Chemistry Website and Data Privacy
For information regarding Chemistry's approach to data privacy whenever providing services to clients, please see the below information:
Chemistry Services and Data Privacy
From a legal GDPR perspective, The Chemistry Group ('Chemistry') only operates as a Data Processor with it’s clients being the Data Controller. This is always confirmed in written agreements with our clients - either in the Master Services Agreement, Terms of Business, Statements of Work or Data Privacy Agreement between Chemistry and it’s clients.
This means that Chemistry is legally and commercially obliged to only do exactly what it is instructed to do by it’s clients with their data. Any Personally Identifiable (PI) data Chemistry collects while performing services for it’s clients can not be used by Chemistry for any purpose other than the purpose agreed with its clients. The data is never shared with 3rd parties without explicit instruction from our clients.
How Chemistry will use your data:
[Client] represents any of Chemistry’s clients
In the event that [Client] requires Chemistry to remove such personal information before the end of the provision of the services, [Client] will instruct Chemistry in writing confirming at what point in the licence period [Client] requires personal data to be anonymised by Chemistry AND as required during the period of the licence will provide employee performance data to Chemistry matched against a certificate ID supplied by Chemistry.
- Who is collecting my data ?
[Client] has contracted The Chemistry Group ('Chemistry') to collect the data, analyse and deliver, depending on the project, a combination of:
From a legal GDPR perspective, [Client] is the Data Controller and Chemistry are the Data Processor.
- Where is it being held ?
The Chemistry Group leverages either its own proprietary platform or a suitable sub-processor platform as appropriate to securely collect and store the data. All are hosted in EU Datacenters.
A full list of sub-processors can be found here: https://thechemistrygroup.com/sub-processors
- Who has access to it ?
Chemistry's Science team and members of the Project team working with [Client] have access. Chemistry's Science team will analyse the data, produce reports and aggregate insight summaries. If requested by [Client] - the individual reports will be delivered directly to the individuals and aggregate summaries presented back to [Client] stakeholders.
- How do I know that this data is not shared with other 3rd parties ?
As the Data Processor, Chemistry is solely working under the direction of [Client] and will not share any data with 3rd parties unless explicitly instructed to do so. It would be illegal for Chemistry to do so without instruction or prior agreement.
- What level of control do I have over the private data I am sharing with this company?
Personally identifiable (PI) data will be removed at [Client]'s request or at the termination of the contract between Chemistry and [Client]. If Chemistry receive a request from [Client] to delete an individual's data they will do so.
- Why can't this survey be done anonymously?
Chemistry has been instructed by [Client] to contact a named list of employees to invite them to the survey and to deliver a personalised report back to each individual.