Loading...

Privacy Policy


Leapsome GmbH, Rheinsberger Str. 76/77, 10115 Berlin
Last updated in April 2018

Introduction

This privacy policy outlines how we (Leapsome GmbH) record and use the personal data we collect from you or that your employer provides to use through your use of our website and our platform.

Applicability

This Privacy Policy applies to Leapsome’s online platform (the “Service”), Leapsome.com (the “Website”) and other interactions (e.g., customer service requests, etc.) you may have with Leapsome. If you do not agree with the terms, please do not access or use the Service, Website or any other aspect of Leapsome business.

In addition, a separate agreement governs delivery, access and use of the Service (the “Service Agreement”), including the processing of any personal data, messages or other content submitted through Service accounts (collectively, “Customer Data”). The organization that entered into the Service Agreement (“Customer”) controls their instance of the Service (their “Customer Account”) and any associated Customer Data.

Information we collect

Leapsome may collect and receive Customer Data and other information and data (“Other Information”) in several ways in accordance to the General Data Protection Regulation (GDPR) of the EU:

  • Customer Data. Customers or individuals granted access to a Customer Account by a Customer (“Registered Users”) regularly submit Customer Data to Leapsome when using the Service. This information may include your name, age, email address, job title, department, level of seniority, as well as any opinions you provide to us about your performance in your role, or information regarding your employer or your colleagues.
  • Other Information. Leapsome also collects, generates and/or receives Other Information:
  1. Customer Account and User Account Information. To create or update a Customer Account, you or your employer (the Customer) supply Leapsome with an email address, name, password, and/or similar account details. In addition, Customers provide Leapsome (or its payment processors) with billing details such as credit card information, banking information and/or a billing address.
  2. Usage Information.
  • Service Metadata. When a Registered User interacts with the Service, metadata is generated that provides additional context about the way Registered Users work. For example, Leapsome logs the people, features and content you interact with.
  • Device information. Leapsome collects information about devices accessing the Service, including type of device, what operating system is used and device settings. Whether we collect some or all of this Other Information often depends on the type of device used and its settings.
  • Log data. When you use our Website or Service our servers automatically record information, including information that your browser sends whenever you visit a website. This log data may include your IP address, the address of the web page you visited before using the our website, your browser type and settings, the date and time of your use of our website, information about your browser configuration and plug-ins, language preferences, and cookie data.
  1. Cookie Information. Leapsome uses cookies and similar technologies in our Website and Service that help us collect Other Information. The Website and Service may also include cookies and similar tracking technologies of third parties, which may collect Other Information about you via the Website and Service and across other websites and online services.
  2. Third Party Services. Customer can choose to permit Third Party Services for their Customer Account. Usually, Third Party Services are software that integrate with our Service (such as HRIS platforms or communication tools), and the Customer can permit its Registered Users to enable and disable these integrations for their Customer Account. Once enabled, the provider of a Third Party Service may share certain information with Leapsome. Registered Users should check the privacy settings and notices in these Third Party Services to understand what data may be disclosed to Leapsome. When a Third Party Service is enabled, Leapsome is authorized to connect and access Other Information made available to Leapsome in accordance with our agreement with the Third Party Provider.
  3. Additional Information Provided to Leapsome. We receive Other Information when submitted to our Website or if you participate in an activity or event, apply for a job, request support, interact with our social media accounts or otherwise communicate with Leapsome.

Generally, no one is under a statutory or contractual obligation to provide any Customer Data or Other Information (collectively, “Information”). However, certain Information is collected automatically and, if some Information, such as Customer Account setup details, is not provided, we may be unable to provide the Service.

How we use information

Customer Data will be used by Leapsome in accordance with Customer’s instructions, including any applicable terms in the Service Agreement and Customer’s use of Service functionality, and as required by applicable law. Leapsome is a processor of Customer Data and Customer is the controller. A Customer may, for example, use the Service to grant and remove access to a Customer Account, assign roles and configure settings, access, modify, export, share and remove Customer Data and otherwise apply its policies to the Service.

