RETENSA, LLC

SOFTWARE PRIVACY POLICY – Last Updated: June 2025

Introduction

RETENSA LLC (Retensa) has adopted this Privacy Policy (“Policy”) to establish and maintain an adequate level of Personal Data privacy protection. This Policy applies to the processing of personal Data that Retensa obtains from Customers located in the European Union.

By accessing the Software (the ExitPro.net, TalentPulse.net Websites), you have agreed to the use of your data as described in this Privacy Policy. It also describes the choices regarding use, access and collection of personal information as well as your rights to your personal data that we process.

For the purposes of this Policy:

• “Subscriber” refers to the entity that has entered into an agreement with Retensa for the use of its technology platform. The Subscriber acts as the Data Controller, determining the purposes and means of processing personal data.
• “User” refers to an individual authorized by the Subscriber to access and use the Retensa Platform on the Subscriber’s behalf.
• “Respondent” refers to any individual who submits responses or is included as a contact within the Subscriber’s account.

Retensa operates solely as a Data Processor, processing personal data on behalf of the Subscriber. Retensa does not determine the purposes or means of processing personal data and does not make decisions regarding the collection or use of such data.

This privacy policy (“Policy”) describes how Retensa and its related companies (“Company”, “us”, “our”, and “we”) collect, use and share Personal Data of Users of this website located at exitpro.net, hrmetricspro.net, or talentpulse.net.

Simply put, we are committed to supporting individual privacy. We do not sell or rent your PERSONAL information to others. When you give us information, we use systems that protect it. For those who want specifics, we have the details below.

The Federal Trade Commission (FTC) has jurisdiction over Retensa’s compliance with the Privacy Shield.

All Retensa employees who handle Personal Data are required to comply with the principles stated in this Policy.

COLLECTION OF PERSONAL DATA

We get information about you a few ways. 

Information You Give Us. We may collect the employee’s name, demographic, email addresses, phone number, Date of birth and other organizational aspects such as Date of hire, Separation Date, Title, Department.

Information Automatically Collected. The data is transferred by the employers through Secure File Transfer Protocol automatically and is uploaded in our system at the same time. They can also use manual import tool available at the websites mentioned above to upload employee data. Our website uses HTTPS authentication which means all communications between your browser and the website are encrypted.

Cookies. We may log information using “cookies.” Cookies are small data files stored on your computer or device by a website. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to provide you with a personal and interactive experience on our Site. This type of information is collected to make the Site more useful and to tailor the experience to meet your needs.

During a Subscriber’s registration and later on Retensa’s platform, they provide information such as name, company name, email, address, telephone, and other relevant data of the Respondent. This information is used by Retensa to identify the Respondent and provide applicable queries defined by Subscriber.

Retensa Users can at any time access and edit, update or delete the Respondents’ details by logging in with their username and password to Retensa’s platform. Retensa Users may create additional User accounts with different privilege levels within their account. It is the responsibility of the User that creates other User accounts, to choose the level of access each User should have. Once these new Users log into Retensa, they meet the definition of User in this policy. Retensa will not retain User and Respondent data longer than is necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations.

We also collect technical information such as IP address, device/browser type, time of access, and interaction logs, which help us maintain security and improve service performance.

AUTOMATED DECISION-MAKING AND PROFILING

Retensa’s platform includes automated tools that analyze survey responses for certain keywords or behavioral indicators.  Retensa acts solely as a Data Processor and does not control or interpret the use of results derived from automated tools. All decisions based on such data are made by the Subscriber (Data Controller).

You may object to this processing or request more information by contacting support@retensa.com.

DATA SECURITY AND INFRASTRUCTURE

Retensa implements the following data security measures:

1. TLS 1.3 with 256-bit Trustwave SSL encryption
2. Secure SFTP/API channels for data import
3. SOC 3 and ISO 27001/27017/27018 certified hosting infrastructure
4. Regular third-party penetration testing
5. Double password authentication for internal access
6. Encrypted data backups in transit and at rest
7. Role-based user access and audit logs
8. Multi-factor Authorization (MFA)

SUBPROCESSORS

We engage subprocessors in the following areas:

1. Cloud infrastructure and secure data storage (Infrastructure-as-a-Service providers).
2. Email and SMS delivery for platform notifications and user communications.

All subprocessors are bound by written agreements directly, or provided in their contract terms, to ensure GDPR/CPRA-level protections. 

USE OF HUMAN RESOURCES DATA

Subscribers have granted Retensa, a non-exclusive, worldwide, royalty-free, right and license (including the right to authorize and grant sublicenses) to use, store, reproduce, distribute and display the Subscriber Data, in connection with the provision to Subscriber.  Subscribers also grant to Provider (Retensa), a non-exclusive, worldwide, royalty-free, right and license to aggregate, segment, filter, combine, or manipulate Subscriber Data (“Metadata”), and use Metadata in any means possible, including but not limited to, analysis, reporting, or publication, so long as Subscriber identity is removed.

