Privacy Policy

Effective date: May 20, 2020

At Diversity Atlas, we understand the concerns our clients and their team members may have about the privacy of their data. Users of Diversity Atlas can be confident that we take their privacy very seriously. We will continue to benchmark our privacy and information security practices against the leading legislative and technical standards.

This Privacy Policy provides all the necessary information about how Diversity Atlas handles the data generated by users when they access the Diversity Atlas website, participate in a Diversity Atlas survey, or use the Diversity Atlas admin dashboard. The information contained in this document is current as of May 2020. Any updates to the information contained in this document will be provided as appropriate to users.

For any questions or clarifications on the contents of this Privacy Policy, please contact us at info@diversityatlas.com.au

Definitions

We

In this document, ‘we’ means Cultural Infusion (Int) Pty Ltd, the company that supplies Diversity Atlas. We are a Data Processor as defined by the European Union’s General Data Protection Regulation (GDPR).

Service

The term ‘our service’ refers to the Diversity Atlas website, which includes the Diversity Atlas survey questionnaire and the Diversity Atlas admin and analytics dashboard.

Client Organisation

A client organisation is the entity to whom Diversity Atlas is providing access to our survey tool. This could be a private business, a government agency or non-governmental organisation (NGO). A client organisation is a Data Processor as defined by GDPR.

Organisational Administrator

An employee of a client organisation whom we give access to the Diversity Atlas admin dashboard to view and analyse the results of a survey.

Respondent

A respondent is a person who provides their personal information as part of their participation in a Diversity Atlas survey. A respondent is a Data Subject as defined by the GDPR.

A note on Client Organisation obligations

The data respondents generate when they take the Diversity Atlas survey is being compiled and stored by us on behalf of our client organisation, for the primary purposes of generating graphs, charts and statistical insights illustrating the diversity within their organisations.

Survey respondents should note that our Privacy Policy covers Cultural Infusion’s obligations and does not cover client organisations’ responsibilities with regards to the personal information provided by their employees via a Diversity Atlas survey, which endure separately and concurrently to ours. Client organisations must handle the information provided by respondents in accordance with the national and local privacy laws and regulations that apply to them.

In addition, Diversity Atlas will only proceed with deploying a survey within an organisation after ensuring that its administrator is fully aware of its privacy and security responsibilities regarding its use of respondents’ data, which we outline in a Code of Conduct that our clients have to sign before having access to Diversity Atlas. These privacy obligations are reiterated in the contracts that we sign with our clients.

We strive to ensure optimal handling of data and we help our clients to establish risk management frameworks that include privacy and information security best practices as part of their use of Diversity Atlas.

We encourage respondents to communicate with their organisational contact person or their human resources department to discuss any concerns or seek any clarifications about their own rights, and their organisation’s obligations, regarding the handling of personal information collected through Diversity Atlas.

Generally, an employer can only require an employee to provide personal information that is directly related to the employment relationship, and can only collect ‘sensitive information’—of the kind that some questions in the Diversity Atlas survey touch on—after having obtained their explicit consent to do so. An employee cannot be penalised for choosing not to participate in the survey, or for only providing certain forms of information as part of the survey.

If their employer seeks to make participation in a Diversity Atlas survey mandatory in their workplace, we encourage any respondent to contact Diversity Atlas at info@diversityatlas.com.au. If any respondent believes that their organisation has mishandled their data, or in any way not met their obligations with regards to a respondent’s privacy, we encourage them to consult the advice offered by the Office of the Australian Information Commissioner (if in Australia) or their country’s Supervisory Authority (if in the European Union) about the appropriate responses.


Usage Data

We may collect information on how the Diversity Atlas website is accessed and used, which is known as Usage Data. This Usage Data may include information such as your computer’s Internet Protocol address (IP Address), browser type, browser version, the pages of our website that you visit, the time and date of your visit, the time spent on those pages, which type of device you are using, and other diagnostic data.

We use cookies and similar tracking technologies to monitor and hold certain information about your use of our website. Cookies are filed with small amounts of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a website and are stored on your device. Tracking technologies we also use are beacons, tags, and scripts to collect and track information and to improve our service and analyse how visitors use it. We do not use advertising cookies.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent by a website. However, if you do not accept cookies, you may not be able to use some portions of our website.


Your personal information

Your participation in a Diversity Atlas survey involves the provision of personal information—that is, information about you which a third party might be able to use to identify you if they gained access to it.

