Terms & Policies

Privacy Policy for Ideas by Sideways 6

At Sideways 6, we treat your privacy seriously and only use your personal data to help you run idea campaigns by providing you with access to the Sideways 6 platform, administer your account, give you product support as needed, and improve the Sideways 6 product.  

We encourage you to read this page thoroughly and contact us on privacy@sideways6.com in case of any queries. We are Sideways 6 Ltd registered office 21 Downham Road, London, N1 5AA, the makers of the Sideways 6 idea management platform. You, the user of the Sideways 6 platform, are the data subject, and we act as the data processor. Your employer is the data controller.  

Sideways 6 has been certified by BSI to ISO/IEC 27001 under certificate number IS 719021. By operating our Information Security Management System and applying industry best practices, we ensure your personal data is protected from loss, disclosure to inappropriate persons, and unavailability. This policy was updated as of 22nd March 2023. 


1. What do we collect? 

The following Sideways 6 user personal data is processed for all users with an account in the Sideways 6 platform:  

  • Company email address  
  • First and last names  
  • Profile picture you upload into Sideways 6  
  • The IP address of the computer(s) you use to connect to Sideways 6  
  • Unique user and computer identifier in the form of a browser cookie  
  • The date and time of your first and latest login and activity 


2. How do we get your data? 

We do not explicitly request your consent as data subjects to collect data, because you already gave consent for it to be collected and used in the course of your employment, or processing your data is necessary for the performance of your employment contract.   

This constitutes lawful basis for processing under the General Data Protection Regulation (GDPR).  


3. Why do we have your data? 

We collect data on behalf of your employer to use our tool for the purposes of personalising your experience of the Sideways 6 platform, perform analytics, run analytics and general set up of profiles on the platform.  

To further process your data, we use third party product support and analytics tools like Intercom to enable us to react to Sideways 6 platform users’ questions and issues and continually improve the user experience. We host our platform and all data on third-party Microsoft Azure servers as well as use their Text Analytics API.  


4. How do we use your data? 

Under the UK General Data Protection Regulation (UK GDPR), the lawful bases we rely on for processing your information is that we have a contractual obligation. However, if we were a data controller we would rely on your consent and as such you have the right to remove your consent at any time. In this instance you can do this by contacting your employer.  

Sideways 6 will use this data to:  

  • Allow your employer to run analytics on the performance of your idea campaigns  
  • Set up your Sideways 6 account and provision platform access  
  • Authenticate you by using your company email address as a unique identifier  
  • Personalise your Sideways 6 experience by letting you save your preferences  
  • Carry out product satisfaction surveys to help us improve the platform  
  • Generate product usage analytics to improve your Sideways 6 experience  
  • Meet audit log requirements set out in our agreement with your employer  
  • Provide product support when requested and notify you of any disruption  
  • Give you updates about improvements made to the product via email or in-app  

We use the following sub-processors to process personal data:  

Microsoft Azure for IaaS cloud hosting and text analytics, covering all personal data processed as above. The Sideways 6 platform is run at the West Europe Microsoft Azure location. Data is also stored in the West Europe Microsoft Azure location in the Netherlands by default and does not leave the EU, but this may be changed to a different Azure Location on customer request. International data transfer bases are therefore dependent on the storage location chosen. The Azure Online Services Terms, however, incorporate the Standard Contractual Clauses. Microsoft Azure holds a number of security certifications and attestations, including ISO 27001.  

Intercom for providing product support via in-app chat and email. Name and surname, email, and job title are processed. We also use Intercom to collect product feedback, serve Product Tours, and contact users to request feedback on existing and future functionality. Data is processed in the US and transferred under Standard Contractual Clauses, which form part of the Data Processing Addendum signed by both Sideways 6 and Intercom. Intercom hold a SOC 2 Type II attestation.  

Twilio SendGrid for sending out emails from the Sideways 6 platform. Name, surname, and email are processed. Data is processed in the US and transferred under Standard Contractual Clauses, which are part of the Data Protection Addendum, incorporated into the Twilio Terms of Service by reference. SendGrid hold a SOC 2 Type II attestation.  

Mixpanel for product analytics and insights in our Ideas by Sideways 6 Teams App and the core Sideways 6 platform. Name, surname, and email are the personal data processed. Data is hosted in the US, may be accessed in the US, EU, and elsewhere, and is transferred under Standard Contractual Clauses, which are part of the Data Protection Addendum, incorporated into the Mixpanel Terms of Use by reference. Mixpanel hold a SOC 2 Type II attestation.  

The Sideways 6 internal Anonymous User ID of users of the platform is also passed to other analytics tools used to help us understand user behaviour, including Hotjar and Google Analytics. This does not fall under personal data. At the moment, Sideways 6 does not carry out any profiling in relation to campaign participants or platform users.  


5. How do we store your data? 

Your information is securely stored. All the data we collect is stored encrypted on Azure servers. The location of these servers varies depending upon our agreement with your employer. If you are unsure as to which data centres are being used for your data, please contact  support@sideways6.com or use the in-app chat.  

We will keep your personal data for the whole length of the engagement between your employer and Sideways 6, and up to 30 days thereafter where it is deleted automatically. Your personal data is always transferred securely, protecting you against data breaches and disruption.  

We store your data on both MongoDB and SQL databases for a period of 1 year and 7 days respectively before they get autodeleted. We do not overwrite our backups, instead we have set up an autodeletion. 


6. What are your rights? 

Under the General Data Protection Regulation (GDPR), you have a right to:  

  • Be Informed – you will be notified within 72 hours of a data beach concerning your data. We will notify our customers within 12 hours if we discover a data breach to allow them to inform the relevant data subjects in a timely manner.  
  • Access – you have access to what and how your personal data is being processed and request a copy of it. You can do this by contacting us at privacy@sideways6.com 
  • Erasure – you can be forgotten if your data is no longer relevant to its original purpose. For such requests, you may contact us at privacy@sideways6.com.  
  • Data Portability – you can get a copy of your data that we store in a portable (easy to use elsewhere) format. We can provide a copy of the data in XLS/CSV format if requested at privacy@sideways6.com.  
  • Restriction of processing - you have the right to ask to restrict the processing of your personal information in certain circumstances. To do this, you may contact your (potentially former) employer directly, Sideways 6 Support, or privacy@sideways6.com.  
  • Automated decision-making – you have the right not to be subject to a decision based solely on automated means, if the decision produces legal effects concerning you or significantly affects you in a similar way. 
  • Rectification - have a record of your personal data be corrected in case of errors or inaccuracies. To do this, you may contact your (potentially former) employer directly, Sideways 6 Support, or privacy@sideways6.com.  


7. How to complain 

Complain to the GDPR supervisory authority appointed by your EU member state or the UK if you believe your rights are being encroached.  

We will respond to a data subject access request (SAR) within one calendar month. If you would like to exercise any of these rights and need more information, please contact us on privacy@sideways6.com 

You can also complain to the ICO if you are unhappy with how we have used your data. 

The ICO’s address:             

Information Commissioner’s Office 
Wycliffe House 
Water Lane 
SK9 5AF 

Helpline number: 0303 123 1113 

ICO website: https://www.ico.org.uk 

We do not process or control data belonging to special categories, like health information or political views, unless manifestly revealed by the employee as part of their campaign activity to the internal public, which is an exception that allows for processing them under the GDPR.