Leading Indicator Systems, Inc. (d/b/a AgileBrain)
Privacy Policy
Leading Indicator Systems (“LIS”) respects the privacy rights of individuals and values the confidence of its clients, their employees, business partners, consumers and other individuals and groups. LIS strives to handle personal data and information in a manner consistent with the laws of the countries in which it does business. Additionally, LIS seeks to uphold the highest ethical standards in its business practices.
Introduction
In this policy the term Personal Data and Personal Information (“PDPI”) refers to any data or information, recorded in any form, relating to any living person who can be identified, directly or indirectly, by reference to such data or information which is in possession of Leading Indicator Systems. The term Data Subject refers to an individual with respect to whom PDPI may be transferred to, collected, processed and/or reported by LIS.
LIS receives transferred PDPI from client organizations and directly from individuals. LIS processes and retains PDPI on behalf of such clients and individuals. Such PDPI is utilized for implementing assessment projects/service offerings, producing reports and analyzing results. By participating in LIS assessment projects/service offerings, individuals agree to this policy and consent to the transfer to/collection by LIS of their PDPI and/or the processing/reporting of their PDPI by LIS.
Framework principles are relevant only when personal data about an identified or identifiable individual is within the scope of the framework and transferred, collected, processed, reported or otherwise accessed by LIS, clients or consumers using LIS-hosted systems. Statistical and/or other forms of processing/reporting that rely on aggregate/grouped data and/or use of encoded, anonymized or pseudo-anonymized data do not raise privacy concerns and are not the subject of this policy.
Through this policy it is LIS's intention to protect the privacy interests of individuals and for LIS to be in compliance with applicable laws, rules and regulations relating to data privacy. This policy applies to LIS and any/all of its subsidiaries or affiliates, wherever located.
Notice: Leading Indicator Systems takes reasonable and appropriate measures to protect the privacy of Data Subjects by safeguarding PDPI from loss, misuse, unauthorized access, disclosure, alteration or destruction taking into account the risks involved in the processing and the nature of PDPI. LIS processes PDPI as necessary to achieve intended purposes (e.g., emailing invitations to participate in an assessment, producing and delivering reports, storing individual-provided PDPI). LIS uses reasonable administrative, technical and physical safeguards to protect PDPI in its possession from loss, misuse, unauthorized access, disclosure, alteration or destruction. LIS does not share, transfer to third parties, assign, sell, permit the viewing of or access to PDPI, except as set forth in this policy.
LIS implements assessment projects/service offerings on behalf of clients and directly for consumers. In most instances, Data Subjects are directed to LIS websites through email or text invitations but may reach an LIS website via internet search, advertising or a link provided by a third party. PDPI for organizational and individual assessments typically includes names and email addresses but may include demographic data (e.g., age, location, education level) and responses to assessment questions.
• Organizational assessment data are typically summarized in aggregate form by group(s). LIS and clients agree in advance on a minimum number of respondents required to report results. LIS adheres to such standards and clients directly communicate such standards to employees/participants. Organizational demographic data may be used to report results for varied groups/subgroups to better understand results and gain insight.
• Individual assessment data are typically summarized (e.g., by category of respondent). LIS and clients agree in advance on a minimum number of respondents required to report results and clients directly communicate such standards to employees/participants. However, where an individual completes a self-rating and/or where an individual, such as a manage, rates another individual, results reflecting the ratings of such single respondents are reported.
• Self-assessment data are captured as part of certain assessment offerings (e.g., AgileBrain). LIS adheres to the standards set out in this policy, including not selling or otherwise disclosing PDPI, consistent with the laws of the countries in which it does business.
