Inchorus - Shine a light on bias to grow an inclusive organisation

Welcome to InChorus’s privacy policy.

We are InChorus Group Ltd, a company registered with Companies House in England and Wales under number 11755917 (“InChorus”/“we”/“us”/”our”).

We provide the website at www.inchorus.org (the “Website”) and the Services accessible from that Website (all as defined in the InChorus Terms of Use (“Terms of Use”) [https://inchorus.org/terms

By registering to use our Services, you consent to us processing your personal information in accordance with this Privacy and Cookie Policy (the “Policy”). This is the legal basis upon which we process your personal information as well as because it is necessary for the performance of our obligations under the Terms of Use [https://inchorus.org/terms].

You may withdraw such consent at any time by letting us know at raj@inchorus.org. At that time, you may also want to remove any cookies which have been placed on any device used to access the Website / Web App and/or Services.

Your withdrawal of consent will not affect the lawfulness of any processing carried out by us prior to such withdrawal.

Through our Website, we provide a third-party platform to anonymously tag, measure, and resolve incidents of bias and harassment in your organisation. This requires us to collect personal information from you. However, we want to put you in control of that personal information. We want you to be aware at all times where and how your personal information is being used. This is of paramount importance to us.

So, let’s describe what this Policy tells you. It explains:

• what information we may collect about you;

• what we may do with the information we collect about you;

• whether we share your information with anyone else;

• where we store your information;

• the types of cookies we use and how you can reject these cookies;

• how we keep your information secure; and

• your rights in relation to your information.

At InChorus we take your privacy seriously. We operate on the principle that your personal information belongs to you and only you can decide who you want to share it with and why. This is fundamental to the way we work and we’re committed to providing a secure environment for you to store your personal information.

WHEN DOES THIS POLICY APPLY?

This Policy and the Terms of Use [https://inchorus.org/terms] apply to your use of the Website.

HERE IS THE INFORMATION WE MAY COLLECT ABOUT YOU:

Information you voluntarily provide

• If you contact us (by phone, email or through the Website), we may keep a record of that correspondence for two years in case we need to contact you in relation to the issue for which you contacted us, for operational performance improvement and/or nuisance caller management. We will not use it for marketing purposes.

• If you report a problem with the Website and/or the Services, we may keep that information for two years in case we need to contact you in relation to the issue you for which you contacted us, for operational performance improvement and/or nuisance caller management.

We will not use it for marketing purposes. The information you give may include your name, address, telephone number and email address.

Information we collect about you and your device When you use the Website and interact with our Services, we may use technology such as that provided by Google Analytics to collect information about your visit to our Website. You can find more information about Google Analytics here: https://analytics.google.com/analytics/web.

In essence, Google Analytics enables us to analyse how you and others interact with our Website and Web App.

The information we collect may include:

• your IP address;
• the type of browser you use (e.g. are you using the Chrome or Safari browser?);
• the number of sessions per browser on each device;
• the type of device (eg Samsung) and operating system (eg Android) you are using;
• referrer information;
• time zone;
• user preferences; and
• which pages you visited.

Additionally, when you use our Services, we may collect information about your:

• company email address
• ethnicity and/or race;
• gender;
• religion;
• sexual orientation;
• age range;
• any disability you may choses to declare;

THIS IS WHAT WE DO WITH THE INFORMATION WE COLLECT ABOUT YOU

We use the information you provide to us to:

• enable us to provide the Services;
• ensure that content from our Website is presented in the most effective manner for you and for your device to achieve the most user-friendly navigation experience;
• carry out our obligations arising out of the Terms of Use; and/or
• defend our servers against malicious attacks.

Where we propose using your personal information for any other uses we will ensure that we notify you first. You will also be given the opportunity to withhold or withdraw your consent for the use of your personal information for purposes other than those listed above.

All users of the InChorus Platform are only ever identified for verification purposes, to prove that you are an employee, agent or consultant at a client organisation. Once we have verified that is the case your information is stored in separate tables, and databases, when necessary, from any Personal Data you input. The link between your Personal User Data and the identifying email address is hashed and encrypted.

Due to our strict adherence to the EU’s stringent GDPR legislation we hold the email identifier for your benefit; should you ever decide you would like to delete any data you have inputted, we can do that by decrypting the link between your email address and Personal Data - this link can only be made when you correctly answer questions about the specifics of the data originally entered, i.e. only you can unlock the encryption, were it ever necessary. Clever hey!

Your anonymity was our priority, and we built a system that ensures that. We are a solution that has not added security layers and strict data policies to existing software, we were designed and built with those considerations as instrumental cornerstones of what we went on to build.

All data is encrypted using OpenSSL to provide AES-256 and AES-128 encryption. We use 2 factor authentication for any access to the product, either as a User or Client, and, finally, we continuously work with experts to test our technology in order to find & address any security vulnerabilities.

OUR USE OF AGGREGATED AND ANONYMISED INFORMATION

We may share anonymised usage data which does not identify you specifically with third parties. We may combine your data with those of other users of our Website and share this information in aggregated and anonymised form with third parties to help us improve the design and delivery of our software tools, increasing the effectiveness for all users.

