Owner and Data Controller
Deeper Signals Inc.
430 West 34th #16E
New York, NY
Owner contact email: email@example.com
We tried to keep this policy as simple as possible to helpyou understand what information we collect, how we use it, and what choices youhave about it. You should read this policy in full.
Types of Data collected
Deeper Signals (“We” “Us”) collects, stores, and usesinformation you share on our website. This includes your name, e-mail address,and any other information you choose to enter on the website, including withoutlimitation your or your end users’ responses to personalized assessments.
We also record certain technical information whenever youuse our website. This includes information about your device and about yourvisits to and use of our website, such as your IP address, browser type andversion, page views, etc.
We use “persistent” cookies on our website. Persistentcookies will remain stored on your device until deleted, or until they reach aspecified expiry date.
We use Sentry’s Sentry.io tool (“Sentry”) to providereal-time error tracking to help us to reproduce and fix crashes. For furtherdetails, please see Sentry’s privacypolicy.
Most browsers allow you to reject all cookies, while somebrowsers allow you to reject just third party cookies. Blocking all cookieswill, however, have a negative impact upon the usability of many websites,including ours.
Whether Information Has to Be Provided by You and Why
The provision of contact and other relevant information isrequired from you to enable us to communicate with you and to provide theservices available on our website. If you don’t provide the informationrequested, we may not be able to provide the services which require the use ofthis information (e.g., certain features or assessments).
How Do We Use the Information We Collect?
We use the information we collect to provide you with ourassessment services. Consequently, we use your information to:
- Calculate and display your personality quiz results to you
- Send you account-related messages, such as password recovery e-mails
- Identify you and ensure the security of your account – e.g., by verifying that you own the e-mail address linked to your account
- Provide you with content and services relevant to you
- Respond to your questions or issue reporting
In addition, we use your information to conduct analytics onhow you use our website in order to better understand your needs and tooptimize our service and experience. For instance, by measuring the time youspend on a certain page before and after a design change, we can understandwhether there’s anything we need to tweak. In order to do that, we use thethird party service, Google Analytics to collect standard internet loginformation and details of visitor behaviour patterns (for example, how muchtime you spent reading your personality test results). We’ve already mentionedthese services in the Cookies section above.
In short, Personal Data may be freely provided by the User,or, in case of Usage Data, collected automatically when using this Website.Unless specified otherwise, all Data requested by this Website is mandatory andfailure to provide this Data may make it impossible for this Website to provideits services. In cases where this Website specifically states that some Data isnot mandatory, Users are free not to communicate this Data without impactingthe functioning of the Service. Users who are uncertain about which PersonalData is mandatory are welcome to contact us at the contact information providedin this document.
Users are responsible for any third-party Personal Dataobtained, published or shared through this Website and confirm that they havethe third party's consent to provide the Data to Deeper Signals.
Mode and place of processing the Data
Methods of processing
We use all reasonable security and access control measuresto secure our accounts on third party services and websites and the data storedtherein.
Legal basis of processing
Deeper Signals may process Personal Data relating to Usersif one of the following applies:
- Users have given their consent for one or more specific purposes. Note: Under some legislations Deeper Signals may be allowed to process Personal Data until the User objects to such processing (“opt-out”), without having to rely on consent or any other of the following legal bases. This, however, does not apply, whenever the processing of Personal Data is subject to European data protection law;
- provision of Data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof;
- processing is necessary for compliance with a legal obligation to which Deeper Signals is subject;
- processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in Deeper Signals;
- processing is necessary for the purposes of the legitimate interests pursued by Deeper Signals or by a third party.
In any case, Deeper Signals will gladly help to clarify thespecific legal basis that applies to the processing, and in particular whetherthe provision of Personal Data is a statutory or contractual requirement, or arequirement necessary to enter into a contract.
The Data is processed on Deeper Signals' servers and in anyother places where the parties involved in the processing are located.
Depending on the User's location, data transfers may involvetransferring the User's Data to a country other than their own. To find outmore about the place of processing of such transferred Data, Users can checkthe section containing details about Data Transfer.
Users are also entitled to learn about the legal basis ofData transfers to a country outside the European Union or to any internationalorganization governed by public international law or set up by two or morecountries, such as the UN, and about the security measures taken by DeeperSignals to safeguard their Data.
If any such transfer takes place, Users can find out more bychecking the relevant sections of this document or inquire with Deeper Signalsusing the information provided in the contact section.
How long do we retain your data and how can you manageyour data?
If you have an account on our website, you can use theProfile section to change most of your personal details. For instance, itallows you to:
- Update your e-mail address
- Edit your profile name
- Change your gender and all other demographic information provided
- Delete your account
Personal Data will be processed securely and stored for aslong as required by the purpose they have been collected for. Therefore:
- Personal Data collected for purposes related to the performance of the services we provide to you, such as providing you with personality quiz results, shall be retained for an unlimited amount of time, or until you request that we delete your personal data
- Personal data collected from you on behalf of a contract with an organization that employees you will be retained for as long as is required to provide the services to such organization, or until the specific data privacy agreement with said organization obligates us to delete or anonymize your data.
