Privacy policy

PRIVACY POLICY

Information We Collect
 A. Information Related to your interaction with Leesman Services.
Registration and Contact Information
Technical, Usage and Location Information
Third Party Platform Information.
Other Information.
Legal Basis.

B. Customer Data

B.1. Definitions
‘Special Category data’
‘Sensitive data’
‘Personal data’

B.2. Which data do we collect
‘Special Category data’
‘Sensitive data’
‘Personal data’
*Demographics.

B.3. Processing of data
‘Special Category data’
‘Personal data’

B.4. Legal
Legal Basis
Sources of Information we collect from you
From other sources
From automatic collection

C. How long do we keep your Data for

How We Use the Information We Collect

Sharing Your Information with Third Parties

Other Access to or Disclosure of Your Information

Data Protection Rights
The right to access
The right to rectification
The right to erasure
The right to restrict processing
The right to object to processing
The right to data portability

Preferences
Communication Preferences
Blocking Cookies
How We Respond to Do Not Track Signals
Data Subject Rights

Accessing and Updating Your Personal Information

Security
Administrators
Children
Internet-based transfer

Changes to the Privacy Policy

GDPR statement
1. Lawfulness, fairness and transparency
3. Data minimisation
4. Accuracy
5. Storage limitation
6. Integrity and confidentiality
7. Accountability

Contact with us

Complaints

PRIVACY POLICY

If you are a visitor to Leesman , a recipient of Leesman communications, a customer of a Leesman Service then as set out below, this Privacy Policy applies to your use of such Leesman or any other of our Service. This Privacy Policy also applies to information we collect in certain offline settings where this Privacy Policy is posted.

If you are a visitor to or user of a third-party Leesman or service (“Third-Party Property”) that utilises any Leesman products, then any information you submit to such Third-Party Property (including via the Leesman product) is collected under the privacy policy of the owner of such Third-Party Property, and you should contact such owner with any related requests or inquiries you may have. If you have any inquiries about this Privacy Policy, please email us directly at [email protected]

At Leesman, we respect the privacy rights and data protection rights of our users and recognise the importance of protecting the personal information we collect about you. Our Privacy Policy is designed to help you understand what information we collect and how we use and share that information.

As used in this Privacy Policy, “Leesman’, “us” and “we” refers to Leesman Communication Technologies Ltd and its affiliates, including without limitation Leesman UK Company Limited. The “Leesman Services” means Leesman Analytics (including without limitation www.Leesman.io, http://www.Leesman.ie, http://www.Leesman.co.uk, http://www.Leesman.nz and any successor URLS, mobile or localised versions and related domains and subdomains), and the “Services” means Leesman’s products, applications and services, in each case in whatever format they may be offered now or in the future. The Leesman and Services are collectively referred to herein as the Leesman.

Information We Collect

A. Information Related to your interaction with Leesman Services.

Registration and Contact Information. We collect information about you when you (a) register to use the Services and (b) otherwise provide contact information to us via email, mail, or through our Leesman Services. This information you provide may include your username, first and last name in your email address, email address and mailing address .

Technical, Usage and Location Information. We automatically collect information on how you interact with the Leesman Services, such as the IP address from which you access the Leesman Services, date and time, information about your browser, operating system and computer or device, pages viewed and items clicked. We may also collect location information, including location information automatically provided by your computer or device. We use cookies and similar technologies to collect some of this information.

Third Party Platform Information. We may collect information when you interact with our advertisements and other content on third-party sites or platforms, such as social networking sites. This may include information such as “Likes”, profile information gathered from social networking sites or the fact that you viewed or interacted with our content.

Other Information. We may collect other information from you that is not specifically listed here. We may use any such information in accordance with this Privacy Policy or as otherwise permitted by you.

Legal Basis. Our Legitimate Interest. Leesman’s products work together to deliver end to end performance management of your people in the workplace. Leesman is ongoing tool to measure employee workplace experience. We consider your privacy and data protection rights when we pursue our legitimate interests and ensure that the way our Leesman work don’t impact on those rights.

B. Customer Data.

All information is anonymised to become part of the Leesman database.

