Privacy Policy

[ Hier klicken, um die deutsche Version anzuzeigen ]


This privacy policy outlines how we (Leapsome GmbH) record and use the personal data we collect from you or that your employer provides to use through your use of our website and our platform.


This Privacy Policy applies to Leapsome’s online platform (the “Service”), (the “Website”) and other interactions (e.g., customer service requests, etc.) you may have with Leapsome. If you do not agree with the terms, please do not access or use the Service, Website or any other aspect of Leapsome business.

In addition, a separate agreement governs delivery, access and use of the Service (the “Service Agreement”), including the processing of any personal data, messages or other content submitted through Service accounts (collectively, “Customer Data”). The organization that entered into the Service Agreement (“Customer”) controls their instance of the Service (their “Customer Account”) and any associated Customer Data. 

Information we collect

Leapsome may collect and receive Customer Data and other information and data (“Other Information”) in several ways in accordance to the General Data Protection Regulation (GDPR) of the EU:

  • Customer Data. Customers or individuals granted access to a Customer Account by a Customer (“Registered Users”) regularly submit Customer Data to Leapsome when using the Service. This information may include your name, age, email address, job title, department, level of seniority, as well as any opinions you provide to us about your performance in your role, or information regarding your employer or your colleagues.
  • Other Information. Leapsome also collects, generates and/or receives Other Information:
  1. Customer Account and User Account Information. To create or update a Customer Account, you or your employer (the Customer) supply Leapsome with an email address, name, password, and/or similar account details. In addition, Customers provide Leapsome (or its payment processors) with billing details such as credit card information, banking information and/or a billing address.
  2. Usage Information.
  • Service Metadata. When a Registered User interacts with the Service, metadata is generated that provides additional context about the way Registered Users work. For example, Leapsome logs the people, features and content you interact with.
  • Device information. Leapsome collects information about devices accessing the Service, including type of device, what operating system is used and device settings. Whether we collect some or all of this Other Information often depends on the type of device used and its settings.
  • Log data. When you use our Website or Service (even as a non-registered user) our servers automatically record information, including information that your browser sends whenever you visit a website. This log data may include your IP address, the address of the web page you visited before using the our website, your browser type and settings, the date and time of your use of our website, information about your browser configuration and plug-ins, language preferences, and cookie data. 
  1. Cookie Information. Leapsome uses persistent cookies and similar technologies in our Website and Service that help us collect Other Information. The Website and Service may also include cookies and similar tracking technologies of third parties, which may collect Other Information about you via the Website and Service and across other websites and online services. 
  2. Third Party Services. Customer can choose to permit Third Party Services for their Customer Account. Usually, Third Party Services are software that integrate with our Service (such as HRIS platforms or communication tools), and the Customer can permit its Registered Users to enable and disable these integrations for their Customer Account. Once enabled, the provider of a Third Party Service may share certain information with Leapsome. Registered Users should check the privacy settings and notices in these Third Party Services to understand what data may be disclosed to Leapsome. When a Third Party Service is enabled, Leapsome is authorized to connect and access Other Information made available to Leapsome in accordance with our agreement with the Third Party Provider. 
  3. Additional Information Provided to Leapsome. We receive Other Information when submitted to our Website or if you participate in an activity or event, apply for a job, request support, interact with our social media accounts or otherwise communicate with Leapsome.

Generally, no one is under a statutory or contractual obligation to provide any Customer Data or Other Information (collectively, “Information”). However, certain Information is collected automatically and, if some Information, such as Customer Account setup details, is not provided, we may be unable to provide the Service.

How we use information

Customer Data will be used by Leapsome in accordance with Customer’s instructions, including any applicable terms in the Service Agreement and Customer’s use of Service functionality, and as required by applicable law. Leapsome is a processor of Customer Data and Customer is the controller. A Customer may, for example, use the Service to grant and remove access to a Customer Account, assign roles and configure settings, access, modify, export, share and remove Customer Data and otherwise apply its policies to the Service.

