Privacy Statement

1. Introduction and scope

Protecting your personal data is very important to us at Leapsome.

This privacy statement explains how we collect and use your data when you visit our website or interact with us via social media channels. Additionally, you can find more information on the legal grounds that we process your data on, which recipients we disclose data to and regarding your respective rights and how you can exercise them.

This privacy statement applies exclusively to your use of the Leapsome website or if you interact with us via social media channels.

We may change this privacy statement at any time to comply with regulatory requirements or to adapt to changed internal processes. Therefore, we kindly ask you to check our privacy statement regularly.

2. General Information regarding Data Processing

2.1 Leapsome as Data Controller

The responsible controller for the processing of personal data on this website within the meaning of the EU General Data Protection Regulation (GDPR) is:

Leapsome GmbH ("we/us" or "Leapsome")
Brunnenstraße 153
10115 Berlin
privacy@leapsome.com

We are registered with the commercial register at the local court of Charlottenburg under HRB 187546 B, represented by the managing directors Kajetan von Armansperg and Jenny von Podewils.

We understand that our website may be visited by users all over the world, and that various national existing or future privacy regulations may be applicable now or in the future. It is our understanding that by complying with the GDPR - the so-called “privacy gold standard” – we will also comply with other national privacy regulations. If you wish to exercise any rights under a specific privacy regulation other than the GDPR, please specify such regulation, when contacting us.

2.2 Data Protection Officer

You can reach our appointed data protection officer:

by mail at:
Leapsome GmbH
-Data Protection Officer -
Brunnenstraße 153
10115 Berlin
Germany

or by e-mail at:privacy@leapsome.com

2.3 Your Rights

In accordance with the statutory provisions, you as the data subject have the following rights:

-the right to access,
-the right to rectification or erasure,
-the right to restriction of processing, and
-the right to data portability.

If you have provided us with your personal data on the basis of a consent, you could withdraw the consent at any time with effect for the future.

You may object to the processing of your personal data if your personal data is processed based on legitimate interests pursuant to Art. 6 sec. 1 lit. f GDPR insofar as there are reasons for this arising from your particular situation.

To exercise these rights named above you may contact us at any time, for example by sending an email to privacy@leapsome.com. You also have the right to lodge a complaint with a supervisory authority.

2.4 Processing of Data, Purpose, and Legal Basis

We process your personal data in accordance with the provisions of the EU General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

The legal basis for all our processing activities is based on Art. 6 sec. 1 GDPR. You will receive further information in the context of the presentation of the individual processing activities.

2.5 Storing and Deleting Data

The duration of the data storage depends on the respective data category and processing activity. If the storage period is not further specified, your personal data will be deleted as soon as the purpose or legal basis for storage ceases to apply. Personal data will not be deleted if storage is required by law and in the event of a possible legal dispute.

2.6 Data Security

For the best possible security of user data our service through the Website is provided via a secure SSL connection between your server and the browser. That means that the data shall be transferred in encrypted form.

2.7 Transfer to Service Providers

We use service providers for the provision of our offers. These service providers act only according to our instructions and are contractually obligated to comply with the provisions of Art. 28 GDPR.

2.8 Data Processing by Third Parties / Data Processing outside the EU

We may use third party service providers that process your data for the purposes named in this privacy statement. We process your personal data by using third party providers in the EU and the USA, whereas data protection standards applicable in the EU are ensured. For more information, please refer to our overview of processing activities below.

2.9 Profiling and Automated Decision Making

We do not use automated decision-making including profiling when processing data concerning our website.

3. Data Processing on our Website

3.1 Server Logs / Web Server Security

Nature and purpose of data processing:

We collect data on each visit to our website https://www.leapsome.com/ ("Website") (so-called Server log files), which include the name of the Website visited, the date and time of the visit, the data amount transferred, information on a successful call, the browser type and version, the user’s operating system, the referrer URL (the page visited before), the IP address and the requesting provider as well as the country code, language, name of device as well as name and version of the operating system, if a mobile end device is being used.