B.1. Definitions

‘Special Category data’ is any data defined per Article 9 GDPR that reveals a subject’s information. Special category data is personal data that needs more protection because it is sensitive. If a breach happens, it could potentially put an individual privacy at risk.

  • Racial or ethnic origin
  • Political beliefs
  • Religious beliefs
  • Genetic or biometric data
  • Mental health or sexual health
  • Sexual orientation
  • Trade union membership

‘Sensitive data’ there are other types of sensitive data that still reveals a subject’s information but where we need to combine it with other forms of data to identify an individual. We anonymise data to prevent this even further. It includes (but is not limited to):

  • Gender
  • Date or place of birth
  • Postcode or a portion of the address

Depending on circumstances, it can fall under the special category or not. This means when sharing raw data, you should always treat this data carefully.

‘Personal data’ is defined by GDPR as any data that can be used to identify someone. It includes (but is not limited to) the following:

  • Name & Surname
  • Email
  • Location data
  • Home address
  • IP address

When combined, it clearly identifies an individual.

B.2. Which data do we collect

‘Special Category data’

  • Inclusive Workplace module, if chosen.
  • At your employee discretion, additional questions passed with other PII containing elements defined as above
    e.g. choosing your ethnicity, disabling conditions, etc.

‘Sensitive data’

  • Leesman Services: Gender question
  • At your employee discretion, additional questions passed with other PII containing elements defined as above

‘Personal data’

  • Leesman Survey: below aggregated demographics*
  • Leesman Inside: email address & below aggregated demographics
  • At your employee discretion, additional questions passed with other PII containing elements defined as above

*Demographics. You may submit various types of information and data into the Services for hosting and processing purposes (“Customer Data”). Depending on the registration type, Customer Data may include, without limitation:

  • First and last name
  • Email addresses
  • Gender
  • Department
  • Building location
  • Country of work
  • Job role
  • Time with organisation
  • Your use of Leesman Inside tags, scripts and other code implemented on such properties, and information contained in communications between you and People using the Services.

We will only use, disclose and otherwise process Customer Data for the purposes set forth in your agreement with us for the provisioning of the Services (“Customer Agreement”).

At your employee discretion, they may pass other PII.

B.3. Processing of data

‘Special Category data’

Based on UK GDPR Art.9, please select the purpose of processing such data:

  • the data subject has given explicit consent to the processing of those personal data for one or more specified purposes, except where Union or Member State law provide that the prohibition referred to in paragraph 1 may not be lifted by the data subject;
  • processing is necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment and social security and social protection law in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject;
  • processing is necessary to protect the vital interests of the data subject or of another natural person where the data subject is physically or legally incapable of giving consent;
  • processing is carried out in the course of its legitimate activities with appropriate safeguards by a foundation, association or any other not-for-profit body with a political, philosophical, religious or trade union aim and on condition that the processing relates solely to the members or to former members of the body or to persons who have regular contact with it in connection with its purposes and that the personal data are not disclosed outside that body without the consent of the data subjects;
  • processing relates to personal data which are manifestly made public by the data subject;
  • processing is necessary for the establishment, exercise or defence of legal claims or whenever courts are acting in their judicial capacity;
  • processing is necessary for reasons of substantial public interest, on the basis of Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject;
  • processing is necessary for the purposes of preventive or occupational medicine, for the assessment of the working capacity of the employee, medical diagnosis, the provision of health or social care or treatment or the management of health or social care systems and services on the basis of Union or Member State law or pursuant to contract with a health professional and subject to the conditions and safeguards referred to in paragraph 3;
  • processing is necessary for reasons of public interest in the area of public health, such as protecting against serious cross-border threats to health or ensuring high standards of quality and safety of health care and of medicinal products or medical devices, on the basis of Union or Member State law which provides for suitable and specific measures to safeguard the rights and freedoms of the data subject, in particular professional secrecy;
  • processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) based on Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.

‘Personal data’

Based on UK GDPR Art.6, please select the purpose of processing such data:

  • the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
  • processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
  • processing is necessary for compliance with a legal obligation to which the controller is subject;
  • processing is necessary in order to protect the vital interests of the data subject or of another natural person;
  • processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

B.4. Legal

Legal Basis. We process and store Customer Data to perform our Customer Agreement with you. Without this information, we wouldn’t be able to provide our Leesman to you. We also process Customer Data to pursue our legitimate interests by ensuring the smooth running of your Customer Agreement and to help your people better engage, communicate & perform in the workplace. We consider your privacy and data protection rights when we pursue our legitimate interests and ensure that the way Leesman work don’t impact on those rights.

