Entromy Privacy Policy

Last updated: June 4, 2024

Entromy, LLC (“Entromy”, “Company”, “we”, “us” or “our”) respects the privacy of its customers, business partners and visitors of www.entromy.com (“website”). We are committed to protecting the privacy of the individuals who make use of our services or visit our website. We will attempt to collect only as much data as is required to make the Entromy experience as delightful and as high in quality as possible. We value our customers’ trust and take our privacy obligations seriously. We have developed this Privacy Policy (the “Policy”) to describe how Entromy collects, uses, shares, and protects your personal information. For the purposes of this Policy, “personal information” refers to any information relating to an identified or identifiable natural person. Such personal information amounts to ‘personal data’ for the purposes of and as defined in the European Data Protection Laws (as defined below and to the extent applicable).

As used in this Policy (a) “GDPR” means the General Data Protection Regulation (EU) 2016/679; (b) “UK Data Protection Laws” means the UK GDPR and the UK’s Data Protection Act 2018 (“UK DPA 2018”); (c) “UK GDPR” means the UK equivalent of the GDPR, as defined in section 3(10) (and as supplemented by section 205(4)) of the UK DPA 2018; and (d) “European Data Protection Laws” means the GDPR and/or UK Data Protection Laws, in each case to the extent applicable.

If an organization with which you are associated, such as your employer (an “Organization”) signs up to use our services, we may receive information about you in connection with our provision of such services to your Organization. To the extent we process that information solely in order to provide such services to your Organization, we will act as a processor on behalf of your Organization in respect of that information, which means: we will handle that information solely at the direction of your Organization; and your Organization (and not us) is responsible for obtaining all necessary consents and providing you with all requisite information as required by applicable law.

As used in this Policy, the terms “using” and “processing” information include using cookies on a computer, subjecting the information to statistical or other analysis and using or handling information in any way, including, but not limited to collecting, storing, evaluating, modifying, deleting, using, combining, disclosing and transferring information within Entromy or among our affiliates within the United States or internationally.

1. Collection of Information

We collect information about our customers as they create or modify their profile, make purchases through, use, access, or interact with the Entromy services. Here are the types of information we collect or receive:

(a) Voluntarily provided information including name, email address, subject and message, which may be used when delivering the services or information visitors have requested. We collect data from the device our customers use to access our website such as their IP address and browser type. Entromy uses cookies to remember users’ settings and preferences, and for session management. Users can control the use of cookies at the individual browser level. If they reject cookies, they may still use our website. We also collect information about the source that referred our users to us. This might be an external source such as a link from another website. For the avoidance of doubt, the website uses third-party service platforms (including to help analyze how users use the website). These third-party service platforms may place cookies on your computer or mobile device. Here are links to the main third-party platforms we use:

https://policies.google.com/technologies/cookies?hl=en-US
https://www.intercom.com/legal/cookie-policy
https://help.hotjar.com/hc/en-us/articles/115011789248-Cookies-on-hotjar-com

(b) The Entromy platform accesses data associated with your Organization including user data, groups, emails, passwords, demographic data, responses and interactions with the platform. We host surveys on our Entromy platform and collect the responses submitted. The pulse responses are anonymous and never shown individually or associated with email/IP addresses. However, responses are aggregated and presented collectively at team level by the Entromy platform to highlight key trends. The data obtained from the surveys is owned by your Organization and we respect the privacy of the surveys. We may use aggregate data and statistics, including with respect to surveys, to improve our products and services. If you think that a certain survey violates our terms of service or may be promoting an illegal activity, please contact us immediately at info@entromy.com. In addition, through our provision of the Entromy platform we may collect from you, or you may make available to us, some special categories of personal data. To the extent permitted by applicable law, by agreeing to this Policy, you explicitly consent to the processing of any such special categories of personal data. “Special categories of personal data” consist of personal data for the purposes of and as defined in the European Data Protection Laws which is to be treated with particular sensitivity. The special categories of personal data that we may collect in connection with the Entromy platform may include information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership.
(c) Account creation information: Another user such as a system administrator may be authorized to create an account on an individual’s behalf and may provide information associated with that individual (primarily to use and access the Entromy platform).
(d) Billing Information. Our third-party payment processor will collect and store billing address and card information.

2. Use of Information Collected

Entromy may collect and may make use of personal information for variety of reasons. Pursuant to the European Data Protection Laws, legal bases for our processing your personal information may include (without limitation):

(a) where you have given consent to the processing, which consent may be withdrawn at any time without affecting the lawfulness of processing based on consent prior to withdrawal;
(b) where it is necessary to perform the contract we have entered into or are about to enter into with you (whether in relation to the provision of the website or otherwise);
(c) where it is necessary for us to comply with a legal obligation to which we are subject; and/or
(d) where it is necessary for the purposes of our legitimate interests (or those of a third party) in providing, improving, or marketing the website and/or our services and your interests or fundamental rights and freedoms do not override those legitimate interests.