PROCESSOR

Retensa processes Personal Data solely as a Data Processor, as defined under the EU General Data Protection Regulation (GDPR) and, previously, the EU Data Protection Directive (Directive 95/46/EC):

• The Subscriber, who has entered into an agreement with Retensa for use of its platform, is the Data Controller and determines the purposes and means of processing personal data.
• Retensa acts as the Data processor, processing personal data solely on behalf of and under the instruction of the Subscriber.
• Retensa adheres to the principles and requirements of the GDPR (Regulation (EU) 2016/679), which came into effect on May 25, 2018, replacing the 1995 Directive.
• All data collected through the platform is stored in secure hosting environments that are ISO 27001, 27017, and 27018 certified and SOC 3 compliant.
• Retensa maintains a data processing agreement with its hosting provider to ensure all data transfers and processing activities meet applicable legal standards and provide adequate safeguards.

CCPA COMPLIANCE (California Consumer Privacy Act)

If you are a resident of California, you are entitled to certain rights under the California Consumer Privacy Act (CCPA), including:

• The right to know what personal information we collect, use, disclose, or sell.
• The right to request deletion of your personal information.
• The right to opt out of the sale of your personal information (please note: Retensa does not sell personal data).
• The right to non-discrimination for exercising your CCPA rights.

To exercise any of these rights, please contact us at support@retensa.com. We may need to verify your identity before processing your request and reserve the right to deny requests where an applicable legal exception applies.

DISCLOSURE/ONWARD TRANSFERS OF HR DATA

We do not share your Personal Data with any third party, except in the cases as follows:

• When we complete or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.
• For legal, protection, and safety purposes.
  • We may share information to comply with laws.
  • We may share information to respond to lawful requests and legal processes.
  • We may share information to protect the rights and property of RETENSA, LLC, our agents, customers, and others. This includes enforcing our agreements, policies, and terms of use.
  • We may share information in an emergency. This includes protecting the safety of our employees and agents, our customers, or any person.
• We may share information with those who need it to do work for us to provide services to our customers.
• We may also share aggregated and/or anonymized meta-data with others, for their own uses, but unless stated for the reasons above, no individual names, street addresses, email addresses, or phone numbers are provided.

We will not transfer Personal Data to third parties unless such third parties have entered into an agreement in writing with us requiring them to provide at least the same level of privacy protection to your Personal Information as required by Retensa and GDPR.

Disclosure of Your Information

The Company does not disclose any nonpublic information about our customers or former customers to anyone, except as required by law. We disclose information only when it is necessary for the conduct of business, or under circumstances where disclosure is required by law. Information may also be disclosed for audit purposes, to regulatory agencies or for other general administrative services. We do not disclose information about you to other entities who may want to sell their products to you.

OPERATION OF OUR SERVICES GLOBALLY

Our services are operated from the United States and Canada. If your country has specific data protection regulations that apply to our services, we comply with those requirements as part of our global data privacy practices.

If you are located outside the United States or Canada, please note that any information you provide may be transferred to, stored, and processed in these countries, where our servers and data centers are based.

All transfers of personal data from the EU/EEA to the United States or Canada are conducted in accordance with the General Data Protection Regulation (GDPR). Retensa utilizes Standard Contractual Clauses (SCCs) approved by the European Commission, or other legally recognized mechanisms, to ensure appropriate safeguards for such data transfers.

By using our services or submitting your personal information, you consent to these cross-border data transfers, subject to applicable data protection laws.

ACCESSING PERSONAL DATA

Retensa personnel may access and use Personal Data only if they are authorized to do so and only for the purpose for which they are authorized.
Retention and deletion
Retensa will not retain data longer than is necessary to fulfill the purposes for which it was collected or as required by applicable laws or regulations. For Respondent data, Retensa’s Users have control of the purpose for collecting data, and the duration for which the Personal Data may be kept. For Respondent data, Users with an active account will therefore have the responsibility to delete data when required. When a user’s account is terminated or expired, all Personal Data collected through the platform will be deleted at Subscriber’s request otherwise retained up to a period of seven (7) years as required to comply with legal, archival standards.

Respondent’s Rights to Erasure, withdraw consent to processing, complain to controller

Respondents can submit a request to their respective Subscriber or by email to support@retensa.com. We will respond to your request, including any appropriate request to access, correct, update, restrict processing or object to processing, or delete your personal information within the time period specified by our contract with Subscriber or required by law (if applicable) or without excessive delay. As we are processing your personal data on behalf of a Subscriber, we will promptly refer your request to our Subscriber and support the Subscriber in responding to your request unless the request is not technically feasible or such data is required to be retained by law (in which case we will block access to such data, if required by law).

ENFORCEMENT AND DISPUTE RESOLUTION

Retensa is committed to resolving any concerns about your privacy and our use of personal information. Individuals with questions or concerns regarding the handling of their personal data should contact us at: support@retensa.com.

If a customer’s concern cannot be addressed through this process, Retensa remains committed to seeking a resolution through appropriate channels.

CONTACT INFORMATION

We welcome your comments or questions about this privacy policy. You may also contact us at our address:

RETENSA, LLC

1180 Ave of the Americas 8th Floor, New York, NY 10036

Telephone: +1 (212) 545-1280

Email: support@retensa.com

CHANGES TO THIS PRIVACY POLICY

We may change this privacy policy. If we make any changes, we will change the Last Updated date above.

Phew, you’re done! Hope you are okay with all that. We think it’s pretty fair, because we want to feel safe when we visit websites too. So, make sure to see all the good insights and observations on our website, check it out.