Leapsome GmbH, Rheinsberger Str. 76/77, 10115 Berlin
Last updated in April 2018
In addition, a separate agreement governs delivery, access and use of the Service (the “Service Agreement”), including the processing of any personal data, messages or other content submitted through Service accounts (collectively, “Customer Data”). The organization that entered into the Service Agreement (“Customer”) controls their instance of the Service (their “Customer Account”) and any associated Customer Data.
Leapsome may collect and receive Customer Data and other information and data (“Other Information”) in several ways in accordance to the General Data Protection Regulation (GDPR) of the EU:
Generally, no one is under a statutory or contractual obligation to provide any Customer Data or Other Information (collectively, “Information”). However, certain Information is collected automatically and, if some Information, such as Customer Account setup details, is not provided, we may be unable to provide the Service.
Customer Data will be used by Leapsome in accordance with Customer’s instructions, including any applicable terms in the Service Agreement and Customer’s use of Service functionality, and as required by applicable law. Leapsome is a processor of Customer Data and Customer is the controller. A Customer may, for example, use the Service to grant and remove access to a Customer Account, assign roles and configure settings, access, modify, export, share and remove Customer Data and otherwise apply its policies to the Service.
Leapsome uses Other Information to pursue its legitimate interests in operating our Service, Website and business, according to Art. 6 Abs. 1 S. 1 lit. f GDPR. More specifically, Leapsome uses Other Information:
This section describes how Leapsome may share and disclose Information. Customers determine their own policies and practices for the sharing and disclosure of Information, and Leapsome does not control how they or any other third parties choose to share or disclose Information.
We use Google Fonts on our website. This allows us to display fonts there. Google Fonts is a service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, California, 94043). Integration of these web fonts into our website is done by accessing a server, usually a Google server in the United States. This may result in the following being transferred to that server and stored by Google:
The use of Google Fonts is intended to make it easier to read and view our website and achieve more pleasing graphic design, and is thus based on our legitimate interests under Art. 6 (1) (f) GDPR.
On this website we use HubSpot for our online marketing activities. HubSpot is a US based software company with a branch in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500.
This is an integrated software solution that covers various aspects of our online marketing. These include:
E-mail marketing (newsletters and automated mailings, eg for the provision of downloads), social media publishing & reporting, reporting (eg traffic sources, access, etc. ...), contact management (eg user segmentation & CRM), landing pages and contact forms.
The legal basis for the use of the services of Hubspot is Art. 6 I f DS-GVO - legitimate interest. Our legitimate interest in using this service is the optimization of our marketing efforts and the improvement of our service quality on the website.
HubSpot is sold under the terms of the "EU - US. Privacy Shield Frameworks "is certified and governed by the TRUSTe's Privacy Seal and" U.S. - Swiss Safe Harbor "Framework.
This website uses the "Facebook Custom Audiences" service. Facebook Custom Audiences is a service of Facebook Inc. (1601 S. California Avenue, Palo Alto, CA 94304, USA, hereinafter "Facebook"). This service allows us to engage users with interest-based advertising on the social network - Facebook.
To make this possible, we have implemented the Facebook remarketing tag on our website. This tag makes a direct connection to the Facebook servers when visiting the website. Facebook receives information about the pages that you have visited with us. Through Facebook, it then comes to a comparison with your Facebook user account. Next time you visit Facebook, you'll see personalized, interest-based ads - Facebook Ads.
The legal basis for the use of the service is Art. 6 I f DS-GVO - legitimate interest. Our legitimate interest in the use of this service is to target the users of the website purposefully with advertising.
Facebook is Privacy Shield certified: https://m.facebook.com/about/privacyshield
On this website, we use the Customer Relationship Management (CRM) service of Zendesk Inc., 989 Market Street # 300, San Francisco, CA 94102, USA.
The legal basis for the use of this service is Art. 6 I f DS-GVO - legitimate interest. Our legitimate interest in the use of this service is to be able to answer user requests quickly and efficiently.
Zendesk uses your data only to forward your inquiries to us. There is no disclosure to third parties.
To use Zendesk, you must provide at least one correct e-mail address. The service can also be used pseudonymized. During the processing of service requests it may be necessary to collect further data (eg first name, last name, address, etc.).
The use of Zendesk is optional. If you do not agree with Zendesk collecting your information, we will provide you with alternate contact options for submitting service requests by telephone or post.
