Owner and Data Controller

Deeper Signals Inc.

430 West 34th #16E

New York, NY

10001

Owner contact email: privacy@deepersignals.com

Effective Date: December 14, 2022

Last Updated: June 06, 2023

Deeper Signals (“we”, “us”, or “our”) is committed to protecting your personal data and respecting your privacy. We have written this Privacy Policy (“Policy”) to help you understand what data we collect, how we use it, and your rights. We recommend that you read this Policy in its entirety to ensure you are fully informed.  

Our role in your privacy 

Deeper Signals acts as the “data controller” of the personal data you provide to us. This means that we determine how personal data is processed and are responsible for protecting it from harm. 

When and how we collect data

We collect your personal data when you create an account with us or otherwise share data with us on our website. Here are ways in which we collect your data: 

  • You browse any page or submit a form through our website (such as to download our whitepaper)
  • You request a demo of Deeper Signals
  • You use our services or contact us for customer support
  • You receive transactional emails from us or opt-in to marketing messages
  • You communicate with us via social media

If you share the data of another person on our website, you must make sure you have that person’s consent to both the disclosure and processing of their personal data in accordance with this Policy.

Personal data may either be freely provided by you or, in certain cases, collected automatically when using this website. Some data requested by us is mandatory and failure to provide this data may make it impossible for us to provide our services to you. In cases where we specifically states that data is not mandatory, you are free not to share this data without impacting the functioning of our website or services. If you are uncertain about what data is mandatory, please contact us at the email listed below in the “Contact Us” section. 

Types of data we collect

The types of data we collect may depend on the reason for collection. Here are the different types of data we may collect from you: 

  • Contact details (Your first and last name, email address)
  • Usage information (Your or your end users’ responses to personalized assessments)
  • Technical information (Device information such as your IP address, browser type and version and information about your visits to our website including pages viewed)

In addition to the above, we also use cookies (small, encrypted data files stored and sent by your browser whenever you visit our website) to store and retrieve your login status, assessment results, and various website settings. Some of the cookies are account-specific while others are not. For more information about cookies, please see our Cookie Policy section below. 

Why we collect your data

We only use your data for certain reasons and where we have a legal basis to do so. Here are the reasons we collect your data: 

  • To calculate and display your personality assessment results
  • To send you account-related messages, such as password recovery emails
  • To identify you and ensure the security of your account, such as by verifying you own the email linked to your account
  • To provide you with content and services relevant to you 
  • To respond to your questions or issue reporting or otherwise to provide customer support
  • To conduct website analytics to optimize our services and your experience by testing features, managing landing pages, etc. (For example, we may measure the time you spend on a certain page before and after a design change in order to understand whether we need to tweak anything.)
  • Where required, to respond to a request for information if we believe disclosure is in accordance with, or required by, any applicable law or legal process, including court orders, subpoenas, or other lawful requests by public authorities to meet national security or law enforcement requirements

How we secure your data

We have technical, administrative, and physical security measures in place that are designed to protect your personal data from unauthorized access, disclosure, use, and modification. Some of these measures include regular penetration testing, audits, and encryption. We regularly review our security procedures to consider appropriate new technology and methods. 

Please be aware that, despite our best efforts, no security measure is 100% perfect or impenetrable and any information you provide to us is at your own risk.

If you believe your privacy has been breached, please contact us immediately at security@deepersignals.com

Where we store your data

The personal data we process is stored on Deeper Signals servers located in Germany and in any data processing facilities operated by the third-party service providers identified in this Policy.

If we store or transfer data outside the EEA, we take all steps necessary to ensure that your privacy rights are protected and that we are complying with all applicable requirements related to such data transfers. Typically, this means we will enter into Standard Contractual Clauses, where required, before transferring any personal data. 

How long we retain your data

The retention period for your data will depend on the purpose and legal basis for which it was collected. 

In the context of business-to-consumer interactions, when we collect your personal data for purposes related to the performance of the services we provide to you, we will retain that data for a period of 2 years following your last interaction with Deeper Signals or until you request that we delete your data, whichever occurs first. 

In the business-to-business context, Personal data collected from you as a result of a contract with an organization that employees you is owned by your employer (who acts as the data controller of your data). As such, this data will be retained until the applicable data processing agreement with the organization obligates us to delete or return your data. 

If we collect your personal data for our legitimate interests, we will retain your data for as long as needed to fulfill these interests. For more information on what these legitimate interests may include, please review the EEA, UK, and Switzerland section of this Policy, or contact us at security@deepersignals.com

If you have given us consent to process your data, we may retain such data until you explicitly withdraw your consent or until we no longer have a justifiable reason to retain such data. 

