Drive performance
Build a Healthier, Higher-Performing Organization
 
 

Privacy Policy - Employee Satisfaction Services


1. Role and Scope


HammerResults GmbH, based in Switzerland, provides employee survey and organizational analytics services to companies.
In most cases, we act as a data processor on behalf of our client organizations (the employers), who act as the data controller.
This Privacy Policy explains how we process personal data in that role.


2. What Data We Process


We process only the data necessary to deliver our services:


a) Survey Data

  • Employee responses (opinions, ratings, feedback)
  • Optional free-text comments
  • Participants are asked not to include personally identifiable information in open-text responses.

b) Participation Data

  • Survey status (e.g., invited, started, completed)

c) Technical Data

  • Limited system data such as:
  • IP address (used for security and access control)
  • Device/browser type
  • Access timestamps

d) Special Categories of Data
We do not intentionally collect sensitive personal data (e.g., health, religion, political views).

3. Purpose of Processing
We process data exclusively to:

  • Deliver employee survey services
  • Generate aggregated insights and reports
  • Support benchmarking and organizational analysis
  • Ensure platform security and performance

We process data only in accordance with our clients’ documented instructions.

4. Anonymity and Aggregation
Our services are designed to protect participant confidentiality:

  • Survey results are analyzed in aggregated form only
  • Reporting applies minimum group thresholds to prevent identification
  • We implement safeguards to reduce the risk of re-identification


5. Legal Basis
Under the General Data Protection Regulation, the legal basis for processing is determined by the data controller (our client).
Typical legal bases may include:

  • Legitimate interests (organizational improvement)
  • Consent (where required by law or internal policy)


6. Data Sharing
We do not sell or use personal data for marketing purposes.
We may share data only with:

  • Subprocessors (e.g., hosting providers, IT services)
  • Professional advisors (legal, compliance)

All subprocessors are contractually bound to appropriate data protection standards.

7. International Data Transfers
Data is primarily processed in Switzerland, which is recognized by the European Commission as providing an adequate level of data protection.
If data is transferred outside Switzerland or the EEA, we ensure appropriate safeguards such as:

  • Standard Contractual Clauses (SCCs)


8. Data Retention

  • Personal data is retained only as long as necessary to deliver the service
  • Personal data is deleted or anonymized within 12 months after project completion, unless otherwise agreed with the client.
  • Fully anonymized data may be retained for statistical benchmarking purposes.


9. Security Measures
We implement appropriate technical and organizational measures, including:

  • Encryption (in transit and at rest where applicable)
  • Access controls and authentication
  • Regular monitoring and security updates


10. Data Subject Rights
Individuals in the EU/EEA have rights under the General Data Protection Regulation, including:

  • Access
  • Rectification
  • Erasure
  • Restriction of processing
  • Objection

Because we act as a data processor, requests should generally be directed to the employer (data controller).
We will assist our clients in fulfilling such requests where required.


11. Contact
HammerResults GmbH


Email: info(at)hammerresults.com


12. EU Representative 
In accordance with Article 27 GDPR, we have appointed the following EU representative:


[Name of Representative]


[Address]


[Email]





Last updated: March 31st, 2026