Your privacy is critically important to us. At Thornhill, we have a few fundamental principles:
- We are thoughtful about the personal information we ask you to provide and the personal information that we collect about you through the operation of our services.
- We store personal information for only as long as we have a reason to keep it.
- We help protect you from overreaching government demands for your personal information.
- We aim for full transparency on how we gather, use, and share your personal information.
Who We Are and What This Policy Covers
Thornhill Associates provides customisable online multi-rater feedback and selection systems with accompanying consulting and coaching services, mostly for the purposes of management development. We combine professional organisational psychology insight with innovative software systems to offer both standard and bespoke solutions to organisations, business schools, consultants and executive coaches.
- Our website (thornhill.co.za);
- Our services, including 360° questionnaires and reports, surveys and custom-built software solutions;
- Any web-service or custom integration linking to our website.
Below we explain how we collect, use, and share information about you, along with the choices that you have with respect to that information.
For the purpose of applicable data protection legislation, the data controller of your personal data is Thornhill Associates (Pty) Ltd, of 6 Brussels Avenue, Thornhill Estate, Modderfontein, Johannesburg, 1609, South Africa. Our data protection officer is Frances Taylor (email@example.com).
Information We Collect
We only collect information about you if we have a reason to do so – for example, to provide our Services, to communicate with you, or to make our Services better. If you are involved in a feedback programme or survey, the contact person from your organisation will have obtained permission from you to supply us with the necessary personal details. You will also receive an email stating explicitly the reason for the programme/survey, how your data will be used, and who will have access to the data. If at any stage you wish to withdraw and have your information removed from our system, please contact firstname.lastname@example.org. Note this may impact your participation in programmes or development sessions arranged by your employer/coach.
We collect information in two ways: when you, or someone operating on your behalf e.g. your coach or employer, provide information to us, and automatically through operating our services. Let’s go over the information that we collect.
Information You Provide to Us
It’s probably no surprise that we collect information that you or your employer/coach provide to us. The amount and type of information depends on the context and how we use the information. Here are some examples:
- Basic Personal Information: We require basic information in order to provide our Services – this comprises at minimum a name and an email address, but can include gender, race, age, employment level, department etc., depending on the details of the project. This information is often submitted to us by your employer/coach/programme director, or the individual whom you have been requested to provide responses for, so please contact them to determine the exact information provided on your behalf.
- Responses: Depending on the Services you use, you also provide us with responses to questionnaires or forms. For example, if you are asked to rate an individual, you submit your questionnaire responses to our database. If you are asked to respond to a survey or complete an online form, those responses are also written to our internal database. Documents you are required to upload are stored on the Thornhill server.
- Communications with Us: You may also provide information when you communicate with our staff about any queries or difficulties you may experience.
- Contact form and Opt-in form: Even if you are not directly making use of our services, you may provide us with personal information including name, email address, contact number, company and position through the Contact and Opt-in forms on our website.
Information We Collect Automatically
We also collect some information automatically:
- Log Information: Like most online service providers, we collect information that web browsers, mobile devices, and servers typically make available, such as the browser type, IP address, unique device identifiers, language preference, referring site, the date and time of access, operating system, and mobile network information. We collect log information when you use our Services – for example, when you submit a questionnaire or load an article on our website.
- Usage Information:We collect information about what happens when you use our Services (e.g., page views, resource downloads, button clicks) along with information about your device (e.g., mobile screen size, name of cellular network, and mobile device manufacturer). We use this information to, for example, provide our Services to you, as well as get insights on how people use our Services, so we can improve our Services.
- Location Information: We may determine the approximate location of your device from your IP address. We collect and use this information to, for example, calculate how many people visit our Services from certain geographic regions.
- Information from Cookies: A cookie is a small text file that a website places on your computer to help provide a better user experience. Thornhill uses the following types of cookies:
- Essential cookies, which are required for the functioning of our Services. These store system information only, such as a session id and the project you are currently accessing, and expire at the end of your browsing session.
- Analytical cookies, used to collect information about traffic to our site and how the site is used, in order to improve how the site works. No personal identifying information is collected and the information reported is aggregated and anonymous. We use Google Analytics and HotJar services for this purpose, which use their own cookies. The following pages provide more information and allow you to opt-out, i.e. prevent the use of the analytics service relating to your use of our site:
Cookies – https://developers.google.com/analytics/resources/concepts/gaConceptsCookies
Opt-out – install the plugin available at http://tools.google.com/dlpage/gaoptout?hl=en-GB
Cookies – https://www.hotjar.com/legal/policies/cookie-information
Opt-out – https://www.hotjar.com/legal/compliance/opt-out
- Social Media cookies, used when you share information using a social media sharing button or “like” button on our site or you link your account or engage with our content on or through a social networking website such as LinkedIn, Facebook or Twitter. The social network will record that you have done this.
