Effective date: 10 March 2021
At Diversity Atlas, we understand the concerns our clients and their team members may have about the privacy of their data. Users of Diversity Atlas can be confident that we take their privacy very seriously. We will continue to benchmark our privacy and information security practices against the leading legislative and technical standards.
In this document, ‘we’ means Cultural Infusion (Int) Pty Ltd, the company that supplies Diversity Atlas. We are a Data Processor as defined by the European Union’s General Data Protection Regulation (GDPR) and the Australian Privacy Act 1988.
The term ‘our service’ refers to the Diversity Atlas website, which includes the Diversity Atlas survey questionnaire and the Diversity Atlas administrator and analytics dashboard.
The term ‘our service’ refers to the Diversity Atlas website, which includes the Diversity Atlas survey questionnaire and the Diversity Atlas admin and analytics dashboard.
A client organisation is the entity to whom Diversity Atlas is providing access to our survey tool. This could be a private business, a government agency or non-governmental organisation (NGO). A client organisation is a Data Processor as defined by GDPR and Australian Privacy Act 1988.
An employee of a client organisation whom the processor gives access to the Diversity Atlas administrator dashboard in order to view and analyse sectional or departmental results of the survey.
A respondent is a person who provides their personal information as part of their participation in a Diversity Atlas survey. A respondent is a Data Subject as defined by the GDPR.
A note on Client Organisation obligations
The Diversity Atlas collects diversity information from respondents within the client organisation for the purpose of promoting cultural harmony. It generates graphs, charts and statistical insights that illustrates the cultural diversity of that entity.
In addition, Diversity Atlas will only proceed with deploying a survey within an organisation after ensuring that its administrator is fully aware of its privacy and security responsibilities regarding its use of respondents’ data, which we outline in a Code of Conduct that our clients have to sign before having access to Diversity Atlas. These privacy obligations are reiterated in the contracts that we sign with our clients.
We strive to ensure optimal handling of data and we help our clients to establish risk management frameworks that include privacy and information security best practices as part of their use of Diversity Atlas.
We encourage respondents to communicate with their organisational contact person or their human resources department to discuss any concerns or seek any clarifications about their own rights, and their organisation’s obligations regarding the handling of personal information collected through Diversity Atlas.
Included in these agreements are provisions that a potential respondent cannot be penalised for choosing not to participate in the survey, or for not completing the survey completely.
If an employer or authority seeks to make participation in a Diversity Atlas survey mandatory in their workplace, we encourage any respondent to contact Diversity Atlas at [email protected] If any participant believes that their organisation has mishandled their data, or in any way have not met their obligations with regards to a respondent’s privacy, we encourage them to both contact Diversity Atlas as well as lodge a complaint at the Office of the Australian Information Commissioner, OAIC (if in Australia) or their country / state / jurisdictional Supervisory Authority.
We do not use any cookies or collect any form of usage data in the survey itself. We may collect information on how the Diversity Atlas website is accessed and used, which is known as Usage Data. This Usage Data may include information such as your computer’s Internet Protocol address (IP Address), browser type, browser version, the pages of our website that you visit, the time and date of your visit, the time spent on those pages, which type of device you are using, and other diagnostic data.
You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent by a website. However, if you do not accept cookies, you may not be able to use some portions of our website.
We use google analytics to collect and store the information while participants interact with our services. The information collected is kept confidential and not shared with any outsourcing companies. This is used for internal analysis. The location of the participant is not tracked while tracking their usage.
Your personal information
Our participation in a Diversity Atlas survey involves the provision of personal information—that is, information about you which a third party might be able to use to identify you if they gained access to it.
As a survey respondent, you should understand that there are unavoidable risks involved in the provision of personal information to any entity, however we believe that we have taken every available measure to ensure this will not happen, including but not limited to full encryption, anonymity, systems to prevent pseudonymisation and a decision to lodge the platform in a secure cloud-based server. We also provide options for users to maximise the privacy of their responses. When you begin a Diversity Atlas survey, you are given the option of completing the entire survey anonymously. In this case, you will not be required to provide your name. We also do not validate and verify the participants’ input.
