Code of Conduct

Licensing Diversity Atlas or DCA’s Inclusive Employer Index in your organisation requires accepting both the legal Terms & Conditions as communicated and the terms of this Code of Conduct which includes customer obligations and an understanding and observance of the ‘shared responsibility’ model.

This page / document provides a broad overview of your obligations with regards to the fair and ethical use of the personal information which survey respondents are asked to share as part of their participation in a Diversity Atlas survey. Per the terms of your organisation’s contract with Diversity Atlas, your non-compliance with this Code of Conduct is grounds for suspension of the platform.

Use of Diversity Atlas data

Diversity Atlas is supplied to organisations to gather data to help them better understand the nature and distribution of diversity of their staff, membership, or stakeholders. You can use the data to, for example:

  • Create bespoke DEI initiatives and programs
  • Promote and celebrate the diversity of your workforce or community base
  • Develop personnel management and workforce planning policies aimed at ensuring a balanced distribution of diversity within and between different organisational units

All actions or policies informed by the data generated by Diversity Atlas should be designed and implemented in strict accordance with your jurisdiction’s anti-discrimination laws and regulations, be they in regards to gender, cultural heritage, appearance, country of birth, citizenship status, sexual orientation, religion, worldview, ancestry, position level, disability status, age, education level or any other information provided by the participant within the survey or by communication with regards to the survey.

Informed consent

Organisations must make it clear that employee or member participation in a Diversity Atlas survey is voluntary, and not mandatory. This should be stated in all email communications regarding the survey. Please note that making employees’ participation in a Diversity Atlas survey mandatory will be a violation of privacy laws in most countries, for example it will be a violation of the Australian Privacy Act 1988 (Cth), and would be a violation of the European Union’s General Data Protection Regulation (GDPR).  In jurisdictions wherein it may not be illegal to force participants to complete a survey, it remains a breach of contract and a breach of this code of conduct.

Information security

Members of your organisation tasked with administering a Diversity Atlas survey should maintain precautions to keep the results of a survey safe at all times, primarily by safeguarding against unauthorised access to the Diversity Atlas admin dashboard, which presents the results of your organisation’s survey. 

To this end, we recommend the use of a strong password controlling access to your organisation’s Diversity Atlas account. Do not write your password down anywhere and keep the number of people with access to the account to a minimum.

Customer Obligations:
  1. To read our Terms & Conditions, Code of Conduct and Privacy Policies, and to take your own measures in order to ensure the values as described, defined or inferred by these documents are also upheld within your organisation.
  2. To provide your own Code of Conduct and Privacy Policy in kind
  3. To appoint a Data Protection Officer, and provide contact details.
  4. To process personal data as instructed by Diversity Atlas in compliance with any or all data protection laws that may apply.
  5. To ensure the confidentiality of any personal data shared by your participants.
  6. To implement sufficient security measures to prevent the unlawful use of the personal data or its accessibility to unauthorized third parties.
  7. Not to share the personal data provided by participants with any third-parties without the specific advance approval of both participants and Diversity Atlas.
  8. Assist Diversity Atlas in responding to the requests and the rights of Data Subjects (participants / respondents).
  9. Upon request, provide information to Diversity Atlas about the measures implemented by your organisation to ensure the protection and privacy of any personal data.
  10. Upon request, provide information to Diversity Atlas about how your organisation processes any personal data produced by Diversity Atlas during the execution of the agreement.
  11. To agree in principle that you will join us in our greater mission to leverage Diversity Atlas to make your organisation a better, more inclusive and more culturally harmonious place.  Further, to agree that any actions taken counter to this premise will be considered a breach of contract.
Shared Responsibility

Data security (the managing and securing of any data generated or accessed by Diversity Atlas deployment) is a shared responsibility between Cultural Infusion (the provider of Diversity Atlas), the customer, and by extension, AWS cloud hosting. 

To quote AWS:

“In a shared control, AWS provides the requirements for the infrastructure and the customer must provide their own control implementation within their use of AWS services.”

In other words, the ‘hosts’ (AWS) provide the security for the product itself, but it is our responsibility as data processors and controllers to ensure that relevant privacy laws and this code of conduct are upheld.  

For more information, see:  AWS Shared Responsibility Model.