Skip to content
651cbde826dc18be637fc1e6_Hero Bkg

RippleWorx Privacy Policy

Effective Date: April 22, 2024

RippleWorx is a people analytics platform that helps gain an accurate understanding of our customers’ talent. Our Services are designed to help enable our customers to track and analyze employee performance and retain top talent. This Privacy Notice describes how RippleWorx (“our,” “we”) collects, uses, and shares personal information via its website, online services, and dashboard and mobile application (collectively, our “Services”). This Notice applies to all information provided, transmitted, or submitted through our Services, and it also describes the choices we offer with respect to such data.  We collect information you choose to give us and other information that may be automatically collected from your use of our Services, including from your device. We use that information to operate our business, and for a variety of other purposes set forth below. This Privacy Notice does not apply to third parties or their services, and we are not responsible for our customers’ or other third parties’ privacy practices. This Privacy Notice does not apply to information that cannot be identified to any individual, household, or their devices. If you are an individual or vendor who provides information to a business that uses our Services, you should refer to that business to understand their privacy practices.

Information We Collect

To provide our Services, we collect data by which you may be personally identified. We may also collect information about the devices and equipment you use to access ourServices, including usage data.

We collect this information from a variety of sources, including:

  1. Directly from you when you provide it to us, including when you or your employer enrolls in our Services.
  2. Automatically as you utilize the Services.
  3. From third parties, including analytics providers.

Information directly from you or your employer. The information we collect from you on our Services may include information that you provide directly to us, including a unique identifier, your name, email address, employee identification number and other business contact information. The information we receive from your employer through the Services may include employment details, work history, performance reviews and indicators, educational background, and communications between you and your employer. If you are a user concerned about what information your employer is providing and their data practices, you should contact your employer and/or refer to their privacy notice to understand how they use your data.

Information we collect through automatic data collection technologies. We may collect data regarding your use of our Services through cookies, web beacons, and other automatically collected information. This data may include your IP address, date and time you access our Services and the pages and content you access during your visit, websites that you link to or from, emails from us that you open, and the links you click on within those emails. We may also collect information from your mobile device or your computer about how you interact with our Services, including IP address, operating system, and browser type. This information helps us address customer support issues, provide you with a personalized experience, prevent fraudulent use of our services, and manage the Services we provide you, including gathering aggregated data about engagement. Cookies are small identifiers sent from a web server that are stored on your device for the purpose of identifying your browser or storing information or settings in your browser. Cookies may also be used to personalize your visit by storing your preferences or displaying content based upon what you have viewed through our Services and other websites. Web beacons or pixel tags connect web pages to web servers and their cookies. We and others may use these and similar technologies on our services and other websites. [Our Services may enable us to track and understand your movement across devices (e.g., website and mobile application).]

Other parties may collect personally identifiable information about your online activities over time and across third-party websites when you use our website or Services. We do not respond to “do not track” signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personally identifiable information about an individual consumer’s online activities overtime and across third-party websites or online services.

Information we collect from third party sources. We may collect additional information from third-party analytic services who help us better understand our contacts, including advertisers, ad networks and servers, content providers, and application providers. These third parties may provide us information both in connection with our Services and through tools they use to collect information about you when you use our Services. The information they collect may be associated with your personal information or they may collect information about your online activities overtime. They and we may use this information to provide you with interest-based advertising or other targeted content, and for other purposes (such as to better understand our Services’ audience).  

When you visit or log in to our website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email or home address. We (or service providers on our behalf) may then send communications and marketing to these email or home addresses. You may opt out of receiving this advertising by visiting https://app.retention.com/optout

How We Use Information We Collect

We may use data we collect for a variety of purposes, including the following:

  1. To provide, maintain, analyze, customize, measure and improve our Services.
  2. To provide customer support.
  3. To communicate with you, including telling you about and administering our Services.
  4. To monitor and enforce our legal terms or similar terms.
  5. To comply with law and satisfy our regulatory compliance obligations.
  6. To detect and prevent fraud and other prohibited, illicit or illegal activity.
  7. For other purposes permitted by law or to which you consent.