- Any Personal Data collected for the purposes of Deeper Signals’s legitimate interests shall be retained as long as needed to fulfill such purposes. You will find specific information regarding the legitimate interests pursued by Deeper Signals within the relevant sections of this document or by contacting us.
Deeper Signals may be allowed to retain Personal Data for alonger period whenever the User has given consent, as long as such consent isprovided with clear intent not withdrawn. Furthermore, Deeper Signals may beobliged to retain Personal Data for a longer period whenever required to do sofor the performance of a legal obligation.
Once the retention period expires, all personallyidentifiable data shall be permanently deleted or permanently and irrevocablyanonymized. Therefore, the right to access, the right to erasure, the right torectification and the right to data portability cannot be enforced afterexpiration of the retention period.
The purposes of processing
The Data concerning the User is collected to allow theDeeper Signals to provide its Services, as well as for the following purposes:Registration and authentication, Displaying content from external platforms,Hosting and back-end infrastructure, Interaction with data collection platformsand other third parties, Analytics.
Users can find further detailed information about suchpurposes of processing and about the specific Personal Data used for eachpurpose in the respective sections of this document.
Detailed information on the processing of Personal Data
Personal Data is collected for the following purposes andusing the following services:
Google Analytics with anonymized IP (Google LLC)
Google Analytics is a web analysis service provided byGoogle LLC (“Google”). Google utilizes the Data collected to track and examinethe use of this Website, to prepare reports on its activities and share themwith other Google services.
Google may use the Data collected to contextualize andpersonalize the ads of its own advertising network.
This integration of Google Analytics anonymizes your IPaddress. It works by shortening Users' IP addresses within member states of theEuropean Union or in other contracting states to the Agreement on the EuropeanEconomic Area. Only in exceptional cases will the complete IP address be sentto a Google server and shortened within the US.
Personal Data collected: Cookies and Usage Data.
Deeper Signals is allowed to transfer Personal Datacollected within the EU to third countries that the EU has deemed not to haveadequate data privacy protections in place only pursuant to an authorizedtransfer mechanism, which may include Standard Contractual Clauses in the formprovided by the European Commission, or pursuant to an Article 49 derogationfor specific situations, including without limitation a user’s explicitconsent, necessity for the performance of a contract, necessity for theconclusion or performance of a contract concluded in the interest of the datasubject, or necessity for the establishment, exercise or defense of legalclaims.
This means that Data recipients have committed to processPersonal Data in compliance with the data protection standards set forth by EUdata protection legislation. For further information, Users are requested tocontact Deeper Signals through the contact details provided in the presentdocument.
Displaying content from external sources
This type of service allows you to view content hosted onexternal platforms directly from the pages of this Website and interact withthem.
This type of service might still collect web traffic datafor the pages where the service is installed, even when Users do not use it.
Google Fonts (Google LLC)
Google Fonts is a typeface visualization service provided byGoogle LLC that allows this Website to incorporate content of this kind on itspages.
This type of service has the purpose of hosting Data andfiles that enable this Website to run and be distributed as well as to providea ready-made infrastructure to run specific features or parts of this Website.Some of these services work through geographically distributed servers, makingit difficult to determine the actual location where the Personal Data arestored.
Amazon Web Services (AWS) (Amazon Web Services, Inc.)
Amazon Web Services is a hosting and backend serviceprovided by Amazon.com Inc.
Place of processing: European Union
This type of service allows Users to interact with datacollection platforms or other services directly from the pages of this Websitefor the purpose of saving and reusing data.
If one of these services is installed, it may collectbrowsing and Usage Data in the pages where it is installed, even if the Usersdo not actively use the service.
By registering or authenticating, Users allow this Websiteto identify them and give them access to dedicated services.
Depending on what is described below, third parties mayprovide registration and authentication services. In this case, this Websitewill be able to access some Data, stored by these third-party services, forregistration or identification purposes.
Google OAuth (Google LLC)
Google OAuth is a registration and authentication serviceprovided by Google LLC and is connected to the Google network.
The rights of Users
Users may exercise certain rights regarding their Dataprocessed by Deeper Signals.
Under the GDPR you have a number of important rights free ofcharge. In summary, those include rights to:
- Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
- Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
- Access their Data. Users have the right to learn if Data is being processed by Deeper Signals, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
- Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
- Restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, Deeper Signals will not process their Data for any purpose other than storing it.
- Have their Personal Data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their Data from Deeper Signals.
- Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User's consent, on a contract which the User is part of or on pre-contractual obligations thereof.
- Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.
If you’d like to exercise any of those rights, please emailus at: firstname.lastname@example.org. Please send the request from the e-mail addressassociated with your account in order for us to process it.
Details about the right to object to processing
Where Personal Data is processed for the purposes of thelegitimate interests pursued by Deeper Signals, Users may object to suchprocessing by providing a ground related to their particular situation tojustify the objection.
Users must know that, however, should their Personal Data beprocessed for direct marketing purposes, they can object to that processing atany time without providing any justification. To learn, whether Deeper Signalsis processing Personal Data for direct marketing purposes, Users may refer tothe relevant sections of this document.
