Privacy Statement 2DAYSMOOD

2DAYSMOOD is an innovative company that understands that data security and protection of your personal data is very important. Therefore, we spend a relative high amount of time to take care that all our processes and information systems are secure. We have security and audit expertise available through our CIO (Jan Pronk) who was previously responsible for the IT, software and infrastructure of a global financial institution. For specific security subjects we are assisted by external specialists. If you have any questions and/or comments regarding this privacy statement, please feel free to contact us.

1. PERSONAL DATA THAT IS BEING PROCESSED

2DAYSMOOD B.V. may process your personal data in case you or your employer (have been) making use of the product and services provided by 2DAYSMOOD, which is usually a continuous employee engagement survey.

We only need an email or a telephone number to be able to send surveys to participants. All other user data (first name, last name, gender, date of birth, date start employment, department and job status) are optional.

All data is stored encrypted. Data that needs to be decrypted has a secondary key stored in a separate database-server.

2. HOW LONG 2DAYSMOOD RETAINS YOUR DATA

2DAYSMOOD does not store your personal data for longer than is strictly necessary to achieve the goals for which your data is collected. Your data will never be kept for longer than 12 months without your agreement.

The personal data that is necessary for performing an employee engagement survey will, by default, be retained for 4 months after the termination of the agreement with your employer. This can only be overruled when an explicit agreement is made with the employer about a different data retention period.

3. HOW WE (DON’T) SHARE YOUR DATA WITH OTHERS

2DAYSMOOD never discloses your personal data to third parties, unless this is required to comply with a legal obligation.

Answers you have given in a survey will never be shared at a personal level with your colleagues, manager or the management board or third parties. Data is anonymised and, only shared at group level, with a group size of at least 5 active respondents. If this is not the case, no data will be shown. Only if you mention your name in open questions, your answers could be traced back to you.

4. DOES 2DAYSMOOD COMPLY WITH THE GDPR?

Our core-software is built and managed by ourselves. 2DAYSMOOD complies with GDPR and also with Dutch GDPR legislation. We regularly undergo external reviews to check our compliance.

5. WHICH SUB-PROCESSORS DOES 2DAYSMOOD HAVE AND DO THEY COMPLY WITH THE GDPR?

In order to provide our customers with the best service, we work together with a number of specialized partners who are the best in their field.

Google cloud services: All data stored by 2DAYSMOOD is stored encrypted. Unless it has been agreed that a "private cloud" of the customer will be used, the survey data will be stored in a data center in the EU for customers in the EU, and in the USA for customers in the USA, with all required security standards. Google complies with GDPR via Standard Contractual Clauses and Model contract clauses. For more information: https://cloud.google.com/terms/eu-model-contract-clause (Processor agreement) and https://cloud.google.com/security/gdpr/.

We use a third party to send emails and SMS: Twilio Sendgrid, which company fully complies with the GDPR standards and is (among other things) also a certified signer of the EU-US Privacy Shield Framework regarding collection, use and retention of personal information from the EEA, UK and Switzerland. For more information go to: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/binding-corporate-rules-bcr_en and https://www.twilio.com/legal/data-protection-addendum.

Appery.io is used to send push messages to app-users: https://appery.io/.

Slack: https://slack.com/intl/en-nl/trust/compliance/gdpr.

Microsoft teams: https://www.microsoft.com/en-en/trust-center/privacy/gdpr-faqs?market=en.

6. HOW YOU CAN ACCESS, CORRECT OR REMOVE YOUR DATA

You have the right to view, correct or delete your personal data at any moment. You can send a request for accessing, editing or removing data to [email protected]. 2DAYSMOOD will respond to your request as quickly as possible, but in any case within 14 days.

If you have the impression that your data is not properly secured, or if there are indications of misuse of the personal data collected by 2DAYSMOOD, please contact us.

7. HOW WE IMPROVE YOUR USER EXPERIENCE IN OUR SOFTWARE

In order to give you the best possible user experience, we track how you navigate through our realtime platform with Google Analytics. Based on your IP address we only track which pages you visit. This does not apply to the environment in which the survey is answered or to the data and answers as a result from filling in the survey. This data is not shared with Google Analytics.