Privacy Policy

Last updated: 9 July 2026


1. Introduction

Croissant22 Ltd (“Croissant”, “we”, “our”, or “us”) is committed to protecting and respecting your privacy.

This Privacy Policy explains how we collect, use, store, disclose, and protect personal information when individuals use our services, platforms, websites, applications, surveys, and related tools.

By using our services, you agree to the practices described in this Privacy Policy.

2. About Us

Croissant22 Ltd develops employee engagement, communication, survey, analytics, and workplace insight solutions designed to help organisations better understand employee sentiment, engagement, and workplace experiences.

If you have any questions regarding this Privacy Policy or your personal data, you may contact us at:

Croissant22 Ltd

Email: support@croissant-22.com

3. Information We Collect

We may collect and process the following categories of information:

A. Personal Information

  • Name
  • Email address
  • Job title
  • Department
  • Company name
  • Employee identifier
  • Contact information

B. Usage Information

  • Device information
  • Browser type
  • IP address
  • Operating system
  • Login activity
  • Interaction data within our platform
  • Feature usage analytics

C. Survey & Engagement Data

  • Survey responses
  • Workplace feedback
  • Sentiment scores
  • Engagement metrics
  • Communication preferences
  • Participation activity

D. Technical & System Data

  • Application logs
  • Error reports
  • Security logs
  • Authentication information
  • Cookies and similar technologies

4. How We Use Information

We use collected information to:

  • Provide and maintain our services
  • Deliver employee engagement tools and analytics
  • Improve platform functionality and user experience
  • Generate aggregated workplace insights
  • Respond to customer support requests
  • Monitor platform performance and security
  • Prevent fraud, abuse, or unauthorised access
  • Comply with legal obligations
  • Communicate service-related updates

We only process personal data where we have a lawful basis to do so.

5. Lawful Basis for Processing

Depending on the context, we process personal data under one or more of the following legal bases:

  • Consent
  • Performance of a contract
  • Legitimate interests
  • Compliance with legal obligations

6. Data Sharing

We do not sell personal data.

We may share information with:

  • Service providers and infrastructure partners
  • Cloud hosting providers
  • Analytics providers
  • Authentication and communication providers
  • Professional advisers
  • Regulatory authorities where legally required

All third parties are expected to handle personal data securely and in accordance with applicable data protection laws.

7. International Data Transfers

Where personal data is transferred outside the United Kingdom or European Economic Area (EEA), we take appropriate safeguards to ensure adequate protection of personal information.

8. Data Retention

We retain personal data only for as long as necessary to:

  • Provide our services
  • Fulfil contractual obligations
  • Meet legal, regulatory, or operational requirements
  • Resolve disputes
  • Enforce agreements

Retention periods may vary depending on the nature of the information and legal requirements.

9. Data Security

We implement reasonable technical and organisational measures designed to protect personal information from:

  • Unauthorised access
  • Loss
  • Misuse
  • Alteration
  • Disclosure
  • Destruction

While we strive to protect personal data, no method of electronic transmission or storage is completely secure.

10. Your Rights

Depending on applicable laws, individuals may have the right to:

  • Access personal data
  • Correct inaccurate data
  • Request deletion of personal data
  • Restrict processing
  • Object to processing
  • Request data portability
  • Withdraw consent where processing is based on consent
  • Lodge a complaint with a supervisory authority

Requests relating to personal data may be submitted to support@croissant-22.com.

11. Cookies & Tracking Technologies

We may use cookies and similar technologies to:

  • Maintain platform functionality
  • Improve user experience
  • Analyse usage trends
  • Support authentication and security

Users may control cookie settings through their browser preferences.

12. Children’s Privacy

Our services are not intended for children under the age of 13, and we do not knowingly collect personal information from children.

13. Third-Party Services

Our services may integrate with or contain links to third-party services, platforms, or applications. We are not responsible for the privacy practices of third parties.

Users should review the privacy policies of any external services they access.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time.

Any updates will be published on our website or platform with a revised effective date.

15. Contact Us

For questions regarding this Privacy Policy or requests relating to personal data, contact:

Croissant22 Ltd

Email: support@croissant-22.com

16. GDPR Statement

Where applicable, Croissant22 Ltd processes personal data in accordance with the UK GDPR and applicable data protection legislation.

We aim to ensure transparency, fairness, accountability, and security in how personal data is handled.