Who we are

www.leading-brains.com, reporting@leading-brains.com

Leading Brains, Bleicherstrasse 4, 6003 Luzern, Switzerland

Who does GDPR apply to?

The GDPR applies to ‘controllers’ and ‘processors’.

Controller – “means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data”

Processor – “means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller”

Source: article 4 of the EU GD

Leading Brains (LB) perform currently a Controller role with contracted partners that act as Processors. Overtime LB  will increase the Processor role as part of further product development beyond MVP.

Lawful conditions for processing

• LB maintain records of processing activities and identify a lawful basis before we request or process personal data.
• We satisfy a valid condition for processing data particularly those highlighted in italics below:
• You have consent of the data subject.
• Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract.
• Processing is necessary for compliance with a legal obligation.
• Processing is necessary to protect the vital interests of a data subject or another person.
• Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
• Necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.

LB achieve active consent from all our survey participants and it is a necessary part of our services that participants contribute personal information. To ensure compliance we document what personal data we hold, where it came from, and who we share it with.  We will implement web based user accounts with preference settings to determine communications. All personal identifying information is removed form survey information for our own analysis purposes.

LB as data controller from our website

Where is your data physically stored?

We are making every effort to run all LB processes within Switzerland, that’s why we have chosen to partner with Infomaniak. Your data with LB is stored in a secure web hosting centre in Switzerland certified to internationally recognised ISO 9001 and ISO 27001 standards that define the requirements for the quality management system and the information security management system.

Data stored with our partners is also subject to GDPR regulation and is stored in their servers. LB will manage this relationship and do everything possible to ensure that these partners satisfy regulatory requirements.

What personal data we collect

• Email
• Name
• Company
• IP address
• History of access to our website (Cookies and Tracking)

We collect this personal data for the following purposes:

• Login
• Possibility to reset passwords in case of forgetting it
• Informing users about business matters
• Informing users and potential users about new offerings (when opted-in)
• To ensure we connect with you as accurately and as considerably as possible

Collection

Information is gathered through registration forms or surveys.

Right of deletion or change.

• Please send an email to reporting@leading-brains.com stating a request for information or deletion.
• In the event that it is our duty to keep a record of some of your personal information, for example, for accounting purposes, this information is retained. We will irrevocably remove all other information within 60 days of your request

Consent

• LB require a clear, affirmative action to indicate valid consent.
• We make it easy for people to exercise their right to withdraw consent.
• We use clear and plain language when explaining consent.

The following represent tools we use to obtain consent and revocation for use of personal identifiable data:

• Clicking an opt-in button or link online
• Choosing technical settings or preference dashboard settings
• Responding to an email requesting consent
• Completing optional information for a specific purpose (such as optional fields in a form)

To gain consent from existing Users we will send a simple Typeform to all the email addresses we have.

Those that complete the opt-in will be registered using the ‘lawful process’ functionality in Hubspot. Those who do not reply will not receive any further communications.

In future consent will be gained by preference settings in the User or Customer Accounts on our website and held in Hubspot.

Comments

When visitors leave comments on the site we collect the data shown in the comments form, and also the visitor’s IP address and browser user agent string to help spam detection.

An anonymised string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available here: https://automattic.com/privacy/. After approval of your comment, your profile picture is visible to the public in the context of your comment.

Media

If you upload images to the website, you should avoid uploading images with embedded location data (EXIF GPS) included. Visitors to the website can download and extract any location data from images on the website.

Contact forms

We use forms for the specific purposes of engaging website visitors and our users. They enable accurate and appropriate communication and no data beyond that submitted and involved in tracking the form is kept by LB.

Cookies

The Basics:

If you leave a comment on our site you may opt-in to saving your name, email address and website in cookies. These are for your convenience so that you do not have to fill in your details again when you leave another comment. These cookies will last for one year.

If you have an account and you log in to this site, we will set a temporary cookie to determine if your browser accepts cookies. This cookie contains no personal data and is discarded when you close your browser.

When you log in, we will also set up several cookies to save your login information and your screen display choices. Login cookies last for two days, and screen options cookies last for a year. If you select “Remember Me”, your login will persist for two weeks. If you log out of your account, the login cookies will be removed.

If you edit or publish an article, an additional cookie will be saved in your browser. This cookie includes no personal data and simply indicates the post ID of the article you just edited. It expires after 1 day.

Cookie Policy for Leading Brains

This is the Cookie Policy for Leading Brains, accessible from https://www.leading-brains.com/privacy-policy

What Are Cookies

As is common practice with almost all professional websites this site uses cookies, which are tiny files that are downloaded to your computer, to improve your experience. This page describes what information they gather, how we use it and why we sometimes need to store these cookies. We will also share how you can prevent these cookies from being stored however this may downgrade or ‘break’ certain elements of the sites functionality.

