direct marketing purposes by sending an e-mail to info@onepulse.com.
b. Our Use of Aggregated and Anonymised Information
If Data Protection Legislation allows us to do so, we may collate aggregated user statistics, demographic information and other usage data. We may combine your data with those of other users of our App and share or provide this trend information in aggregated and anonymised form with third parties.
We may also use information collected from you and combine it with information provided by other users of our App to help us improve the design and delivery of our software tools, increasing the effectiveness for all users.
c. Third Party Properties
Our App and website may contain links to and from the online properties of clients, advertisers and other third parties. If you follow a link to any of these online properties, please note that these online properties have their own privacy policies and that we cannot and do not accept any responsibility or liability for these policies or for any personal data that may be collected through these online properties. Please check these policies carefully before you click on any links and/or submit any personal data to these online properties.
d. Your rights
You have the following rights in relation to your information:
- Right to request a copy of your information. You can request a copy of your information which we hold (this is known as a subject access request).
- Right to correct any mistakes in your information. You can require us to correct any mistakes in your information which we hold.
- Right to request we stop processing your information. In certain circumstances, you may request that we cease processing your information.
- Right to request deletion of your information. You can ask us to erase your information (also known as the “right to be forgotten”) in certain circumstances.
- Right of data portability. You have the right to transfer your personal data between data controllers in certain circumstances.
If you would like to request any of the above, please contact us at info@onepulse.com to make any such requests. We will comply with the Data Protection Legislation in responding to any such requests.
-
Right to lodge a complaint
If you have any complaints about the way in which we collect, store and use your information, you can contact the supervisory authority in the United Kingdom, the Information Commissioner’s Office: https://ico.org.uk/concerns/
Appendix: Categories of data we collect
a. Users
| What | Why | Basis of Processing | Legitimate Interest (if applicable) |
|---|---|---|---|
| Name | To communicate with you | Performance of contract | |
| Contact details (email address, home address, mob number) | To communicate with you | Performance of contract | |
| Demographic information (e.g. age, gender, education, location, people in household, income, pets, bank, languages spoken, TV viewing, newspapers, smoking, exercise, food, interests and social media) | To be able to send relevant Pulses to you | Performance of contract | |
| Demographic information: Special categories (e.g. ethnicity, religious belief, political affiliation, sexual orientation and health data) | To be able to send relevant Pulses to you | Consent | |
| Avatar/Image | You can choose to add this to personalise account | Legitimate interest | Increase engagement with our community/the app |
| Your responses to Pulses (mini-surveys) | OnePulse is an opinion platform, to provide your opinions to our Clients and to send relevant Pulses to you | Performance of contract | |
| Your free text response to Pulses | To provide your opinions to our Clients | Performance of contract | |
| Communications with you | To communicate with you about the app/Pulses | Legitimate interest | To assist our customer service team |
| If you sign-up via Facebook (your name, email address, Facebook identifier | To make registering an account and logging into OnePulse easier | Legitimate interest | To communicate with you about the app/Pulses |
| Technical Device information | |||
| The type of mobile device you use (e.g. are you using an Apple or a Samsung Device) | To optimise the app for your use and for customer service purposes | Legitimate interest | Provide Users with best possible app experience and to verify users/prevent fraud |
| A unique device identifier (for example, your Device’s IMEI number, the MAC address of the Device’s wireless network interface or the mobile phone number used by the Device) | To optimise the app for your use and for customer service purposes | Legitimate interest | Provide Users with best possible app experience and to verify users/prevent fraud |
| Mobile network information (e.g. are you on the 3 network or the Vodafone network?) | To optimise the app for your use and for customer service purposes | Legitimate interest | Provide Users with best possible app experience and to verify users/prevent fraud |
| Your mobile operating system (e.g. are you using an iPhone or an Android?) | To optimise the app for your use and for customer service purposes | Legitimate interest | Provide Users with best possible app experience and to verify users/prevent fraud |
| Your IP address and HTTP referrer information | For customer service purposes and to verify your region | Legitimate interest | Provide Users with best possible app experience and to verify users/prevent fraud |
| The type of mobile browser you use (e.g. are you using the Chrome or Safari browser?) | To optimise the app for your use and for customer service purposes | Legitimate interest | Provide Users with best possible app experience and to verify users/prevent fraud |
| Time zone setting (e.g. GMT). | To optimise the app for your use and for customer service purposes | Legitimate interest | Provide Users with best possible app experience and to verify users/prevent fraud |
| Advertising ID | To optimise the app for your use and to send relevant marketing material | Legitimate interest | Provide Users with best possible app experience and to verify users/prevent fraud |
| Paypal address | To be able to pay you once you’ve earned the minimum cash out amount | Performance of contract |
b. Clients
| What | Why | Basis of Processing | Legitimate Interest (if applicable) |
|---|---|---|---|
| Name | To communicate with you | Performance of contract | |
| Email address | To communicate with you | Performance of contract | |
| Company | To communicate with you | Performance of contract | |
| IP address | To assist with customer services purposes | Legitimate interests | To prevent fraud and assist our sales team in communication |
| Phone number | To communicate with you | Performance of contract | |
| Paypal address | To allow another form of payment to us | Performance of contract |
c. Website Visitors
| What | Why | Basis of Processing | Legitimate Interest (if applicable) |
|---|---|---|---|
| Through Google Analytics and Inspectlet we collect the following | |||
| IP address | To assist with customer services purposes | To prevent fraud and assist our sales team in communication | |
| The type of browser you use (e.g. are you using the Chrome or Safari browser?) | To optimise the website for your use | To provide the best possible website experience and to assist our sales team in understanding our site traffic | |
| Operating System | To optimise the website for your use | To provide the best possible website experience and to assist our sales team in understanding our site traffic | |
| Network | To optimise the website for your use | To provide the best possible website experience and to assist our sales team in understanding our site traffic |
