Utegra ® is a registered trading brand of SurveyShack (SSL) Ltd a company registered in England and Wales with Company Number 8753421 and registered office at Mountbatten House, Fairacres, Windsor, Berkshire, SL4 4LE United Kingdom (“Utegra”, “we” or “us”) which is the data controller and responsible for your personal data.
We will never sell or unlawfully disclose any information or personal data from any of our customers, respondents or website visitors at any time; ever!
Our Privacy FAQ and Key Privacy Issues
If you use or administer our software tools for 360-degree appraisal or performance management:
- Your data is owned by you. Your data is private, and your data is yours. You control your data; how you release it or use it is up to you. We don’t sell your information to anyone and we don’t use the responses you collect for any purpose other than to provide services to you. But we do comply with the law, so under limited circumstances we could be required to release your information (e.g., if we are compelled by a court order).
- You act as the data controller to your respondents. We enable you to communicate your compliance statements regarding data handling and privacy. As such, you are responsible for honouring respondent requests under EU privacy regulations.
- We act as a data processor to respondents. Our tools enable you to securely collect respondent information and the ability to comply with data processing consent/notification requirements.
- We act as a data controller for your account information. When you place an order with us, we collect the minimal required information to deliver our services and communicate with you. This information is never sold.
- We’re serious about data security. Please see our Data Security policy.
- You determine where data travels. Data created on Utegra tools will use the EU Linode Cloud Hosting data centre in London, UK. What happens to the data after we collect it is up to you, our customer.
- Customer Information you provide to us
- Registration information e.g. usernames, password, and email addresses.
- Billing information e.g. billing details and financial information associated with your selected payment method or bank account details. We don’t store any credit card information.
- Account settings e.g. your account settings page, account preferences, and personal details like your default language, time zone, etc..
- Email lists e.g. email lists you upload or provide to us to establish users for your performance management or appraisal process. We don’t use your email lists or any email addresses, except to assist you at your direction e.g. if your email list isn’t sending correctly or to establish users in a performance management or appraisal tool that we provide to you.
If you respond to performance management or 360-degree appraisal requests:
- Appraisal creators administer and control appraisals. We are only a service provider/processor of feedback data using our performance management and 360-degree appraisal tools, processing data on behalf of our customer. Your administrator administers and has control over their content, while we host their tool and software service for them or provide a managed service for them. If you have questions about a particular invitation or appraisal request, you’re taking, please contact your appraisal creator or administrator.
- Are your responses sold to a third party? We do not sell or share your responses with third party advertisers or marketers or any third party of any kind – ever! The appraisal creator tools administrator controls your response data, and we merely act as a processor and a host on behalf of the survey creator while the information is in our custody.
- Respondent Information provided to us:
- Appraisal responses e.g. what respondents answer in our tools
- Email list info e.g. from email addresses, names, or other contact info from email lists that Customers provide and upload
- Customer and Respondent Information
- Usage info e.g. visitor logs including IP address, cookies, etc.
- Device info e.g. which browser used, which OS, etc.
- Referral source e.g. which source or link referred respondent to tool
- Page tag data e.g. clear gifs, web beacons, web bugs
- Before receiving that information, we require the Customer to warrant that it has a pre-existing relationship with the Respondent and/or the Respondent’s permission to receive electronic messages. We reserve the right to identify you as the person who has made the referral in any message that is sent to them.
- Respondents provide us with the information requested by you e.g.if your question asks about the respondent’s self-assessment against a set of criteria or their level of attainment against an objective, as well as all answers to the appraisal questions. Customers are solely responsible for the content of the questionnaires and response data as well as complying with all applicable laws and regulations that might apply to the content that is solicited by Customers. As one of our software features for our Customers, we can record: (i) if and when a Respondent has responded and (ii) if and when a Respondent has received a reminder. In addition, we receive any information contained in any communications a Respondent makes directly with us.
We will not – under any circumstances – use Respondent Information for any purpose other than to provide services to our Customers.