Leapsome uses Other Information to pursue its legitimate interests in operating our Service, Website and business, according to Art. 6 Abs. 1 S. 1 lit. f GDPR. More specifically, Leapsome uses Other Information:

  • To provide, update, maintain and protect our Service, Website and business. This includes use of Other Information to support delivery of the Service under a Service Agreement, prevent or address service errors, security or technical issues, analyze and monitor usage, trends and other activities or at an Registered User’s request.
  • To communicate with you by responding to your requests, comments and questions. If you contact us, we may use your Other Information to respond.
  • To develop and provide feedback, review, survey, goal tracking, learning and productivity tools and additional features. Leapsome tries to make the Service as useful as possible for specific Customer Accounts and Registered Users. For example, we may improve learning functionality by using Other Information to help determine and rank the relevance of content to a Registered User, make Service suggestions based on historical use and predictive models, identify organizational trends and insights, to customize a Service experience or create new productivity features and products.
  • To send emails and other communications. We may send you service, technical and other administrative emails, messages and other types of communications (via Twilio for transactional emails and via Mailchimp for admin-only newsletters). We may also contact you to inform you about changes in our Service, our Service offerings, and important Service-related notices, such as security and fraud notices. These communications are considered part of the Service and you may not opt out of them. In addition, we sometimes send emails about new product features, promotional communications or other news about Leapsome. These are marketing messages so you can control whether you receive them.
  • For billing, account management and other administrative matters. Leapsome may need to contact you for invoicing, account management and similar reasons and we use account data to administer accounts and keep track of billing and payments.
  • To investigate and help prevent security issues and abuse.
  • As required by applicable law, legal process or regulation.

If Information is aggregated or de-identified so it is no longer reasonably associated with an identified or identifiable natural person, Leapsome may use it for any business purpose. To the extent Information is associated with an identified or identifiable natural person and is protected as personal data under applicable data protection law, it is referred to in this Privacy Policy as “Personal Data.”

How We Share And Disclose Information

This section describes how Leapsome may share and disclose Information. Customers determine their own policies and practices for the sharing and disclosure of Information, and Leapsome does not control how they or any other third parties choose to share or disclose Information.

  • Customer’s Instructions. Leapsome will solely share and disclose Customer Data in accordance with a Customer’s instructions, including any applicable terms in the Service Agreement and Customer’s use of Service functionality, and in compliance with applicable law and legal process.
  • Displaying the Service. When a Registered User submits Other Information, it may be displayed to other Registered Users in the same or connected Customer Account. For example, a Registered User’s name may be displayed with their Customer Account profile. 
  • Customer Access. Owners, administrators, Registered Users and other Customer representatives and personnel may be able to access, modify or restrict access to Other Information. This may include, for example, your employer using Service features to access or modify your profile details.
  • Third Party Service Providers and Partners. We may engage third party companies or individuals as service providers or business partners to process Other Information and support our business. These third parties may, for example, provide virtual computing and storage services. The current list of subcontractors is available by request to
  • Third Party Services. Customer may enable Third Party Services (such as an integration with communication tools like Slack or Gmail). When enabled, Leapsome may share Other Information with Third Party Services. Third Party Services are not owned or controlled by Leapsome and third parties that have been granted access to Other Information may have their own policies and practices for its collection and use. Please check the privacy settings and notices in these Third Party Services or contact the provider for any questions.
  • During a Change to Leapsome’s Business. If Leapsome engages in a merger, acquisition, bankruptcy, dissolution, reorganization, sale of some or all of Leapsome’s assets or stock, financing, public offering of securities, acquisition of all or a portion of our business, a similar transaction or proceeding, or steps in contemplation of such activities (e.g. due diligence), some or all Other Information may be shared or transferred, subject to standard confidentiality arrangements in accordance with applicable law.
  • Aggregated or De-identified Data. We may disclose or use aggregated or de-identified Other Information for any purpose. For example, we may share aggregated or de-identified Other Information with prospects or partners for business or research purposes, such as telling a prospective Leapsome customer the average amount of time spent within a typical Customer Account.
  • To Comply with Laws. If we receive a request for information, we may disclose Other Information if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process. 
  • To enforce our rights, prevent fraud, and for safety. To protect and defend the rights, property or safety of Leapsome or third parties, including enforcing contracts or policies, or in connection with investigating and preventing fraud or security issues.
  • With Consent. Leapsome may share Other Information with third parties when we have consent to do so.


