Last updated: April 10, 2024

Our Commitment to GDPR Compliance

At GroupPulse, we are committed to ensuring the privacy and protection of your personal data in accordance with the General Data Protection Regulation (GDPR). This page outlines how we comply with GDPR requirements and your rights under this regulation.

1. Data Controller Information

GroupPulse acts as a data controller for the personal information collected through our website and platform. You can contact our Data Protection Officer at:

Email: dpo@grouppulse.com
Address: 123 Innovation Street, Tech City, London, EC1V 1AB, United Kingdom

2. Personal Data We Process

We collect and process the following categories of personal data:

• Account Information: Name, email address, and company/organization name when you register for an account.
• Usage Data: Information about how you interact with our platform, features you use, and content you create.
• Participant Data: When you participate in sessions, we collect your responses and, if provided, your name or identifier.
• Technical Data: IP address, browser type, operating system, and other device information.

3. Legal Basis for Processing

We process your personal data on the following legal grounds:

• Contract: Processing necessary for the performance of our contract with you to provide our services.
• Legitimate Interests: Processing necessary for our legitimate interests, such as improving our services, preventing fraud, and ensuring the security of our platform.
• Consent: Where you have given us specific consent to process your data for particular purposes.
• Legal Obligation: Processing necessary to comply with our legal obligations.

4. Your Rights Under GDPR

Under the GDPR, you have the following rights regarding your personal data:

• Right to Access: You have the right to request a copy of the personal data we hold about you.
• Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data.
• Right to Erasure: You have the right to request that we delete your personal data in certain circumstances.
• Right to Restrict Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances.
• Right to Data Portability: You have the right to request that we transfer your personal data to another service provider in a structured, commonly used, and machine-readable format.
• Right to Object: You have the right to object to the processing of your personal data in certain circumstances, including for direct marketing purposes.
• Right to Withdraw Consent: Where we process your data based on consent, you have the right to withdraw that consent at any time.

To exercise any of these rights, please contact us at privacy@grouppulse.com.

5. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

For account information, we retain your data for as long as your account is active. If you delete your account, we will delete or anonymize your personal data within 30 days, unless we are required to retain it for legal reasons.

For session and response data, we retain this information for as long as the session creator maintains their account, or until they delete the specific session.

6. International Data Transfers

GroupPulse is based in the United Kingdom, and your data may be processed in countries outside the European Economic Area (EEA). Whenever we transfer your personal data out of the EEA, we ensure a similar degree of protection is afforded to it by implementing appropriate safeguards, such as:

• Using specific contracts approved by the European Commission that give personal data the same protection it has in Europe.
• Transferring data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission.
• Using providers who are certified under approved certification mechanisms such as the EU-US Privacy Shield.

7. Data Security

We have implemented appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage. These measures include:

• Encryption of personal data in transit and at rest
• Regular security assessments and penetration testing
• Access controls and authentication procedures
• Regular backups and disaster recovery procedures
• Staff training on data protection and security

8. Data Breach Procedures

In the event of a personal data breach, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible. If the breach is likely to result in a high risk to your rights and freedoms, we will also notify you directly.

9. Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for processing activities that are likely to result in a high risk to the rights and freedoms of individuals, particularly when implementing new technologies.

10. Data Protection Officer

We have appointed a Data Protection Officer (DPO) responsible for overseeing our data protection strategy and implementation to ensure compliance with GDPR requirements. You can contact our DPO at dpo@grouppulse.com.

11. Complaints

If you have any concerns about our processing of your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk), or the supervisory authority in your country of residence.

However, we would appreciate the chance to deal with your concerns before you approach a supervisory authority, so please contact us in the first instance at privacy@grouppulse.com.

12. Changes to This GDPR Compliance Statement

We may update this GDPR Compliance Statement from time to time. We will notify you of any changes by posting the new statement on this page and updating the "Last updated" date at the top.

You are advised to review this statement periodically for any changes. Changes to this statement will be effective when they are posted on this page.

13. Contact Us

If you have any questions about this GDPR Compliance Statement or our data protection practices, please contact us at:

Email: ryan@theimpactlab.co.uk