Notwithstanding the above retention periods, we may retain your personal data for a longer period if we are required to do so for the performance of a legal obligation. 

Once the applicable retention period ends, all personally identifiable data will be permanently deleted or anonymized. 

Third parties who process your data

We partner with third parties to provide you with our services. When we do this, it may be necessary for us to share your data with these parties. In these cases, your data will only be shared when strictly necessary and in line with the safeguards and practices outlined in this Policy. 

Where data is transferred to a third party in a country outside the European Economic Area (EEA) that does not have an adequate level of protection for personal data, Deeper Signals will enter into the most current version of the Standard Contractual Clauses (SCCs). 

Below you will find a list of our current third-party service providers. Please note this list is subject to change, so it is important that you periodically review it.

Hosting

Amazon Web Services (AWS) - Privacy Notice

Data collected/shared: Various types of data, such as contact information, as specified in the AWS Privacy Notice

Purpose: This is a web hosting provider we use to store data securely in the cloud. 

Place of processing: EEA

Where service is used: Deeper Signals Application

Functionality

Google OAuth (Google LLC) - Privacy Policy

Data collected/shared: Various types of data, such as contact information, as specified in the Google Privacy Policy

Purpose: This allows you to authenticate your identity via Google. 

Place of processing: EEA or US

Where service is used: Deeper Signals Application

Google Fonts - Privacy Policy

Data collected/shared: Various types of data, such as usage data, as specified in the Google Privacy Policy

Purpose: This is a typeface visualization service that allows our website to incorporate content of this kind on its pages. 

Place of processing: US

Where service is used: Deeper Signals website

Other third-party service providers

Google Analytics with anonymized IP - Privacy Policy

Data collected/shared: Contact details. Data regarding your usage of the Deeper Signals website.

Purpose: This is a web analysis service, which is used to track use of our website and prepare reports on user activity.  This integration anonymizes IP addresses of those individuals located in the EEA by shortening the individual’s IP address.  Opt-out

Place of processing: US

Where service is used: Deeper Signals website

Stripe - Privacy Policy

Data collected/shared: Various types of data, such as transaction data, as specified in the Stripe Privacy Policy

Purpose: This is the payment processing platform we use to manage purchases of our services and offerings. 

Place of processing: US and EEA

Where service is used: Deeper Signals application

Chargebee - Privacy Notice

Data collected/shared: Various types of data, such as contact information, as specified in the Chargebee Privacy Notice. 

Purpose: This is a subscription management system that helps us handle the subscription lifecycle, including recurring billing and invoicing. 

Place of processing: US and EEA

Where service is used: Deeper Signals application

CookiePro by OneTrust - Privacy Notice

Data collected/shared: Your cookie preferences

Purpose: CookiePro provides the cookie preference tool on the Deeper Signals website

Place of processing: US and EEA

Where service is used: Deeper Signals website

Grafana - Privacy Policy

Data collected/shared: Every user interactions with the Deeper Signals App.

Purpose: A multi-platform open-source analytics and interactive visualization web application for logs

Place of processing: EEA

Where service is used: Deeper Signals application

HotJar - Privacy Policy

Data collected/shared: No identifiable information shared.

Purpose: A product experience insights tool that gives behavior analytics and feedback data

Place of processing: EEA

Where service is used: Deeper Signals application

Sentry - Privacy Policy

Data collected/shared: No identifiable information shared.

Purpose: Application performance monitoring and error tracking.

Place of processing: US

Where service is used: Deeper Signals application

Cookie Policy 

We use cookies when you interact with us to enable our website to recognize when you visit and to track your preferences in relation to your use of our website. We also use cookies to carry out activities that are strictly necessary for the operation of our website, such as to save your language preferences and to optimize your browsing experience.  

There are different types of cookies we may use, including ‘session’ cookies that delete themselves when you leave Deeper Signals and ‘persistent’ cookies that remain stored on your device until you delete them or until they reach a specified expiration date. Persistent cookies help us recognize you when you return so we can provide a tailored experience. 

You can block and delete cookies through your browser settings. Additionally, you can manage your cookie preferences on our website by using our cookie banner (managed by CookieBot). However, please be aware, certain functions and features of our website will not be accessible if you block or reject cookies, including essential cookies. 

Where third parties use cookies, we have no control over how those cookies are used. In these cases, it is advised that you refer to the applicable cookie policies of these third parties. 

