20 Rock Privacy Policy

Updated 22nd July 2019

This Policy covers the following:

  1. Who are 20 Rock?
  2. Information we may collect from you
  3. How do we process and store information?
  4. 20 Rock Website
  5. Third party links and services
  6. Retention and the deletion of your data
  7. Your rights to your data
  8. Privacy policy changes
  9. How do you contact us?

This Policy applies to all of the personal data we collect about you, including information collected at events on www.20-rock.com and any other websites (including mobile access) where this policy is linked to; all of which are referred to as the ‘website’ in this policy.

20 Rock, and its owners, recognise the importance of protecting our users’ privacy. We may occasionally amend this Policy. Any new policy will automatically be effective when it is published on the Website. You should therefore return here regularly to view our most up to date Policy. You should also print a copy for your records.

1. Who are 20 Rock?

20 Rock, and the 20 Rock website, (www.20-rock.com) are jointly owned by Caboo Learning Limited and The Authentic Space LLC (DBA 20 Rock). Caboo Learning Limited is incorporated in the UK and the operating office is 2 Florence Villas, 16 Warwick Place, Leamington Spa, CV32 5VJ, UK. The Authentic Space LLC is incorporated in California, USA and the operating office is 2101 Hope Lane, Redding, CA 96003 USA.

We refer to 20 Rock, together with its entities, as “we”, “us” or “our” in this Policy.

2. Information we may collect from you

Our primary purpose in collecting your personal data is to provide you with the services you request, and to support those same services. We may use your personal data for the following purposes:

2.1. Marketing Communications

If you have given permission, we may contact you about any of the following:

2.1.1. Provide the information, services or support you request.
2.1.2. Contact you from time to time with marketing communications.
2.1.3. Information about our industry research; and/or.
2.1.4. Events.

In compliance with the CAN-SPAM Act, GDPR, and CASL all email sent from our organization will clearly state who the email is from and provide clear information on how to contact the sender. In addition, all email messages will also contain concise information on how to remove yourself from our mailing list so that you receive no further email communication from us.

We are committed to keeping your information confidential. We do not sell, rent or lease data to third parties, and we will not provide your personal information to any third-party individual, government agency or company at any time unless compelled to do so by law. We will use your email address solely to provide timely information about 20 Rock, its programs and services.

You should have a prior relationship with the person receiving your email. If you prefer not to receive any direct marketing communications from us, you can opt out at any time by emailing hello@20-rock.com.

2.2. Learning & Development

2.2.1. Questionnaires – During our learning and development programmes and supporting activities we will often ask participants to give feedback and/or measure the success of a programme. Questionnaire responses are voluntary and are recorded anonymously, unless you are specifically requested to identify yourself at the beginning of the questionnaire.

2.2.2. Profiling Tools – Some of our programmes utilise 3rd party profiling tools such as Hogan, TotalSDI, StrengthsFinder, etc. to help develop participant awareness; in turn these tools are debriefed via coaching or face-to-face learning sessions. All tools are completed voluntarily by the participant via 3rd party websites.
Documents mentioned above held using cloud services will be password protected. If coaching documents are printed, or are held physically, they will be secured when not being used.

2.2.2. Coaching – We capture specific information in relation to the coaching relationship; where that relationship is defined as being between the coach and coachee. Data held is designed to maximise the benefit to the person being coached, and where applicable their organisation. The person being coached will be made aware of the information being held, how it is being held and the policies we observe. Data captured in relation to coaching can include:

2.2.3.1. Basic contact details to allow us to remain in touch over the duration of the coaching sessions.

2.2.3.2. Question and questionnaire responses to gauge areas such as what someone wants to achieve from their coaching, how they want to work with their coach, information to help them identify the values and satisfaction with the coaching itself.

2.2.3.3. Basic notes on the actions the coachee has committed to complete.

2.2.3.4. Short descriptions of coaching session themes. This data is captured to allow corporate clients to plan ongoing staff support and the direction of their company’s future learning and development interventions. Session theme descriptions, and the capture of those descriptions, are agreed with the person being coached before submission to the corporate client.

2.2.3.5. Coaching session recordings for quality control and the ongoing personal development of the coach e.g. as part of a mentor coaching relationship, or as part of renewing, or applying for, coaching accreditation or certification. Coaching sessions will only be recorded with the express permission of the person being coached; whom having given signed consent, may withdraw their consent at any time to use the recording where upon the recording will be immediately deleted.

