At Sideways 6, we treat your privacy seriously and only use your personal data to allow you to participate in idea campaigns run using the Sideways 6 platform, administer your account, give you product support as needed, and improve the Sideways 6 product.
We encourage you to read this page thoroughly and contact us at firstname.lastname@example.org in case of any queries.
We are Sideways 6 Ltd, the makers of the Ideas by Sideways 6 app for Microsoft Teams. You, the user of the app, are the data subject, and we act as the data processor. Your employer is the data controller.
We are processing your personal data on the basis of your consent. If we did not request consent, it was because you already gave consent for it to be collected and used in the course of your employment, or processing your data is necessary for the performance of your employment contract. This constitutes lawful basis for processing under the GDPR.
Sideways 6 has been certified by BSI to ISO/IEC 27001 under certificate number IS 719021. By operating our Information Security Management System and applying industry best practices, we ensure your personal data is protected from loss, disclosure to inappropriate persons, and unavailability.
Your personal data is stored encrypted on Microsoft Azure servers and is always transferred securely, protecting you against data breaches and disruption. The location of these servers varies depending upon our agreement with your employer. If you are unsure as to which data centres are being used for your data, please contact Sideways 6 support.
You have given your employer some data that is stored in their Azure Active Directory account. We collect the following Azure AD data from all participants (people that have submitted an idea through the app’s form, posted into a tracked channel or team, reacted to a tracked post, commented, or reacted to a comment) of idea management campaigns that include a Teams integration:
- Company email address
- First and last names
- Link to the employee’s Teams user profile and the associated User ID
- Any other personal data if revealed in employee posts or comments on Teams that are collected by ideas campaigns
This data is used to:
- Identify you and allow your employer to run ideation and innovation campaigns
- Personalise your Ideas by Sideways 6 experience by letting you save your preferences
- Send you automated and manual communications
- Request and collect more information about submitted ideas
- Allow your employer to run analytics on the performance of their idea campaigns
- Generate product usage analytics to improve your Ideas by Sideways 6 experience
- Meet audit log requirements set out in our agreement with your employer
- Provide product support when requested and notify you of any disruption
We will keep your personal data for the whole length of the engagement between your employer and Sideways 6, and up to 30 days thereafter. It is then deleted or anonymised.
To further process your data, we use third party product support and analytics tools like Intercom to enable us to react to Sideways 6 platform users’ questions and issues and continually improve the user experience. We host our platform and all data on third-party Microsoft Azure servers as well as use their Text Analytics API.
We use the following sub-processors to process your personal data:
- Microsoft Azure for IaaS cloud hosting and text analytics, covering all personal data processed as above. The Sideways 6 platform is run at the West Europe Microsoft Azure location. Data is also stored at the West Europe Microsoft Azure location in the Netherlands by default and does not leave the EU, but this may be changed to a different Azure Location on customer request. International data transfer bases are therefore dependent on the storage location chosen.
- Intercom for providing product support via in-app chat and email. Name and surname, email, and job title are processed. We also use Intercom to collect product feedback, serve Product Tours, and contact users to request feedback on existing and future functionality. Data is processed in the US and transferred under Standard Contractual Clauses.
- SendGrid for sending out emails from the Sideways 6 platform. Name, surname, and email are processed. Data is processed in the US and transferred under Standard Contractual Clauses.
- Sideways 6 Development OOO, a fully owned subsidiary of Sideways 6 Ltd based in Minsk, Belarus, for providing product support including investigation of issues, in the course of which all personal data listed above may be accessed.
Data is transferred under Standard Contractual Clauses, and our Minsk and London offices share the same company policies, ensuring that Sideways 6 Development is bound by the same information security and data privacy obligations as the parent company.
At the moment, Sideways 6 does not carry out any profiling in relation to campaign participants.
Under the General Data Protection Regulation, you have a right to:
- Be notified within 72 hours of a data beach concerning your data. We will notify our customers within 12 hours if we discover a data breach to allow them to inform the relevant data subjects in a timely manner.
- Access what and how your personal data is being processed and request a copy of it. You can do this by contacting us at email@example.com.
- Be forgotten if your data is no longer relevant to its original purpose. For such requests, you may contact us at firstname.lastname@example.org.
- Get a copy of your data that we store in a portable (easy to use elsewhere) format. We can provide a copy of the data in XLS/CSV format if requested at email@example.com.
- Have a record of your personal data be corrected in case of errors or inaccuracies. To do this, you may contact your (potentially former) employer directly, Sideways 6 Support, or firstname.lastname@example.org.
- Complain to the GDPR supervisory authority appointed by your EU member state or the UK if you believe your rights are being encroached.
We will respond to a data subject access request within one calendar month.
We do not process or control data belonging to special categories, like health information or political views, unless manifestly revealed by the employee as part of their campaign activity to the internal public, which is an exception that allows for processing them under the GDPR.
The California Consumer Privacy Act takes the position that consumers own their data and provides them with five general rights regarding their PII. California-based consumers therefore have the right to:
- Know what personal information is collected about them.
- Know whether and to whom their personal information is sold/disclosed, and to opt-out of its sale, where sale means any transfer in exchange for a monetary or other compensation. We will never sell your data.
- Access their personal information that has been collected over the last 12 months. Once the request is made, businesses must disclose the requested information free of charge within 45 days. We can provide a copy of the data in XLS/CSV format if requested at email@example.com.
- Have a business delete their personal information, excluding information under legal hold (until the matter is adjudicated or until the hold is released) and for information that must be retained per legal or regulatory recordkeeping requirements. If a data deletion request is made by emailing firstname.lastname@example.org, we will delete all data that pertains to you not related to the subject your employment or as is otherwise legally required.
- Not be discriminated against for exercising their rights under the CCPA.