How We Use Information
We use information about you as mentioned above and as follows:
- To provide our Services – for example, to set up questionnaires and provide reports for the programme/survey in which you are involved;
- To further develop our Services – for example by adding new features that we think will benefit our clients and allow better, more efficient use of our resources;
- To monitor and analyse trends and better understand how users interact with our Services, which helps us improve our Services and make them easier to use;
- To monitor and protect the security of our Services, detect and prevent fraudulent transactions and other illegal activities, fight spam, and protect the rights and property of Thornhill and others;
- To communicate with you about offers and promotions offered by Thornhill and others we think will be of interest to you, solicit your feedback, or keep you up-to-date on Thornhill and our products.
How We Share Information
We do not share, sell, or otherwise publicise our users’ personal information.
We share information about you in the limited circumstances spelled out below and with appropriate safeguards on your privacy:
- Client Organisations and/or Participants:
- We provide feedback (usually in the form of a report) to participants of feedback processes and the relevant personnel in the client organisation at the conclusion of the process. This report will only be used in line with the purpose of the feedback process, as outlined in the email communication received as part of the process (from Thornhill Associates and/or a designated client contact), and subject to the following term.
- We require client organisations to sign a confidentiality agreement/undertaking that reads, in part, “I understand that Thornhill reports and data dumps (and all ratings, as submitted by respondents and reflected in the reports/spreadsheets) are strictly confidential. I therefore undertake not to release the reports, ratings, or data gathered for current or future administrations, to anyone other than the participant unless the agreed terms differ and only in accordance with the communicated purpose for which the report/data dump will be generated, or the participant gives written assent thereto.” Thornhill Associates will take all reasonable measures to ensure that client contacts abide by the terms of this declaration; however, we cannot accept responsibility for violations of the spirit or letter of this declaration by client contacts.
- Unless otherwise specified as part of the email communication (from Thornhill Associates and/or a designated client contact), or during the feedback process, responses of respondents will not be personally identified. This implies that reports provided to participants and the client will contain only aggregated numerical responses, and text comments will not be identified by respondent name. The exact nature of the aggregate data provided will differ from project to project, but will typically, but not necessarily, include constraints that reports will only indicate results aggregated from at least three different respondents. For the precise details of the data aggregation policies for a particular project, please contact email@example.com.
- Information received in response to surveys and other custom questionnaire types will be provided to client organisations in an aggregated format with no personal identifying information included, unless explicitly stated in communications or on the survey/questionnaire form.
- As Required by Law: We may disclose information about you in response to a subpoena, court order, or other governmental request.
- To Protect Rights and Property: We may disclose information about you when we believe in good faith that disclosure is reasonably necessary to protect the property or rights of Thornhill, third parties, or the public at large. For example, if we have a good faith belief that there is an imminent danger of death or serious physical injury, we may disclose information related to the emergency without delay.
- With Your Consent: We may share and disclose information with your consent or at your direction.
- Aggregated and De-Identified Information: Thornhill Associates owns and retains all rights to non-personal statistical information collected and compiled by Thornhill Associates, unless otherwise agreed to in writing. By accepting this policy, respondents give permission for their answers to be used anonymously in statistical analysis for research purposes.
Thornhill Associates in no way accepts responsibility for email correspondence, or any other interaction resulting from email correspondence, sent in error due to incorrect contact information provided by a client or participant.
Please be aware that some organisations monitor employees’ internet traffic, including encrypted web traffic. Thornhill cannot conceal your responses or identity from such monitoring systems. We recommend that you familiarise yourself with the network monitoring policy of your organisation.
Data Retention and How We Manage Your Privacy Preferences
The contract with our client will specify how long we retain data collected for the project in which you are involved, and what happens to the data once it is removed from our live system. Usually we retain live data for three years after the end of the project, to allow us to draw reports for past projects and comparisons with your results from more recent feedback, but please contact firstname.lastname@example.org for the precise data retention policy of a particular project. Once data is removed from our live system it is either returned to the client (anonymised to protect the confidentiality of responses) and our copy deleted, or it is archived on our secure backup server. If you would like your data removed from our system or archive, please email email@example.com with the details of the project.
From time to time we may request feedback from you on our products and services. We value your feedback and would always request your permission to publish any comments for marketing purposes. If you grant permission, we would include your title and company name.
The subscription form for Thornhill newsletters and articles is used solely for our internal marketing – we will never provide these details to anyone outside Thornhill Associates. If you wish to opt out from receiving these emails at any stage please unsubscribe using the link at the bottom of the newsletter, or contact firstname.lastname@example.org.
While no online service is 100% secure, we work very hard to protect information about you against unauthorised access, use, alteration, or destruction, and take reasonable technical and organisational precautions to do so.
Other Things You Should Know
Thornhill is a worldwide service. By accessing or using the Services or otherwise providing information to us, you consent to the processing, transfer, and storage of information in and to the Republic of South Africa, which may have rights and protections that are different from those in your home country. We take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this policy. In particular our daily backups are transferred off-site via a secure connection to the Amazon S3 facility located in North Virginia, USA. The backups are encrypted and access controlled using AWS Identity and Access Management, and each backup is destroyed after 7 days.
27 July 2021 – updated details of the newsletter subscription options, added backup location details, specified that data returned to clients will be anonymised
28 May 2018 – added data controller details, expanded information on cookies and how we obtain permission to collect your data
11 May 2018 – comprehensive update to more fully explain the data we collect, how it is used, and how it is managed