If you are an EU resident or customer, you have the following rights:
- Under the GDPR, you as a respondent are provided specific rights in regard to the handling of your information. You may request the following from the data controller:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
Issues from the EU regarding GDPR complaints, questions, and comments can be directed to:
Information Commissioner’s Office:
- Wycliffe House
- Water Lane
- SK9 5AF
- Phone: Tel: 0303 123 1113 (local rate) or 01625 545 745 (national rate)
- Online: https://ico.org.uk/concerns/
The Utegra data privacy contact can be reached at:
Compliance Manager, Utegra:
- SurveyShack (SSL) Ltd,
- Mountbatten House
- Fairacres, Windsor
- Berks, SL4 4LE
- Phone: +44 207 112 1960
- Email: firstname.lastname@example.org
Like most other websites, Utegra uses “cookies” to collect data about visitors. Cookies are alphanumeric identifiers stored on your computer’s hard drive through your Web browser for the purpose of identifying you when you visit a site or page. Cookies enable us to recognize your browser when you visit and to tell us whether you and other visitors have visited the website previously. For these purposes your cookies are tied to personally identifiable information (like your email address). If you have provided your name or other contact information to us via a web form, we are able to tie that information back to the cookie.
Cookies can be either temporary session cookies that expire at the end of a user session when the browser is closed or persistent cookies that remain on your hard drive for an extended period of time. We use persistent cookies. A persistent cookie can remain on your hard drive for an extended period of time.
We set cookies when you visit our website, respond in our tools. Cookies are used to:
- allow us to see how visitors use our website (these may be third party cookies like Google Analytics)
You can change the settings on your browser to prevent new cookies from being set, or to notify you when a new cookie is set. Each browser is different, but the Help section for the browser will be able to show you how to change cookie preferences or clear your cookies.
Clear Gifs (Web Beacons/Web Bugs)
Clear gifs are tiny graphics with a unique identifier, similar in function to cookies, and are used to track the online movements of Web users. In contrast to cookies, which are stored on a user’s computer hard drive, clear gifs are embedded invisibly on Web pages.
We may also use clear gifs in our HTML-based emails to you our customers and users to let us know which emails have been opened by recipients. This allows us to gauge the effectiveness of certain communications and the effectiveness of our marketing campaigns. If you would like to opt-out of promotional emails, please follow the unsubscribe instructions included in each promotional email.
If you use our blogs or any forums associated with our website, keep in mind that any personally identifiable information you submit there can be read, collected, or used by other users, and could be used to send you unsolicited messages. We are not responsible for the personally identifiable information you choose to submit in these forums or blog comments.
How we use the information we collect
We use Customer Information in our normal course of business, including to contact you regarding technical support, discuss billing issues, or to bring to your attention any aspect of our mutual business. We may also use your contact information to provide you with policy or product updates or to introduce new products and services provided you have indicated that you do not object to being contacted for these purposes.
If you do not wish to receive promotional emails from us, you can tell us not to either at the point such information is collected (by checking or unchecking (as directed) the relevant box) or by following the unsubscribe instructions included in each promotional email. We send service-related announcements when necessary to do so, and generally, you may not opt-out of these communications, which are not promotional in nature.
All Respondent Information is stored in our databases for our Customers’ benefit. At your direction, we use a Survey Respondent’s email address (and at your option other contact information) to send user invitations, reminders, and whatever other communications you choose to use. We may also use Respondent Information to improve the performance of our website and Services by analysing site and user behaviour, troubleshooting technical problems, resolving disputes and addressing complaints, and addressing compliance issues with our Terms and conditions.
As part of our terms and conditions Customers maintain and warranty sole responsibility over their behaviour, use of our software tools and services, and whatever content is inserted into or solicited by our software. We make no representations or warranty over our Customers’ use of our services, nor do we control our Customers’ behaviours. If you think there may be any violations of our Terms, please report it to us at email@example.com
We collect information on behalf of our Customers. If you are an end user of one of our Customers and would no longer like to be contacted by one of our Customers that use our service, please contact that Customer directly.