Leapsome uses a technology called “cookies” to store session information. We use persistent cookies in order to ensure system security and to continuously improve our Service. A cookie is a small amount of data, which includes an anonymous unique identifier that is sent to your browser from our website’s computers and stored on your computer’s hard drive. Leapsome will set and access Leapsome’s cookies on your computer.  Persistent cookies will be deleted automatically from your computer after a predetermined period which can differ based on the cookie type. Cookies are required for the Service to function fully and reliably are stored on the basis of our legitimate interests in operating our Service, Website and business, according to Art. 6 (1) (f) GDPR.

Right of objection: You can decide yourself via your browser settings whether you want to allow cookies or object to the use of cookies. Please note that disabling cookies may result in restricted or completely disabled website functionality.

Google Analytics

Leapsome uses Google Analytics to collect information about visitors of its marketing website. Google Analytics, a web analysis service of Google Inc., (“Google”,  1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). Google Analytics stores cookies on your computer which allows to analyze the surfing patterns of visitors to a website. The information generated by the cookie about your use of this website (including your anonymized IP address) will be sent to a Google server in the United States and stored there. Google is Privacy Shield certified and thus ensures the European data protection law. 

Google will use this information to evaluate your use of the website, to compile reports on website activity for website operators and to report other website activity and internet-related services. If required by law, Google will pass along this information to third parties. Google will also pass along data to third parties for processing, provided this processing is done on behalf of Google. Under no circumstances shall Google connect your IP address with any other data held by Google. If you wish, you can adjust your browser settings so as to refuse cookies. Please keep in mind, however, that if you refuse all cookies, you will not necessarily have access to all functions of this website. By using this site, you consent to the processing of your data by Google as described above, for the aforementioned purpose.

Google Fonts

We use Google Fonts on our marketing website. This allows us to display fonts there. Google Fonts is a service of Google Inc. (1600 Amphitheatre Parkway, Mountain View, California, 94043). Integration of these web fonts into our website is done by accessing a server, usually a Google server in the United States. This may result in the following being transferred to that server and stored by Google:

  • Name and version of the browser used
  • Website that triggered the request (referrer URL)
  • Operating system of your computer
  • Screen resolution of your computer
  • IP address of the requesting computer
  • Language settings of the browser or operating system used by the user

For more information, see Google’s Privacy Policy, which you may access here.

The use of Google Fonts is intended to make it easier to read and view our website and achieve more pleasing graphic design, and is thus based on our legitimate interests under Art. 6 (1) (f) GDPR.

Google Adwords

We use Google AdWords on our marketing website, an online advertising program from Google Inc (1600 Amphitheatre Parkway, Mountain View, CA 94043, USA). As part of Google Adwords, we also use the conversion tracking feature. With this tool, Google AdWords sets a cookie on your client device when you visit our website via a Google ad. The cookie will expire after 30 days. The cookie does not create any personal traceability. If you visit our website as a user and the cookie is still working, we and Google will recognise that you clicked on the ad and were redirected to our site. Each Google AdWords customer is assigned a different cookie. Cookies are thus not traceable via the websites of the advertisers. The data obtained using conversion cookies is used to generate conversion statistics for AdWords customers. From these statistics, as an AdWords customer, we can see the total number of users who reacted to our ad and were redirected to a website with a conversion tracking tag. We do not receive any information by this process which could be used to personally identify you as a user. If you wish to decline the tracking process, you can disable the Google conversion tracking cookie via your internet browser. You can use the browser’s help function for more information. More details of Google’s Privacy Policy are available at

Google Audiences

On our marketing website we use the service "Google Audiences". The purpose of this service is the interest-based presentation of advertisements for users. This requires an analysis of the website's use, which is based on cookies. The cookies store anonymous or pseudonymized data in relation to the use of the website. There is no storage of personal data. If you visit other websites that also use these services, you will be presented with ads that match your previous interests. It is not excluded that your data will be transmitted to the United States. Google is Privacy Shield Certified.

The legal basis for the use of the service is Art. 6 I f DS-GVO - legitimate interest. Our legitimate interest in the use of this service is to target the users of the website purposefully with advertising. For more information, visit

If you want to stop this tracking, then you can use the following link.

