This article describes in brief how Teamspective’s solutions are GDPR and CCPA compliant. The material should prove useful especially for two purposes:
For employees of Teamspective Customers to understand the GDPR and CCPA compliance.
For Data Protection, Security, HR and legal teams: Introduction to GDPR and CCPA compliance before proceeding with a more detailed review of agreements and policies.
The term “Customer” in this document refers to any company that is using Teamspective’s solutions.
Introduction
The General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) impose strict guidelines on how organizations must handle personal data, focusing on respecting the privacy and rights of individuals. This regulation is grounded in certain key principles that ensure data is processed lawfully and ethically. In this article, we explore each principle and discuss their implications for different Teamspective solution modules.
When it comes to employee personal data, the Customer company acts as the data controller and Teamspective is the data processor.
In summary, Teamspective’s solutions are designed to do three things:
Help companies collect data about employee engagement, performance and social interactions.
Use the collected data and other pre-existing data of the company, to provide analytics dashboards and to identify insights that would help the individuals, teams and organization to improve their ways of working.
Combine the insights with the resource libraries of Teamspective and the Customer, to deliver concrete and actionable recommendations for the users.
1. Lawfulness, Fairness, and Transparency
This principle emphasizes that personal data must be processed lawfully, fairly, and in a transparent manner.
The lawful legal basis for processing data in Teamspective is usually Legitimate Interests. A company should have a legitimate interest in maintaining a productive, well-collaborating and wellbeing-supporting workplace. Teamspective’s solutions allow companies to collect and process data for those purposes.
Fair and transparent processing is ensured with the methods described later in this article.
Legal basis for using the Software Solution Modules:
Engagement Surveys: The Customer has a legitimate interest in maintaining a productive, well-collaborating and wellbeing-supporting workplace.
360 Feedback (personal feedback): The Customer has a legitimate interest to support development of their employees’ professional and collaboration skills.
360 Feedback (evaluations): The Customer has a legitimate interest to support development of their employees’ professional and collaboration skills, and ensure that they perform to the expected standards.
Network Analysis: The Customer has a legitimate interest in maintaining a productive, effectively collaborating workplace and identify where their employees can be provided with development opportunities or support to succeed in their work in a sustainable manner.
2. Purpose Limitation
Data is only collected for legitimate, specific, and explicit purposes and is not further processed in a manner incompatible with those purposes. Teamspective only collects and processes the data for the purposes of delivering the agreed services, and as otherwise stated in the software Terms & Conditions, Privacy Policy and Data Processing Agreements.
Teamspective customers are responsible for their use of the data that is accessible to them via Teamspective, and for defining the scope of data they share with Teamspective.
To support purpose limitation, Teamspective restricts data export and designs the software user interfaces in such a way that only presents the data that is useful for the designated purposes.
Purposes of the Software Solution Modules (individual Customers may adjust the purposes for their specific situation):
Pulse Surveys: Measuring and understanding the employee experience of various employee groups. Here employee experience includes but is not limited to topics such as wellbeing, teamwork, competence, personal development, company strategy and leadership, and manager’s support to the employees.
360 Feedback (personal feedback): Sharing and collecting feedback that helps employees understand how they perform in their job and work interactions with others, what could be improved and what is working as expected.
360 Feedback (evaluations): Sharing and collecting feedback that helps employees understand how they perform in their job and work interactions with others, what could be improved and what is working as expected. Ensuring that employees perform to the expected standards and receive suitable guidance in case they do not.
Network Analysis: Understanding the structures of organization’s collaboration and information flow, and roles employees have within that network, to support development of collaboration, employee productivity, workload distribution and wellbeing.
3. Data Minimization
Organizations must ensure that personal data collected is adequate, relevant, and limited to what is necessary for relation to the purposes for which they are processed. This principle aims to prevent excessive data collection.
Teamspective software is designed with data minimization in mind, and also to offer a certain level of customizability so that the Customer is able to limit data collection if needed.
Data minimization in the Software Solution Modules:
Pulse Surveys: Surveys and its integrations are built to be flexible, so that data is only collected on topics that are relevant to the Customer company and their analysis of the results.
360 Feedback (personal feedback): Teamspective only collects the data that is necessary for facilitating an efficient feedback interaction. This includes user names and emails, or other addresses to which messages are delivered. Other data inputs, i.e. the feedback given through the platform, are fully in the user’s control.
360 Feedback (evaluations): Teamspective only collects the data that is necessary for facilitating an efficient feedback interaction. This includes user names and emails, or other addressess to which messages are delivered, and reporting of the evaluation data (such as team memberships, manager information or job levels). Other data inputs are fully controllable by the Customer or the user.
Network Analysis: Teamspective collects only the data that is relevant to the purposes described above. Network surveys only include questions about relevant interaction types such as collaboration, information flow and support. Network data collected from Customer’s collaboration tools only includes the type of interaction and its participants. For example, the content of any messages is not analyzed.
Integrations: Customer can control which data is imported from HRIS to Teamspective. Integrations with communication and collaboration tools are restricted to minimal feasible permissions, and unnecessary data is not processed.
4. Accuracy
This principle requires that personal data must be accurate and kept up to date. Inaccurate data should be corrected or deleted without delay.
Teamspective provides automated data syncs and Customer-controlled admin features to ensure personal data is accurate and up to date. Also further amendments may be made on request. Most other data is based on user inputs, so the users have the ability to ensure those inputs are accurate.
Teamspective also provides their Customers with data accuracy measures on certain solutions, for example Pulse Surveys and Network Analysis.
5. Storage Limitation
Data should be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed.
Most Teamspective solutions are designed for purposes that include understanding and developing the work activity, performance or role of an individual. Identifying data subjects is often no longer necessary when their employment is terminated for any reason, thus in these situations the data is reformatted or deleted within a reasonable time frame.
With Pulse Surveys, the individual survey responses are anonymized by attaching them to groups at the time of survey closing.
Teamspective stores the data in the EU unless otherwise agreed with the Customer. Data is transferred outside the EU only in specific situations, as documented in the Data Processing Agreement.
6. Integrity and Confidentiality
This principle focuses on processing data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.
Teamspective takes data security extremely seriously, and has implemented extensive protections following the industry standards. You may read more details in our Trust Center, Data Processing Agreement and Information Security Policy.
7. Accountability
The accountability principle requires that the controller be responsible for, and be able to demonstrate compliance with, the other GDPR principles. This includes maintaining necessary documentation, conducting GDPR training, and more.
Teamspective provides extensive documentation to help the Customer understand how Teamspective’s solutions process data, and verify that it meets the Customer’s requirements.
Should you have any questions on these topics or regarding the collection, use or storage of your data, you may reach out via Teamspective’s in-app chat or emailing [email protected].
Since Teamspective is only the data processor, if you want to exercise your rights to access your personal data, please contact first your employer’s data protection officer or similar contact, who can help facilitate everything in a lawful manner.