Panalyt complies with the European Union General Data Protection Regulation (“GDPR”) (effective 25 May 2018) regarding the collection, use, and retention of personal data from European Union member countries, and the Singapore Personal Data Protection Act 2012 (“PDPA”).
These regulations guide our core principles in building our Apps and managing the data provided to us by you:
- Transparency: All Personal Information held by us relating to you or, where provided to us by you or a third party acting under your direction, your Employees, is available to be accessed and reviewed by you, and, at your direction, we can provide a platform to make your employee’s data accessible by the relevant individuals.
- Non-commercialisation: We will never buy or sell any Personal Information relating to you or your Employees. No part of our business does or will involve the sale of Personal Information.
- Access Minimisation: Only members of Panalyt who absolutely require access to Personal Information for the execution of their duties have such access. All-access is password protected and logged. No Personal Information ever resides on individual computers and it is never printed.
- Data Processor: Panalyt is the data processor, identified under GDPR as a person or organization who deals with Personal Information as instructed by a Data Controller for specific purposes and services offered to the Data Controller that involve Personal Information processing. Our clients are the Data Controllers with the responsibility for collecting the data.
- Personal Information regarding the legal entity engaging, or considering engaging, with us, and the individuals within that entity responsible for executing or managing the engagement (“Client Data”). For example, the Company name and address, the name, title and email address of the key contact within the client Company.
- Personal Information regarding the Employees (including employees, contractors, candidates and other parties on whom you legitimately hold and manage Personal Information) provided to us by you or a third party acting under your direction (“Employee Data”). For example, name, title, date of hire, compensation etc. Panalyt manages Employee Data as received from you with the explicit understanding and assurance that you have both the permission of the relevant individuals and have defined the business reasons to support the collection, retention, and transfer to us of the Employee Data, as defined under GDPR.
This policy does not apply to the practices of companies that we do not own or control, or to individuals that we do not employ or manage.
We do not knowingly collect or solicit Personal Information from anyone under the age of 16 or knowingly allow such persons to register for our Services. No one under age 16 may provide any Personal Information to us, and Employee Data may not include data on individuals under age 16.
2. WHAT INFORMATION DOES PANALYT COLLECT?
A. Information You Provide to Us:
Your Client Data: We receive and store any information you knowingly provide to us. For example, we collect Personal Information such as your name, email address, and browser information. You can choose not to provide us with certain information, but then you may not be able to register with us. We may anonymize your Client Data so that you cannot be individually identified, and provide that information to our partners for aggregate visitor statistics and analysis.
Your Employee Data: In order to provide you with the Services, we also receive and store any information you choose to provide us with in respect to your employees, contractors, candidates and other parties on whom you legitimately hold and manage Personal Information (“Employee Data”) The Employee Data we receive and store will consist of any information you choose to provide us with, either directly or from third parties that you direct to share such information with us. Such third parties may include, for example, HR software applications used by you that may transmit information directly to us through APIs set up or provided by you. We may anonymize your Employee Data in aggregate with other data sets so that they cannot be individually or collectively identified, and incorporate that information into our services to provide predictive analytics, benchmarks and similar outputs of anonymous, aggregated data.
If you choose to use our referral service to tell a friend about our site, we will ask you for your friend’s name and email address. We will then send your friend a one-time email inviting him or her to visit the site. Panalyt stores this information for the sole purpose of sending this one-time email, and tracking the success of our referral program.
Your friend may contact us at info@Panalyt.com to request that we remove this information from our database.
B. Information Collected Automatically:
When you visit the Website and App, whether as a Panalyt customer or a non-registered user just browsing, our servers automatically record information that your browser sends whenever you visit a website (“Log Data”). For example, Log Data may include information such as your computer’s IP address, browser type or the webpage you were visiting before you came to our Website or App, pages of our Website or App that you visit, the time spent on those pages, information you search for, access times and dates, and other statistics. We use this information to monitor and analyze use of the Services and for our technical administration, to increase our functionality and user-friendliness, and to better tailor our Services to our visitors’ needs.