Please note that we may combine the information we gather about you in identifiable form, including information from third parties. We may use this information, for example, to improve and personalize our services, content and advertising.

How We Use Your Information in the EU

RippleWorx handles and processes all data in reliance and accordance with the EU-US Data Privacy Framework (DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF.

If you are a resident of this EU, this section applies to you. The legal bases for which we collect, use, transfer or disclose your personal information include (i)where we have your consent, (ii) where we need to perform the contract we are about to enter into or have entered into with you, (iii) our legitimate interests; and (iv) where we need to comply with a legal obligation.

Please note that if you choose to withdraw your consent, you may not be able to participate in or benefit from our programs, services and initiatives for which you provided consent.

We may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data as outlined above. We also may use the information we obtain about you in other ways for which we provide specific notice at the time of collection.

Under some legislations we may be allowed to process information until you object to such processing by opting out, without having to rely on consent or any other of the legal bases above.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose. If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.

All personal information is maintained according to our information security policy. Your personal information will not be stored for longer than necessary for the purposes for which they were collected, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or to defend against legal claims.

To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

We will take into account the length of time your personal data is required to:

  1. Continue to develop, tailor, upgrade, and improve our Services;
  2. Maintain business records for analysis and/or audit purposes;
  3. Comply with record retention requirements under the law;
  4. Defend or bring any existing or potential legal claims; or
  5. Address any complaints regarding the Services.

Please note our current policies regarding retention periods:

  1. We will retain government data as defined in our customer contract;
  2. Personal health or HIPAA protected data will be retained for seven years; and
  3. our current policies require deleting all other customer-provided data within 3 months after contract cancellation.

We may further retain data to defend against legal claims or protect our legal or security interests or those of others, or as permitted by law.  We may use any aggregated data derived from or incorporating your Personal Information after you update or delete it, but not in a manner that would identify you personally. Once the retention period expires, personal information shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification, and the right to data portability cannot be enforced after the expiration of the retention period.

EU Data Protection Authorities

RippleWorx agrees to cooperate with the EU data protection authorities (EU DPAs) under the EU-U.S. DPF, the UK Information Commissioner’s Office (ICO) and the Gibraltar Regulatory Authority (GRA) under the UK Extension to the EU-U.S. DPF, and the Swiss Federal Data Protection and Information Commissioner (FDPIC) under the Swiss-U.S. DPF and have the EU DPA panel, the UK ICO and the GRA, or the Swiss FDPIC serve as the independent recourse mechanisms.

RippleWorx, Inc agrees to renew its commitment on an annual basis in cooperation with the EU-U.S. DPF and, as applicable, the UK Extension to the EU-U.S. DPF, and/or the Swiss-U.S. DPF to handle and process human resources data.

RippleWorx adheres to the EU-U.S. DPF Principles and the Swiss-U.S. DPF Principles, and further agrees the US Federal Trade Commission has jurisdiction to investigate claims against our organization regarding possible unfair or deceptive practices and violations of laws or regulations covering privacy.

RippleWorx complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. RippleWorx has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. RippleWorx has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit https://www.dataprivacyframework.gov/

As an individual residing in the US, EU, or Switzerland, you have the possibility to invoke binding arbitration under certain conditions. RippleWorx is obligated to arbitrate claims and follow the terms as set forth in Annex I of the DPF Principles, provided that an individual has invoked binding arbitration by delivering notice to your organization and following the procedures and subject to conditions set forth in Annex I of Principles.

RippleWorx is liable in cases where personal information is transferred to a third party, and agrees to comply with the Accountability for Onward Transfer Principle and the Notice and Choice Principles set forth in the DPF Program.

How We Secure Information

We are committed to maintaining measures to protect the security of your information. Of course, despite these measures, no network or system is ever entirely secure and we cannot guarantee the security of networks and systems that we operate or that are operated on our behalf.

