Privacy Notice

Effective date: 01.10.2025

Controller: Coligo Consulting Limited – Trading as: DOT Scorecard (“we”, “us”)

1. About this Privacy Notice

This Privacy Notice explains how we collect, use, share, and protect your personal data when you take part in our workplace survey. It applies to all respondents, including those in the UK, EU/EEA, New Zealand, the United States, and other regions.

2. What data we collect

We collect the following categories of data:

Basic details: first name, last name, email address, job title/role.
Work information: year you started in your current team or group.
Demographic information: year of birth, gender, age group.
Questionnaire responses: subjective responses about experiences, preferences, and thinking styles.
Special category data (optional): some questions may reveal sensitive personal data, including political opinions, ethnicity, or gender identity.

3. Purpose and lawful basis of processing

We process your data for the following purposes:

To analyse workplace and team cognitive diversity
To produce anonymised research reports and insights.
To provide findings to clients, in a way that does not identify individual responses.

Lawful bases (UK/EU GDPR):

Consent (Article 6(1)(a)): Participation in this survey and the processing of your personal data is based on your consent.
Explicit consent (Article 9(2)(a)): If you choose to provide special category data (e.g., political opinions, ethnicity), we will only process it with your explicit consent.

New Zealand Privacy Act: Processing is based on your informed consent.

United States: There is no single federal law; we follow GDPR-equivalent safeguards and principles of transparency, fairness, and security.

4. Voluntary participation and completeness

Participation is voluntary. If you choose to participate, all questions must be answered for your responses to be included in the analysis. You may withdraw at any time.

5. Data storage and international transfers

All data is stored securely in the United Kingdom.
For UK respondents: data is handled under UK GDPR.
For EU/EEA respondents: data is transferred to the UK under the EU’s adequacy decision (recognising the UK as providing an equivalent level of protection).
For New Zealand respondents: the UK is recognised as providing comparable safeguards.
For US and other respondents: data is stored in the UK with equivalent GDPR protections applied.

6. Data retention

We will retain your personal data only as long as necessary to fulfil the purposes described above, and no longer than 10 years. After this period, data will be securely deleted or anonymised.

7. Who has access to your data

Authorised persons and researchers working on this project.
Clients will only receive anonymised and aggregated findings.
We do not sell or share your personal data with third parties for marketing purposes.

8. Your rights

Depending on where you live, you have the following rights:

UK/EU (GDPR):

Right to access, correct, or delete your data.
Right to withdraw consent at any time.
Right to restrict or object to processing.
Right to lodge a complaint with your local supervisory authority:
- UK: Information Commissioner’s Office (ICO)
- EU/EEA: Your national Data Protection Authority

New Zealand:

· Rights under the Privacy Act 2020, enforced by the Privacy Commissioner

United States and other regions:

· Equivalent rights to access, correction, and deletion will be honoured upon request.

9. Security

We apply appropriate technical and organisational measures to protect your personal data, including encryption, access controls, and secure storage systems.

10. Contact us

If you have questions, requests, or wish to exercise your rights, please contact us at:
service@dotscorecard.com