A person being coached may at any time request their notes, or ask for them, or any data associated with their coaching to be deleted. The only exception to this is where it may be required to be held for legal reasons.
Documents mentioned above held using cloud services will be password protected. If coaching documents are held physically, they will be secured when not being used.

2.3. General

The follow items relate to our day to day business activities allowing us to best serve our current and future clients.

2.3.1. Direct clients of 20 Rock (individuals or companies paying for 20 Rock services) and supplier will have basic contact information recorded in our accountancy software to manage our relationship with you and to carry out any related administration.

Occasionally, or when specifically requested, we may need to:

2.3.2. Compare information for accuracy and verify it with third parties.

2.3.3. Detect, investigate and prevent activity we think may be potentially illegal, unlawful or harmful and to enforce our Policy.

2.3.4. Track the areas of our Site you visit, the amount of time you spend and the date and time you access our Site.

3. How do we process and store information?

We share your information with third parties who help deliver our services to you. Examples include hosting our web servers, analysing data and cloud storage. These companies will have access to your personal information as necessary to perform their functions, but they may not use that data for any other purpose.

Where cross border data transfers take place outside of the EEA (European Economic Area) suppliers are required to comply with the EU-US Privacy Shield. Companies working in accordance with this policy are denoted with ‘*’.

CompanyServiceData
Dropbox, Inc*
www.dropbox.com
https://www.dropbox.com/privacy
Cloud Storage Company files and documents
Box, Inc*
www.box.com
https://www.box.com/en-gb/legal/privacypolicy
Cloud Storage Company files and documents
The Rocket Science Group LLC (DBA Mailchimp)*
www.mailchimp.com
https://mailchimp.com/legal/
Marketing Communications Marketing contacts and lists
Backblaze*
www.backblaze.com
https://www.backblaze.com/company/privacy.html
Cloud Backup Company files and documents
Typeform (via Amazon Web Systems) *
www.typeform.com
Typeform.com > Privacy + Security
Questionnaire creation and collation Programme questionnaires and responses
Advanced People Strategies UK* (Hogan Assessments)
https://www.advancedpeoplestrategies.co.uk/
https://www.advancedpeoplestrategies.co.uk/privacypolicy/
3rd Party Profiling Assessment & profiling data
Personal Strengths Publishing, Inc* (Personal Strengths UK Ltd)
https://totalsdi.uk
https://totalsdi.uk/privacy/
3rd Party Profiling Assessment & profiling data
Gallup, Inc (StrengthsFinder)*
www.gallupstrengthscenter.com
https://www.gallupstrengthscenter.com/home/en-us/privacy
3rd Party Profiling Assessment & profiling data
Zoom Video Communications, Inc*
www.zoom.us https://zoom.us/legal
Video conferencing Contact data & recording
Intuit QuickBooks*
www.quickbooks.intuit.com
https://quickbooks.intuit.com/uk/privacy-policy/
Accountancy Software Customer processing data
Wave Financial
https://www.waveapps.com/
https://my.waveapps.com/privacy/
Accountancy Software Customer processing data
Read Woodruff Chartered Accountants
http://www.readwoodruff.com
http://www.readwoodruff.com/privacy-statement-and-cookie-policy
Accountants Customer processing data
TransferWise
www.transferwise.com
https://transferwise.com/privacy-policy
FinancialCustomer processing data for financial transfers
HSBC Bank
www.hsbc.com
https://www.hsbc.co.uk/privacy-notice/
FinancialCustomer processing data for financial transfers
Comerica Bank
https://www.comerica.com/
https://www.comerica.com/site-tools/resources/privacy-notice.html
FinancialCustomer processing data for financial transfers
Google*
www.google.com
https://policies.google.com/privacy?hl=en
E-mail Hosting, Web Hosting, Analytics & Contact Info Web Traffic Data, Contact Information
1&1 IONOS
www.ionos.co.uk
https://www.ionos.co.uk/terms-gtc/terms-privacy/
Web & E-mail Hosting Contact Information
Adobe Typekit Web Fonts*
https://fonts.adobe.com/typekit
https://www.adobe.com/privacy.html
Web Fonts Web Traffic Data
Trello*
www.trello.com
https://trello.com/privacy
Kanban BoardsCompany project tracking & marketing follow up

4. 20 Rock Website

4.1. Cookies

Cookies are small pieces of information that are stored by your browser on your computer’s hard drive. Our Site uses “cookies” to help you access our Site. Also, our Site’s cookies help speed up navigation, keep track of items and help to provide you with custom-tailored content. In addition, we also use cookies to remember information that you gave us so you do not have to re-enter it each time you visit our Site. We use four types of cookies, which we describe in this section.