Leapsome uses Other Information to pursue its legitimate interests in operating our Service, Website and business, according to Art. 6 Abs. 1 S. 1 lit. f GDPR. More specifically, Leapsome uses Other Information:

  • To provide, update, maintain and protect our Service, Website and business. This includes use of Other Information to support delivery of the Service under a Service Agreement, prevent or address service errors, security or technical issues, analyze and monitor usage, trends and other activities or at an Registered User’s request.
  • To communicate with you by responding to your requests, comments and questions. If you contact us, we may use your Other Information to respond.
  • To develop and provide feedback, review, survey, goal tracking, learning and productivity tools and additional features. Leapsome tries to make the Service as useful as possible for specific Customer Accounts and Registered Users. For example, we may improve learning functionality by using Other Information to help determine and rank the relevance of content to a Registered User, make Service suggestions based on historical use and predictive models, identify organizational trends and insights, to customize a Service experience or create new productivity features and products.
  • To send emails and other communications. We may send you service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform you about changes in our Service, our Service offerings, and important Service-related notices, such as security and fraud notices. These communications are considered part of the Service and you may not opt out of them. In addition, we sometimes send emails about new product features, promotional communications or other news about Leapsome. These are marketing messages so you can control whether you receive them.
  • For billing, account management and other administrative matters. Leapsome may need to contact you for invoicing, account management and similar reasons and we use account data to administer accounts and keep track of billing and payments.
  • To investigate and help prevent security issues and abuse.
  • As required by applicable law, legal process or regulation.

If Information is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person, Leapsome may use it for any business purpose. To the extent Information is associated with an identified or identifiable natural person and is protected as personal data under applicable data protection law, it is referred to in this Privacy Policy as “Personal Data.”

How We Share And Disclose Information

This section describes how Leapsome may share and disclose Information. Customers determine their own policies and practices for the sharing and disclosure of Information, and Leapsome does not control how they or any other third parties choose to share or disclose Information.

  • Customer’s Instructions. Leapsome will solely share and disclose Customer Data in accordance with a Customer’s instructions, including any applicable terms in the Service Agreement and Customer’s use of Service functionality, and in compliance with applicable law and legal process.
  • Displaying the Service. When a Registered User submits Other Information, it may be displayed to other Registered Users in the same or connected Customer Account. For example, a Registered User’s name may be displayed with their Customer Account profile.
  • Customer Access. Owners, administrators, Registered Users and other Customer representatives and personnel may be able to access, modify or restrict access to Other Information. This may include, for example, your employer using Service features to access or modify your profile details.
  • Third Party Service Providers and Partners. We may engage third party companies or individuals as service providers or business partners to process Other Information and support our business. These third parties may, for example, provide virtual computing and storage services, and may include
  • Amazon Web Services, Inc.
  • MongoDB, Inc. (formerly ObjectLabs, Inc.)
  • Google, Inc.
  • Zendesk, Inc.
  • Twilio, Inc. (formerly SendGrid, Inc.)
  • Rocket Science Group, LLC (Mailchimp)
  • Third Party Services. Customer may enable Third Party Services (such as an integration with communication tools like Slack or Gmail). When enabled, Leapsome may share Other Information with Third Party Services. Third Party Services are not owned or controlled by Leapsome and third parties that have been granted access to Other Information may have their own policies and practices for its collection and use. Please check the privacy settings and notices in these Third Party Services or contact the provider for any questions.
  • During a Change to Leapsome’s Business. If Leapsome engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Leapsome’s assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), some or all Other Information may be shared or transferred, subject to standard confidentiality arrangements in accordance with applicable law.
  • Aggregated or De-identified Data. We may disclose or use aggregated or de-identified Other Information for any purpose. For example, we may share aggregated or de-identified Other Information with prospects or partners for business or research purposes, such as telling a prospective Leapsome customer the average amount of time spent within a typical Customer Account.
  • To Comply with Laws. If we receive a request for information, we may disclose Other Information if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.
  • To enforce our rights, prevent fraud, and for safety. To protect and defend the rights, property or safety of Leapsome or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.
  • With Consent. Leapsome may share Other Information with third parties when we have consent to do so.

Cookies

Leapsome uses a technology called “cookies” to store session information. We use cookies in order to ensure system security and to continuously improve our Service. A cookie is a small amount of data, which includes an anonymous unique identifier that is sent to your browser from our website’s computers and stored on your computer’s hard drive. Leapsome will set and access Leapsome’s cookies on your computer. Cookies are required for the Service to function fully and reliably are stored on the basis of our legitimate interests in operating our Service, Website and business, according to Art. 6 (1) (f) GDPR.

Google Analytics

Leapsome uses Google Analytics to collect information about its visitors. Google Analytics, a web analysis service of Google Inc., (“Google”). Google Analytics stores cookies on your computer which allows to analyze the surfing patterns of visitors to a website. The information generated by the cookie about your use of this website (including your IP address) will be sent to a Google server in the United States and stored there. Google will use this information to evaluate your use of the website, to compile reports on website activity for website operators and to report other website activity and internet-related services. If required by law, Google will pass along this information to third parties. Google will also pass along data to third parties for processing, provided this processing is done on behalf of Google. Under no circumstances shall Google connect your IP address with any other data held by Google. If you wish, you can adjust your browser settings so as to refuse cookies. Please keep in mind, however, that if you refuse all cookies, you will not necessarily have access to all functions of this website. By using this site, you consent to the processing of your data by Google as described above, for the aforementioned purpose.