Your privacy rights and choices

You have certain rights when it comes to the processing of your data, including: 

  • The right not to provide us with your personal data. If you choose not to share your data, you can continue to use our website, but we may not be able to provide certain services to you. 
  • The right to object to our processing of your data. You have the right to object to the processing of your data at any time. 
  • The right to restrict processing of your data. Under certain circumstances, you have the right to restrict the processing of your data. In this case, Deeper Signals will not process your data for any purpose other than storing it. 
  • The right to rectify the data we hold about you. At any time, you can verify that the data we hold about you is accurate and, if it is not accurate, you have the right to ask for the data to be updated or corrected. Additionally, if you have an account with us, you can update most of your personal data including your email address, profile name, and demographic information. 
  • The right to access the data we hold about you. You can request supplementary information about the data we process about you, our purposes for processing, and how long the data will be stored. 
  • The right to be forgotten. You have the right to have your personal data deleted or otherwise removed. This right does not always apply. If this right does not apply, we will communicate this to you when you ask us to delete your data.  
  • The right to data portability. If you wish to transfer your data to another controller, we will provide your data to you in a structured, commonly used and machine-readable format. Where it is technically feasible, upon request we will directly provide your data to another controller for you.
  • The right to withdraw consent. Where you have previously provided consent to the processing of your data, you may withdraw such consent at any time by contacting us at hello@deepersignals.com.
  • The right to lodge a complaint. If you have a complaint about how we process your data, please contact us so we can address your concern(s). However, if we fail in this, you can lodge a complaint with your local Data Protection Supervisory Authority or with the UK Information Commissioner’s Office. 

If you’d like to exercise any of the above rights, please email us at hello@deepersignals.com. Please send the request from the e-mail address associated with your account in order for us to process it. These requests can be exercised free of charge and will be addressed by Deeper Signals as early as possible and always within one month.

“Do Not Track” Disclosure

Deeper Signals does not currently respond to “Do Not Track” requests. We will continue to monitor industry activity in this area and will reassess our practices as needed. 

Changes to this Policy

Deeper Signals reserves the right to make changes to this Privacy Policy at any time. We recommend you check this page often, referring to “last updated” date at the top of this Policy. In the event that we make material changes that impact your rights and/or use of our services, we will provide notice to you via email. 

Should these changes affect the processing activities performed on the basis of your consent, Deeper Signals shall collect new consent from you as required.

EEA, UK, and Switzerland Addendum

This EEA, UK, and Switzerland Addendum (“Addendum”) applies to you if you use our services while in the EEA, UK, or Switzerland. 

Legal Basis for processing

When we process your personal data, we only do so for one or more of the following reasons: 

  • Performance of a contract, such as to process payments and provide our services you’ve requested
  • As necessary to comply with legal obligations that we are subject to 
  • Processing is necessary for Deeper Signal’s legitimate interests, including to communicate with you about changes to our services and to improve or analyze our services
  • When we have your consent to process. If you have previously given consent to our processing of your data, you can freely withdraw such consent at any time by emailing us at security@deepersignals.com. If you do withdraw your consent, and if we do not have another legal basis for processing your information, then we will stop processing your personal data. If we do have another legal basis for processing your information, then we may continue to do so subject to your legal rights.

Should you have any questions about the legal bases we rely on and when we rely on them, Deeper Signals will clarify the specific legal basis that applies to our processing of your personal data. 

California Addendum

This California Addendum (“California Addendum”) explains how we collect, use, retain, and otherwise process personal data about California residents. Additionally, this California Addendum explains the rights California residents have under the California Consumer Privacy Act (“CCPA”), as amended by the California Privacy Rights Act (“CPRA”). This California Addendum only applies to information collected about California residents (“you”). 

Categories of personal data collected

Deeper Signals may have collected the following categories of personal data within the last twelve (12) months. The personal data collected depends on the services used by you:

  • Contact details (Your first and last name, email address)
  • Usage information (Your or your end users’ responses to personalized assessments)
  • Technical information (Device information such as your IP address, browser type and version and information about your visits to our website including pages viewed)

Categories of personal data sold

Within the meaning of the CCPA, Deeper Signals does not sell any personal data. 

How we collect personal data

Personal data may either be freely provided by you or, in certain cases, collected automatically when using this website. For further details on this, please review our Privacy Policy. 

How we use personal data

We use the personal data we collect for the business purposes disclosed within our Privacy Policy.

Your California rights

As a California resident, you have the following rights related to your personal data: 

  • The right to request: (1) the categories and specific pieces of personal data we have collected about you, (2) the categories of sources we collect your personal data from, (3) our business or commercial purpose for collecting and/or selling your personal data, and (4) the third parties we share your personal data with. Additionally, to the extent that we sell your personal data, you may request that we disclose the above information to you. 
  • The right to delete: You have the right to request that we delete any personal data that we collect about you. 
  • The right to opt-out of the sale of your personal data: You have the right to opt-out of the sale of your personal data. To exercise this right, please email security@deepersignals.com.