4.1.1. Essential: cookies that are essential to provide you with services you have requested. For example, these include the cookies that make it possible for you to stay logged into your ICF account. If you set your browser to block these cookies, then these functions and services will not work for you. In particular, we won’t be able to save your preferences about cookies.

4.1.2. Performance: cookies which measure how often you visit our sites and how you use them. We use this information to get a better sense of how our users engage with our site, so that users have a better experience. For example, we collect information about which of our pages are most frequently visited, and by which types of users. We also use third-party cookies to help with performance. For example, the Google Analytics cookie gives us information such as your journey between pages and whether you have downloaded anything.

4.1.3. Functionality: cookies that are used to recognize you and remember your preferences or settings when you return to our site, so that we can provide you with a more personalized experience.

4.1.4. Advertising: cookies that are used to collect information about your visit to our site, the content you have viewed, the links you have followed and information about your browser, device and your IP address. We have set out more details on this below.

These various technologies are used in analysing trends, administering the Site, tracking users’ movements around the Site and to gather demographic information about our user base as a whole. We may receive reports based on the use of these technologies on an individual as well as aggregated basis. As is true of most websites, we gather some information automatically and store it in log files. This information includes IP addresses, browser type, internet service provider, referring/exit pages, operating system, date/time stamp, and clickstream data.

4.2. Cookie Consent

In most cases we will need your consent in order to use cookies on the Site. Exceptions to this apply such as where the cookie is essential in order for us to provide you with a service you have requested (e.g. to enable you to put items in your shopping basket and use our check-out process. If you visit our Site when your browser is set to accept cookies, we will interpret this as an indication that you consent to our use of cookies and other similar technologies as described in this policy. If you change your mind in the future about letting us use cookies, you can modify the settings of your browser to reject cookies or disable cookies completely. If you do not want to accept cookies, you can change your browser settings so that cookies are not accepted. If you do this, please be aware that you may lose some of the functionality of this Site. For further information about cookies and how to disable them please go for example to the UK Information Commissioner’s webpage on cookies: https://ico.org.uk/for-the-public/online/cookies/. We do not knowingly collect or process data from anyone under the age of thirteen (13) years old.

5. Third party links and services

The Site may use and contain links to third parties’ websites. We are not responsible for the privacy practices or the content of those websites or services. Therefore, please read carefully any privacy policies on those links or websites before either agreeing to their terms or using those websites.

6. Retention and deletion of your data

6.1. Retention of your data

We work to the principal that your data will be held for a period of 7 years from either the:

  • Date of collection
  • Last date of ‘use or interaction’

We often undertake multiple engagements with companies and/or individuals many of which are not forseen in advance. Subsequently it may not be possible to specify in how long your data will be kept for.

Notwithstanding the other provisions of this section, we may retain your personal data where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests, or the vital interests of another person.

6.2. Deletion and anonymisation of your data

Please note the deletion, or anonymisation of data, takes place annually in January of each year.

7. Your rights

7.1. General

You have the right to opt-out of receiving marketing communications from us. In addition, to the extent permitted by the laws of your country, you may have the right to object to the processing of your personal data for direct marketing purposes. If your objection is not to direct marketing in general, but to direct marketing by a particular channel e.g. email or telephone, please specify the channel you are objecting to.

Further, to the extent permitted by the laws of your country, you may also have the right to access, correct, delete, restrict, be forgotten, or object to processing of, or request data portability of the personal data collected about you subject to some conditions and exceptions. You can find out more about these rights in the EU by reading the General Data Protection Regulation here: http://www.eugdpr.org/the-regulation.html. In the EU you also have the right to lodge a complaint with a data protection regulator there.

If you wish to inquire about any of those rights or would like to submit a request, then please send us your request emailing your hello@20-rock.com.

7.2. Requesting your data

You may instruct us to provide you with any personal information we hold about you. Provision of such information will be subject to the validation of your identity.  

We may withhold personal information that you request to the extent permitted by law.

8. Privacy policy changes

We reserve the right to alter our privacy policy. Any changes to the policy will be posted on this page.

9. How do you contact us?

If you have any questions about this policy, the data practices of 20 Rock, we encourage you to contact us using the following details:

Kathi Antonson
20 Rock (US)
P.O. Box 475152
San Francisco, CA 94147
USA
kathi@20-rock.com

Chris Johnson
20 Rock (UK)
2 Florence Villas
16 Warwick Place
Leamington Spa
Warwickshire
CV32 5BJ
UK
chris@20-rock.com