SUCCESFULD M&A-IMPLEMENTERING

IT & Data FAQ for Culture Due Diligence Matrix

 

1. What data is collected?

We collect only the contact information necessary in relation to customers (name, email address, etc.). The analysis is conducted without processing personally identifiable information relating to respondents. Responses are processed anonymously and presented in aggregated form.

 

2. Can individual responses be identified?

No. Results are presented only in aggregated form and only where there is a sufficient number of respondents to ensure anonymity.

 

3. Where is data stored?

Data is processed primarily within the EU/EEA or under a valid transfer mechanism.

 

4. Who has access to the data?

Access is limited to a small number of authorized individuals with a legitimate need for access in connection with operations and support.

 

 5. Are data processors used?

Yes. We use external providers for hosting, database operations, and technical infrastructure. Data processing agreements are entered into where relevant.

 

6. How is data protected?

We use access controls, encryption during transmission, and the platform’s available security and dependency scanning tools.

 

7. How are data breaches handled?

Data breaches are handled in accordance with GDPR, including notification to relevant authorities and affected parties where required.

 

8. How long is data retained?

Data is retained only for as long as necessary for the relevant purpose and is subsequently deleted in accordance with our data retention policy.

 

9. Does the Culture Due Diligence Matrix solution contain sensitive personal data?

No. The solution is designed to avoid the processing of sensitive personal data.

 

10. Can the Culture Due Diligence Matrix solution be used in due diligence processes?

Yes. The solution is designed to support decision-making processes in M&A through anonymized and aggregated insights.

 

11. How are analyses separated between customers?

Each analysis is logically segregated and accessed through unique access links generated specifically for the individual analysis.

 

12. Do respondents have access to each other’s responses?

No. Respondents do not have access to other respondents’ answers or analysis results.

 

13. Do the reports contain personal data?

The reports are designed primarily to present analyses in aggregated form without identifying individual respondents.

 

14. How are free-text responses handled?

Free-text responses are used as qualitative signals in the overall analysis and prioritization. Individual respondent identities are not displayed in report outputs.

 

15. Does the solution integrate with the customer’s internal systems?

No. The solution is used without integration into the customer’s internal IT systems.

 

16. Where is data processed?

Data is processed primarily within the EU/EEA or under a valid transfer mechanism in accordance with applicable data protection legislation.
 
 

17. Can analyses be deleted?

Analyses and related data can be deleted upon request.

 

IT & Data FAQ for Kultur Due Diligence Matrix IT & Data FAQ for Culture Due Diligence Matrix