Modified: May 12, 2021
How Cultivate Processes Personal Data
Customer (your employer) is using a “self-hosted” version of Cultivate’s software, which means that the software is installed and running directly on Customer-owned or controlled servers. Cultivate (the company) does not seek or require access to a Customer or user’s emails, chats, or calendar content. In general, Cultivate’s (the company) access to your personal data will be limited to usage metrics/metadata, persistent online identifiers, name, and email address.
Cultivate is a “processor” of your personal data. This means that Cultivate will collect and process your personal data only as instructed or permitted by our Customer (your employer). In this case, Cultivate’s use of such information is limited to the purpose of providing the service for which the Customer has engaged Cultivate. For example, providing or improving the leadership and coaching tools, preventing or addressing service or technical problems, in accordance with Customer’s other instructions and the relevant agreement between the Customer and Cultivate, or as may be required by law.
Customer (your employer) is responsible for complying with any privacy laws that require providing notice, disclosure, and/or obtaining consent prior to using Cultivate’s software or collecting or transferring any of your personal data to Cultivate (the company).
How Cultivate Discloses Your Personal Data
You will gain access to your own personal Cultivate dashboard, and reports and notifications will be shared with you via email. Cultivate does not proactively display your personalized leadership and coaching content to our Customer (your employer). Theoretically, it may be viewable by others within your organization, for example, if your employer takes control of your login credentials.
Cultivate will disclose personal data when instructed by our Customer. We may disclose your personal data to our third party processors as needed to provide the services that you and our Customer have requested. These entities are contractually bound to limit the use of your personal data as needed to perform the services.
Cultivate will refer any request for disclosure of personal data by a law enforcement authority to the Customer. Cultivate may, where it concludes that it is legally obligated to do so, disclose personal data to law enforcement or other government authorities. Cultivate will notify Customer of such request unless prohibited by law.
General Data Protection Regulation “GDPR”
Cultivate obtains an annual a GDPR Validation from TrustArc to further demonstrate its ability to assist Customers in complying with their relevant privacy obligations. A copy of the latest validation letter can be provided to Customers upon request.
We have implemented technical and organizational measures to protect your personal data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure or access. However, no method of transmission over the Internet, and no means of electronic or physical storage, is absolutely secure. Thus, we cannot guarantee the absolute security of that information.
Additionally, to facilitate our operations, we may transfer, store and process your personal data in jurisdictions other than where you live, including in the United States. Laws in these countries may differ from the laws applicable to your country of residence. For instance, if you are a European Economic Area (EEA) data subject and your personal data is shared with our affiliates, partners, or third-party service providers acting on our behalf outside of the EEA, then it is done so pursuant to necessary means to ensure an adequate level of protection.
Additional information about the security settings and configurations can be found in the Cultivate documentation made available to Customers.
Cultivate maintains a SOC II Type II certification, a copy of which can be provided to Customers upon request.
Cultivate may amend this Policy from time to time, at its sole discretion. Use of any personal data we collect now or in the future will be subject to the Policy in effect at the time Cultivate uses such personal data. If we make material changes to the way we use personal data, we will notify you by posting an announcement on our website and service or by sending an email to the address you have registered with us. We encourage you to periodically review this Policy for any changes. For new Customers, changes or updates are effective upon posting. For existing Customers, changes or updates are effective 30 days after posting.
Talk to us
We welcome your comments and questions regarding our Policy.
An individual who seeks to exercise any data subject rights under applicable local laws, including the ability to access, delete, rectify, transfer, restrict, or object to the processing of personal data, should direct their request to the Customer (your employer or another entity or person, called the “data controller”). Cultivate will honor and support any Customer instructions with respect to your personal data, as required by law. Alternatively, clicking the “Delete Account” button located in your account’s settings will delete your (i) email and chat messages, calendar data, and other content submitted through the software and (ii) your personalized leadership and coaching content.
Please contact us at:
Cultivate Technology Inc.
326 Ritch Street
San Francisco, CA 94107
For EEA data subjects, our data protection officer is Joshua Pittel, who may be reached at our principal place of business or by emailing firstname.lastname@example.org. Our EU Data Protection Representative is DPR Group who may be contacted via the instructions here.
EEA data subjects have the right to lodge a complaint with a supervisory authority concerning Cultivate’s data processing activities.