Sources of Information we collect from you. You are the primary source of the personal information we collect, including the Registration and Contact Information and Customer Data that you provide us through the Leesman or otherwise. We do so in order to:

  • Respond to your query through [email protected]
  • Sign you up to our newsletter and bulletins when you request information
  • Facilitate the creation of and secure your Account on our network
  • Identify you as a user in our system
  • Provide improved administration of our Services
  • Provide the Services you request
  • Improve the quality of experience when you interact with our Site and Services
  • Market the services of our company

From other sources. We obtain personal information from other sources, such as:

  • Other users, who submit Customer Data of other People to us.
  • Third Party Platforms, such as our advertising partners and content on third-party sites or platforms, including social networks.
  • Third party data providers, including information services and data licensors, such as Full Contact.

From automatic collection. We and our service providers may automatically collect information about you, your computer or mobile device, and your activity over time on our sites and other sites and online services, as further described in the Technical, Usage, and Location Information described above and in our Cookie Policy.

C. How long do we keep your Data for

Leesman keeps email addresses for login purpose. Demographics are kept for user profile purpose.

All anonymised data forms part of the Leesman database – but through client data segregation we are able to remove client specific data upon written instruction from the client.

How We Use the Information We Collect

We use your information in the following ways:

  • To provide, maintain and improve the Leesman and our other products and services, including to operate certain features and functionality of the Leesman (for example, by remembering your information so that you will not have to re-enter it during this or subsequent visits);
  • To process your inquiries and otherwise deliver customer service;
  • To control unauthorised use or abuse of the Leesman and our other products and services, or otherwise detect, investigate or prevent activities that may violate our policies or be illegal;
  • To analyse trends, administer or optimize the Leesman Services, monitor usage or traffic patterns (including to track users’ movements around the Leesman Services) and gather demographic information about our user base as a whole;
  • To communicate directly with you, including by sending you newsletters, promotions and special offers or information about new products and services. Your opt-out options for promotional communications are described the section below entitled Your Controls and Choices; and
  • In the manner described to you at the time of collection or as otherwise described in this Privacy Policy.
  • Interest-based ads. We and our third-party advertising partners may use cookies and similar technologies to collect information about you (including the Technical, Usage and Location Information described above) over time across our Service and other sites and services and your interaction with our emails, and use that information to serve ads that they think will interest you. These ads are known as “interest-based advertisements>” You can learn more about the companies that help us serve interest-based ads in our Cookie Policy and your choices for limiting interest-based advertising in the section below entitled Limiting interest-based ads.

Sharing Your Information with Third Parties

AWS being our sub-processor, hosting our servers in Dublin, Ireland.
We do not share or transfer your personal information to third parties except in the following limited circumstances:

  • We may share your personal information when we have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce a Customer Agreement, including investigation of potential violations thereof, or (c) protect against imminent harm to our rights, property or safety, or that of our users or the public as required or permitted by law;
  • We may share your personal information with third parties (including our service providers and government entities) to detect, prevent, or otherwise address fraud or security or technical issues;
  • We may share your personal information with our business partners who offer a service to you jointly with us, for example when running a cross-promotion;
  • We may share and/or transfer your personal information if we become involved in a merger, acquisition, bankruptcy, or any form of sale of some or all of our assets;and
  • We may share your personal information with a third party if we have your consent to do so.
  • We may also share aggregated or anonymised information with third parties for other purposes. Such information does not identify you individually, but may include usage, viewing and technical information such as the types of Leesman our customers and users generally use, the configuration of their computers, and performance metrics related to the use of Leesman which we collected through our technology. If we are required under applicable law to treat such information as personal information, then we will only disclose it as described above. Otherwise we may disclose such information for any reason.