We use reasonable efforts to ensure that the information collected is reasonably necessary for our business, including providing our customers with the services they requested. We may also use your personal information to:

• Provide customers with access and use of the Entromy platform and customer support, which may require us to access their information so that we can assist them with survey design or technical issues;
• Enable users to connect, interact, and share content with individuals they designate;
• Create de-identified aggregated benchmark data and trends;
• Improve our survey benchmark without disclosing any information to other unrelated customers;
• Monitor, maintain, and improve our services and features;
• Personalize or customize the Entromy platform to enhance the customer’s experience;
• Safeguard the personal safety of our users and preserve all properties of Entromy;
• Connect with customers via email or telephone to tell them about matters such as changes to our services, this Policy, or terms of service;
• Keep customers informed of other possible products and / or services that may interest them;
• Investigate and prevent potentially illegal activities; or
• Remain in conformance with any decrees, laws and / or statutes or in an effort to comply with any process which may be served upon Entromy.

Entromy may disclose personal information if required to do so in accordance with applicable laws and / or in a good faith belief that such action is deemed necessary or is required. We are committed to conducting our business with these principles with the intent to ensure that the confidentiality of personal information is protected and maintained.

3. Disclosure and Shared Information

We generally disclose information we gather from or about you to the following categories of third parties. We may disclose your information to our service providers who help us to provide our services such as hosting and maintaining the website. We use reasonable efforts to ensure that these service providers are capable of protecting the security of your personal information. In addition, Entromy may disclose your information to professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.

Please note in particular that the website uses Google Analytics, including its data reporting features. Information collected by Google Analytics includes but is not limited to web metrics. For information on how Google Analytics collects and processes data, please see the site “How Google uses data when you use our partners’ sites or apps”, currently located at www.google.com/policies/privacy/partners/. For information on opting out of Google Analytics, we encourage you to visit Google’s website, including its list of currently available opt-out options presently located at https://tools.google.com/dlpage/gaoptout.

Entromy may disclose your personal information if required to do so by law such as to comply with a subpoena or similar legal process or in the good faith belief that such action is necessary to (a) comply with a legal obligation, investigate fraud, or respond to a government request, including lawful requests by public authorities, such as to meet national security or law enforcement requirements (b) protect and defend the rights or property of Entromy, (c) act in urgent circumstances to protect the personal safety of users of the Entromy website, or (d) protect against legal liability.

We reserve the right to transfer information to a third party in connection with a sale, merger or other transfer of all or substantially all of the assets of Entromy or any of its Corporate Affiliates (as defined below), or that portion of Entromy or any of its Corporate Affiliates to which the Service relates, or in connection with a strategic investment by a third party in Entromy, or in the event that we discontinue our business or file a petition or have filed against us a petition in bankruptcy, reorganization or similar proceeding.

We may also disclose information about you to our Corporate Affiliates. For purposes of this Policy: “Corporate Affiliate” means any person or entity which directly or indirectly controls, is controlled by or is under common control with Entromy, whether by ownership or otherwise; and “control” means possessing, directly or indirectly, the power to direct or cause the direction of the management, policies or operations of an entity, whether through ownership of fifty percent (50%) or more of the voting securities, by contract or otherwise.

4. Unsubscribe or Opt-out

All users and / or visitors to our website have the option to discontinue receiving communications. To discontinue or unsubscribe, please use the link provided in communications you receive from us or email info@entromy.com stating that you would like to unsubscribe. If you are an employee of one of our customers, please directly contact your employer to stop receiving emails regarding taking regular pulse surveys, and if you wish to unsubscribe or opt out from any third-party sites, you must go to that specific site to unsubscribe.

With respect to “Do Not Track” requests, we take no action in response to automated Do Not Track requests. However, if you wish to stop such tracking, please contact us with your request, using our contact details provided below.

5. Security

Entromy shall endeavor and shall take commercially reasonable steps to maintain adequate physical, procedural, and technical security with respect to our offices and information storage facilities with the goal of preventing a loss, misuse, unauthorized access, disclosure, or modification of your personal information.

6. Changes to this Policy

Entromy reserves the right to update and / or change the terms of our Policy, and as such we will post those changes to our website homepage, so that our users and / or visitors are always aware of the type of information we collect, how it will be used, and under such circumstances, if any, we may disclose such information. If at any point in time Entromy decides to make use of any personal information in a manner vastly different from that which was stated when this information was initially collected, we will provide you with notice. Users at that time have the option whether or not to permit the use of their information in this separate manner.