Google Optimize

On our marketing website, we use Google Optimize, a web analytics service provided by Google LLC, 1600 Amphitheater Parkway Mountain View, California 94043, USA ("Google"). Google Optimize collects pseudonymous data from you about the use of our website, including your shortened IP address, and uses cookies. This data is transferred to a Google server in the USA and stored there. Google will use this information to evaluate your use of the website for us, to create reports on the use of our website and to generate further analyses and evaluations related to the use of our website and the internet. Google may also transfer this information to third parties if this is required by law or if third parties process this data on behalf of Google.There is no adequacy decision by the EU Commission for the USA. Therefore, with Google, we adhere to the standard data protection clauses approved by the EU Commission in accordance with Art. 46 Para. 2 lit. c GDPR.Your data remains stored with Google Optimize for a period of 14 months. After this period, the data will be deleted and only aggregated statistics will be kept.For more information about how Google uses your data, see Google's privacy policy.


Our marketing website uses the YouTube service to embed videos in the site. The operator of the necessary software for the necessary plug-ins is YouTube, LLC, 901 Cherry Ave., San Bruno, CA 94066, USA. When you visit a YouTube Embedded Videos page on the YouTube plug-in, you'll be connected to YouTube's servers. It tells YouTube which pages you visit, even if you don’t have a Youtube account. If you start a video, then the operator uses cookies, which collect data about the user behavior.

For more information on the privacy of "YouTube", see the privacy policy of the operator at:

Microsoft Advertising

Our marketing website uses the service “Microsoft Advertising”. Microsoft Advertising is a conversion and tracking service of the Microsoft Corporation, One Microsoft Way, Redmond, WA 98052-6399, USA.

Microsoft places cookies in the users’ devices that analyze the user behavior on our website. This presupposes that the user has reached our website through a Microsoft Advertising advertisement. This only serves to provide use with information on the total number of users who have clicked on this type of advertisement. In this process, no IP addresses are stored, and no personal information on our users’ identity is shared.

The legal basis for the use of this service is article 6 (1) f) GDPR – justified interest. Our justified interest in the use of this service derives from the fact that we must be able to analyze and optimize the use of our website. You can find further information in Microsoft’s data privacy statement in:
Microsoft is Privacy-Shield-certified:


On our marketing website we use HubSpot for our online marketing activities. HubSpot is a US based software company with a branch in Ireland. Contact: HubSpot, 2nd Floor 30 North Wall Quay, Dublin 1, Ireland, Phone: +353 1 5187500.

This is an integrated software solution that covers various aspects of our online marketing. These include:

Email marketing (newsletters and automated mailings, eg for the provision of downloads), social media publishing & reporting, reporting (eg traffic sources, access, etc. ...), contact management (eg user segmentation & CRM), landing pages and contact forms.

Our sign-in service allows visitors to our website to learn more about our company, download content, and provide their contact information and other demographic information. This information and the contents of our website are stored on servers of our software partner HubSpot. They can be used by us to connect with visitors to our website and to determine what services our company is interested in. All information we collect is subject to this Privacy Policy. We use all information collected solely to optimize our marketing activities.

The legal basis for the use of the services of HubSpot is Art. 6 I f DS-GVO - legitimate interest. Our legitimate interest in using this service is the optimization of our marketing efforts and the improvement of our service quality on the website.

HubSpot is sold under the terms of the "EU - US. Privacy Shield Frameworks "is certified and governed by the TRUSTe's Privacy Seal and" U.S. - Swiss Safe Harbor "Framework.


Our marketing website uses the "Facebook Custom Audiences" service. Facebook Custom Audiences is a service of Facebook Inc. (1601 S. California Avenue, Palo Alto, CA 94304, USA, hereinafter "Facebook"). This service allows us to engage users with interest-based advertising on the social network - Facebook.

To make this possible, we have implemented the Facebook remarketing tag on our website. This tag makes a direct connection to the Facebook servers when visiting the website. Facebook receives information about the pages that you have visited with us. Through Facebook, it then comes to a comparison with your Facebook user account. Next time you visit Facebook, you'll see personalized, interest-based ads - Facebook Ads.