The collection and storage of server log files is necessary to ensure a trouble-free connection, usability, and functionality of our website and to evaluate the system safety and stability.

We also process your IP address to ensure that connections to our web server are not malicious.

Legal basis:

When personal data (such as the IP address) are stored, the legal basis for this is Art. 6 sec. 1 lit f. GDPR based on our legitimate interest in quality assurance and website security.

Recipients:

The recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Third Country Transfer:

Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreement with the service provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

Storage duration:

The server log files are automatically deleted after 6 months. Section 2.5 applies accordingly.

3.2 Newsletter

Nature and purpose of data processing:

When registering for our newsletter, you have to provide an email address. In our newsletter we inform you about our services and products described on our Website. We also store the IP address, the device name, the mail provider as well as the date of registration. We also analyze how users consume our newsletter.

Legal basis:

The data processing for sending and analyzing our newsletters as described above is based on your consent (Art. 6 sec. 1 lit. a GDPR).

Recipients:

The recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Transfer to Third countries:

Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreement with the service provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

Storage duration:

We will process your personal information until your consent is revoked. Section 2.5 applies accordingly.

Revocation of consent:

If you do not want to receive any newsletters by us in the future and/or wish to object to the analysis of your data, please use the "unsubscribe" link in each newsletter or send us an email to supper@leapsome.com.

3.3 Demo Request

Nature and purpose of data processing:

If you request an appointment for a web demo, you have to provide an email address and the number of employees in your company. We will use your information to contact you and to coordinate and arrange an appointment with you.

Legal basis:

The data processing as described above is based on your consent (Art. 6 sec. 1 lit. a GDPR).

Recipients:

The recipients of the data are service providers in the EU and the United States. As processors on behalf, the service providers are obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Transfer to third countries:

Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreements with the service providers include Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

Storage duration:

The data is stored only as long as it is necessary to achieve the purpose. This means it is stored as long as necessary to prepare, post-process and perform the appointment. Section 2.5 applies accordingly.

3.4 Content Download

Nature and purpose of data processing:

In order to make our downloadable content available to you, we collect personal data from you. You have to provide an email address, your name and the number of employees in your company. The purpose of the data processing is the personalized delivery of the requested content and subsequent information (such as news on related topics).

Legal basis:

The data processing as described above is based on your consent (Art. 6 sec. 1 lit. a GDPR).

Recipients:

The recipients of the data are service providers in the EU and the United States. As processors on behalf, the service providers are obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Transfer to third countries:

Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreements with the service providers include Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

Storage duration:

The data is stored only as long as it is necessary to achieve the purpose. Section 2.5 applies accordingly.

3.5 Contacting us (Chat or Email)

Nature and purpose of data processing:

If you send us an email or contact us via the chat function on our website, your email address and other information you provide are processed by us in order to provide you with an offer regarding our services or to work on your inquiry or to be able to contact you at a later time for follow-up questions.

Legal basis:

Depending on why you contact us your data is processed either only on the basis of our legitimate interest to offer efficient communications channels to the public (Art. 6 sec. 1 lit. f. GDPR), or on the basis of initiating or communicating under a new or an existing business relationship (legal basis Art. 6 sec. 1 lit. b. GDPR).

Recipients:

The recipient of the data is a service provider in the United States. As processor on behalf, the service provider is obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Transfer to third countries:

Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreement with the services provider includes Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

Storage duration:

Your personal data will be deleted as soon as the purpose or legal basis for storage ceases to apply. Personal data will not be deleted if storage is required by law and in the event of a possible legal dispute.

3.6 Sales Contacts

Nature and purpose of data processing:

When you schedule a demo, download content or contact us in other ways, we store the contact data provided in a structured form to organize our communications with you. Additionally, we may enrich contact data you provide to us with information available through publicly accessible sources or sources which disclose information based on their terms with you (e.g. networks such as LinkedIn).