Other Access to or Disclosure of Your Information

This Privacy Policy applies solely to information collected by us. Even if the third party is affiliated with us through a business partnership or otherwise, we are not responsible for the privacy practices of such third party. We encourage you to familiarise yourself with the privacy policies of such third parties to determine how they handle any information they separately collect from you. Please be aware that we do not warn you when you choose to click through to another Leesman when using the Leesman Services.

The Leesman contains features that enable you to write self-initiated feedback in open-text boxes, and they can be read by Leesman staff and Administrators of your employer. You should be aware that any personal information you submit as part of those posts can be read, collected, or used by Administrators of your employer. They could be used to send you feedback messages. We are not responsible for the personal information you choose to publicly post on the Leesman Services.

Data Protection Rights

The right to access. You have the right to request that Our Company correct any information you believe is accurate.

The right to rectification. You have the right to request that Our Company correct any information you believe is inaccurate. You also have the right to request Our Company to complete information you believe is incomplete.

The right to erasure. You have the right to request that Our Company erase your personal data, under certain conditions.

The right to restrict processing. We may provide you with the opportunity to “opt-out” of having your personal information used for certain purposes when we ask for this information. If you decide to opt-out, we may not be able to provide certain features of the Leesman to you.

The right to object to processing. You have the right to object to Our Company’s processing of your personal data, under certain conditions.

The right to data portability. You have the right to request Our Company transfer the data that we have collected to another organization, or directly to you, under certain conditions.

If you make a request, we have one month to respond to you. If you would like to exercice any of these rights, please contact us at our mail [email protected].

Preferences

Communication Preferences. If you no longer wish to receive our newsletter and promotional communications, you may opt-out of receiving them by following the instructions included on such communications or on the Leesman Services. Please note, however, that you may be unable to opt-out of certain service-related communications.

Blocking Cookies. You can remove or block certain cookies using the settings in your browser but the Leesman may cease to function properly if you do so.

For more information on our cookies, please visit https://www.leesmanindex.com/cookies/

How We Respond to Do Not Track Signals. Your Web browser may have a “do not track” setting which, when enabled, causes your browser to send a do not track HTTP header file or “signal” to each site you visit. At present, the Leesman do not respond to this type of signal.

Data Subject Rights. You can access, rectify, erase, restrict or export your personal information at any time by emailing us at [email protected] You can object to our processing of your personal information at any time. Contact us directly with requests or concerns at [email protected] If you are unsatisfied with the response, you have the right to lodge a complaint with your supervisory authority.

Accessing and Updating Your Personal Information

When you use the Leesman, we make good faith efforts to provide you with access to your personal information upon your request and either provide you the means to correct this information if it is inaccurate or to delete such information at your request if it is not otherwise required to be retained by law or for legitimate business purposes. You may access, review, correct, update, change or delete your information at any time. To do so, please contact us at [email protected] with your name and the information requested to be accessed, corrected or removed. We may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort (for instance, requests concerning information residing on backup tapes), jeopardise the privacy of others, would be extremely impractical, or for which access is not otherwise required. In any case where we provide information access and correction, we perform this service free of charge, except if doing so would require a disproportionate effort.

Please note that if you cease using the Service or we terminate your access to the Service in accordance with your Customer Agreement, you may no longer have the ability to access or update your information.

We may retain your information as necessary to support the Leesman Services, comply with our legal obligations or resolve disputes. Note that content you post may remain on the Leesman even if you cease using the Leesman or we terminate your access to the Leesman Services.

Security

Administrators. Many of our products are intended for use by organizations. Where the Services are made available to you through an organization (e.g. your employer), that organization is the administrator of the Services and is responsible for the accounts and/or Service sites over which it has control. If this is the case, please direct your data privacy questions to your administrator, as your use of the Services is subject to that organization’s policies. We are not responsible for the privacy or security practices of an administrator’s organization, which may be different than this policy.

Administrators are able to:

  • require you to reset your account password;
  • restrict, suspend or terminate your access to the Services;
  • access information in and about your account;
  • access or retain information stored as part of your account;
  • install or uninstall third-party apps or other integrations

In some cases, administrators can also:

  • restrict, suspend or terminate your account access;
  • change the email address associated with your account;
  • change your information, including profile information;
  • restrict your ability to edit, restrict, modify or delete information

Even if the Services are not currently administered to you by an organization, if you use an email address provided by an organization (such as your work email address) to access the Services, then the owner of the domain associated with your email address (e.g. your employer) may assert administrative control over your account and use of the Services at a later date. You will be notified if this happens.