Our Services allow you to anonymously tag incidents of bias that you may have experienced in your organisation. We may share anonymised data with your organisation on the type of incident including where it occurred, what occurred, when it occurred, but we do not share your name or other personal identifiers.

The purpose of anonymously sharing the data is to allow your organisation to improve upon and kick off data-driven initiatives, ultimately resulting in a happier, healthier and more successful organisation.

We will never share your work email address, nor any part of your name that is within your work email address, for they are encrypted and stored completely separately from the anonymous, aggregated, and broad data we share with your employers. And of equal importance, we never take the names of the perpetrator, and therefore this can never be shared, completely maintaining your safety and security in the workplace when utilising the InChorus Platform.

THIS IS WHO WE SHARE YOUR INFORMATION WITH

We will only share your information with other organisations where we have your permission to do so in accordance with this Policy or where we believe it is necessary for a legitimate reason connected with the Website or our Services. We work with analytics providers and we may receive information about you from them. Below is a non-exhaustive list of third parties we work with. We may work with third parties not listed below or stop working with the third parties listed below.

NAME OF THIRD PARTY WHY WE WORK WITH THEM

Google Analytics To monitor Web App and] Website performance & user experience.
Digital Ocean To host our website and data storage
Laravel PHP code platform
In addition, we may disclose your personal information to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal or regulatory obligation or request.

OUR USE OF COOKIES, PIXELS AND LOCAL STORAGE

Cookies are small pieces of data that are stored on your computer, mobile phone or other device. Pixels are small blocks of code on web pages that do things like allow another server to measure viewing of a Web page and are often used in connection with cookies. HTML5 Local Storage is a small database located inside your browser which web pages can use to store data to speed up their processing.

We may use all three technologies from time to time, to help improve your browsing experience. Cookies do lots of different jobs, like letting you navigate between pages efficiently, storing your preferences, and generally improving your experience of our Website. Cookies make the interaction between you and our Website faster and easier. We use cookies to distinguish you from other users of the Website and our Services. This helps us to provide you with a good experience when you use the Website and also allows us to improve the Website and Services. Cookies and other things like local storage also help us authenticate you to deliver personalised content to you.

We have outlined below the individual cookies we use and why we use them:

Cookie Name: XSRF-TOKEN
24 hours expiry period to prevent attacks on the all website forms.
More info here: https://laracasts.com/lessons/sessions-cookies-caching

Cookie Name: InChorus_session
24 hours expiry period used for capturing some user session info.
More info: https://laracasts.com/lessons/sessions-cookies-caching.

Please refer to your device’s help material to learn what controls you can use to remove or block cookies. Please remember that if you do this, it may affect your ability to use the Website/ Web App and/or the Services.

As you use your device, you will encounter third parties that make use of cookies and similar technologies. We are not responsible for those third parties or what they may place on your device or in your browser. As you use your device, you will encounter third parties that make use of cookies and similar technologies. We are not responsible for those third parties or what they may place on your device or in your browser.

THIS IS WHERE WE STORE YOUR INFORMATION

The information that we collect from you may be processed outside the European Economic Area (EEA), but we have ensured that there is an adequate level of protection for such information.

KEEPING INFORMATION SECURE

All information you provide to us is stored on servers owned and operated by [Digital Ocean Inc. More information on this provider is available at https://www.digitalocean.com/

HERE ARE YOUR RIGHTS

We think it is important that you are able to control your personal information. You have the right to ask us not to process your personal information for marketing purposes.

You can exercise your right to prevent such processing at any time by contacting us at raj@inchorus.org.

The law gives you the right to request a copy of the personal information we hold about you. We first require you to prove your identity with 2 pieces of approved identification.

We will supply, correct or delete personal information about you on our files. In addition, you may request rectification or erasure of personal information as well as the restriction of processing of your personal information. We will comply with your requests in accordance with the applicable law.

If you wish to complain about the processing of your personal information then please contact us first, but if we do not satisfactorily deal with your complaint, then you may contact the Information Commissioner. If you want to stop using the Website and the Services, you may do so. If you do, you may also want to remove any cookies that we have placed on any device used to access the Website and the Services.

THIRD PARTY PROPERTIES ACCESSED FROM THE WEBSITE EG OTHER WEBSITES

Our Website and Services may contain links to and from the online properties of third parties. If you follow a link to any of these online properties, please note that these online properties have their own privacy policies which will govern use of any personal information that they process. Please check these policies carefully before you click on any links and/or submit any personal information to these online properties.

CHANGE OF CONTROL

If the ownership of our business changes, we may transfer your information to the new owner so they can continue to operate the Website and provide the Services. The new owner will be obliged to comply with this Policy.

CHANGES TO OUR POLICY

Any changes we may make to this Policy will be posted on this page. Where it makes sense because the changes are material, we will notify you by e-mail or in another appropriate manner such as when you next interact with the Website.

CONTACTING US IS EASY AND WE WANT TO HEAR FROM YOU

We really do welcome any questions, comments and requests you may have regarding this Policy. You can contact us by emailing us at raj@inchorus.org.