C. Information We May Receive from Third Parties
Apart from the Employee Data provided through third parties at your direction, detailed in A above, we may receive information about our users from third parties. For example, if you access our Website or Service through a third-party connection or log-in, for example, through Google, by linking your account to the Panalyt Service, etc., that third party may pass certain information about your use of its service to Panalyt. This information could include, but is not limited to, the user ID associated with your account, an access token necessary to access that service, any information that you have permitted the third party to share with us including your name and email address.
D. Email and Other Communications:
We may contact you by email or other means; for example, we may communicate with you about your use of the Services. If you do not want to receive email or other mail from us, please indicate your preference by adjusting the settings on your account screen in the Website. Please note that if you do not want to receive legal notices from us, those legal notices will still govern your use of the Services, and you are responsible for reviewing such legal notices for changes.
3. WHERE WE STORE YOUR PERSONAL INFORMATION
Panalyt takes reasonable precautions to protect Personal Information from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.
As this policy went into effect, we store all Employee Data and Client Data solely within Google Cloud Platform (“GCP”). Data is encrypted end-to-end and we strictly comply with GCP’s customer security best practices, ensuring your Employee Data remains safe and secure. For more information on the security practices of GCP, please visit https://cloud.google.com/security/.
Any change to our fundamental data storage and processing environment of your Employee Data would require your explicit written authorization.
Transfers from the EU to GCP’s storage are protected by European Union Model Clauses executed between Google and Panalyt. The European Commission has approved model contract clauses as a means of complying with the requirements of the GDPR. The effect of this decision is that, by incorporating certain provisions into a contract, personal data can flow in a compliant way from those subject to the GDPR to cloud (and other) providers outside the EU or the European Economic Area (“EEA”). By adopting EU model contract clauses, providers outside the EU or the EEA can offer their customers an option for complying with the GDPR.
GCP gained confirmation of compliance from the European Union’s data protection authorities, acting collectively as the Article 29 Working Party, for their model contract clauses, affirming that the GCP contractual commitments fully meet the requirements to legally frame transfers of data from the EU to the rest of the world, in accordance with the Data Protection Directive, which has now been replaced by the GDPR. For more information see: https://cloud.google.com/security/compliance/eu-mcc/
4. WILL PANALYT SHARE ANY OF THE PERSONAL INFORMATION RECEIVED?
We neither rent nor sell Client Data or Employee Data in personally identifiable form to anyone. We share such Personal Information in a personally identifiable form with third parties as described below;
A. Trusted Third Parties:
We employ other companies and people to perform tasks on our behalf and need to share your information with them to provide the Services to you. Unless we tell you differently, such third parties do not have any right to use the Personal Information we share with them beyond what is necessary to assist us. This includes third party companies and individuals employed by us to facilitate our Services, including the provision of maintenance services, database management, Web analytics and general improvement of the Services. We note that we may be subject to liability for sharing information to third parties in a manner inconsistent with our policy or the GDPR or PDPA provisions.
In particular, as part of our provision of the Services to you, we store all Employee Data solely within servers and applications managed by Google Cloud Platform (“GCP”). We strictly comply with GCP’s customer security best practices, ensuring your Employee Data remains safe and secure. For more information on the security practices of GCP, please visit https://cloud.google.com/security/.
Any change to our fundamental data storage and processing environment of your Employee Data would require your explicit written authorization.
B. Business Transfers:
C. Protection of Panalyt and Others:
We may be compelled to access, read, preserve, and disclose any information that we reasonably believe is necessary to comply with law or a court order; enforce or apply our conditions of use and other agreements with you; or protect the rights, property, or safety of Panalyt, our Employees, our users, or others. We may send information to fraud protection and credit risk reduction agencies, but only in a manner limited to and consistent with that specific purpose.
D. With your Consent:
Except as set forth above, you will be notified when your Client Data may be shared with third parties, and will be able to prevent the sharing of this information. Also, except as set forth above, any change to the management of your Employee Data, including sharing with third parties, will require your prior written authorization.
5. IS THE PERSONAL INFORMATION SECURE?
We transmit and store all Employee Data solely within the industry standard for SAAS/cloud service security servers and applications managed by Google Cloud Platform (“GCP”). Data is encrypted end-to-end and we strictly comply with GCP’s customer security best practices, ensuring your Employee Data remains safe and secure. For more information on the security practices of GCP, please visit https://cloud.google.com/security/.
