Leading Indicator Systems (“LIS”) respects the privacy rights of individuals and values the confidence of its clients, their employees, business partners and others. LIS strives to handle personal data and information in a manner consistent with the laws of the countries in which it does business. Additionally LIS seeks to uphold the highest ethical standards in its business practices.
In this policy the term Personal Data and Personal Information (“PDPI”) refers to any data or information, recorded in any form, relating to any living person who can be identified, directly or indirectly, by reference to such data or information which is in possession of Leading Indicator Systems (LIS). The term Data Subject refers to an individual with respect to whom PDPI may be transferred to, collected, processed and/or reported by LIS.
LIS receives transferred PDPI from client organizations. LIS processes and retains PDPI on behalf of such clients. Such PDPI is utilized for implementing assessment projects/service offerings, producing reports and analyzing results. LIS has no direct relationship with individuals (i.e., client employees) whose PDPI is received. By participating in LIS assessment projects/service offerings, individuals agree to this policy and consent to the transfer to/collection by LIS of their PDPI and/or the processing/reporting of their PDPI by LIS.
Framework principles are relevant only when personal data about an identified or identifiable individual is within the scope of the framework and transferred, collected, processed, reported or otherwise accessed by LIS or clients using LIS-hosted systems. Statistical and/or other forms of processing/reporting that rely on aggregate/grouped data and/or use of encoded, anonymized or pseudo-anonymized data do not raise privacy concerns and are not the subject of this policy.
Through this policy, it is LIS’s intention to protect the privacy interests of individuals and for LIS to be in compliance with applicable laws, rules and regulations relating to data privacy. This policy applies to LIS and any/all of its subsidiaries or affiliates wherever located.
Notice: Leading Indicator Systems takes reasonable and appropriate measures to protect the privacy of Data Subjects by safeguarding PDPI from loss, misuse, unauthorized access, disclosure, alteration or destruction taking into account the risks involved in the processing and the nature of PDPI. LIS processes PDPI as necessary to achieve intended business purposes (e.g., emailing invitations, producing reports). LIS uses reasonable administrative, technical and physical safeguards to protect PDPI in its possession from loss, misuse, unauthorized access, disclosure, alteration or destruction. LIS does not share, transfer to third parties, assign, sell, permit the viewing of or access to PDPI, except as set forth in this policy.
LIS implements assessment projects/service offerings on behalf of clients. In most instances, Data Subjects are directed to LIS websites through email invitations but may reach an LIS website via internet search or advertising. PDPI for organizational and individual assessments typically includes names and email addresses but may include demographic data (e.g., gender, age).
Organizational assessment data are typically summarized in aggregate form by group(s). LIS and clients agree in advance on a minimum number of respondents required to report results. LIS adheres to such standards and clients directly communicate such standards to employees/participants. Organizational demographic data may be used to report results for varied groups/subgroups to better understand results and gain insight.
Individual assessment data are typically summarized e.g., by category of respondent. LIS and clients agree in advance on a minimum number of respondents required to report results and clients directly communicate such standards to employees/participants. However, where an individual completes a self-rating and/or where an individual (e.g., a manager) rates another individual, results reflecting the ratings of such single respondents are reported.
Self-assessment data data are are captured as part of certain assessment offerings (e.g., AgileBrain). LIS adheres to the standards set out in this policy, including not selling or otherwise disclosing PDPI, consistent with the laws of the countries in which it does business.
Choice: LIS acts as a data collector and/or data processor on behalf of clients and consumers. Clients themselves are directly responsible for providing employees with the ability to opt-out in compliance with framework principles. LIS does not disclose any personal data, whether transferred directly to it from clients or collected through its websites, to any third party except: (a) as required by law, (b) as authorized by clients or (c) to those working on behalf of LIS (see Accountability for Onward Transfer). In the ordinary course, LIS does not collect sensitive personal data (i.e., information about medical or health conditions, racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, sex life or the commission or alleged commission of any offense). LIS does conduct research on workforce and wellbeing-related issues and on behalf of clients which can involve sensitive personal data. In such cases, data collection is optional, such that the responding person can skip the question, and/or anonymous, such that it is impossible to link that data to the responding person.
Accountability for Onward Transfer: LIS does not transfer personal data to any third party working on its behalf. If this policy changes, LIS will require that such third party has agreed to be bound by the same framework principles and standards to which LIS adheres. Since LIS currently does not share PDPI with any other entity, we are not potentially liable where a third party working on our behalf fails to adhere to framework principles. If this practice changes, LIS will revise this policy to reflect that status.
Security: LIS uses reasonable administrative, technical and physical safeguards to protect personal data in its possession from loss, misuse, unauthorized access, disclosure, alteration and destruction.
Data Integrity and Purpose Limitation: LIS takes reasonable steps to insure that: (a) its use of personal data is consistent/compatible with the purpose for which it was intended and (b) data is reliable for its intended use, accurate, complete and current. LIS is not able to verify the integrity of transferred, client-provided personal data. As such, LIS must rely on clients who in all cases have final responsibility for the accuracy, completeness and currency of personal data for which they are the source and originator. LIS may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security and/or law enforcement requirements.
Recourse Enforcement and Liability: The LIS Data Privacy Officer is responsible for compliance with and enforcement of this policy. Citizens of the EU who have questions or concerns regarding this policy should contact the LIS Data Privacy Officer at the address listed below. LIS is committed to remedy any issue arising out of its failure to comply privacy laws in the countries where it operates and will respond in a timely manner.
If you are a citizen of the EU and do not receive timely acknowledgment of your complaint, or if your complaint is not satisfactorily addressed, please visit https://edpb.europa.eu/about-edpb/about-edpb/members_en.
LIS is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC) and/or other US authorized statutory bodies.
Questions, concerns or requests relating to this policy should be directed to the LIS Data Privacy Officer by mail and/or email as follows:
Leading Indicator Systems, Inc.
Attn: Data Privacy Officer
1 Franklin Street, Unit 2508
Boston, MA 02110 USA
LIS reserves the right to modify or amend this Policy at any time and will post any such changes to this location.
Updated: January 2023