7. Acceptance of Terms

Through the use of the Entromy platform or this website, you are hereby acknowledging the terms of this Policy. If you are not in agreement with these terms, then you should refrain from further use of the Entromy platform or this website.

8. International Transfers

Personal information collected on the website or via the Entromy platform may be transferred from time to time to our offices or personnel, or to third parties, located throughout the world, and the website and Entromy platform may be viewed and hosted anywhere in the world, including countries that may not have laws of general applicability regulating the use and transfer of such information. By using the website and/or the Entromy platform and submitting such information on it, you voluntarily consent to the trans-border transfer and hosting of such information. Without limitation of the foregoing, you hereby expressly grant consent to Entromy to: (a) process and disclose such information in accordance with this Policy; (b) transfer such information throughout the world, including to the United States or other countries that do not ensure adequate protection for personal information (as determined by the European Commission or the UK Information Commissioner’s Office, as applicable, each, an “Inadequate Jurisdiction”) and/or countries that may not have laws of general applicability regulating the use and transfer of such information; and (c) disclose such information to comply with lawful requests by public authorities, including to meet national security or law enforcement requirements. To the extent required by applicable law: whenever we transfer your personal information to third parties (as described in this Policy) located in an Inadequate Jurisdiction, we ensure a similar degree of protection is afforded to it; we may use specific contracts approved by the European Commission (accessible at https://eur-lex.europa.eu/eli/dec_impl/2021/914/oj) or the UK Information Commissioner’s Office (accessible at https://ico.org.uk/for-organisations/uk-gdpr-guidance-and-resources/international-transfers/international-data-transfer-agreement-and-guidance/), as applicable, which give personal information the same protection it has in the European Economic Area or the United Kingdom, as applicable, under the European Data Protection Laws; and if we rely on another basis to transfer your personal information to an Inadequate Jurisdiction, we will keep you updated or contact you if required. Please contact us if you want further information on the specific mechanisms used by us when transferring your personal information to an Inadequate Jurisdiction. If you are a user accessing the website or the Entromy platform from a jurisdiction with laws or regulations governing personal information collection, use, and disclosure that differ from those of the United States, please be advised that all aspects of the website and the Entromy platform are governed by the internal laws of the United States and the Commonwealth of Massachusetts, USA, regardless of your location.

For specific information regarding how we handle personal information transferred from the European Economic Area or the UK to the United States, please see Section 12 below.

9. Your Choices

We generally use your information as described in this Policy or as authorized by you or as otherwise disclosed at the time we request such information from you. You generally must “opt in” and give us permission to use your information for any other purpose. You may also change your preference and “opt out” of receiving certain marketing communications from us by following the directions provided in association with the communication or such other directions we may provide or by contacting info@entromy.com.

Under certain circumstances and in compliance with the European Data Protection Laws, you may have the right to:

Request access to your personal information (commonly known as a ‘subject access request’). This enables you to receive a copy of the personal information we hold about you and to check that we are lawfully processing it;
Request correction of the personal information that we hold about you. This enables you to have any incomplete or inaccurate personal information we hold about you corrected;
Request erasure of your personal information. This enables you to ask us to delete or remove your personal information where there is no good reason for us to continue processing it. You also have the right to ask us to delete or remove all of your personal information in certain circumstances;
Object to processing of your personal information where we are relying on a legitimate interest (or that of a third party) and there is something about your particular situation which makes you want to object to processing on this ground;
Request the restriction of processing of your personal information. This enables you to ask us to suspend the processing of your personal information, for example, if you want us to establish its accuracy or the reason for processing it;
Request the transfer of your personal information to another party; and
Lodge a complaint with the relevant supervisory authority (as defined in the European Data Protection Laws). If you have any complaints about the way we process your personal information, please do contact us. Alternatively, you may lodge a complaint with the supervisory authority which is established in your country.

If you want to review, verify, correct or request erasure of your personal information, object to the processing of your personal information, or request that we transfer a copy of your personal information to another party, please contact info@entromy.com.

Such updates, corrections, changes and deletions will have no effect on other information that we maintain, or information that we have provided to third parties in accordance with this Policy prior to such update, correction, change or deletion. To protect your privacy and security, we may take reasonable steps (such as requesting a unique password) to verify your identity before granting you profile access or making corrections. You are responsible for maintaining the secrecy of your unique password and account information at all times.

You should be aware that it may not be technologically possible to remove each and every record of the information you have provided to us from our system. The need to back up our systems to protect information from inadvertent loss means that a copy of your information may exist in a non-erasable form that will be difficult or impossible for us to locate. After receiving your request, we will use commercially reasonable efforts to update, correct, change, or delete, as appropriate, your personal information stored in databases we actively use and other readily searchable media as appropriate, as soon as and to the extent reasonably practicable.

