Leading Indicator Systems Privacy Policy

Leading Indicator Systems (“LIS”) respects the privacy rights of individuals and values the confidence of its clients, their employees, business partners and others. LIS strives to handle personal data and information in a manner consistent with the laws of the countries in which it does business. Additionally LIS seeks to uphold the highest ethical standards of its business practices.

LIS complies with the EU-US Privacy Shield Framework (“Framework”) as set forth by the US Department of Commerce regarding the collection, use and retention of personal information from European Union (EU) member countries. LIS has certified that it adheres to the Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access and Recourse, Enforcement and Liability. If there is any conflict between the policies in this Privacy Policy (“Policy”) and Privacy Shield Principles, Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification page, please visit https://www.privacyshield.gov/.


Introduction

In this Policy, the term Personal Data and Personal Information (“PDPI”) refers to any data or information, recorded in any form, relating to any living person who can be identified, directly or indirectly, by reference to such data or information which is in LIS's possession. The term Data Subject refers to an individual with respect to whom PDPI may be transferred to, collected, processed and/or reported by LIS.

LIS receives transferred PDPI from Client organizations. LIS processes and retains PDPI on behalf of such Clients. Such PDPI is utilized for implementing assessment projects/service offerings, producing reports and analyzing results. LIS has no direct relationship with individuals (i.e., Client employees) whose PDPI is received. By participating in LIS assessment projects/service offerings, individuals agree to this Policy and consent to the transfer to/collection by LIS of their PDPI and/or the processing/reporting of their PDPI by LIS.

Framework Principles are relevant only when personal data about an identified or identifiable individual is within the scope of the Framework and transferred, collected, processed, reported or otherwise accessed by LIS or Clients using LIS-hosted systems. Statistical and/or other forms of processing/reporting that rely on aggregate/grouped data and/or use of encoded, anonymized or pseudonymized data do not raise privacy concerns and are not the subject of this Policy.

Through this Policy, it is LIS's intention to protect the privacy interests of individuals and for LIS to be in compliance with applicable laws, rules and regulations relating to data privacy. This Policy applies to LIS and any/all of its subsidiaries or affiliates wherever located.

Notice: Leading Indicator Systems takes reasonable and appropriate measures to protect the privacy of Data Subjects by safeguarding PDPI from loss, misuse, unauthorized access, disclosure, alteration or destruction taking into account the risks involved in the processing and the nature of PDPI. LIS processes PDPI as necessary to achieve intended business purposes (e.g., emailing invitations, producing reports). LIS uses reasonable administrative, technical and physical safeguards to protect PDPI in its possession from loss, misuse, unauthorized access, disclosure, alteration or destruction. LIS does not share, transfer to third parties, assign, sell, permit the viewing of or access to PDPI, except as set forth in this Policy.

LIS implements assessment projects/service offerings on behalf of Clients. In most instances, Data Subjects are directed to LIS websites through email invitations. PDPI for assessments includes e.g., names and email addresses.

  • Organizational assessment data are typically summarized in aggregate form by group(s). LIS and Clients agree in advance on a minimum number of respondents required to report results. LIS adheres to such standards and Clients directly communicate such standards to employees/participants. Organizational demographic data may be used to report results for varied groups/subgroups to better understand results and gain insight.
  • Individual assessment data are typically summarized e.g., by category of respondent. LIS and Clients agree in advance on a minimum number of respondents required to report results and Clients directly communicate such standards to employees/participants. However, where an individual completes a self-rating and/or where e.g., a manager rates an individual, results reflecting the ratings of such single respondents are reported.

Choice: LIS acts as a data collector and/or data processor on behalf of Clients. As such, Clients themselves are directly responsible for providing employees with the ability to opt-out in compliance with Framework Principles. LIS does not disclose any personal data, whether transferred directly to it from Clients or collected through its websites, to any third party except: (a) as required by law, (b) as authorized by Clients or (c) to those working on behalf of LIS (see Accountability for Onward Transfer). LIS does not collect sensitive personal data (i.e., information about medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life or the commission or alleged commission of any offense).

Accountability for Onward Transfer: LIS does not transfer personal data to any third party working on its behalf. If this policy changes, LIS will require that such third party has agreed to be bound by the same Framework Principles and standards to which LIS adheres. Since LIS currently does not share PDPI with any other entity, we are not potentially liable where a third party working on our behalf fails to adhere to Framework Principles. If this practice changes, LIS will revise this policy to reflect that status.

Security: LIS uses reasonable administrative, technical and physical safeguards to protect personal data in its possession from loss, misuse, unauthorized access, disclosure, alteration and destruction.

Data Integrity and Purpose Limitation: LIS takes reasonable steps to insure that: (a) its use of personal data is consistent/compatible with the purpose for which it was intended and (b) data is reliable for its intended use, accurate, complete and current. LIS is not able to verify the integrity of transferred, Client-provided personal data. As such, LIS must rely on Clients who in all cases have final responsibility for the accuracy, completeness and currency of personal data for which they are the source and originator. LIS may be required to disclose an individual's personal information in response to a lawful request by public authorities, including to meet national security and/or law enforcement requirements.

Access: LIS respects the right of individuals to access their personal data in relation to which LIS acts as a data collector and/or data processor on behalf of Clients. Since Clients themselves are the source and originator of transferred personal data that LIS uses, citizens of the EU should contact the organization for whom they work to exercise their right to access, correct, amend or delete their personal data. Questions, comments or concerns about the data practices or privacy policy of an LIS Client should be addressed directly to that Client. Should LIS assistance be required, the LIS Data Privacy Officer may be contacted at the address listed below. All such requests for assistance will be responded to in a timely manner.

Recourse Enforcement and Liability: The LIS Data Privacy Officer is responsible for compliance with and enforcement of this Policy. Citizens of the EU who have questions or concerns regarding this Policy should contact the LIS Data Privacy Officer at the address listed below. LIS is committed to remedy any issue arising out of its failure to comply with the EU-US Privacy Shield and will respond in a timely manner. Where a concern is unresolved through: (a) the Client organization for whom you work (who compiled and transferred personal data to LIS) or (b) the LIS internal process, LIS has further committed to refer unresolved privacy complaints under the EU-US Privacy Shield Principles to BBB EU Privacy Shield, a non-profit alternative dispute resolution provider located in the United States and operated by the Council of Better Business Bureaus.

If you are a citizen of the EU and do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbb.org/EU-privacy-shield/for-eu-consumers/ for more information or to file a complaint. Please note that if your complaint is not resolved through these channels, and under limited circumstances, a binding arbitration option may be available before a Privacy Shield Panel.

LIS is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) and/or other US authorized statutory bodies.


Contact Information

Questions, concerns or requests relating to this Policy should be directed to the LIS Data Privacy Officer by mail and/or email as follows:

Leading Indicator Systems, Inc.
Attn: Data Privacy Officer
101 Great Road #355
Bedford, MA 01730
USA

privacy@leadingindicator.com


Policy Changes

LIS reserves the right to modify or amend this Policy at any time and will post any such changes to this location.


Updated: June 2019