Answering TeamReflect

Privacy

 

A description of how Human Factors AS collects and uses personal information when answering TeamReflect

 
This Privacy Policy is updated continuously and without further notice of changes. An overview of changes is available at: Changelog for privacy statement

 

The freemium version

No name or other personal information is requested here. No IP address is stored. GDPR therefore does not apply.
 
 

The paid version

Human Factors AS (“we”) is the data controller for the processing of personal data in connection with the TeamReflect® platform. This document explains what data we collect, how we use it, and what rights you have under the General Data Protection Regulation (GDPR).

 

1. Data Controller and Contact Information

 

Human Factors AS
Org. no: 965878467
Address: Lilleakerveien 8, 0283 Oslo, Norway
E-mail: office@human-factors.no
Phone: +47 22 42 30 30

 

2. Data Processors and Hosting

 

  • Group.one Norway AS: technical operations and e-mail delivery.
  • Easyfact AS: consulting services for development and maintenance.
  • Server location: Norway. No personal data is transferred outside the EEA.

 

3. Categories of Personal Data Processed

We process the following categories of data in TeamReflect:

 

  • Facilitator/Customer name and e-mail address (to provide login access to the admin interface).
  • E-mail addresses for team-members (for distribution of invitations, survey access, and delivery of results).
  • Survey responses (individual assessments of the team).
  • Derived results: each participant sees their own answers and the aggregated team profile.

 

4. Purpose and Legal Basis

We process personal data for the following purposes:

 

  • Facilitator/Customer administration (login and access to admin interface). Legal basis: GDPR art. 6(1)(b) – contract.
  • Inviting participants to surveys and distributing results. Legal basis: GDPR art. 6(1)(b) – contract.
  • Generating aggregated team results for use in team development and follow-up measurements (“pulse measurements”). Legal basis: GDPR art. 6(1)(f) – legitimate interest in improving team collaboration.
  • Research and product improvement (anonymous and aggregated data). Legal basis: GDPR art. 6(1)(f).

 

5. Data Access and Protection of Individual Results

 

  • Participants: Each participant has access to their own answers and the aggregated team profile.
  • Facilitator/Customer: Has access only to aggregated team results, not to individual responses.
  • Human Factors AS: May access facilitator information, participant e-mails, and aggregated team results for support and system maintenance.

 

6. Data Retention

Participant e-mail addresses and team results are stored for as long as the customer uses the service, as they may be relevant for follow-up (“pulse”) measurements over time.

There is currently no automatic deletion routine. Customers may contact us to request deletion of data.

E-mail logs (sender, recipient, server name) are stored for 14 days before being deleted.

 

7. Data Sharing

No personal data is shared with third parties beyond our data processors listed above.

 

8. Your Rights

You have the following rights under GDPR:

 

  • Right of access (art. 15)
  • Right to rectification (art. 16)
  • Right to erasure (art. 17) – unless retention is necessary for follow-up measurements or legal obligations
  • Right to restriction of processing (art. 18)
  • Right to data portability (art. 20)
  • Right to object (art. 21)
  • Right to withdraw consent (if processing is based on consent)
  • Right to lodge a complaint with the Norwegian Data Protection Authority (Datatilsynet)

We will handle your request as quickly as possible and no later than 30 days.

 

9. Security

We apply appropriate technical and organizational measures to protect your data, including restricted access, and administrative safeguards.

 

 

More information?

Click here to read our complete Privacy Policy document,