The legal basis for the use of the service is Art. 6 I f DS-GVO - legitimate interest. Our legitimate interest in the use of this service is to target the users of the website purposefully with advertising. If you want to stop this tracking, then you can use the following link

Further information can be found in the privacy policy of Facebook: Facebook is Privacy Shield certified:


In our platform, we use the Customer Relationship Management (CRM) service of Zendesk Inc., 989 Market Street # 300, San Francisco, CA 94102, USA.

The legal basis for the use of this service is Art. 6 I f DS-GVO - legitimate interest. Our legitimate interest in the use of this service is to be able to answer user requests quickly and efficiently. Zendesk uses your data only to forward your inquiries to us. There is no disclosure to third parties.

To use Zendesk, you must provide at least one correct email address. The service can also be used pseudonymized. During the processing of service requests it may be necessary to collect further data (eg first name, last name, address, etc.). The use of Zendesk is optional. If you do not agree with Zendesk collecting your information, we will provide you with alternate contact options for submitting service requests by telephone or post.

For more information, see Zendesk's Privacy Policy.


On our marketing website, we use Retargeting Tool and LinkedIn Ireland Conversion Tracking, Wilton Plaza, Wilton Place, Dublin 2, Ireland ("LinkedIn"). For this purpose, our website integrates the LinkedIn Insight Tag, which enables LinkedIn to collect statistical, pseudonymous data about your visit and use of our website, and to provide us with aggregated statistics on this basis. As a rule, the following information is recorded, among other things:

  • LinkedIn User ID (Cookie ID)
  • IP address
  • Site visit metadata, such as browser type, visited website

In addition, this information is used to show you specific and relevant offers and recommendations, after you have informed yourself on the website about certain services, information and offers. The relevant information is stored in a cookie.

If you want to stop this tracking, then you can use the following link. For more information about data processing, see the LinkedIn privacy statement.


On our marketing website, we use Capterra for our online marketing activities. Capterra is operated by the company Capterra Inc., a software company with headquarters at Capterra Inc., 1201 Wilson Blvd, 9th Floor, Arlington, VA 22209, USA.
If you initiate a so-called conversion event on a Leapsome website (e.g. requesting a product demo), then Capterra will place cookies that will be required for purposes of marketing and analysis and will send the information to the servers of Capterra Inc. that a conversion event has taken place. No personal data is transferred to the company Capterra Inc.
The legal basis for the use of this service is article 6 (1) f) GDPR – justified interest. Our justified interest in the use of this service derives from the fact that we must be able to assess the profitability of our Capterra marketing campaigns and also to optimize the use of our website.
You can find further information in Capterra’s data privacy policy:


On our marketing website, we use Hotjar in order to better understand our users’ needs. Hotjar is a technology service that helps us better understand our users’ experience (e.g. how much time they spend on which pages, which links they choose to click, what users do and don’t like, etc.) and this enables us to build and maintain our website with user feedback. Hotjar uses cookies and other technologies to collect data on our users’ behavior and their devices. This includes a device's IP address (processed during your session and stored in a de-identified form), device screen size, device type (unique device identifiers), browser information, geographic location (country only), and the preferred language used to display our website. Hotjar stores this information on our behalf in a pseudonymized user profile. Hotjar is contractually forbidden to sell any of the data collected on our behalf.

For further details, please see the ‘about Hotjar’ section of Hotjar’s support site.


On this website we use the data service Clearbit. Clearbit is operated by Clearbit Inc, 90 Sheridan St, San Francisco, California, 94103, United States. Clearbit is a targeting service that helps us serve targeted ads and improve services for us and our website (such as lead generation) by adding company data to their database.

The following data may be collected and processed in the process:

  • IP address
  • Domain from form input
  • Advertising identifier
  • Timestamp
  • Session duration

The legal basis for the processing is your consent in accordance with Art. 6 (1) (a) GDPR. If you do not want Clearbit to collect and process the aforementioned data, you can refuse your consent or revoke it at any time with effect for the future here.

Cookies are set for processing by Clearbit after consent has been given. Further information on the cookies used can be found here. Further information on information security at Clearbit can be found here.

The personal data will be kept for as long as it is necessary to fulfill the purpose of the processing. The data will be deleted as soon as they are no longer required to achieve the purpose.