We will only send you a newsletter if you have ordered this from us and provided your consent in accordance with Art. 6 (1) (a) GDPR. The contents of the newsletter are specifically described during registration. To register for a newsletter, it is sufficient to give your e-mail address. If you choose to provide additional data, such as your name and/or sex, these will be used solely to personalise the newsletter we send you. If you no longer wish to receive the newsletter, you may withdraw your consent at any time with future effect. To do this, you can click on the unsubscribe link at the end of each newsletter, or send us an e-mail at the following e-mail address: email@example.com The withdrawal of consent does not affect the lawfulness of the processing, which is based on the consent before the withdrawal.
Where we have given you a username, password and/or security information which enables you to access particular features of the Service, you are responsible for keeping these access credentials confidential. You must not share these details with anyone, or store them in a way that may allow a third party to access them.
Leapsome takes all appropriate technical and administrative security measures to protect your personal data from loss and misuse. Your data is stored in a secure operating environment, which is not publicly accessible. Your personal data is encrypted when transferred using Secure Socket Layer (SSL) technology. This means that communication between your computer and our servers uses a recognized encryption method, provided your browser supports SSL. You can read more about our security measures at https://www.leapsome.com/security.
To the extent prohibited by applicable law, Leapsome does not allow use of our Service and Website by anyone younger than 16 years old. If you learn that anyone younger than 16 has unlawfully provided us with personal data, please contact us and we will takes steps to delete such information.
You shall have the following rights with regards to your personal information:
Right of access
In accordance with Art. 15 GDPR, you shall have the right to request information about your personal data being processed by us. This right of access includes the following information:
Right to rectification
In accordance with Art. 16 GDPR, you shall have the right to request the prompt rectification of inaccurate or incomplete personal data stored by us.
Right to erasure
In accordance with Art. 17 GDPR, you shall have the right to request prompt erasure of your personal data stored by us, unless further processing is required for one of the following reasons:
Right to restriction of processing
In accordance with Art. 18 GDPR, you shall have the right to obtain the restriction of processing where one of the following applies:
In accordance with Art. 19 GDPR, we will notify all recipients to whom your personal data have been disclosed, if you have requested rectification or erasure of your personal data or restriction of processing in accordance with Art. 16, Art. 17 (1) and Art. 18 GDPR, unless this proves impossible or involves disproportionate effort. You may request that we inform you about those recipients.
Right to data portability
In accordance with Art. 20 GDPR, you shall have the right to receive your personal data which you have provided to us, in a structured, commonly used and machine-readable format.
You shall also have the right to request the transfer of these data to a third party, provided that processing was carried out by automated means and based on your consent pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) or for the performance of a contract pursuant to Art. 6 (1) (b) GDPR.
Right to withdraw consent
In accordance with Art. 7 (3) GDPR, you shall have the right at any time to withdraw consent previously granted to us by you. The withdrawal of consent shall not affect the lawfulness of processing carried out based on that consent before its withdrawal.
We may carry out no further processing based on the withdrawal of your consent.
Right to lodge a complaint
In accordance with Art. 77 GDPR, you shall have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data is contrary to the GDPR.
Right to object
In accordance with Art. 21 GDPR, you shall have the right to object at any time object to the processing of your personal data on grounds relating to your particular situation, or if you object to processing for direct marketing purposes. In the latter case, you shall have a general right of objection which we shall implement without the need for your particular situation to be specified. You may exercise your right to object or to withdraw consent simply by sending an e-mail to firstname.lastname@example.org .
Automatic individual decision-making, including profiling
In accordance with Art. 22 GDPR, you shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This right shall not apply if the decision:
In the cases referred to in A. and C., we shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on our part, to express your point of view, and to contest the decision.
However, such decisions shall not be based on special categories of personal data referred to in Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.
Your rights detailed above can be exercised free of charge in accordance with applicable data protection laws. Please contact the Customer directly if you would like to exercise any of these rights (other than a change to your marketing preferences, which should be notified directly to us via email to email@example.com or by clicking the corresponding link in any communication you receive).
Save time with automated 360s and employee-centric performance reviews
Align your company around objectives and key results or SMART goals
Run anonymous pulse surveys to understand your employees and make better decisions
Enable continuous feedback and praise to boost employee learning
Provide guidance for better meetings between managers and employees
Integrate Leapsome with your favorite tools: Personio, BambooHR, Slack+ more