As a survey respondent, you should understand that there are unavoidable risks involved in the provision of personal information to any entity. Before you take part in a Diversity Atlas survey administered by your organisation, we will ask for your explicit consent to our handling the data generated by your responses in accordance with this Privacy Policy.

We also provide options for users to maximise the privacy of their responses. When you begin a Diversity Atlas survey, you are given the option of completing the entire survey anonymously. In this case, you will not be able to provide your name or email address and your responses will not be able to be linked to your name or contact details

If you do not choose to complete the survey anonymously, then you will be asked for your name and email address. Your responses will be associated with this name and email address but the organisational administrator in charge of the survey will not be able to view any names or email addresses associated with a particular user’s responses.

Whether you provide your name or complete the survey anonymously, the only fields which you are required to answer to successfully complete the Diversity Atlas survey are:

  • Gender
  • Age Group
  • Country of Birth
  • Primary Languange

Additionally, the Diversity Atlas survey invites respondents to provide information about themselves which is considered ‘sensitive information’ under Section 6(1) of Australia’s Privacy Act and article 9 of the European Union GDPR. This includes information about:

  • Ethnic Background and Race
  • Sexual Orientation
  • Religious and/or Philosophical Beliefs
  • Disability and Mental Health

Answering these questions is entirely voluntary and not mandatory. Respondents are under no obligation to answer these questions, and can indicate in the Diversity Atlas survey that they prefer not to answer them. Please also see the note above about client organisations’ responsibilities with regards to the handling of this personal information, and the circumstances in which they are allowed to collect it.


How your information is used

Once a Diversity Atlas survey has been completed, the results are made available to the client organisation’s Organisational Admin via the Diversity Atlas online dashboard.

Using this dashboard, Organisational Admins can undertake analysis and generate reports based on the results of the survey. Access to this Dashboard is limited to the designated Organisational Contact Person and is protected with SSL-encrypted passwords.

Diversity Atlas’ administration and analytics dashboard limits the visibility of respondents’ data to preserve their confidentiality. Organisational admins can see who in their organisation has completed the survey if these respondents have provided their names and emails, but they cannot see respondents’ individual answers to survey questions apart from their responses on their age, country of birth, and gender. Organisational admins can see the number of anonymous respondents, but neither their responses nor their name and emails, because Diversity Atlas will not ask respondents for this information if they choose to complete the survey anonymously.

What admins can see:
  • How many people responded to the survey
  • Overall organisational results
  • The following information about respondents who have chosen not to complete the survey anonymously:
    • Age
    • Gender
    • Country of Birth
  • Diversity metrics disaggregated to the level of teams or departments larger than 10 people
What they can’t see:
  • The worldviews, sexual orientation, ethnic/racial identifications, ability status, and position levels of any individual respondent, whether or not they have completed the survey anonymously
  • The names or email addresses of any respondents who have chosen to complete the survey anonymously
  • Team-level results for teams within the organisation in which more than 10 people have responded
What can Diversity Atlas see?

Diversity Atlas’ development team do not have access to the results of a survey unless the organisational admin officially asks for help and discloses their password to us. Diversity Atlas team members cannot view or modify respondents’ responses.


Data storage and security

We store all users’ information on servers protected by world-leading standards of data integrity.

In Australia, all databases containing users’ data are stored on our Amazon Web Services (AWS) servers in Sydney, Australia. We have the capacity to make our service available to clients off servers located anywhere in the world, pursuant to their needs and any legislative requirements for the storage of personal data.

Please see this document for more detailed information about Diversity Atlas’ information security practices.

Encryption

The admin dashboard is only accessible to organisational admins with a password. All admin passwords are SSL encrypted, meaning that nobody has access to them—including the Diversity Atlas team

Diversity Atlas uses column-based encryption to offer additional protection to the most sensitive information provided by respondents in a Diversity Atlas survey. Responses to the following questions are encrypted:

  • Ethnic background and race
  • Sexual orientation
  • Disability and mental health
  • To provide customer support
  • Worldview/religion

Retention of Data

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes and enforce our legal agreements and policies.

We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our website, or we are legally obligated to retain this data for longer periods.


Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the "effective date" at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.


Contact Us

If you have any questions about this Privacy Policy, please contact us:

  • By email: info@diversityatlas.com.au
  • By visiting this page on our website: Contact us page
  • By phone number: +61394126666
  • By mail: 49 Vere st, Collingwood, Vic, Australia, 3088