Google Fonts

We use Google Fonts on our website. This allows us to display fonts there. Google Fonts is a service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, California, 94043). Integration of these web fonts into our website is done by accessing a server, usually a Google server in the United States. This may result in the following being transferred to that server and stored by Google:

  • Name and version of the browser used
  • Website that triggered the request (referrer URL)
  • Operating system of your computer
  • Screen resolution of your computer
  • IP address of the requesting computer
  • Language settings of the browser or operating system used by the user

For more information, see Google’s Privacy Policy, which you may access here:
www.google.com/fonts#AboutPlace:about
www.google.com/policies/privacy/

The use of Google Fonts is intended to make it easier to read and view our website and achieve more pleasing graphic design, and is thus based on our legitimate interests under Art. 6 (1) (f) GDPR.

Google Adwords

We use Google AdWords on our website, an online advertising program from Google Inc. As part of Google Adwords, we also use the conversion tracking feature. With this tool, Google AdWords sets a cookie on your client device when you visit our website via a Google ad. The cookie will expire after 30 days. The cookie does not create any personal traceability. If you visit our website as a user and the cookie is still working, we and Google will recognise that you clicked on the ad and were redirected to our site. Each Google AdWords customer is assigned a different cookie. Cookies are thus not traceable via the websites of the advertisers. The data obtained using conversion cookies is used to generate conversion statistics for AdWords customers. From these statistics, as an AdWords customer, we can see the total number of users who reacted to our ad and were redirected to a website with a conversion tracking tag. We do not receive any information by this process which could be used to personally identify you as a user. If you wish to decline the tracking process, you can disable the Google conversion tracking cookie via your internet browser. You can use the browser’s help function for more information. More details of Google’s Privacy Policy are available at http://www.google.de/policies/privacy/.

Newsletter

We will only send you a newsletter if you have ordered this from us and provided your consent in accordance with Art. 6 (1) (a) GDPR. The contents of the newsletter are specifically described during registration. To register for a newsletter, it is sufficient to give your e-mail address. If you choose to provide additional data, such as your name and/or sex, these will be used solely to personalise the newsletter we send you. If you no longer wish to receive the newsletter, you may withdraw your consent at any time with future effect. To do this, you can click on the unsubscribe link at the end of each newsletter, or send us an e-mail at the following e-mail address: support@leapsome.com The withdrawal of consent does not affect the lawfulness of the processing, which is based on the consent before the withdrawal.

International data transfers

Other Information that we collect from you may be transferred to, processed and stored at, a destination outside the European Economic Area ("EEA") where required to support certain features of the Service and/or to fulfil obligations in the Service Agreement. We will only transfer your personal data outside the EEA in compliance with the GDPR (Art. 44). We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this privacy policy.

Retaining your information

Leapsome will retain Customer Data in accordance with a Customer’s instructions, including any applicable terms in the Service Agreement and Customer’s use of Service functionality, and as required by applicable law. Leapsome may retain Other Information pertaining to you for as long as necessary for the purposes described in this Privacy Policy. This may include keeping your Other Information after you have deactivated your account for the period of time needed for Leapsome to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.

Security

Where we have given you a username, password and/or security information which enables you to access particular features of the Service, you are responsible for keeping these access credentials confidential. You must not share these details with anyone, or store them in a way that may allow a third party to access them.

Leapsome takes all appropriate technical and administrative security measures to protect your personal data from loss and misuse. Your data is stored in a secure operating environment, which is not publicly accessible. Your personal data is encrypted when transferred using Secure Socket Layer (SSL) technology. This means that communication between your computer and our servers uses a recognized encryption method, provided your browser supports SSL. You can read more about our security measures at https://www.leapsome.com/security.

Age Limitations

To the extent prohibited by applicable law, Leapsome does not allow use of our Service and Website by anyone younger than 16 years old. If you learn that anyone younger than 16 has unlawfully provided us with personal data, please contact us and we will takes steps to delete such information.

