Privacy Policy of Cantilever Goal

Cantilever Goal ("we", "our", "us") operates an online platform providing employee engagement platforms, performance management tools, skills development modules, behavioural analytics, team collaboration features, recognition and rewards systems, and HR data insights. This Privacy Policy describes how we collect, use, and share information in connection with our services.

We are committed to protecting your privacy and handling your data in an open and transparent manner. This policy outlines our practices in accordance with the UK General Data Protection Regulation (UK GDPR) and other applicable data protection laws.

1. Information We Collect

We collect various types of information to provide and improve our services, including:

• Information provided by you or your organisation: This includes personal data such as names, email addresses, job titles, performance data, feedback, recognition details, and skills information, which is provided when setting up an account, using our engagement and performance tools, or interacting with our services.
• Information collected automatically: When you access and use our online platform, we may automatically collect certain information from your device, such as your IP address, browser type, operating system, referring URLs, device identifiers, and information about how you interact with our service (e.g., pages viewed, features used, time spent). This is collected through cookies and similar tracking technologies.
• Information from other sources: In some cases, we may receive information about you from your employer or other third parties who are authorised to share your information with us as part of their use of our services.

2. How We Use Your Information

We use the information we collect for various purposes, primarily to provide, maintain, and improve our robust motivation platform for businesses:

• To operate and deliver our services, including employee engagement, performance management, skills development, behavioural analytics, team collaboration, and recognition systems.
• To personalise your experience on our online platform and provide content relevant to your role and organisation.
• To analyse usage trends and preferences to enhance the design, functionality, and features of our service.
• To communicate with you about our services, updates, support, and other relevant information.
• To ensure the security and integrity of our online platform and prevent fraud or unauthorised access.
• To comply with legal obligations and enforce our terms and policies.
• For research and development to create new features and functionality.
• To generate anonymised and aggregated HR data insights for our clients and for our own analytical purposes.

3. Legal Basis for Processing Personal Data

We process personal data based on the following legal grounds:

• Performance of a contract: For data necessary to fulfil our contractual obligations with your organisation to deliver our services.
• Legitimate interests: Where processing is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests. This includes, for example, improving our services, ensuring platform security, and conducting data analytics.
• Consent: In some limited circumstances, we may rely on your explicit consent for specific types of processing, which will be requested separately.
• Legal obligation: Where processing is necessary to comply with a legal or regulatory obligation.

4. Sharing and Disclosure of Information

We do not sell personal data. We may share your information with:

• Your organisation: Your employer or the organisation that provides you access to our services will have access to the personal data and performance information submitted or generated through your use of the platform, as per their agreement with us.
• Service providers: We engage trusted third-party service providers who assist us in operating our online platform, conducting our business, or serving our users (e.g., hosting providers, analytics services, customer support). These providers are contractually bound to protect your data and only process it for specified purposes.
• Legal requirements: We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order or government agency).
• Business transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction.
• Aggregated or anonymised data: We may share aggregated or anonymised information that cannot reasonably be used to identify you with third parties for various purposes, including marketing, analytics, and research.

5. International Data Transfers

Cantilever Goal is based in the UK. However, the data we collect may be stored and processed in, and transferred to, countries outside of the UK and European Economic Area (EEA) where our service providers maintain facilities. In such cases, we implement appropriate safeguards, such as standard contractual clauses approved by the European Commission or the UK Information Commissioner's Office, to ensure your personal data remains protected to the standards required by UK GDPR.

6. Data Security

We implement robust technical and organisational measures to protect your personal data from unauthorised access, disclosure, alteration, and destruction. These measures include encryption, access controls, secure software development practices, and regular security assessments.

7. Your Data Protection Rights

Under UK GDPR and other applicable data protection laws, you have certain rights concerning your personal data:

• The right to access: You have the right to request copies of your personal data.
• The right to rectification: You have the right to request that we correct any information you believe is inaccurate or complete information you believe is incomplete.
• The right to erasure: You have the right to request that we erase your personal data, under certain conditions.
• The right to restrict processing: You have the right to request that we restrict the processing of your personal data, under certain conditions.
• The right to object to processing: You have the right to object to our processing of your personal data, under certain conditions.
• The right to data portability: You have the right to request that we transfer the data that we have collected to another organisation, or directly to you, under certain conditions.

To exercise any of these rights, please contact us using the details provided below. Please note that for personal data processed on behalf of your employer, your employer is the data controller, and we act as a data processor. In such cases, you should primarily direct your requests to your employer.

8. Data Retention

We retain personal data for as long as necessary to provide our services to your organisation, comply with our legal obligations, resolve disputes, and enforce our agreements. Once the data is no longer required, we will securely delete or anonymise it.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any significant changes by posting the new Privacy Policy on our online platform. We encourage you to review this Privacy Policy periodically.

10. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us:

Cantilever Goal

17 Regent's Wharf

All Saints Street, Floor 3

London, Greater London, N1 9RL, UK

You also have the right to lodge a complaint with the Information Commissioner's Office (ICO), the UK supervisory authority for data protection issues (www.ico.org.uk).