Organization360
Sign in

Organization 360 - Privacy and Personal Data Policy

This policy describes how we use your data, with whom we share it, your rights and choices, and how you can contact us about our privacy practices.

This policy is related to the Organization360.org website, which is operated by Imaginate Solutions Sàrl (Switzerland). Imaginate is the responsible entity to apply this policy.

Please take a moment to read this policy carefully. If you have any questions about it, please contact us at support@organization360.org

Last updated: 20 August 2019

1. What is Organization 360?

Organization 360 is intended for use by nonprofit leaders, to collect feedback from stakeholders such as staff, experts, clients and peers, to provide insights for improvements in organizational effectiveness, new strategies, or leadership growth.


2. Personal data we collect and how we use it

Personal Data is any information that relates to an identified or identifiable individual.

We collect and store your name and email address with the purpose of providing you with a user account where you can manage your services.

We collect and store your country of residence, so we can keep track of our VAT obligations (we are in Switzerland and must pay VAT for Swiss customers).

We collect and store the name of your organisation, so that we can issue you an invoice in that name, and also include your organization’s name in your survey reports.

We don’t collect or store credit card information, which is handled by our payment intermediary, Stripe.

Due to the nature of our service, we hold information about your organisation that you or your respondents provide when filling in surveys or other tools, so that we may provide you with automated reports. However we will never access your account or data without your express written permission, because we consider it as strictly confidential to you. In fact we do not even have a user interface to access our clients’ data. We will only retrieve this data if you send us the link to your report as part of a technical support request.



3. How we share your personal data

It is simple: we will never share your personal data with anybody. The only situation where we will share such data is if we receive a Swiss court order, which is highly unlikely.


4. How you can access, edit, correct, export or erase your data

As they data in our survey tools is provided by your respondents in reply to the surveys you send them, and cannot be edited or corrected.

You may export your data by using the download function that comes with all reports.

You can delete your reports, and even your account, at any moment.


5. How we retain your data

If you delete a report, or your account, its final, it will be erased from our active systems. We do not provide backups.

We may however keep a copy of your data in the backups we make to restore the system in case of failure. We do not keep such backups for more than 6 months.


6. Your Rights with Respect to Your Information

You may have heard about the General Data Protection Regulation (“GDPR”) in Europe. GDPR gives people under its protection certain rights with respect to their personal information collected by us on the Site. Accordingly, we recognize and will comply with GDPR and those rights, except as limited by applicable law. The rights under GDPR include:

  1. Right of Access. This includes your right to access the personal information we gather about you, and your right to obtain information about the sharing, storage, security and processing of that information.
  2. Right to Correction. This is your right to request correction of your personal information
  3. Right to Erasure. This is your right to request, subject to certain limitations under applicable law, that your personal information be erased from our possession (also known as the “Right to be forgotten”). However, if applicable law requires us to comply with your request to delete your information, fulfillment of your request may prevent you from using our services and may result in closing your account.
  4. Right to Complain. You have the right to make a complaint regarding our handling of your personal information with the appropriate supervisory authority.
  5. Right to Restrict Processing. This is your right to request restriction of how and why your personal information is used or processed.
  6. Right to Object. This is your right, in certain situations, to object to how or why your personal information is processed.
  7. Right to Portability. This is your right to receive the personal information we have about you and the right to transmit it to another party.
  8. Right to not be subject to Automated Decision-Making. This is your right to object and prevent any decision that could have a legal, or similarly significant, effect on you from being made solely based on automated processes. This right is limited, however, if the decision is necessary for performance of any contract between you and us, is allowed by applicable European law, or is based on your explicit consent.

If you have questions about exercising these rights or need assistance, please see use the contact information below.


7. Security

We make considerable efforts to ensure a level of security appropriate to the risk associated with the processing of your data. We maintain organizational, technical and administrative measures designed to protect your data against unauthorized access, destruction, loss, alteration or misuse. These include third party security audits.

We will inform you within 72 hours of any breach affecting your account.

Unfortunately, no data transmission or storage system can be guaranteed to be 100% secure. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of your account has been compromised), please contact us immediately.

Important:

  1. If you don’t want to share your reports, keep them locked, otherwise anybody with access to that hyperlink will be able to access them!
  2. Protect your login by using a hard password and enabling two-factor authentication (coming soon)

Location of website and your data

This website is hosted by Digital Ocean which has its servers in the United States. If you are located in the European Union or elsewhere outside of the United States, please be aware that any information you provide to us will be transferred to the United States. By using our site, participating in any of our services and/or providing us with your information, you consent to this transfer.


9. Cookies and tracking

Organization360 uses cookies so users can log in, and also so that respondents will not lose data if interrupted while filling in a long form.

Otherwise we do not use cookies to track users, or any of those nasty third party tracking and advertising cookies.

We may use Google Analytics in the future if we decide to use Google Ads.


10. Third party subprocessors

Organization360 uses third party subprocessors, such as cloud computing providers and customer support software, to provide our services:

Digital Ocean (United States). Cloud services provider.

StripeStripe (United States). Payment processing services.

Mailchimp (United States). Email newsletter service.

Gmail (United States). Email service.


11. Legal domicile and applicable law

The legal domicile for any litigation is the Canton of Vaud, Switzerland. The applicable law is the Swiss Federal Data Protection Act and the Data Protection Ordinance. With regards to users in the European Union, General Data Protection Regulation (GDPR) also applies.


12. Changes to the User Agreement

All users will be notified by email of changes to this Personal Data Policy with 30 days notice.


13. Contact us

The contact person for all requests and questions related to personal data should be directed to Daniel D’Esposito, at support@organization360.org.