HuddleUp Privacy Policy

Effective Date: September 22, 2014

Welcome to HuddleUp by Medallia, Inc. HuddleUp is an online platform that enables corporate teams to provide regular, frequent feedback, drives productive dialogues between teams and their leaders, and encourages behavior focused on Delighting Customers Profitably. In order for you and your team to be able to engage fully on the platform, it’s important that you understand how your information, including your “Personal Information” as described below, is collected, used and disclosed. You should also understand the levels of security, anonymity and confidentiality for such information that the platform provides. “Personal Information” means personally identifiable information that we obtain about you either through the platform or in connection with your use of the platform, including your name and device information.

Please be aware that by using this platform, you consent to our collection, use and sharing of your Personal Information as detailed in this policy. Please also be aware that we cannot restrict or control the use of or publishing of information about you, including Personal Information, by your colleagues.

Every time you take a sparq (a short poll asking the right questions – the equivalent of “survey”) on this platform, we store your answers. The extent to which your identity is shared back with your team or your employer depends on the level of anonymity of the question. There are two options:

  • Anonymous means that your response will never be attributed to you personally. Bear in mind that it, together with the responses of your teammates, is available to your team and employer for aggregate review.

    • Example Question: What is the biggest challenge that our company has with respect to company morale?

    • Example Answers:

      • Employee from Team 123: Salary discrepancies

      • Employee from Team 123: Distance of office from food establishments

      • Employee from Team 123: Upward mobility opportunities

  • Non-anonymous means that your name or other identifier is linked to your response, and that they are both available to your employer for review.

    • Example Question: What one initiative would you be willing to lead that would help our company improve its culture?

    • Example Answers:

      • Jane Doe: Start a fitness club

      • John Smith: Bring in cupcakes for birthday celebrations

      • Jaime Cole: Start a brown-bag-lunch series

Note that even if a given sparq question is designated as anonymous, your employer will be able to determine and track whether you have or have not responded to the sparq in which it was asked.

Now for some more detailed questions.

What information do we collect about you?

We have three sources of information about you:

  1. What you tell us about yourself, including your Personal Information (like your name or employee number) and demographic info (like your age, how long you’ve been at your company).

  2. Information we collect about your device(s) and your interaction with the platform, such as when and how you access the platform, what device and browser you use, etc. For more information on this, please see the last question below, on tracking technologies.

  3. Information others, such as your employer or colleagues, may provide about you (like what location or division you’re in).

Medallia, Inc. may receive Personal Information about you from corporate clients, including name, postal address (including billing and shipping addresses), telephone and fax number, email address, account ID, password and profile picture, social media account ID, surveys, and job-related human resources information (such as team structure, KPIs, functions, organizational structure and alignment) and demographic data including sensitive data volunteered by Participants in our services.

What do we do with the information we collect?

There are a number of reasons we may want data on you and your colleagues:

  • To provide you or your employer with information or services

  • To provide results of surveys to your employer (per the confidentiality levels that you designate)

  • To create and provide industry benchmark data

  • To process your registration to use our services, including verifying your information is active and valid

  • To improve our services or to customize your experience

  • To contact you with regard to your use of our services or regarding changes to our platform or policies

  • For internal business purposes

  • To forward the information to a consultant or executive coach (but only at your specific direction) or other person to whom you specifically instruct us to send the information

  • For purposes disclosed at the time you provide your information or as otherwise written in this Policy

Any Personal Information sent to us may be used by Medallia, Inc. and its agents for the purposes indicated in this Privacy Policy. To the extent we receive Personal Information about you from your employer, we use that information pursuant to written agreements and use that information as instructed by your employer. If we intend to use your information for a purpose that is incompatible with these purposes or if we intend to disclose it to a type of third party not previously identified, we will notify you and offer you the opportunity to opt out of such uses and/or disclosures where it involves non-sensitive information or opt-in where sensitive information is involved.

What if you want to review and correct the information that we have collected about you?

Upon receipt of your written request we will disclose to you the information that we hold about you. We will correct, amend or delete any information about you that is inaccurate and notify any third party recipients of the necessary changes. You may make such a request or update any information you have given to us by sending an email to privacy@medallia.com. Requests to delete Personal Information are subject to any applicable legal and ethical reporting or document retention obligations imposed on us.

Do we disclose information to Third Parties?

We will never sell, publish or share Personal Information you’ve entrusted to us, except for the cases detailed below or at your explicit direction. However, keep in mind that even within the bounds of our strict Privacy Policy, if you choose to provide information in anonymous survey comments that may lead to your ultimate identification (e.g. “As the youngest person on Joe’s team at Company X . . .”), then we are not responsible for such identification.

  • Your colleagues and your employer: Your colleagues and your employer are third parties in this case, and per the confidentiality and anonymity rules outlined in the table above, we will share your responses with them accordingly. This will mean that certain managers, team members, and colleagues who are also employed by your employer will be provided this information, which might include Personal Information. These individuals may often be part of your Human Resources organization. In addition, we will share with your employer information about whether or not your completed a given survey.

  • Aggregate data: Part of the advantage of being part of this platform is that the data we collect can be used to find trends, analyze situations, and learn more about how teams function. To that end, we may share with our customers, other third parties or the public aggregate score results that may also be tied to demographic or usage information. However, these results will not personally identify you or your employer, nor will they reveal or be linked to your Personal Information in any way when shared.

  • Third parties providing services on our behalf: Third party vendors that provide services such as data warehousing or hosting on our behalf may have access to your information, including Personal Information, to the extent that they need it to perform their jobs.

  • Legal reasons: There may be administrative or legal reasons for which we may access, use, preserve, transfer or disclose your Personal Information, such as to satisfy a law or subpoena, to investigate violations of our policies, to protect the rights, safety, property or security of any party involved, and to detect, prevent and address fraud, security or technical issues.