10. Retention

We will only retain your personal information for as long as necessary to fulfill the purposes for which we collected it or as otherwise permitted by applicable law.

To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of that personal information, the potential risk of harm from unauthorized use or disclosure, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.

11. How to Contact Us

If you have any questions or concerns regarding this Policy, please feel free to contact us at the following email or mailing address.

Email: info@entromy.com

Mailing address:
One Boston Place Suite 2600
Boston, Massachusetts, 02108

We have appointed INSTANT EU GDPR REPRESENTATIVE LIMITED as our representative in the European Union for purposes of Article 27 of the GDPR. Please see INSTANT EU GDPR REPRESENTATIVE LIMITED’s contact details below:

Office 2, 12A LOWER MAIN STREET, LUCAN CO. DUBLIN, K78 X5P8, IRELAND
353 0 1554 9700
contact@gdprlocal.com

We have appointed GDPR LOCAL LTD as our representative in the United Kingdom for purposes of Article 27 of the UK GDPR. Please see GDPR LOCAL LTD’s contact details below:

1st Floor Front Suite, 27 29 North Street, Brighton, England. BN1 1EB
44 0 1772 217800
contact@gdprlocal.com

12. Data Privacy Framework

Entromy complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF (collectively, the “DPF”) as set forth by the U.S. Department of Commerce. Entromy has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (the “Principles”) with regard to the processing of personal information received from the European Union in reliance on the EU-U.S. DPF and from the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. If there is any conflict between the terms in this Policy and the Principles, the Principles shall govern. To learn more about the DPF program, and to view our certification, please visit https://www.dataprivacyframework.gov/ and https://www.dataprivacyframework.gov/list. Entromy commits to subject all personal information received from the European Union and the United Kingdom (and Gibraltar) under the DPF to the Principles.

For the categories of personal information collected by Entromy, please see Section 1 of this Policy; for the purposes for which Entromy collects and uses personal information, please see Section 2 of this Policy; for the categories of third parties to which Entromy discloses personal information and our purposes for doing so, please see Sections 2 and 3 of this Policy; and for more information regarding your right to access your personal information and your choices and the means Entromy offers you for limiting the use and disclosure of your personal information, please see Sections 4 and 9 of this Policy.

Before Entromy discloses your personal information to a third party, we will require that such third party provide the same level of privacy protection as is required by the Data Privacy Framework. Entromy remains liable under the Data Privacy Framework if third-party agents that it retains to process your personal information on our behalf process your personal information in a manner inconsistent with the Data Privacy Framework, unless Entromy can prove that it is not responsible for the event giving rise to the damage. For more information regarding Entromy’s disclosure of personal information to third parties, please see Section 3 of this Policy.

Notwithstanding any other provision of this Policy, and for the avoidance of doubt, with respect to personal information processed by Entromy solely on behalf of a third-party controller, the provisions of this Policy specific to such data continue to apply in accordance with the DPF, but may be limited to working with the respective controller, given our role as a processor. Such data processed solely on behalf of a third-party controller includes the information described in Section 1(b) above; Entromy collects and uses such information only on the instructions of the applicable third-party controller and will work with the applicable third-party controller to facilitate your data subject rights.

In compliance with the DPF, Entromy commits to resolve Principles-related complaints about our collection and use of your personal information. EU and UK individuals with inquiries or complaints regarding our handling of personal information received in reliance on the DPF should first contact Entromy at: info@entromy.com.

In compliance with the DPF, Entromy commits to refer unresolved complaints concerning our handling of personal information received in reliance on the DPF to the International Center for Dispute Resolution-American Arbitration Association (ICDR-AAA), an alternative dispute resolution/ provider based in the United States. If you do not receive timely acknowledgment of your DPF Principles-related complaint from us, or if we have not addressed your DPF Principles-related complaint to your satisfaction, please visit https://go.adr.org/dpf_irm.html for more information or to file a complaint. The services of the ICDR-AAA are provided at no cost to you.

If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. For more information, please visit: https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf.

Adherence by Entromy to the Principles and the provisions set forth in this Section 12 may be limited (a) to the extent necessary to comply with a court order or meet public interest, law enforcement, or national security requirements, including where statute or government regulation create conflicting obligations; (b) by statute, court order, or government regulation that creates explicit authorizations; or (c) if the effect of the European Data Protection Laws, to the extent applicable, is to allow exceptions or derogations, under the conditions set out therein, provided that such exceptions or derogations are applied in comparable contexts.

In certain circumstances, Entromy may be required to disclose your personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. Finally, the Federal Trade Commission has jurisdiction over Entromy’s compliance with the DPF.