Privacy Policy
TINYpulse by WebMD Health Services – STANDARD PRIVACY POLICY
September 2022 Update
This Privacy Policy explains how TINYhr, Inc., d/b/a TINYpulse handles your personal information and data. We value your trust, and we’ve strived to present this policy in clear, plain language instead of complex lawyer speak.
This Privacy Policy applies to all the products, services, apps and websites offered by TINYpulse that post or include a link to this Privacy Policy. We refer to those products, services, apps and websites collectively as the “Services” in this Privacy Policy. We are located in the United States and Vietnam and collect, use, store and otherwise process your information and data in the United States and Vietnam.
Questions?
For questions regarding our Privacy Policy or practices, contact us by emailing support@TINYpulse.com.
European Union (“EU”) Data Subject Requests? For EU data subject requests, contact us by emailing privacy@TINYpulse.com or use our online data subject request form.
Changes to this privacy policy. We may modify this Privacy Policy at any time, but if we do so, we will notify you by publishing the changes on and in the Services. If we determine the changes are material, we will provide you with additional, prominent notice as is appropriate under the circumstances, including via email.
1. Our Services
1.1 Customers and Users. Our customers use our Services to gather and use information from their employees to gauge and improve employee happiness. Users of our Services respond to surveys and submit other information which may include contact information, employment information, cheers, suggestions, votes, comments, feedback, ratings, goals, wins, and messages (collectively “Responses”).
1.2 Administrators and Managers. Users with administrative or manager permissions are able to access Responses submitted by other users within their organization based upon the particular Service(s) and their permitted level of access.
1.3 Anonymous Responses. If Administrators select to use Anonymous Surveys, we do not reveal which Responses are associated with which user, email address, or IP address. Administrators may sort and view Responses by employee demographics (e.g. tenure, office location, gender, etc.). From time to time, if the Response rate is low or Responses are cross referenced by employee demographics, an administrator or manager may be able to determine the identity of the individual(s) who responded. Moreover, some users may disclose their identity in their Responses. Since TINYpulse does not change or edit Responses, in such an instance, the administrator or manager will find out who submitted that particular Response. As a user, you control whether to disclose your identity in your Responses (i.e., when you submit survey responses, cheers, suggestions, votes, comments, feedback, ratings, goals, wins, and messages).
1.4 The Rights of a Data Subject
The Right to Information – You have the right to be informed about the use and collection of your personal data.
The Right to Access - You have the right to request TINYpulse for copies of your personal data.
The Right to Rectification - You have the right to request that TINYpulse correct any information you believe is inaccurate. You also have the right to request TINYpulse to complete the information you believe is incomplete.
The Right to Erasure - You have the right to request that TINYpulse erase your personal data, under certain conditions.
The Right to Restrict processing - You have the right to request that TINYpulse restrict the processing of your personal data,
under certain conditions.
The Right to Object to Processing - You have the right to object to TINYpulse's processing of your personal data, under certain
conditions.
The Right to Data Portability - You have the right to request that TINYpulse transfer the data that we have collected to another organization, or directly to you, under certain conditions.
The Right to Avoid Automated Decision Making – You have the right to not to be subject to a decision based solely on automated decision processing.
2. What information about you do we collect?
When you use TINYpulse, we collect information relating to you and your use of our Services from a variety of sources, described below. Later sections describe what we do with the information.
2.1 Information we collect directly from you includes:
Registration information. You need a TINYpulse account before you can use our Services. When you register for an account, we collect and store all registration information you provide, which may include details such as your name, email address, and employment information.
Billing information. If you make a payment to TINYpulse, we require you to provide your billing details, such as a name, address, email address and financial information corresponding to your selected method of payment (e.g. a credit card number and expiration date or a bank account number). If you provide a billing address, we will regard that as the location of the account holder.
Account settings. You can set various preferences and personal details on your Settings page.
Responses you intentionally share. We collect your personal information and other data if you submit it to us in response to surveys or other features of the Services, or in other contexts. For example, if you provide us with a testimonial, participate in a TINYpulse contest, or send us an email with comments or suggestions.
Cookies and other tracking information. We collect usage data, device data, referral data, and information from cookies and page tags. Cookies are small bits of data we store on the device you use to access our services so we can recognize repeat users. Each cookie expires after a certain period of time, depending on what we use it for.
2.2 Information about you that we collect from third parties.
We use third-party vendors to collect information about you and your use of our Services to provide us with analytics and tools to manage, improve, market and expand our Services.