Our Staff’s Access to Information
Our staff will only access your data at a minimum necessary level, in order to provide technical or administrative support. For instance, if you open a support ticket, use our consulting or managed services, call our telephone support, or your account is flagged for a security reason, then our staff may log into your account for the purpose of troubleshooting and correcting the reported issue or performing their contracted task. We will not for any reason disseminate your data other than as you have directed (e.g. email actions, sending reports, etc.). All your data is subject to confidentiality clauses in our terms and conditions.
Data Retention and Deletion / Destruction
We retain data that we process on behalf of our Customers and data we collect from our Customers directly for as long as it is needed to provide services to our Customers. We will retain and use this data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Sometimes users have specific needs under institutional or legal requirement. For instance, occasionally data needs to be completely destroyed after its intended use. In some cases (e.g. when a customer stops paying for an account, downgrades to a different account plan, etc.), data can be retired and locked away rather than actually destroyed. In most cases this makes the loss retrievable in the event of a mistake. We can, however, comply with a request for total data destruction; you just need to let us know.
Links to Other Sites
Our website may contain inks to other websites that are not owned or controlled by us. Please be aware that we are not responsible for the privacy practices of such other websites. We encourage you to be aware when you leave our website and to read the privacy statements of each and every website that collects personally identifiable information.
Who we share or disclose information to
We do not share information with any third parties except under the following very limited circumstances:
- As Customers and Respondents Choose: We may share or otherwise use your Customer Information as you choose, and we may share Respondent Information as both you and the Respondent choose. For example, if you choose to have an email action send a copy of a response to the tool administrator or your manager, respondent, and/or a third party.
- Agents Acting on Our Behalf: We may share some of your Information with other companies who provide us with technical and other type of services such as a data hosting centre. They are contractually bound under nondisclosure agreements and are granted access to only Information that is necessary for their jobs and are prohibited from using Information for any other purpose (including marketing or sharing the Information with any other party). We do not share any personally identifiable information with third parties who are not services providers who have signed confidentiality agreements to perform services for us.
- For Legal Reasons: We are required by law to respond to court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims. We may also share your Information to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of our terms and conditions, or as otherwise required by law.
Data archiving / Deletion
When you cease to pay for your Services, we will either archive or delete your data upon your instructions. We will allow you access the data for use (e.g. local storage on your computer, etc.) before deletion. Alternatively, if you do not require access before deletion, you can contact us directly in writing as stated above.
Once a Respondent has submitted a response, the Respondent may not be able to access his/her Information through the Services. We can sometimes facilitate Respondents to re-access responses, but that must be requested by the Services Administrator. Respondents may contact you and you, in turn, will be able to view the Respondent’s collected Information and, where appropriate, work with us in modifying such Information.
We have extensive security measures in place to protect your Information, and we are committed to the protection of your data. Unique user names and passwords must be entered each time a person logs on. We work with third party data centre service providers, to host our Services, and Software in a secure production environment that uses a firewall and other technology to reasonably prevent access from outside intruders.
All of our technology and processes are not, however, guarantees of security (see our Terms and Conditions for more information). You should also bear in mind that submission of information over the internet is never entirely secure. We cannot guarantee the security of information you submit via the Services whilst it is in transit over the internet and any such submission is at your own risk.
For more information on our security measures, get in touch with us at firstname.lastname@example.org and at +44 207 112 1960 or view our security policy
Account Ownership Transfer
If you choose and to transfer your account billing information and point of contact information (e.g. the individual who registers for the account or the user designated within our Services as the main account administrator) to another individual or organisation, ownership over all of your account’s data is therefore transferred to that individual or organisation. This data may include confidential information, response data, and/or custom reports, customised software code that you may have purchased with our professional services team. Data and account ownership transfer responsibilities lie solely with the customer. Utegra cannot and does not monitor how or why a customer or user may transfer data or account ownership.
Effective: May 25th, 2018
Updated: Nov 10th, 2020