If you do not want an administrator to be able to assert control over your account or use of the Services, use your personal email address to register for or access the Services. If an administrator has not already asserted control over your account or access to the Services, you can update the email address associated with your account through your account settings in your profile. Once an administrator asserts control over your account or use of the Services, you will no longer be able to change the email address associated with your account without administrator approval.

Please contact your organization or refer to your administrator’s organizational policies for more information.

Children. The Services are not directed to individuals under 16. We do not knowingly collect personal information from children under 16. If we become aware that a child under 16 has provided us with personal information, we will take steps to delete such information. If you become aware that a child has provided us with personal information, please contact our support services.

Internet-based transfer. The security of your personal information is extremely important to us. We maintain a variety of appropriate technical and organisational safeguards to protect your personal information. We limit access to personal information about you to employees who we believe reasonably need to come into contact with that information to provide products or services to you or in order to do their jobs. Further, we have implemented reasonable physical, electronic, and procedural safeguards designed to protect personal information about you. When you enter sensitive information (such as your password), we encrypt that information in transit using industry-standard Transport Layer Security (TLS) encryption technology. No method of transmission over the Internet, method of electronic storage or other security methods are one hundred percent secure. Therefore, while we strive to use reasonable efforts to protect your personal information, we cannot guarantee its absolute secure.

Changes to the Privacy Policy

Our Company keeps its privacy policy under regular review and places any updates on the corporate website and on the landing user page. If we make material changes to this policy, we will notify you by email or through notice on the Leesman Services. This privacy policy was last updated on 14th June 2022.

GDPR statement

1. Lawfulness, fairness and transparency
Personal data is always processed lawfully, fairly and transparent with the data subject. We process personal data as per legitimate interest of both the Data Controller and Data Processor.

2. Purpose limitation
We process the data with the purpose of measuring data subjects workplace experience.

3. Data minimisation
We do the minimal processing of the data and always relevant with the purpose. The data processed is needed and we won’t ask any inadequate survey questions.

4. Accuracy
We collect accurate personal data and we will correct inaccurate data without undue delay, if any.

5. Storage limitation
We keep anonymised personal data, which does not permit the identification of any data subject. It is kept for statistical and research purposes, always measuring the global employee workplace experience.

6. Integrity and confidentiality
We always protect personal data against unauthorised and unlawful processing, accidental loss or damage. Organisational and technical measures, linked to Art 32 GDPR, are in place.

7. Accountability
We are able to demonstrate compliance with data protection principles, including GDPR and Cyber Essentials. We can do so by keeping document principles up-to-date, having reliant policies and have appropriate staff training in place.

Contact with us

If you email us on our Leesman website, please note that the email and the information provided by you in your email goes directly to Leesman at [email protected].

Your email will remain visible to all staff tasked with dealing with the query. Your information will only be used by us for the purpose it was provided for by you (and any incidental purpose arising from that information) you have rights in relation to your personal data which are set out below.

Your information is controlled by Leesman Ltd. If you have any enquires or if you would like to contact us about our processing of your personal information, including exercising your rights as outlined above, please contact your local Leesman office or contact us centrally by any of the methods below.
When you contact us, we will ask you to verify your identity.

Contact name: Data Protection Officer
Email: [email protected]
Telephone: +44 (0) 20 3239 5980

Post:
Brock House
19 Langham Street
London
W1W 6BP

Our registered office is at:
Leesman Ltd
1 Bickenhall Mansions
Bickenhall Street
London
W1U 6BP

Complaints

If you are unhappy about our use of your personal information, you can contact us using the details in the Contact section below. You are also entitled to lodge a complaint with the UK Information Commissioner’s Office using any of the below contact methods:

Telephone: 0303 123 11113
Website: https://ico.org.uk/concerns/

Post:
Information Commissioner’s Office
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

If you live or work outside of the UK or you have a complaint concerning our activities outside of the UK, you may prefer to lodge a complaint with a different supervisory authority. A list of relevant authorities in the EEA and the European Free Trade Area can be accessed here.