Choice: LIS acts as a data collector and/or data processor on behalf of clients and consumers. Clients themselves are directly responsible for providing employees with the ability to opt-out in compliance with framework principles. LIS does not disclose any personal data, whether transferred directly to it from clients or collected through its websites, to any third party except: (a) as required by law, (b) as authorized by clients or (c) to those working on behalf of LIS (see Accountability for Onward Transfer). In the ordinary course LIS does not collect sensitive personal data (e.g., information about medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sexual orientation or the commission or alleged commission of any offense). LIS does conduct research on workforce, wellbeing and consumer attitudes issues and on behalf of clients which can involve sensitive personal data. In such cases, data collection is optional, such that the responding person can skip the question, or anonymous, such that it is impossible to link that data to the responding person or opt-in, such that the responding person is informed upfront about the nature of the data being collected and can decided whether to participate or not.
Accountability for Onward Transfer: In most instances, LIS does not transfer personal data to any third party. In the case that it does, LIS requires either that the person initiate/authorize the transfer (e.g., shares their results) or that such third party has agreed to be bound by the same framework principles and standards to which LIS adheres.
Security: LIS uses reasonable administrative, technical and physical safeguards to protect personal data in its possession from loss, misuse, unauthorized access, disclosure, alteration and destruction.
Data Integrity and Purpose Limitation: LIS takes reasonable steps to insure that: (a) its use of personal data is consistent/compatible with the purpose for which it was intended and (b) data is reliable for its intended use, accurate, complete and current. LIS is not able to verify the integrity of transferred, client-provided personal data. As such, LIS must rely on clients who in all cases have final responsibility for the accuracy, completeness and currency of personal data for which they are the source and originator. LIS may be required to disclose an individual's personal information in response to a lawful request by public authorities, including to meet national security and/or law enforcement requirements.
Access: LIS respects the right of individuals to access their personal data in relation to which LIS acts as a data collector and/or data processor on behalf of clients. Since clients themselves are the source and originator of transferred personal data that LIS uses, persons should contact the organization providing such data to exercise their right to access, correct, amend or delete their personal data. Questions, comments or concerns about the data practices or privacy policy of an LIS client should be addressed directly to that client. Should LIS assistance be required, the LIS Data Privacy Officer may be contacted at the address listed below. All such requests for assistance will be responded to in a timely manner.
Recourse Enforcement and Liability: The LIS Data Privacy Officer is responsible for compliance with and enforcement of this policy. Citizens of the EU who have questions or concerns regarding this policy should contact the LIS Data Privacy Officer at the address listed below. LIS is committed to remedy any issue arising out of its failure to comply privacy laws in the countries where it operates and will respond in a timely manner.
If you are a citizen of the EU and do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://edpb.europa.eu/about-edpb/about-edpb/members_en.
LIS is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) and/or other US authorized statutory bodies.
Compliance with Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF)
Leading Indicator Systems complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. Leading Indicator Systems has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union in reliance on the EU-U.S. DPF and the United Kingdom (and Gibraltar) in reliance on the UK Extension to the EU-U.S. DPF. Leading Indicator Systems has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms of this privacy policy and the EU-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/.
Designated Information Rights Manager (IRM)
In compliance with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF), Leading Indicator Systems commits to resolve complaints about our collection or use of your personal information transferred to the U.S. pursuant to the EU-U.S. DPF, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF, EU, UK, and Swiss individuals with inquiries or complaints should first contact Leading Indicator Systems (privacy@leadingindicator.com).
Leading Indicator Systems has further committed to refer unresolved DPF Principles-related complaints to a U.S.-based independent dispute resolution mechanism, BBB National Programs. If you do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit www.bbbprograms.org/dpf-complaints for more information and to file a complaint. This service is provided free of charge to you.
If your DPF complaint cannot be resolved through the above channels, under certain conditions, you may invoke binding arbitration for some residual claims not resolved by other redress mechanisms. See https://www.dataprivacyframework.gov/s/article/ANNEX-I-introduction-dpf
Contact Information
Questions, concerns or requests relating to this policy should be directed to the LIS Data Privacy Officer by mail and/or email as follows:
Leading Indicator Systems, Inc.
Attn: Data Privacy Officer
1 Franklin Street, Unit 2508
Boston, MA 02110 USA
privacy@leadingindicator.com
Policy Changes
LIS reserves the right to modify or amend this Policy at any time and will post any such changes to this location.
Updated: December 2023