At Sama, our mission is to elevate employee engagement by providing access to quality professional coaching to every employee on earth. We are also passionate about privacy. We strive to comply with the General Data Protection Regulation (GDPR), the Data Protection Act 2018 (DPA), the California Consumer Privacy Act (CCPA) and to be market leaders when it comes to coaching and privacy.
This policy explains how we use your personal data. We want to help you understand how we work with your data, so that you can make informed choices and be in control of your information. We inviteyou to spend a few moments understanding this policy. We may update this policy from time to time and, if we make any material changes, we will notify you when we do so. We will provide you with the opportunity to review such changes. By continuing to use our products and services after the changeshave been made and we have notified you of them, the way we use your personal data will be subjectto the terms of the updated policy.
This policy explains how we use your personal data for our coaching services and products. It also governs the use of your data through our App, or any of our websites (and any reference to our App inthis policy shall also include a reference to our websites).
This policy covers:
- 1. Who we are;
- 2. What personal data we hold and how we get it;
- 3. What we use your personal data for;
- 4. Sharing your personal data;
- 5. Retention;
- 6. Data security and transfers; and
- 7. Your rights.
If you have any further questions about how we process your information, please don’t hesitate to get in touch by contacting our Data Protection Representative: DPO@sama.io.
1. Who we are
Our services are delivered by Sama Europe Ltd registered in England (number 12526304). The registered office is 71-75 Shelton Street, London, WC2H 9JQ.
When this policy talks about ‘Sama’, ‘us’ or ‘we’, it means Sama Europe Ltd. We may provide your data to other companies within our corporate group.
If for example, you would like to access your data, Sama Europe Ltd is the entity to which you would make such a request.
2. What personal data we hold and how we get it
The data we process (collect, use, and share) about you depends on who you are and how we interact with you. We can use the following categories of personal data:
When you register with us, you complete forms and provide us with basic information about yourself, such as your name, date of birth, country of residence, professional industry, function and level. You are responsible for the accuracy of the information that you provide to us.
The main type of information we hold about you is: information about the reason to seek coaching, and progression. This includes details of your consultations with our coaches, and interactions with our digital services. Your interactions with our digital services may be shared with our coaches, in order to provide you with a better experience and for the purposes of providing you coaching.
We get some of this information directly from you, when you register with us and when you use our services. We do not collect data about you from publicly available sources.
We retain recordings of our consultations and interactions with you. To monitor our service quality, we may retain records of when you contact our support teams via email, phone or otherwise on the App. Recordings are held securely in accordance with our retention policy. You can access recordings or transcripts of your consultations or interactions with us (depending on the format) for a limited time through the App or from us. Please refer to the ‘Retention Periods’ section of this policy.
Technical information and analytics
When you use our App or visit our website, we may automatically collect the following information where this is permitted by your device or browser settings:
- technical information, including the address used to connect your mobile phone or other device to the Internet, your login information, system and operating system platform type and version, device model, browser or app version, time zone setting, language and location preferences, wireless carrier and your location (based on IP address); and
- information about your visit (such as when you first used the App and when you last used it, and the total number of sessions you have had on that App), including products and services you viewed or used, App response times and updates, interaction information (such as button presses or the times and frequency of your interactions with the communications we deliver toyou in the App or otherwise) and any phone number used to call our customer service number.
We may work with partners who provide us with analytics and advertising services (for our services only and not for third party advertising). This includes helping us understand how users interact with our services, providing our advertisements on the internet, and measuring performance of our services and our adverts. Cookies and similar technologies may be used to collect this information, such as your interactions with our services. You can prevent the setting of cookies by adjusting the settings on your browser or your mobile phone.
Sama Europe Ltd will not use your data for automated decision making other than when we may use the Sama matching algorithm for matching your requirements with the best available coach. This enables you to get the best possible service from us.
You may choose to consent to our use of these technologies, reject non-essential technologies, or further manage your preference with our cookie preferences or by submitting a request via our Do Not Sell My Personal Information form.
3. What we use your personal data for
The purposes for which we use your personal data and the legal grounds on which we do so are as follows:
Providing you a service
- We obtain and use your personal details in order to establish and deliver our contract with youand (if applicable).
- We obtain and use your information because this is necessary for coaching purposes, including diagnosis and the provision of coaching services. This includes the information collected through our consultations with you (such as notes and recordings). It may also include sharing information with other Sama Coaches as necessary for the provision of services to you.
- We do not sell your data to any third party provider.
Making professional coaching accessible
- Where you have provided your explicit consent, we will use your information (always having removed personal identifiers, such as your name, and contact details) to improve our products and services, so that we can deliver better services to you and other Sama users, and help achieve our aim of making professional coaching affordable and accessible to every employee. Strict confidentiality and data security provisions apply at all times. This consent relates to information that can identify you.