Legal basis:

The data processing as described above is based on pre-contractual measures (Art. 6 sec. 1 lit. b GDPR) or on our legitimate interests in structuring and monitoring our sales process (Art. 6 sec. 1 lit. f GDPR).

Recipients:

The recipients of the data are service providers in the EU and the United States. As processors on behalf, the service providers are obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Transfer to third countries:

Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreements with the service providers include Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

Storage duration:

Your personal data will be deleted as soon as the purpose or legal basis for storage ceases to apply. Personal data will not be deleted if storage is required by law and in the event of a possible legal dispute.

3.7 Slack Community

Nature and purpose of data processing:

In order to apply for our Slack community, you have to provide an email address, your name, your LinkedIn Profile URL, your job title and the number of employees in your company.

Legal basis:

The data processing is based on your consent (Art. 6 sec. 1 lit. a GDPR).

Recipients:

The recipients of the data are service providers in the EU and the United States. As processors on behalf, the service providers are obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Transfer to third countries:

Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreements with the service providers include Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

Storage duration:

The data is stored for the duration of membership in the community. Users can delete their account at any time. Section 2.5 applies accordingly.

3.8 Refer a Friend

Nature and purpose of data processing:

In order to refer a friend and receive an invitation from our moderators, you have to provide an email address, your name, your friend’s email address and your friend’s name.

Legal basis:

The data processing is based on your consent (Art. 6 sec. 1 lit. a GDPR) or on the basis of initiating a or communicating under an existing business relationship (Art. 6 sec. 1 lit. b. GDPR).

Recipients:

The recipients of the data are service providers in the EU and the United States. As processors on behalf, the service providers are obliged to process the data only within the scope of our instructions set forth in a data processing agreement.

Transfer to third countries:

Adequate safeguards for the transfer of your data to countries outside of the EU/EAA are in place. The data processing agreements with the service providers include Standard Contractual Clauses approved by the EU Commission and adequate guarantees that data protection obligations will be met.

Storage duration:

The data is stored for the duration of the contract or deleted after revocation. Section 2.5 applies accordingly.

3.9 Website Analytics

Nature and purpose of data processing:

This website uses technology based on cookies that helps us better understand how the website is used. We do this by compiling reports about activity on the site that do not identify specific individuals. For this purpose, your IP address is transmitted to a service provider using analysis cookies. For further information, please refer to Section 4 below.

Legal basis:

The processing is carried out with your consent according to Art. 6 sec. 1 lit. a GDPR.

Recipients:

The recipients of the data are processors in the EU and the United States. For this purpose, we have concluded the necessary data processing agreement under which the service providers are obliged to process the data only in accordance with our instructions.

Storage duration:

The data will be deleted after one year.

For more information and ways to manage your consent please see Section 4 below about cookies.

3.10 Personalized Advertisement

Nature and purpose of data processing:

We use cookie-based technologies that help us deliver more effective and personalized advertising.This allows us to target visitors to our online offering for the display of advertising (so-called "targeted advertising"). In addition, we can track the effectiveness of our online advertising by seeing whether users were redirected to our website after clicking on such advertising (so-called "conversion tracking"). We may also use service providers to identify users who have visited our website as potential customers and recipients of advertising (so-called "retargeting").

Legal basis:

The processing is carried out with your consent according to Art. 6 sec. 1 lit. a GDPR.

Storage duration:

Your personal data will be deleted as soon as the purpose or legal basis for storage ceases to apply. Personal data will not be deleted if storage is required by law and in the event of a possible legal dispute.

4. Cookies

Our Website uses so-called cookies. Cookies do not cause any harm to your device and do not contain any viruses. Cookies serve the purpose of making our service more user-friendly, more effective, and safer. Cookies are small text files which are stored on your device and in your browser.