If you subscribe to our newsletter, we will save your email address and use it to send you the newsletter (single opt-in). Your email address will not be published or disclosed to third parties. To generate anonymized usage statistics, newsletters may include a tracking pixel.

  • Data collected: Email address, Name
  • Purpose: To send the requested newsletter.
  • Storage duration: The data are grds. stored only as long as it is necessary to achieve the purpose. For the newsletter, the data is stored as long as a newsletter is sent and you have not objected to the use of your data.
  • Legal basis: Art. 6 I a DSGVO - Consent
  • Cancellation: You can unsubscribe from our newsletter at any time via a link included in each issue. We will delete your email address from our distributor. Alternatively, you can unsubscribe from the newsletter at any time by email to

Demo Request

If you request an appointment for a web demo, we will use your information to contact you and to coordinate and arrange an appointment with you.

  • Data collected: Email address, Name, Telephone Number, Company
  • Purpose: Coordination and execution of the requested web demo as well as preparation and follow-up of the web demo.
  • Storage duration: The data are stored only as long as it is necessary to achieve the purpose. The data are stored as long as necessary to prepare, post-process and perform the appointment.
  • Legal basis: Art. 6 I f DSGVO

Content Download

In order to make our downloadable content available to you, we collect personal data from you. In the following we clarify about this data.

  • Data collected: Email address, Name, Company
  • Purpose: Personalized delivery of the requested content and subsequent information (such as news on related topics).
  • Storage duration: The data are stored only as long as it is necessary to achieve the purpose. 
  • Legal basis: Art. 6 I b DS-GVO

Applicant data

If you follow the links to our careers / job page via the different navigation menus, you will be redirected to JOIN, an independent applicant tracking system which will process your data based on their privacy policy.

International data transfers

Other Information that we collect from you may be transferred to, processed and stored at, a destination outside the European Economic Area ("EEA") where required to support certain features of the Service and/or to fulfill obligations in the Service Agreement. We will only transfer your personal data outside the EEA in compliance with the GDPR (Art. 44). We will take all steps reasonably necessary to ensure that your personal data is treated securely and in accordance with this privacy policy. 

Retaining your information

Leapsome will retain Customer Data in accordance with a Customer’s instructions, including any applicable terms in the Service Agreement and Customer’s use of Service functionality, and as required by applicable law. Leapsome may retain Other Information pertaining to you for as long as necessary for the purposes described in this Privacy Policy. This may include keeping your Other Information after you have deactivated your account for the period of time needed for Leapsome to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.


Where we have given you a username, password and/or security information which enables you to access particular features of the Service, you are responsible for keeping these access credentials confidential. You must not share these details with anyone, or store them in a way that may allow a third party to access them.

Leapsome takes all appropriate technical and administrative security measures to protect your personal data from loss and misuse. Your data is stored in a secure operating environment, which is not publicly accessible. Your personal data is encrypted when transferred using Secure Socket Layer (SSL) technology. This means that communication between your computer and our servers uses a recognized encryption method, provided your browser supports SSL. You can read more about our security measures at

Age Limitations

To the extent prohibited by applicable law, Leapsome does not allow use of our Service and Website by anyone younger than 16 years old. If you learn that anyone younger than 16 has unlawfully provided us with personal data, please contact us and we will takes steps to delete such information.

Your Rights

You shall have the following rights with regards to your personal information:

Right of access 

In accordance with Art. 15 GDPR, you shall have the right to request information about your personal data being processed by us. This right of access includes the following information:

  • the purposes of the processing;
  • the categories of the personal data concerned;
  • the recipients or categories of recipient to whom the personal data have been or will be disclosed;
  • the envisaged data storage period, or at least the criteria used to determine that period;
  • the existence of the right to rectification, erasure, restriction of processing or objection;
  • the right to lodge a complaint with a supervisory authority;
  • where the personal data are not collected from the data subject, any available information as to their source;
  • the existence of automated decision-making, including profiling, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing.

Right to rectification

In accordance with Art. 16 GDPR, you shall have the right to request the prompt rectification of inaccurate or incomplete personal data stored by us.