3. What do we do with the information we collect?
Responses We store and maintain user Responses submitted to the Services. Responses are made available to other users from your organization (our customer), such as administrators and managers, based upon their permitted level of access. If you are a user, please contact the administrator or manager who signed you up for TINYpulse Services to understand how they will use the Responses for your organization. As noted above, with Anonymous Surveys, your email and contact information are not associated with Responses made available to your organization, but an administrator or manager may be able to intuit who provided certain Responses, and will know your identity if you decide to include information that identifies you in a Response. With Confidential surveys, your email address is shared with super administrators at your organization and with Visible surveys, your identity is shared with other Users.
Usage data. TINYpulse may also analyze user usage patterns to improve or optimize our services.
To manage our services. We internally use your information, including certain Responses, for the following limited purposes:
To monitor and improve our services and features. We internally perform statistical and other analysis on information we collect (including usage data, device data, referral data, and information from page tags) to analyze and measure user behavior and trends, to understand how people use our services, and to monitor, troubleshoot and improve our Services. However, we do not use the non-public content of surveys (i.e. the content of questions and responses that you have not publicly shared) for these purposes.
To assist the enforcement of our Terms of Use.
To prevent potentially illegal activities.
To screen for undesirable or abusive activity. For example, we have automated systems that screen content for phishing activities, spam, and fraud.
To create new services, features or content (public data and metadata only). We may use public survey data and anonymized survey metadata (that is, data about the characteristics of a survey but not its non-public content), to create and provide new services, features or content. For example, we may look at statistics like response rates, question and answer word counts, and the average number of questions in a survey and publish interesting observations about these for informational or marketing purposes.
To contact you about your account. We occasionally send you communications of a transactional nature (e.g. service-related announcements, billing-related matters, changes to our services or policies, or a welcome email when you first register). You cannot opt out of these communications since they are required to provide our Services to you.
To respond to legal requests and prevent harm. If we receive a subpoena or other legal request, we may need to inspect the data we hold to determine how to respond.
Cookies We use information we obtain from cookies for several reasons:
To make our site easier to use. If you use the "Remember me" feature when you sign into your account, we may store your username in a cookie to make it quicker for you to sign in whenever you return to TINYpulse. For security reasons, we use cookies to authenticate your identity, such as confirming whether you are currently logged into TINYpulse.
To provide you with personalized content. We may store user preferences, such as your default language, in cookies to personalize the content you see. We also use cookies to ensure that users can’t retake certain surveys that they have already completed.
To improve our Services. We use cookies to measure your usage of our websites and track referral data, as well as to occasionally display different versions of content to you. This information helps us to develop and improve our services and optimize the content we display to users.
4. How do we share the data we collect about you?
Rest assured that TINYpulse does not sell your email address to any third parties. Nor does TINYpulse sell your Responses. To be clear, TINYpulse does not sell your information to third parties, we only disclose your information to third parties (other than those in your organization) for a limited number of reasons:
Service providers. We share your information with our service providers who help us to provide our Services to you. We give relevant persons working for some of these providers access to your information, but only to the extent necessary for them to perform their services for us. We also implement contractual and technical requirements to protect the safety and confidentiality of your personal information and ensure data is maintained, used only for the provision of their services to us, and handled in accordance with this Privacy Policy. Examples of service providers we utilize include payment processors, email service providers, and web traffic analytics tools. By using our Services, you authorize TINYpulse to sub-contract in this manner on your behalf.
Your account details to your billing contact. If your details (as the account holder) are different to the billing contact listed for your account, we may disclose your identity and account details to the billing contact upon their request (we also will attempt to notify you of such requests).
Research. We may disclose aggregated, anonymous, or anonymized data, including aggregated and anonymous Responses, to third parties for market research, academic research, benchmarking, forecasting, trend research, or any other purpose. In all such instances, we will not disclose any identifiable information about users or our customers.
The presence of a cookie to advertise our services. We may ask advertisers to display ads promoting our Services on other websites. We may ask them to deliver those ads based on the presence of a cookie but in doing so will not share any other information with the advertiser.
Your information if required or permitted by law. We may disclose your information as required or permitted by law, or when we believe that disclosure is necessary to protect our rights, and/or to comply with a judicial proceeding, court order, subpoena, or other legal process served on us. Notwithstanding anything to the contrary in this Privacy Policy, TINYpulse may disclose information regarding users (including personal information) pursuant to a valid subpoena or legal process. We will undertake good faith efforts to provide you with notice of any such subpoena or process, but this is not always possible or allowed by applicable law, and you acknowledge that we do not have a legal obligation to do so. Additionally, TINYpulse may disclose information regarding users (including personal information) in order to protect the property of TINYpulse or prevent any imminent damage to third party property or where there is a threat of personal injury.
Change in business ownership or structure. If ownership of all or substantially all of our business changes, or we undertake a corporate reorganization (including a merger or consolidation) or any other action or transfer between TINYpulse entities. TINYpulse will provide notice of such a transfer in accordance with applicable laws.
