Last updated: 19th September 2023
Your privacy and confidentiality are really important to us and we are committed to protecting your personal information. This privacy notice applies to your use of the New Possible application. If you want to know how we collect and use data when you use our website, please read this notice. Just so that you know, whenever we use the words “New Possible”, “we”, “us”, or “our”, we mean New Possible Research Limited.
In this information notice, we’re going to share with you:
Who we are
We’re a UK based company that believes when people thrive, organisations thrive too. We provide organisations with the technology and insight needed to adopt employee voice in a meaningful and confidential way.
What data we collect about you, and whe
Personal data means any information about someone who is, or can easily be, identified. It does not include data where the identity has been removed (e.g. statistics).
Information collected directly from you or your employer:
We collect the personal data provided to us when:
- Basic User Details - Usually your full name, and department/team.
- Self-Select Demographics - This may include information that you may provide to us which is classified as special category data under the relevant data protection laws, such as information about your health, ethnicity or sexual orientation. This information is used to identify if there is variation across different groups of people. We will never reveal this information to your employer in a way that will enable them to identify you and you will never be required to provide this information to us.
- Notification Information - Your email address, so we can notify you about new surveys. If you are an administrator or manager of New Possible, your email address will also be used to keep you up to date with platform updates and allow you to give feedback and make feature requests.
- Survey Data - We store your feedback, scores and comments from surveys
- Profile Data - Includes your password (if you have a login)
- Aggregated Data - We collect and use statistical and demographic data. This is not considered personal data.
- We also capture any contact details and personal data you share with us when you contact us for support.
Information we collect from other sources:
As you interact with our application, we may automatically collect information to improve user experience on our applicaton.
- Technical Data - This includes IP address.
- Usage Data - We collect data about how users interact with our application to help us spot usability problems and to improve our product.
Why we use your personal data
We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:
- Where you have given us consent to do so.
- Where we need to process your personal data to perform the contract we are about to enter in to, or have entered into, with you or your employer.
- Where it is necessary for our legitimate interests (or those of a third party) and your interests and rights do not override those legitimate interests. For example, to allow us to continue to improve our product to ensure users have the best and most secure experience.
- Where we need to comply with a legal obligation
How long we’ll keep your data for
We’ll only keep your personal data for as long as we need it, to fulfil the purposes we collected it for, including to satisfying any legal, accounting, or reporting requirements.
If you leave your employer, we will delete any information which can identify you when the employer notifies us of this change.
When your employer’s contract with New Possible ends, we’ll delete any information which can identify any employees within 28 days.
We anonymise your personal data (so it can no longer be associated with you), then use it indefinitely for research and statistical purposes. For more information, please contact us.
How we keep your information safe
New Possible is Cyber Essentials certified, which is a Government-backed, industry-supported scheme that helps organisations protect themselves against common online threats. We also receive ongoing advice from a CREST certified Cyber Security Advisor who provides guidance on our cyber security strategy.
When we may share your information with others
We will never sell your personal data to anyone. But we may have to share some data with the third parties set out below, to allow us to provide our services. All data is kept in the UK:
- Amazon Web Services - hosts our machine learning technology
- Microsoft Azure - hosts our reporting technology
- If we merge with, or are acquired by, a third party company, we will share, or transfer your personal data with that company so business can operate as usual. If this happens, the new owners may only use your personal data in accordance with this privacy notice.
Your Legal Rights
You have the ability to exercise the following rights over your personal data:
- Request access to a copy of the personal data we have about you, to check that it’s accurate, and that our processing of it is lawful. It’s free to do this, but we may charge a reasonable fee, or refuse to comply, if your request is repetitive or excessive.
- Complete or correct any information about you, but we may need to verify the new data is accurate.
- Request deletion or removal of your personal data. However, we may not always be able to do this, due to specific legal reasons, but we’ll tell you if this is the case.
- Object to the processing of your personal data, if your circumstances mean we’re impacting your rights too much. But we may investigate to find out whether our interests override your rights.
- Request we temporarily stop processing your personal data (a) if you want us to show the information is accurate; (b) where our use of the data is unlawful but you don’t want us to delete it; (c) where you need us to hold the data because you need it for a legal claim; or (d) you have objected to our use of your data but we need to work out whether we have legitimate grounds to use it.
- Withdraw consent at any time, where we’re relying on consent to process your data. If you withdraw your consent, we may not be able to provide certain services to you. We’ll advise you at the time, if this is the case.
Exercising your rights:
If you want to exercise any of your rights, please contact us. We may need further information about your request, or to confirm your identity, before we take action.
We try to respond to all requests within one month. If requests are complex or you have made more than one, we may notify you that it’ll take longer than a month to process.
The right to complain
You have the right to complain to the Information Commissioner’s Office (“ICO”), the UK’s supervisory authority for data protection issues (www.ico.org.uk). However, we’d appreciate the chance to deal with any concerns before involving the ICO, so please contact us.
Changes to this Privacy Notice
This Privacy Notice may be updated occasionally, in line with changes to the law or our practices. Please regularly check this notice for changes, as we will only directly notify you, via email, when we want to make significant changes to the way we collect, store or process your data.
How to Contact Us
You can contact us by emailing firstname.lastname@example.org, or by posting to:
Privacy at New Possible Research Limited
Office 10, Merseyway Innovation Centre,