How We Share Information

We may share your information with third parties as permitted or required by law or as directed or authorized by you. Our customers collect your information through our Services and may use that information for their own purposes. To learn more about their information use and sharing practices, you should contact them. We may share information about you:

  1. With service providers and vendors who support our business or provide services to us, including those who help to operate our Services.
  2. With our professional advisors who provide legal, compliance, accounting, banking, or consulting services.
  3. In order to comply with our legal obligations or to protect our interests, property or legal rights, or those of our customers or third parties.
  4. With law enforcement, officials, or other third parties when we are compelled to do so by a subpoena, court order, or similar law enforcement request, or when we believe in good faith that the disclosure of personal information is necessary to prevent physical harm or financial loss, to report suspected illegal activity, or to investigate violations of this Privacy Notice or other applicable terms.
  5. With companies or other entities in connection with, or during the negotiation of, any merger, sale of company stock or assets, financing, acquisition, divestiture or dissolution of all or a portion of our business.
  6. For other legal purposes, such as to enforce our terms and conditions, or to exercise or defend legal claims.
  7. With your direction or consent.

International Data Transfers

We currently host our Services in the United States and the European Union for customers located in those jurisdictions and do not transfer personal information between those hosting locations except where it is subject to the standard contractual clauses provided by the European Commission or another permissible method of compliance providing an adequate level of protection.

Please note that our website is hosted in the United States. By interacting with our website and providing personal information to us through it, you are consenting to the transfer of that personal information into the United States.

What Choices Do I Have?

Update personal information. If you are a business client or employee of our client and you have an account with us, you may update any of your personal information by logging into your account directly.

Marketing communications. You may receive marketing information from Rippleworx, including updates from our blog. You may opt out of receiving marketing emails, by following the unsubscribe link in each email, or by contacting us at support@rippleworx.com. Please note that you may continue to receive non-marketing emails from us after you opt-out.

Cookies. You have a number of choices regarding certain cookies. Most web browsers automatically accept cookies, but you may modify your browser’s setting to notify you of cookie placement or decline cookies. If you choose to decline cookies, certain features of our website may not function properly as a result.

Your Rights as an EU Resident

If you are an EU or UK resident, you have certain rights in respect of the information that we hold about you. Below is a short overview of those rights:

  1. You have the right to a copy of the personal data that we hold about you.
  2. You have the right to have the personal data we hold about you corrected if it is factually inaccurate. This right does not extend to matters of opinion, such as views expressed in editorial content (such as on our blog).
  3. You have the right to have personal data that we hold about you erased (the “right to be forgotten”).
  4. You have the right to object to our processing of your personal data where we rely on “legitimate interests” as our legal basis for processing.
  5. If we are processing your personal data on the basis of your consent, you have the right to withdraw that consent at any time, in which case we will stop that processing unless we have another legal basis on which to continue.

Our platform and service as provided to our business customers enables businesses to analyze their workforces, including through intelligent, automated algorithms that consider sentiments. You have a right not to be subject to decisions based solely on automated decision making, including profiling, which produce legal or similarly significant effects. If you are an EU or UK resident employee of our customer, you should contact your employer if you want to understand their use of our platform or exercise these rights.

You have the right to complain about data privacy matters to the relevant data protection regulator in your country of residence. We invite you to raise your concerns with us first, so that we can try to resolve them.

Updates to Our Privacy Notice

We may update this Privacy Notice from time to time in order to provide clarification or notice of changes to our practices. If we make changes, we will revise the Effective Date at the top of this Privacy Notice. Changes to this Privacy Notice will be effective once they are posted unless otherwise indicated.

Contact Information

If you have any questions or concern about this privacy notice or the privacy practices at RippleWorx, please contact us at support@rippleworx.com.

RippleWorx, Inc.
104 Jefferson St. Suite 100
Huntsville, AL 35801