We're here to help - Privacy Policy and more
CinderMonkey is a creative strategy and culture design collective that helps organizations ignite meaningful change from the inside out. With a sharp focus on human behavior, team dynamics, and purpose-driven leadership, we blend psychological insight with bold design thinking to shift culture, unlock potential, and build movements, not just teams. Our approach is radically honest, co-creative, and always grounded in real-world action. We don’t do surface-level fixes, we go deep, where the fire starts.
1. Introduction
CinderMonkey (“we,” “our,” “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, interact with our services, or participate in our assessments and interventions, in accordance with the EU General Data Protection Regulation (GDPR).
2. Data We Collect
We collect personal data that you voluntarily provide, data generated through our tools and services, and data that is automatically collected when you visit our site or use our services:
2.1. Data You Provide
Contact Information: name, email address, phone number (e.g., when you submit a contact form, newsletter sign-up, or survey via Typeform).
Account Data: login credentials, profile details (if you register for an account).
Transactional Data: billing/shipping addresses, payment details (when you purchase via Shopify).
Communications: any messages you send to us (e.g., support requests, feedback).
2.2. Data from Assessments & Interventions
360° Leadership Scans: ratings, comments, and feedback provided by peers, managers, and direct reports.
Cultural Scans & Culture Mapping: survey responses, qualitative comments, and aggregated culture metrics.
Typeform Surveys & NPS: responses to satisfaction or experience questions, Net Promoter Score feedback.
Training Outputs: reflections, action plans, test results, and performance assessments arising from training sessions.
Reorganization Interventions: data gathered during workshops, focus groups, and organizational design exercises.
2.3. Automatically Collected Data
Usage Data: pages viewed, time spent on pages, click-stream data, referring/exit pages.
Device & Technical Data: IP address, browser type/version, operating system, device identifiers.
Cookies & Tracking: as described in our Cookies Policy.
3. How We Use Your Data
We use your personal data for the following purposes and legal bases:
Purpose | Legal Basis |
|---|---|
To provide and improve our services | Contractual necessity; legitimate interest |
To process orders and payments | Contractual necessity |
To communicate with you (e.g., updates) | Consent; legitimate interest |
To send marketing and newsletter emails | Consent |
To analyze usage and site performance | Legitimate interest |
To conduct and report on assessments (360 scans, cultural scans, NPS, training outputs, interventions) | Explicit consent; legitimate interest (organizational development) |
To comply with legal obligations | Legal obligation |
4. Sharing & Disclosure
We may share your personal data with:
Service Providers
Assessment platforms and survey tools (e.g., Typeform, specialized 360° feedback vendors).
Payment processors (Shopify Payments, etc.).
CRM & marketing platforms (HubSpot).
Analytics providers (Google Analytics).
Consent management (Enzuzo).
Consultants & Coaches
External facilitators or consultants may receive anonymized or pseudonymized reports to support leadership and cultural interventions.
Facilitated Groups
Aggregated results (e.g., team-level culture scores or NPS summaries) may be shared with leadership teams; no individual’s raw personal feedback is disclosed without explicit consent.
Legal & Regulatory Authorities
When required by law, to prevent fraud, or to protect our rights.
All third parties are contractually bound to keep your data secure and use it only for the purposes we specify.
5. Cookies & Tracking Technologies
Our use of cookies and similar technologies is described fully in our Cookies Policy. You can manage or withdraw consent at any time via the “Cookie Settings” link in our footer.
6. Data Retention
We retain your personal data only as long as necessary for the purposes for which it was collected, subject to applicable laws. Typical retention periods:
Contact & Marketing Data: until you unsubscribe or withdraw consent.
Transactional Records: up to 7 years for tax and accounting compliance.
Usage & Analytics Data: up to 26 months.
Assessment & Intervention Data: raw responses are retained for up to 2 years to support longitudinal tracking; aggregated or anonymized reports may be stored longer for organizational benchmarking.
7. International Transfers
Your data may be processed or stored outside the European Economic Area (EEA) by our service providers. We ensure such transfers are protected by appropriate safeguards (e.g., Standard Contractual Clauses).
8. Your Rights under GDPR
Under the GDPR, you have the right to:
Access – request a copy of your personal data.
Rectification – correct inaccurate or incomplete data.
Erasure (“Right to be Forgotten”) – request deletion of your data.
Restriction – limit processing of your data.
Data Portability – receive your data in a structured, machine-readable format.
Objection – object to processing based on legitimate interest or direct marketing.
Withdraw Consent – at any time (without affecting prior processing).
To exercise these rights, please contact our Data Protection Team (see Section 10).
9. Security Measures
We implement appropriate technical and organizational measures to protect your data against unauthorized access, disclosure, alteration, or destruction, including:
Encryption (TLS) for data in transit.
Access controls and authentication for internal systems.
Regular security assessments and updates.
10. Contact & Complaints
If you have any questions about this policy or wish to exercise your data-protection rights, please contact:
Data Protection Team
CinderMonkey
📧 Getstarted@cindermonkey.agency
If you believe we have not addressed your concern, you have the right to lodge a complaint with your local data-protection authority.
11. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices, technology, or legal requirements. We will post the revised date at the top and, if significant, obtain fresh consent where required.