Your organisational coordinator has access to the overall results, but not any participant’s specific answers, anonymous or not. Cultural Infusion also has this same level of access, but only upon request by the organisation to provide technical, administrative or expert support. Your data is never nor will it ever be disclosed to, shared or sold to a third party.
Anonymous method of surveying:
You can complete the entire survey anonymously. When a user chooses to be anonymous, we do not ask their name and all other information will be kept hidden in the dashboard. The beauty of Diversity Atlas is that you can input your answers anonymously. They still form part of your organisation's diversity snapshot, but cannot be attributed to any participant individually. Should you feel comfortable in providing your name, please also note that your answers are still hidden / encrypted and impossible to access.
Whether you provide your name or complete the survey anonymously, the only fields which you are required to answer to successfully complete the Diversity Atlas survey are:
- Country of birth
- Primary language
- Position Level/Type
Additionally, the Diversity Atlas survey invites respondents to provide information about themselves which is considered ‘sensitive information’ under Section 6(1) of Australia’s Privacy Act and article 9 of the European Union GDPR. This includes information about:
- Ancestral and/or cultural heritage
- Sexual orientation
- Religion / Worldview
Answering these questions is entirely voluntary. Respondents are under no obligation to answer these questions, and can indicate in the Diversity Atlas survey that they prefer not to answer them. Please also see the note above about client organisations’ responsibilities with regards to the handling of this personal information, and the circumstances in which they are allowed to collect it.
How your information is used
Once a Diversity Atlas survey has been completed, the results are made available to the Organisational Administrator via the Diversity Atlas online dashboard, with possible added but restricted access to authorised administrators of 'sub-groups.
Using this dashboard, Organisational Administrators can undertake analysis and generate reports based on the results of the survey. Access to this Dashboard is limited to the designated Organisational Contact Person and is protected with SSL-encrypted passwords. Each page of Diversity Atlas has an SSL certificate. Our web server is located in a highly secured domain where its security is guaranteed. All website data is backed up on a daily, weekly and monthly basis.
Diversity Atlas’ administration and analytics dashboard limits the visibility of participants’ data to preserve their confidentiality. Organisational admins can see who in their organisation has completed the survey if these participants have provided their names, but they cannot see respondents’ individual answers to survey questions. Organisational admins can see the number of anonymous respondents, but neither their responses nor their name, because Diversity Atlas will not ask respondents for this information if they choose to complete the survey anonymously.
What admins can see:
- How many people responded to the survey
- Overall organisational results
- The names of respondents who have chosen not to complete the survey anonymously.
- Diversity metrics disaggregated to the level of teams or departments larger than 10 people
What they can’t see:
- Respondent’s answers, whether or not they have completed the survey anonymously
- The names of any respondents who have chosen to complete the survey anonymously
- Team-level results for teams within the organisation in which less than 10 people have responded
What can Diversity Atlas see?
Diversity Atlas’ development team do not have access to the results of a survey unless the organisational admin officially asks for help and discloses their password to us. Diversity Atlas team members cannot view or modify respondents’ responses.
Data storage and security
We store all users’ information on servers protected by world-leading standards of data integrity.
In Australia, all databases containing users’ data are stored on our Amazon Web Services (AWS) servers in Sydney, Australia. We have the capacity to make our service available to clients off servers located anywhere in the world, pursuant to their needs and any legislative requirements for the storage of personal data.
There are no other outsourcing companies involved in collection and data storage.
The admin dashboard is only accessible to organisational admins with a password. All admin passwords are SSL encrypted using the Hash function, meaning that nobody has access to them—including the Diversity Atlas team.
Diversity Atlas uses column-based encryption to offer additional protection to the information provided by respondents in a Diversity Atlas survey.
Retention of Data
We will also retain usage data of our website (not the survey) for internal purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our website, or we are legally obligated to retain this data for longer periods. Requests to delete information from your Organisation will be handled within thirty (30) days. We will also delete information once contracts have expired. We may use de-identified and aggregated data for statistical, research and marketing purposes with our client permission.