GCP’s physical infrastructure is hosted and managed within Google’s secure data centers and utilises GCP managed services technology. Panalyt’s infrastructure is compliant with ISO 27001, SOC 1 and SOC 2/SSAE 16/ISAE 3402 (Previously SAS 70 Type II), PCI Level 1, FISMA Moderate and Sarbanes-Oxley(SOX). Any change to our fundamental data storage and processing environment of your Employee Data would require your explicit written authorization.
Client Data is also stored within the same GCP environment, and for any information you enter on our site, rather than uploaded, we encrypt the transmission of that information using secure socket layer technology (SSL).
Your account is protected by a password for your privacy and security. You must prevent unauthorized access to your account and Personal Information by selecting and protecting your password appropriately and limiting access to your computer or device and browser by signing off after you have finished accessing your account.
Your company’s administrator of the Panalyt services for your company (your “Admin”) is empowered to provide access to Employee Data to users, and determine which Employee Data each user can access. Your Admin must prevent unauthorised access to data, by granting access only to authorised individuals and ensuring they are given correct access levels.
We endeavor to protect the privacy of your account and the Personal Information we hold in our records, but we cannot guarantee complete security. No data storage and transmission mechanism, including the transmission of information via the Internet, is completely secure. Unauthorized entry or use, hardware or software failure, and other factors may compromise the security of Personal Information at any time.
Our Services are not directed to persons under the age of 16. We do not knowingly collect personally identifiable information from children under 16. If a parent or guardian becomes aware that their child, or any third party, has provided us with Personal Information without the parent’s consent, they should contact us at info@Panalyt.com. If we become aware that a child under 16 has provided us with Personal Information, we will take steps to delete such information from our files.
7. WHAT PERSONAL INFORMATION CAN I ACCESS?
Regarding Client Data:
If you are your company Admin, through your account settings, you may:
a) access, edit or delete the following information: Prefered/Display name and password, company name, company logo, job title, email, address, billing information
b) access the following information, where you, as Admin, have made it available: location, organisation and other job-related information.
If you are not your company Admin, through your account settings, you may;
a) access, edit or delete the following information: Prefered/Display name and password
b) access the following information, where your admin has made it available: name, job title, email, location, organisation, and other job-related information.
Regarding Employee Data:
If you are your company Admin (or the most senior Admin where the company has multiple Admins with differing access permissions (“SuperAdmin”)) you may access or delete any and all Employee Information held by us.
If you are not your company Admin (or SuperAdmin) you may;
a) access Employee Information as granted by your Company Admin.
The information you can view, update, and delete may change as the Services and data provided by your company Admin changes. If you have any questions about viewing or updating information we have on file about you, please contact us at email@example.com.
We post customer testimonials/comments/reviews on our website which may contain personally identifiable information. We do obtain the customer’s consent via email prior to posting the testimonial to post their name along with their testimonial. To request removal of your Personal Information from Testimonials or comments please contact us at firstname.lastname@example.org.
8. WHAT CHOICES DO I HAVE?
All Client Data indicated as “required” within our website and/or services is required in order to utilize the services. All other data, including any Employee Data, is optional. You may request the deletion of your account by contacting your company Admin, or, if you are the Company Admin, contacting us at info@Panalyt.com.
Please note that some information may remain in our private records after your deletion of such information from your account. We will retain and use your Client Data as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements. We may use any aggregated data derived from or incorporating your Employee Data after you update or delete it, but not in a manner that would identify any individual.
Our Web site offers publicly accessible blogs or community forums. You should be aware that any information you provide in these areas may be read, collected, and used by others who access them.
To request removal of your Personal Information from our blog or community forum, contact us at info@Panalyt.com.
10. OUR ONGOING COMMITMENT TO PRIVACY
11. CONCERNS AND RESOLUTION
Panalyt is committed to transparently resolve complaints about your privacy and our collection or use of your Personal Information.
European Union individuals may refer unresolved privacy complaints under the GDPR to the relevant body in their country. In the UK this is the Independent Commissioners Office.
Singapore based individuals, and any party outside the EU, may refer unresolved privacy complaints under the Singapore PDPA to the Singapore Personal Data Protection Commission.
The US regulatory agency with the authority to investigate and resolve claims, should you consider our practices to be unfair or deceptive, is the United States Federal Trade Commission.
Effective; 1 December 2019