5. Data Processing on our Social Media Pages

We operate pages on the following social media channels:

Facebook
www.facebook.com or mobile app by Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA or Facebook Ireland Ltd., 4 Grand Canal Square, Dublin 2, Ireland, please refer to: https://www.facebook.com/policy.php

LinkedIn
www.linkedin.com or mobile app by LinkedIn Corporation, Legal Department - Privacy, 1000 W. Maude Ave, Sunnyvale, CA 94085, USA or LinkedIn Ireland Unlimited Company, Wilton Plaza, Wilton Place, Dublin 2, Ireland, please refer to: https://www.linkedin.com/legal/privacy-policy

Twitter
www.twitter.com or mobile app by Twitter Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103, USA, please refer to: https://twitter.com/en/privacy

When you visit our social media pages, data is processed both by us and by the responsible social media provider as the responsible party.

The respective provider of social media assumes the data protection obligations towards you as the user, such as information on data processing, and is the contact person for your rights. This follows from the fact that such a provider has direct access to the relevant information on the social media page and the processing of your data.

When using Facebook, LinkedIn or Twitter data may also be processed outside the EU.

5.1 Data Processing and Legal Basis

On our social media pages, we can communicate with you and provide you with interesting information. We may receive further data from you through your comments, shared images, messages, and reactions, which we then process to communicate with you. If you use social media on several end devices, a cross-device analysis of the data can take place.

Furthermore, the providers of social media pages may also use cookies and tracking technologies to analyze and improve their services.

Data processing takes place with your consent or for the purpose of answering your enquiry (Art. 6 sec. 1 lit. a, b GDPR) or on the basis of legitimate interests in improving the services and presentation to the outside world (Art. 6 sec. 1 lit. f GDPR).

Your personal data will be deleted as soon as the purpose or legal basis for storage ceases to apply. Personal data will not be deleted if storage is required by law and in the event of a possible legal dispute.

5.2 Facebook

Facebook and we use the Page Insights function to process statistical data from users of our Facebook pages (see also the agreement at: https://www.facebook.com/legal/terms/page_controller_addendum). This involves the processing of data in the form of so-called 'page insights', which are described in more detail at: https://www.facebook.com/legal/terms/information_about_page_insights_data.

Evaluations and statistics are generated in the form of page insights from the usage data of the Facebook pages, which support us in improving our marketing activities and our external presence. We may also learn about users and their behavior who interact with or use our Facebook Pages to display relevant content and develop features that may be of interest to them. These page statistics show us, for example, which people from certain target groups interact most with our Facebook Page or which content on the Facebook Page was visited, shared, or clicked when and how often. When classifying people into target groups, demographic data, or data about the location of a person is also included in order to place targeted advertisements with these people. If you use Facebook on several end devices, a cross-device analysis of the data can take place. The data collected in this way is statistically processed and usually anonymous, i.e. we cannot establish any reference to the individual person.

Information on these page insights and data processing can be found, for example, in Facebook's data protection statement at https://www.facebook.com/policy.php or at https://www.facebook.com/business/a/page/page-insights.

Facebook also uses cookies and storage technologies. More information can be found here: https://www.facebook.com/policies/cookies/

As a Facebook user, you can at any time influence how your user behavior is recorded when you visit Facebook pages. To do this, you can manage the settings for advertising preferences in your Facebook account or at: https://www.facebook.com/ads/preferences, or the Facebook settings in your account or at https://www.facebook.com/settings. Facebook also provides opportunities to contact or exercise rights at: https://www.facebook.com/help/contact/2061665240770586 or https://www.facebook.com/help/contact/308592359910928.

6. Changes to our privacy statement

We reserve the right to adapt this privacy statement so that it always complies with the current legal requirements or to implement changes to our services in the privacy statement, e.g., when introducing new services. The current data protection declaration applies to every visit of the website.

Version [V. 1.5], last updated January 17, 2024.