Information you expressly consent to be shared. For example, we may expressly request your permission to provide your contact details to third parties for various purposes, including to allow those third parties to contact you for marketing purposes. (You may later revoke your permission, but if you wish to stop receiving communications from a third party to which we provided your information with your permission, you will need to contact that third party directly.)
5. Do we publicly share your information?
Yes, in certain circumstances. Information you submit to publicly accessible blogs or community forums available through our Services may be read, collected, and used by others who access them. We’re not responsible for any personal information you choose to submit in these publicly accessible areas of our Services.
6. Safety of Minors and COPPA.
Our Services are not intended for and may not be used by minors. "Minors" are individuals under the age of majority in their place of residence (or under 13 in the United States or under age of 16 in the European Union). TINYpulse does not knowingly collect personal data from minors or allow them to register as users. If it comes to our attention that we have collected personal data from a minor, we may delete this information without notice. If you have reason to believe that this has occurred, please contact us at support@TINYpulse.com or privacy@TINYpulse.com regarding an EU data subject.
7. What are your rights to your information?
You can:
Update your account details. You can update your registration and other account information on your Settings page.
Capture your Responses. You can take screenshots of your information and data, including but not limited to Responses. We may in our discretion provide other tools to export the data.
Cancel your account. Deleting your account will not cause all the Responses in the account to be permanently deleted, but will disable your access to any other Services that require a TINYpulse account.
Submit a request. You can submit a request by email to support@TINYpulse.com or to privacy@TINYpulse.com for EU data subjects or by using our online request form. We will respond to your request, including any appropriate request to access, correct, update, restrict processing or object to processing, or delete your personal information within the time period specified by law (if applicable) or without excessive delay. We will promptly fulfill requests to delete personal data unless the request is not technically feasible or such data is required to be retained by law (in which case we will block access to such data, if required by law). If we are processing your personal data on behalf of a customer, we will promptly refer your request to our customer and support the customer in responding to your request.
8. For how long do we retain your data?
We retain your data as long as necessary to provide our Services and to comply with our legal obligations. Within thirty (30) days after your data is no longer needed to provide our Services or comply with our legal obligations, we anonymize and aggregate your data permanently. However, we reserve the right to delete or purge such data.
9. Third-Party Data Sources
We obtain information about prospective customers and users from third party sources including data licensors and marketing company databases. We use the information to market TINYpulse Services.
10. Security
The security of your data and information is important to us, and we strive to implement and maintain reasonable, commercially acceptable security procedures and practices appropriate to the nature of the information submitted to us, intended to protect it from unauthorized access, destruction, use, modification, or disclosure. However, please be aware that no method of transmission over the internet, or method of electronic storage is 100% secure, and we are unable to guarantee the absolute security of your data and information. More information can be found at https://www.tinypulse.com/platform-security.
11. Supplemental Notice to EU Data Subjects
TINYpulse processes personal data for the limited purposes identified above.
11.1 Lawful Grounds. If you reside in the European Economic Area or Switzerland (collectively the “EU”), we rely on the following lawful grounds under the General Data Protection Regulation (“GDPR”) to process (collect, store, and use) your personal data: (a) it is necessary for the performance of a contract with you; (b) our or a third-party’s legitimate business interest; or (c) your consent.
11.2 Data Transfer Notice. We transfer your personal data to the United States and Vietnam for processing in the United States and Vietnam. We make the transfer to the United States and Vietnam in the absence of an adequacy decision because it is necessary for the performance of a contract with you, or with your explicit consent.
11.3 Individual Rights and Data Subject Requests. We provide you with tools to change access, delete, or modify your personal information within the Services. We also provide tools to our customers to respond to your data subject request within the Services. Additionally, you may also contact us at privacy@tinypulse.com our use our online form to request access to, transfer of, and rectification or erasure of your personal data, or restriction of processing, or to object to processing of your personal data. If sending an email, please specify the nature of your request and the information that is the subject of your request. We may require you to submit additional information necessary to verify your identity and status as an EU data subject. We will respond to your request within 30 days.
11.4 Withdraw Consent. If we are processing your personal data based upon the lawful ground of your consent, you have the right to withdraw your consent for such processing at any time without affecting the lawfulness of processing based on consent before it is withdrawn. To withdraw consent, email us at privacy@TINYpulse.com.
12. Contact
If you have any questions about this Privacy Policy, please contact us at:
TINYpulse by WebMD Health Services
2701 NW Vaughn St #700
Portland, OR 97210
(503) 205-5066
support@TINYpulse.com or if you are in the EU at privacy@TINYpulse.com