mapMyCulture Logo

Privacy Policy

Last updated: December 1, 2025

1. Introduction

Tsarion Consulting FZCO, operating as mapMyCulture ("we", "our", or "us"), is a company registered in Dubai, United Arab Emirates. We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our B2B workplace culture assessment platform ("Service").

This Service is designed for business use. When organizations ("Customers") use our Service to collect employee feedback, the Customer acts as the data controller for their employees' data, and we act as a data processor on their behalf.

We comply with applicable data protection laws including the General Data Protection Regulation (GDPR) for European users, the California Consumer Privacy Act (CCPA) and other US state privacy laws for American users, and the Personal Information Protection and Electronic Documents Act (PIPEDA) for Canadian users.

2. Data Controller and Processor Roles

Understanding who controls your data is important:

  • For Customer Account Administrators: We act as a data controller for your business contact information used to manage the account and subscription.
  • For Employee Survey Data: Your employer (our Customer) is the data controller. We act as a data processor, processing employee data only on behalf of and under instructions from the Customer.
  • For Website Visitors: We act as a data controller for any information collected through our marketing website.

If you are an employee participating in a culture survey, your employer's privacy policy also applies. Contact your employer's HR department for questions about how your organization uses this Service.

3. Information We Collect

3.1 Customer Account Information

  • Business Contact Information: Name, business email, job title, and organization details
  • Account Credentials: Email address and encrypted password
  • Billing Information: Company billing address and payment details (processed securely by Stripe)
  • Communications: Support requests and correspondence

3.2 Employee Survey Data (Processed on Behalf of Customers)

  • Survey Responses: Answers to culture assessment questions
  • Demographic Data: Department, team, tenure (as configured by the Customer)
  • Note: Individual survey responses are anonymized and aggregated before being shared with Customers

3.3 Information Collected Automatically

  • Usage Data: Pages visited, features used, and time spent on the platform
  • Device Information: Browser type, operating system, and device identifiers
  • Log Data: IP addresses, access times, and referring URLs
  • Cookies: Session cookies and analytics cookies (see Section 9)

3.4 Information from Third Parties

  • Publicly Available Data: Company review data from public sources to enhance culture analytics

4. How We Use Your Information

We use your information to:

  • Provide, maintain, and improve our Service
  • Process and analyze culture assessment data
  • Generate insights and reports for your organization
  • Process payments and manage subscriptions
  • Send service-related communications and updates
  • Respond to your inquiries and support requests
  • Ensure security and prevent fraud
  • Comply with legal obligations

5. Legal Basis for Processing (GDPR)

Under GDPR, we process your data based on:

  • Contract Performance: To provide the Service you requested
  • Legitimate Interests: To improve our Service and ensure security
  • Consent: For optional features and marketing communications
  • Legal Obligation: To comply with applicable laws

6. Data Sharing and Disclosure

We may share your information with:

  • Your Organization: Aggregated and anonymized culture insights (individual responses remain anonymous)
  • Service Providers: Third parties who help us operate our Service (hosting, payment processing, analytics)
  • Legal Requirements: When required by law or to protect our rights
  • Business Transfers: In connection with a merger, acquisition, or sale of assets

We do not sell your personal data to third parties.

7. Data Retention

We retain your personal data for as long as your account is active or as needed to provide our Service. We may retain certain information for legitimate business purposes or as required by law.

  • Account Data: Retained until account deletion, then deleted within 30 days
  • Survey Responses: Retained for the duration of your organization's subscription
  • Payment Records: Retained for 7 years for tax and legal compliance
  • Analytics Data: Aggregated data may be retained indefinitely

8. Your Privacy Rights

8.1 Rights for European Users (GDPR)

If you are located in the European Economic Area (EEA), UK, or Switzerland, you have the right to:

  • Access: Request a copy of your personal data
  • Rectification: Request correction of inaccurate data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Request limited processing of your data
  • Portability: Request transfer of your data in a machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent at any time for consent-based processing

8.2 Rights for US Residents (CCPA/State Laws)

If you are a California resident or resident of another US state with privacy laws, you have the right to:

  • Know: Request disclosure of the categories and specific pieces of personal information we collect
  • Delete: Request deletion of your personal information
  • Opt-Out of Sale: We do not sell your personal information, but you may opt out of any sharing for targeted advertising
  • Non-Discrimination: Exercise your rights without discriminatory treatment
  • Correct: Request correction of inaccurate personal information
  • Limit Use of Sensitive Data: Limit our use of sensitive personal information

Categories of Personal Information Collected: Identifiers, commercial information, internet activity, professional information, and inferences drawn from the above.

"Do Not Sell or Share My Personal Information": We do not sell personal information. To opt out of sharing for cross-context behavioral advertising, contact us at the email below.

8.3 Rights for Canadian Users (PIPEDA)

If you are a Canadian resident, under PIPEDA you have the right to:

  • Access: Request access to your personal information held by us
  • Correction: Request correction of incomplete or inaccurate information
  • Withdraw Consent: Withdraw consent to the collection, use, or disclosure of your personal information (subject to legal restrictions)
  • Challenge Compliance: Challenge our compliance with PIPEDA through our Privacy Officer or the Office of the Privacy Commissioner of Canada

We will respond to access requests within 30 days and will provide information about our policies and practices relating to the management of personal information upon request.

To exercise any of these rights, contact us at contact@mapmyculture.com. We will verify your identity before processing your request and respond within the timeframes required by applicable law.

9. Cookies and Tracking

We use cookies and similar technologies for:

  • Essential Cookies: Required for basic functionality and security
  • Analytics Cookies: To understand how users interact with our Service
  • Preference Cookies: To remember your settings and preferences

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may affect the functionality of our Service.

10. Data Security

We implement appropriate technical and organizational measures to protect your data, including:

  • Encryption of data in transit (TLS) and at rest
  • Secure authentication and access controls
  • Regular security assessments and monitoring
  • Employee training on data protection

While we strive to protect your data, no method of transmission over the Internet is 100% secure.

11. International Data Transfers

As a global service, your data may be transferred to and processed in countries outside your country of residence, including the United Arab Emirates (where Tsarion Consulting FZCO is headquartered), the United States, and countries within the European Economic Area (EEA).

When we transfer data internationally, we ensure appropriate safeguards are in place:

  • For EU/EEA Users: Standard Contractual Clauses (SCCs) approved by the European Commission
  • For Canadian Users: Contractual protections ensuring comparable levels of protection as required under PIPEDA
  • For US Users: Appropriate data processing agreements with our service providers
  • For All Users: Technical and organizational measures to protect data during transfer

Our Service Providers

We use the following third-party service providers to operate our Service:

  • Amazon Web Services (AWS): Cloud infrastructure and data hosting (EU region)
  • Stripe: Payment processing (PCI-DSS compliant)

12. Children's Privacy

Our Service is not intended for children under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service. Your continued use of the Service after such modifications constitutes acceptance of the updated policy.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Tsarion Consulting FZCO

Dubai, United Arab Emirates

Email: contact@mapmyculture.com

15. Complaints and Supervisory Authorities

If you are not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the appropriate supervisory authority:

  • EU/EEA Residents: Contact your local Data Protection Authority (DPA). A list of DPAs is available at edpb.europa.eu
  • UK Residents: Information Commissioner's Office (ICO) at ico.org.uk
  • Canadian Residents: Office of the Privacy Commissioner of Canada at priv.gc.ca
  • California Residents: California Attorney General's Office at oag.ca.gov/privacy