Right to erasure

In accordance with Art. 17 GDPR, you shall have the right to request prompt erasure of your personal data stored by us, unless further processing is required for one of the following reasons:

  • for exercising the right of freedom of expression and information;
  • for compliance with a legal obligation which requires processing by Union or Member State law to which the controller is subject or for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • for reasons of public interest in the area of public health in accordance with points (h) and (i) of Art. 9 (2) as well as Art. 9 (3) GDPR;
  • for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Art. 89 (1) GDPR in so far as the right referred to in paragraph 1 is likely to render impossible or seriously impair the achievement of the objectives of that processing; or
  • for the establishment, exercise or defense of legal claims.

Right to restriction of processing

In accordance with Art. 18 GDPR, you shall have the right to obtain the restriction of processing where one of the following applies:

  • you contest the accuracy of your personal data;
  • the processing is unlawful and you oppose the erasure of your personal data and request the restriction of their use instead;
  • we no longer require the personal data for the purposes of the processing, but you require them for the establishment, exercise or defense of legal claims;
  • you have objected to processing pursuant to Art. 21 (1) GDPR pending the verification whether the legitimate grounds of the controller override those of the data subject.

Notification obligation

In accordance with Art. 19 GDPR, we will notify all recipients to whom your personal data have been disclosed, if you have requested rectification or erasure of your personal data or restriction of processing in accordance with Art. 16, Art. 17 (1) and Art. 18 GDPR, unless this proves impossible or involves disproportionate effort. You may request that we inform you about those recipients.

Right to data portability

In accordance with Art. 20 GDPR, you shall have the right to receive your personal data which you have provided to us, in a structured, commonly used and machine-readable format.

You shall also have the right to request the transfer of these data to a third party, provided that processing was carried out by automated means and based on your consent pursuant to Art. 6 (1) (a) or Art. 9 (2) (a) or for the performance of a contract pursuant to Art. 6 (1) (b) GDPR.

Right to withdraw consent

In accordance with Art. 7 (3) GDPR, you shall have the right at any time to withdraw consent previously granted to us by you. The withdrawal of consent shall not affect the lawfulness of processing carried out based on that consent before its withdrawal.

We may carry out no further processing based on the withdrawal of your consent.

Right to lodge a complaint

In accordance with Art. 77 GDPR, you shall have the right to lodge a complaint with a supervisory authority if you believe that the processing of your personal data is contrary to the GDPR.

Right to object

In accordance with Art. 21 GDPR, you shall have the right to object at any time object to the processing of your personal data on grounds relating to your particular situation, or if you object to processing for direct marketing purposes. In the latter case, you shall have a general right of objection which we shall implement without the need for your particular situation to be specified. You may exercise your right to object or to withdraw consent simply by sending an email to .

Automatic individual decision-making, including profiling

In accordance with Art. 22 GDPR, you shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you. This right shall not apply if the decision:

  1. is necessary for entering into, or performance of, a contract between you and us;
  2. is authorized by Union or Member State law to which we are subject and which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests; or
  3. is based on your explicit consent.

In the cases referred to in A. and C., we shall implement suitable measures to safeguard your rights and freedoms and legitimate interests, including at least the right to obtain human intervention on our part, to express your point of view, and to contest the decision.

However, such decisions shall not be based on special categories of personal data referred to in Art. 9 (1) GDPR, unless Art. 9 (2) (a) or (g) GDPR applies and suitable measures to safeguard your rights and freedoms and legitimate interests are in place.

Your rights detailed above can be exercised free of charge in accordance with applicable data protection laws. Please contact the Customer directly if you would like to exercise any of these rights (other than a change to your marketing preferences, which should be notified directly to us via email to or by clicking the corresponding link in any communication you receive).

Contacting Leapsome

Please also feel free to contact Leapsome if you have any questions about this Privacy Policy or Leapsome practices, or if you are seeking to exercise any of your statutory rights. Please contact the data protection responsible at via Please note that we will save your contact information if you get in touch with us to be able to answer your request. This data will be deleted automatically 60 days after the last contact. Contact the Customer if you wish to request the removal of Personal Data under their control.

Changes to this Privacy Policy

Leapsome may update this Privacy Policy and will notify Customers and Registered Users regarding any significant changes in the way we treat Personal Data via email. If you disagree with the changes to this Privacy Policy, you should deactivate your Service account.

Click here to change your Privacy Settings