  • Business transfer: If there is a change in ownership of this company or its data, we will share and/or transfer the relevant data, including your Personal Information, to its new owners / managers.

What if you’re outside the US?

HuddleUp is operated in the United States. By using our services or providing us with any information, you consent to the transfer, processing, usage, sharing and storage of your information, including Personal Information, in the United States. This means that the data is subject to U.S. data protection and other laws, and may be subject to requests from governments, courts or law enforcement in the U.S.

If you are in a jurisdiction that requires it, upon written request, (1) we will remove your Personal Information from the Service and/or our database; and (2) you may access and/or request that any erroneous information about you be corrected. To make such a request, contact us at privacy@medallia.com.

We comply with the U.S.-EU Safe Harbor Framework and the U.S.-Swiss Safe Harbor Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information from European Union member countries and Switzerland. We have certified that we adhere to the Safe Harbor Privacy Principles of notice, choice, onward transfer, security, data integrity, access, and enforcement. To learn more about the Safe Harbor program, and to view our certification, please visit: http://www.export.gov/safeharbor/.

We will conduct periodic internal compliance audits of our relevant privacy practices to verify adherence to this Privacy Policy and the Safe Harbor Principles. We encourage you to raise any questions or concerns that you may have about the way we process your Personal Information by contacting us at the address set forth below.

Our adherence to the Safe Harbor Principles may be limited by any applicable legal, governmental, national security, regulatory, ethical or public interest consideration and as expressly permitted or required by any applicable law, rule or regulation. Examples of such limitations include, for example, exceptions to the opt-in requirements for Sensitive Personal Information as permitted by Commission Decision 2000/520/EC of 26 July 2000, exceptions to access as permitted by the Safe Harbor Principles, or other exceptions under applicable European Union member state law.

We are committed to resolving questions and complaints about your privacy and our collection or processing of Personal Information about you. If you believe that we are not complying with the terms of this Privacy Policy or the terms of the Safe Harbor Principles, you should first contact us at the address below, or by email at privacy@medallia.com. We will investigate and will do our best to internally resolve any complaints and disputes you bring to our attention regarding the use and disclosure of your Personal Information.

If you have utilized our dispute resolution process, but your complaint or dispute arising under the terms of the Safe Harbor Principles remains unresolved, we agree to refer your complaint under the Safe Harbor Principles to an independent dispute resolution mechanism. That independent dispute resolution mechanism is the International Centre for Dispute Resolution, operated by the American Arbitration Association. For more information and to file a complaint, you may contact the International Centre for Dispute Resolution at 1633 Broadway, 10th Floor, New York, NY 10019; Telephone: 01 212-484-4181; Fax 01 212-246-7274; or http://go.adr.org/safeharbor. For complaints or disputes involving an employee’s Personal Information, we have agreed to participate in the dispute resolution program provided by the European Data Protection Authorities Panel.

What about 3rd party Agents and Service Providers?

We sometimes contract with other companies and individuals to perform functions or services on our behalf. They may have access to Personal Information needed to perform their functions, but are restricted from using the Personal Information for purposes other than providing services for us or to us. Medallia, Inc. requires that its agents and service providers that have access to Personal Information enter into a written agreement with us that requires them to provide at least the same levels of privacy protection outlined in this Privacy Policy.

Is your account secure?

We have implemented reasonable physical, electronic, and administrative safeguards in an effort to protect and secure your Personal Information from loss, misuse and unauthorized access, disclosure, alteration and destruction, including risk assessments, protection measures, firewalls and access controls. However, the reality is that no information on the Internet can be guaranteed to be 100% secure. As a result, we strongly recommend you not share your password, and take precautions such as logging out and closing your browser window when you are done accessing the platform.

Do we guarantee data integrity?

We take reasonable steps to ensure that Personal Information we process is reliable for its intended use, accurate, complete, and current to the extent necessary for the purposes for which we use the Personal Information.

What sort of tracking technologies do we use?

We may use a variety of methods to collect usage information, which may include Personal Information. The main reasons we use these tools are as follows:

  • To enable you to access our services

  • To assess the performance of our platform for future improvement

  • To offer you enhanced functionality when accessing the platform (such as keeping track of your preferences or pre-populating your user name or email)

Be aware that these may set or change the settings or configurations on the device that you use to access the platform. A few of the tracking technologies we may use (but are not limited to) include the following:

  • Cookies – small data files placed on your device when you use our platform (Be aware that if you disable or remove cookies, the service may not function properly.)

  • Web beacons – invisible electronic images that may be used for a number of reasons, including, without limitation, to count visitors to the Service, to monitor how users navigate the Service, to count how many e-mails that were sent were actually opened or to count how many particular articles or links were actually viewed

  • Embedded scripts - programming code that is designed to collect information about your interactions with the platform, such as the links you click on

  • eTags – a form of device identifier

Various third parties are developing or have developed signals or other mechanisms for the expression of consumer choice regarding the collection of information about an individual consumer’s online activities over time and across third-party web sites or online services (e.g., browser do not track signals). Currently, we donot monitor or take any action with respect to these signals or other mechanisms.

So now that you’ve read this whole document, are we going to change it?

We do reserve the right to change our Privacy Policy at any time. However, if we make material changes, then we’ll let you know via email or a prominent notice on the platform itself.

Do you have questions about this privacy policy or our privacy practices relating to the Platform?

Please contact us at privacy@medallia.com.

Contact Information

If you have any questions regarding this Safe Harbor Privacy Policy, please contact us by email at privacy@medallia.com, or please write to the following address:

Medallia, Inc.
395 Page Mill Road, Suite 100
Palo Alto, CA 94306
Attention: Compliance Officer