How to exercise these rights
Any requests to exercise User rights can be directed to theus through the contact details provided in this document. These requests can beexercised free of charge and will be addressed by Deeper Signals as early as possibleand always within one month.
Additional information about Data collection andprocessing
The User's Personal Data may be used for legal purposes byDeeper Signals in Court or in the stages leading to possible legal action arisingfrom improper use of this Website or the related Services.
The User declares to be aware that Deeper Signals may berequired to reveal personal data upon request of public authorities.
Additional information about User's Personal Data
In addition to the information contained in this privacypolicy, this Website may provide the User with additional and contextualinformation concerning particular Services or the collection and processing ofPersonal Data upon request.
System logs and maintenance
For operation and maintenance purposes, this Website and anythird-party services may collect files that record interaction with thisWebsite (System logs) use other Personal Data (such as the IP Address) for thispurpose.
Information not contained in this policy
More details concerning the collection or processing ofPersonal Data may be requested from Deeper Signals at any time. Please see thecontact information at the beginning of this document.
How “Do Not Track” requests are handled
This Website does not support “Do Not Track” requests. Todetermine whether any of the third-party services it uses honor the “Do NotTrack” requests, please read their privacy policies. In addition, your browserallows you to disable cookies from this website, or any other website in thebrowser settings.
Should the changes affect processing activities performed onthe basis of the User’s consent, Deeper Signals shall collect new consent fromthe User, where required.
GOLDEN GOOSE PRIVACY INFORMATION NOTICE
The following terms are relevant only to end-user who use the Deeper Signals platform via Golden Goose and their affiliates.
Golden Goose S.p.A., as data controller, informs you that the processing of some personal data is necessary to (i) carry out the analysis of questions and tests aimed at providing personality assessment for the development, enhancement and integration of employees within the Golden Goose working reality, as well as for (ii) activities of participation in workshops and training.
a. Type of data processed and nature of data provision
The data involved in the process are:
(i) data of a common nature, preferences, opinions, character indications, collected through questionnaires and tests by the company Golden Goose Spa to carry out the tests and personality assessment,
(ii) data of a personal nature and job position processed for participation in workshops and training.
The provision of personal data is optional. Participation in tests, training and workshops is entirely voluntary. Failure to provide data or to participate will only result in the impossibility of taking part in the employee development campaign promoted by Golden Goose S.p.A.
b. Purpose of processing and legal basis
The data provided will be processed by Golden Goose S.p.A. for the following purposes:
(i) to carry out the activities of administration and analysis of questions and tests aimed at creating personality assessments focused at the best development, enhancement and integration of employees within the Golden Goose working reality. This processing, being an automated processing aimed at creating a personality profile of the data subject, will be carried out only with your express consent.
(ii) organising and enabling participation in workshops and training. This processing will be carried out on the basis of the company's obligation to allow you to access and benefit from the training activities and workshops made available to you.
All processing will be carried out mainly by electronic or telematic means, with logic related to the purposes for which the data were collected and in compliance with current security regulations, for the purposes specified.
c. Automated processing aimed at verifying the profile of the data subject
The processing of data relating to the personality assessment tests is an automated processing activity aimed at studying a character profile of the data subject. It therefore involves an automated analysis of the answers aimed at creating a profile. This profile does not affect the existing contractual and employment relationship with Golden Goose but provides information that can be used to improve the working environment and enhance individual resources and personalities within the company group. However, you can always ask for more information about the creation of your profile, as well as the logic used for the analysis. You may also request that your profile and the data relating to it be modified, corrected or deleted. You can send these requests to the DPO as identified below.
d. Recipients of the data
The data will be processed by the Deeper Signals and by the company Amazon Web Services, both service providers of Golden Goose SpA. The data may also be shared with companies of the Golden Goose group for the purpose of resource management and to allow a harmonization of the activity of enhancing the value of employees and a uniform approach within the group (with specific reference to the activities carried out by Golden Goose SpA also in relation to the employees of group companies).
Data will be processed through systems, platforms and databases located within the European borders, without prejudice to the possible need to carry out specific activities (including technical assistance) that may be performed outside the EU, while ensuring the necessary data security measures.
e. Storage period
On the basis of the purposes identified, the data will be kept for the time strictly necessary to fulfil the purposes indicated and in any case not after the end of the working relationship.
f. Data Protection Officer
The company Golden Goose Spa, pursuant to article 37 of the GDPR EU 2016/679, has identified and appointed a Data Protection Officer (DPO) who can be contacted at the e-mail address email@example.com.
g. Rights of the data subject
The following rights of the data subject are guaranteed: access to the data, rectification, erasure, restriction, data portability and objection. The data subject also has the right to withdraw consent at any time. All of the above rights may be exercised, at any time and without charge, by writing to the Golden Goose DPO at firstname.lastname@example.org or by sending a request in writing to Golden Goose Spa, Via Privata Ercole Marelli 10, 20139 Milano.
If you believe that one or more of your rights have been violated, we remind you that you can lodge a complaint with the Privacy Authority as indicated at the following link:http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/4535524.