Keeping you up to date
- We use your email address, phone number and/or details to contact you or present you with occasional updates and marketing messages where you have not opted out, based on our legitimate interest in marketing our services to you and subject to your right to opt out at any time.
- As part of providing you with high quality professional coaching services, we may contact you by SMS, email and/or other means to offer you helpful information or invite you to make appointments, use training modules or other Sama resources.
- Based on our legitimate interest in managing and planning our business, we may analyse data about your use of our products and services to troubleshoot bugs within the App or our website, forecast demand of service and to understand other trends in use, including which features users use the most and find most helpful, and what features users require from us. This does not involve making any decisions about you that would have a significant legal effect on you – it is only about improving our App so that we can deliver better services to you. Strict confidentiality and data security provisions will apply at all times
- Where necessary, we may need to share personal details for the purposes of fraud or unlawful behaviour prevention and detection, or when there is evidence of serious danger or harm to be incurred if the information is not shared.
- We also store your information, such as notes from consultations, recordings of our consultations with you as well as your interactions with our digital services including interactions with our live chat services, support services, use of Sama tools, for safety, regulatory, and compliance purposes.
- Where necessary for safety, regulatory and/or compliance purposes, we may audit consultations and your other interactions with our services. Strict confidentiality and data security provisions will apply at all times to any such audit and access.
4. Sharing your personal data with others
- We may share your personal data with members of our corporate group and our partners. This is to help us deliver our services to you.
- We may share your personal data with companies we have hired to provide services on our behalf, including those who act as data processors on our behalf, acting strictly under contract in accordance with Article 28 GDPR. Those data processors are bound by strict confidentialityand data security provisions, and they can only use your data in the ways specified by us.
- Where you access our services through any of our commercial partners (including your employer) we may share with such partner your name, and the fact you have registered/used the service (and any other similar information). We will not without your consent share any details relating to the content of your consultation with us.
- We may display on our website or share with our commercial partners aggregated and anonymised data that does not personally identify you, but which shows general trends, for example, the number of users of our service.
5. Retention periods
Your personal information will be erased or restricted as soon as the purpose of its retention has beenaccomplished. Additional retention may occur if it was provided for by the UK regulations, law, or otherrelevant regulations to which the data controller is subject. Restriction or erasure of the data also takes place when the storage period stipulated by these standards expire, unless there is a need to prolong the storage of the information for the purpose of concluding or fulfilling our services for you.
6. Data storage, security and transfers
We do not store your personal data on your mobile device. We store all your personal data on secure servers.
Where you have chosen a password that enables you to access certain parts of our App, you are responsible for keeping this password confidential. We ask you not to share the password with anyone.
We do not store any credit or debit card information. Payments are processed via a third-party payment provider that is fully compliant with Level 1 Payment Card Industry (PCI) data security standards. Any payment transactions are encrypted using SSL technology.
Your data may be processed or stored via destinations outside of the UK and the European EconomicArea (EEA), but always in accordance with data protection law, including mechanisms to lawfully transfer data across borders, and subject to strict safeguards. For example, we work with third parties who help deliver our services to you, whose servers may be located outside the UK or EEA. For further information on the safeguards we take if we transfer data outside of the EEA, contact DPO@sama.io.
7. Your rights
As indicated above, whenever we rely on your consent to process your personal data, you have the right to withdraw your consent at any time.
You also have specific rights under the GDPR and DPA to:
- wherever we process data based on your consent, withdraw that consent at any time. You can do this via the privacy section of our App;
- understand and request a copy of information we hold about you. For other information, you can make a request by email;
- you may choose to consent to our use of these technologies, reject non-essential technologies, or further manage your preference with our cookie preferences or by submitting a request via our Do Not Sell My Personal Information form;
- ask us to rectify or erase information we hold about you, subject to limitations relating to our obligation to store records for coaching diagnoses and services for required periods of time;
- ask us to restrict our processing of your personal data or object to our processing; and
- ask for your data to be provided on a portable basis.
Complain to a supervisory authority, without prejudice to any other administrative or judicial remedy, if you believe that the processing of the personal data concerning you violates the GDPR or the CCPA, as applicable depending on your residency. The supervisory authority to which the complaint has been submitted shall inform the complainant of the status and results of the complaint, including the possibility of a judicial remedy pursuant to Art. 78 GDPR.
You may also contact the Information Commissioners Office (the data protection regulator in the UK): Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, telephone: 0303 123 1113 (local rate), or your local data protection authority.
For any questions or concerns, you can contact us by sending an email to DPO@sama.io.
You can also contact our third party Data Protection Officer at firstname.lastname@example.org.