Your Rights

You shall have the following rights with regards to your personal information:

Right of access

In accordance with Art. 15 GDPR, you shall have the right to request information about your personal data being processed by us. This right of access includes the following information:

  • the purposes of the processing;
  • the categories of the personal data concerned;
  • the recipients or categories of recipient to whom the personal data have been or will be disclosed;
  • the envisaged data storage period, or at least the criteria used to determine that period;
  • the existence of the right to rectification, erasure, restriction of processing or objection;
  • the right to lodge a complaint with a supervisory authority;
  • where the personal data are not collected from the data subject, any available information as to their source;
  • the existence of automated decision-making, including profiling, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing.

Right to rectification

In accordance with Art. 16 GDPR, you shall have the right to request the prompt rectification of inaccurate or incomplete personal data stored by us.

Right to erasure

In accordance with Art. 17 GDPR, you shall have the right to request prompt erasure of your personal data stored by us, unless further processing is required for one of the following reasons:

  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the area of public health in accordance with points (h) and (i) of Art. 9 (2) as well as Art. 9 (3) GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  • for the establishment, exercise or defence of legal claims.

Right to restriction of processing

In accordance with Art. 18 GDPR, you shall have the right to obtain the restriction of processing where one of the following applies:

  • you contest the accuracy of your personal data;
  • the processing is unlawful and you oppose the erasure of your personal data and request the restriction of their use instead;
  • we no longer require the personal data for the purposes of the processing, but you require them for the establishment, exercise or defence of legal claims;
  • you have objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

Notification obligation

In accordance with Art. 19 GDPR, we will notify all recipients to whom your personal data have been disclosed, if you have requested rectification or erasure of your personal data or restriction of processing in accordance with Art. 16, Art. 17 (1) and Art. 18 GDPR, unless this proves impossible or involves disproportionate effort. You may request that we inform you about those recipients.

Right to data portability

In accordance with Art. 20 GDPR, you shall have the right to receive your personal data which you have provided to us, in a structured, commonly used and machine-readable format.

You shall also have the right to request the transfer of these data to a third party, provided that processing was carried out by automated means and based on your consent pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) or for the performance of a contract pursuant to Art. 6 (1) (b) GDPR.

Right to withdraw consent

In accordance with Art. 7 (3) GDPR, you shall have the right at any time to withdraw consent previously granted to us by you. The withdrawal of consent shall not affect the lawfulness of processing carried out based on that consent before its withdrawal.

We may carry out no further processing based on the withdrawal of your consent.

Right to lodge a complaint

In accordance with Art. 77 GDPR, you shall have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data is contrary to the GDPR.

Right to object

In accordance with Art. 21 GDPR, you shall have the right to object at any time object to the processing of your personal data on grounds relating to your particular situation, or if you object to processing for direct marketing purposes. In the latter case, you shall have a general right of objection which we shall implement without the need for your particular situation to be specified. You may exercise your right to object or to withdraw consent simply by sending an e-mail to support@leapsome.com .

Automatic individual decision-making, including profiling

In accordance with Art. 22 GDPR, you shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This right shall not apply if the decision:

  1. is necessary for entering into, or performance of, a contract between you and us;
  2. is authorised by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
  3. is based on your explicit consent.

In the cases referred to in A. and C., we shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on our part, to express your point of view, and to contest the decision.

However, such decisions shall not be based on special categories of personal data referred to in Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

Your rights detailed above can be exercised free of charge in accordance with applicable data protection laws. Please contact the Customer directly if you would like to exercise any of these rights (other than a change to your marketing preferences, which should be notified directly to us via email to support@leapsome.com or by clicking the corresponding link in any communication you receive).

Contacting Leapsome

Please also feel free to contact Leapsome if you have any questions about this Privacy Policy or Leapsome practices, or if you are seeking to exercise any of your statutory rights. Please contact us at our mail address or via support@leapsome.com. Contact the Customer if you wish to request the removal of Personal Data under their control.

Changes To This Privacy Policy

Leapsome may update this Privacy Policy and will notify Customers and Registered Users regarding any significant changes in the way we treat Personal Data via email. If you disagree with the changes to this Privacy Policy, you should deactivate your Service account.


The best places to work use Leapsome
Completely modular + Multi-language

A modular platform that got you covered

360° Performance Reviews

Save time with automated 360s and employee-centric performance reviews

SMART goals & OKRs

Align your company around objectives and key results or SMART goals

Engagement Surveys

Run anonymous pulse surveys to understand your employees and make better decisions

Continuous Feedback

Enable continuous feedback and praise  to boost employee learning

1:1 Meetings

Provide guidance for better meetings between managers and employees

Integrations

Integrate Leapsome with your favorite tools: Personio, BambooHR, Slack+ more