The right to not be discriminated against: We will not discriminate against you if you choose to exercise any rights granted to you through the CCPA.

GOLDEN GOOSE PRIVACY INFORMATION NOTICE

The following terms are relevant only to end-user who use the Deeper Signals platform via Golden Goose and their affiliates.

Golden Goose S.p.A., (hereinafter GG) as data controller, informs you that the processing of some personal data is necessary to (i) develop personality assessments, individual and team coaching reports for the personal and professional development and growth of GG employees, to improve teamwork, communication and cooperation between manager and team member and across team, to value individual unique personality traits and cognitive diversity within the GG workforce as well as to support (ii) workshops, training activities and HR practice (such as, but not limited to, onboarding process and talent review process).

a. Type of data processed and nature of data provision

The data involved in the process are:

(i) data of a common nature, preferences, opinions, character indications, collected through questionnaires and tests by GG to carry out the personality assessment and coaching reports

(ii) data of a personal nature and job position processed for participation in workshops and training.

The provision of personal data is optional. Participation in training and workshops is entirely voluntary. Failure to provide data or to participate have no consequence at all on your employment relationship and will only result in the impossibility to allow you to receive your individual report and of taking part in the working environment development campaign promoted by GG.

b. Purpose of processing and legal basis

The data provided will be processed by GG for the following purposes:

(i) to develop personality assessments and coaching reports for the personal and professional development and growth of GG employees as described above. This processing will be carried out in order to allow you to receive your individual driver score and your personality assessment report as you requested by voluntarily participating to the assessment, pursuant to art. 6, co. 1, lett. B, of GDPR

(ii) to organize and enable participation in training made available on Deeper Signal platform. This processing will be carried out on the basis of the company's obligation to allow you to access and benefit from the training activities and workshops as requested by you, pursuant to art. 6, co. 1, lett. B, of GDPR.

(iii) to improve the working environment and enhance individual resources and personalities within GG, by developing the individual reports available to yourself and the Talent Team, and theTeam Reports including coaching reports available also to your managers and your team members, to improve communication, cooperation and performance within the Team, valuing individual’s personality traits and valuing cognitive diversity. Team Reports will show average team drivers lable and scores (the average team drivers is resulting from the unweighted average of the team member individual driver scores), as well as individual drivers lables (e.g. Driven, Outgoing, Candid,…). No individual driver score (eg. Candid 98.6) will be visible in the Team Reports. This processing, will be carried out according to the legitimate interest of GG,  pursuant to art. 6, co. 1, lett. F, of GDPR.

All processing will be carried out mainly by electronic or telematic means, with logic related to the purposes for which the data were collected and in compliance with current security regulations, for the purposes specified.

c. Automated processing aimed at verifying the profile of the data subject

The processing of data relating to the personality assessment tests is an automated processing activity aimed at studying a character profile of the data subject. It therefore involves an automated analysis of the answers aimed at creating a profile. This profile does not affect the existing contractual and employment relationship with Golden Goose but provides information that can be used to improve the working environment and enhance individual resources and personalities within the company group. However, you can always ask for more information about the creation of your profile, as well as the logic used for the analysis. You may also request that your profile and the data relating to it be modified, corrected or deleted. You can send these requests to the addresses  below.

d. Recipients of the data

The data will be accessed by the GG Talent Team authorized people and by your managers and the other members of your team, will be processed by Deeper Signals as data processor and by the company Amazon Web Services, as a Deeper Signals sub-processor. The data may also be shared based on the same legal basis with companies of GG group for the purpose of resource management and to allow a harmonization of the activity of enhancing the value of employees and a uniform approach within the group (with specific reference to the activities carried out by GG also in relation to the employees of group companies).

Data will be processed through systems, platforms and databases located within the European borders.

e. Storage period

On the basis of the purposes identified, the data will be kept for the time strictly necessary to fulfil the purposes indicated and in any case not after 4 years from the making of the assessment or, if earlier, until a new assessment has been done, from which a new data retention term starts.

g. Rights of the data subject

The following rights of the data subject are guaranteed: access to the data, rectification, erasure, restriction, data portability and objection. All of the above rights may be exercised, at any time and without charge, by writing to GG at privacy@goldengoose.com or by sending a request in writing to Golden Goose Spa, Via Privata Ercole Marelli 10, 20139 Milano.

You can object totally to the processing or just partially, by selecting the appropriate command on your dashboard which will allow you to prevent access to the Assessment Team Report by your Manager and other Team members. In this latter case the individual Report will be accessible only to the Talent Team as part of the more general human resources management activity.

If you believe that one or more of your rights have been violated, we remind you that you can lodge a complaint with the Privacy Authority  (www.garanteprivacy.it).