Modified: May 17, 2021

Cultivate Technology Inc. (“Cultivate”, “we”, “our”, or “us”) offers a Leadership Development & Culture Platform that provides you with insights and coaching on your digital behavior in real-time, and opportunities to help you improve your workplace relationships in your flow of work.

This Privacy Policy (“Policy”) describes our practices when a Customer (for individuals, this is usually your employer) deploys a self-hosted or “virtual on-premise” version of the platform. This means that the platform is installed and running directly on Customer-owned or controlled servers.

How Cultivate Processes Personal Data

Cultivate (the company) DOES NOT receive any emails, chats, or calendar content. These remain on the servers or systems of origin controlled by the Customer. Generally, we receive only a limited amount of personal data, including usage metrics/metadata, persistent online identifiers, name, and email address.

Cultivate is a “processor” of your personal data. This means that we will collect and process your personal data only as instructed or permitted by our Customer (your employer). In this case, our use of such information is limited to the purpose of providing the service for which the Customer has engaged us. For example, providing or improving the leadership and coaching tools, preventing or addressing service or technical problems, in accordance with Customer’s other instructions and our agreement with the Customer, or as may be required by law.

Our Customer (your employer) is the “controller” of your personal data and is responsible for complying with any privacy laws that require providing notice, disclosure, and/or obtaining consent prior to using Cultivate’s software or collecting or transferring any of your personal data to us.

How Cultivate Discloses Your Personal Data

You will gain access to your own personal dashboard, and reports and notifications will be shared with you via email. We do not enable your manager or other customer administrators to access these reports via the Cultivate platform.

We will disclose other personal data when instructed by our Customer. We may disclose your personal data to third party processors as needed to provide the services that you and our Customer have requested. These entities are contractually bound to limit the use of your personal data as needed to perform the services.

We will refer any request for disclosure of personal data by a law enforcement authority to the Customer. We may, where legally obligated, disclose personal data to law enforcement or other government authorities. We will notify Customer of such request unless prohibited by law.

Global Privacy

General Data Protection Regulation “GDPR”
We obtain an annual GDPR Validation from TrustArc to further demonstrate our ability to assist Customers in complying with their relevant privacy obligations. A copy of the latest validation letter can be provided to Customers upon request.

Security
We have implemented technical and organizational measures to protect your personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access. However, no method of transmission over the Internet, and no means of electronic or physical storage, is absolutely secure. Thus, we cannot guarantee the absolute security of that information.

Additionally, to facilitate our operations, we may transfer, store and process your personal data in jurisdictions other than where you live, including in the United States. Laws in these countries may differ from the laws applicable to your country of residence. For instance, if you are a European Economic Area (EEA) data subject and your personal data is shared with our affiliates, partners, or third-party service providers acting on our behalf outside of the EEA, then it is done so pursuant to necessary means to ensure an adequate level of protection.

Additional information about the security settings and configurations can be found in the documentation made available to Customers.

We maintain a SOC II Type II certification, a copy of which can be provided to Customers upon request.

Additional


Data Retention
We retain personal data according to the timeframes set forth in our Customer agreement.


Changes to This Privacy Policy
We may amend this Policy from time to time, at our sole discretion. Use of any personal data we collect now or in the future will be subject to the Policy in effect at the time we use such personal data. If we make material changes to the way we use personal data, we will notify you by posting an announcement on our website and service or by sending an email to the address you have registered with us. We encourage you to periodically review this Policy for any changes. For new Customers, changes or updates are effective upon posting. For existing Customers, changes or updates are effective 30 days after posting.


Compliance
We have appointed a data protection officer responsible for overseeing the implementation of our privacy program.

Talk to us
We welcome your comments and questions regarding our Policy.

An individual who seeks to exercise any data subject rights under applicable local laws, including the ability to access, delete, rectify, transfer, restrict, or object to the processing of personal data, should direct their request to the Customer (your employer or another entity or person, called the “data controller”). We will honor and support any Customer instructions with respect to your personal data, as required by law. Alternatively, clicking the “Delete Account” button located in your account’s settings will delete your insights from your  dashboard.

Please contact us at:
Cultivate Technology Inc.
326 Ritch Street
San Francisco, CA 94107
privacy@Cultivate.com

For EEA data subjects, our data protection officer is Joshua Pittel, who may be reached at our principal place of business or by emailing privacy@cultivate.com. Our EU Data Protection Representative is DPR Group who may be contacted via the instructions here.

EEA data subjects have the right to lodge a complaint with a supervisory authority concerning our data processing activities.

Pin It on Pinterest