For more general information on cookies see the Wikipedia article on HTTP Cookies.

How We Use Cookies

We use cookies for a variety of reasons detailed below. Unfortunately in most cases there are no industry standard options for disabling cookies without completely disabling the functionality and features they add to this site. It is recommended that you leave on all cookies if you are not sure whether you need them or not in case they are used to provide a service that you use.

Disabling Cookies

You can prevent the setting of cookies by adjusting the settings on your browser (see your browser Help for how to do this). Be aware that disabling cookies will affect the functionality of this and many other websites that you visit. Disabling cookies will usually result in also disabling certain functionality and features of the this site. Therefore it is recommended that you do not disable cookies.

The Cookies We Set

• Account related cookies – If you create an account with us then we will use cookies for the management of the signup process and general administration. These cookies will usually be deleted when you log out however in some cases they may remain afterwards to remember your site preferences when logged out.
• Login related cookies – We use cookies when you are logged in so that we can remember this fact. This prevents you from having to log in every single time you visit a new page. These cookies are typically removed or cleared when you log out to ensure that you can only access restricted features and areas when logged in.
• Email newsletters related cookies – This site offers newsletter or email subscription services and cookies may be used to remember if you are already registered and whether to show certain notifications which might only be valid to subscribed/unsubscribed users.
• Orders processing related cookies – This site offers e-commerce or payment facilities and some cookies are essential to ensure that your order is remembered between pages so that we can process it properly.
• Surveys related cookies – From time to time we offer user surveys and questionnaires to provide you with interesting insights, helpful tools, or to understand our user base more accurately. These surveys may use cookies to remember who has already taken part in a survey or to provide you with accurate results after you change pages.
• Forms related cookies – When you submit data to through a form such as those found on contact pages or comment forms cookies may be set to remember your user details for future correspondence.
• Site preferences cookies – In order to provide you with a great experience on this site we provide the functionality to set your preferences for how this site runs when you use it. In order to remember your preferences we need to set cookies so that this information can be called whenever you interact with a page is affected by your preferences.

Third Party Cookies

In some special cases we also use cookies provided by trusted third parties. The following section details which third party cookies you might encounter through this site.

• This site uses Google Analytics which is one of the most widespread and trusted analytics solution on the web for helping us to understand how you use the site and ways that we can improve your experience. These cookies may track things such as how long you spend on the site and the pages that you visit so we can continue to produce engaging content.For more information on Google Analytics cookies, see the official Google Analytics page.
• Third party analytics are used to track and measure usage of this site so that we can continue to produce engaging content. These cookies may track things such as how long you spend on the site or pages you visit which helps us to understand how we can improve the site for you.
• From time to time we test new features and make subtle changes to the way that the site is delivered. When we are still testing new features these cookies may be used to ensure that you receive a consistent experience whilst on the site whilst ensuring we understand which optimisations our users appreciate the most.
• As we sell products it’s important for us to understand statistics about how many of the visitors to our site actually make a purchase and as such this is the kind of data that these cookies will track. This is important to you as it means that we can accurately make business predictions that allow us to monitor our advertising and product costs to ensure the best possible price.
• Several partners advertise on our behalf and affiliate tracking cookies simply allow us to see if our customers have come to the site through one of our partner sites so that we can credit them appropriately and where applicable allow our affiliate partners to provide any bonus that they may provide you for making a purchase.
• We also use social media buttons and/or plugins on this site that allow you to connect with your social network in various ways. For these to work the following social media sites including; {List the social networks whose features you have integrated with your site?:12}, will set cookies through our site which may be used to enhance your profile on their site or contribute to the data they hold for various purposes outlined in their respective privacy policies.

More Information

Hopefully that has clarified things for you and as was previously mentioned if there is something that you aren’t sure whether you need or not it’s usually safer to leave cookies enabled in case it does interact with one of the features you use on our site. This Cookies Policy was created with the help of the CookiePolicyGenerator.com

However if you are still looking for more information then you can contact us through one of our preferred contact methods:

• Email: reporting@leading-brains.com
• By visiting this link: https://www.leading-brains.com/privacy-policy/

Embedded content from other websites

Articles on this site may include embedded content (e.g. videos, images, articles, etc.). Embedded content from other websites behaves in the exact same way as if the visitor has visited the other website.

These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.

Analytics

By default, WordPress does not collect any analytics data.

We use Google analytics.

Who we share your data with

By default WordPress does not share any personal data with anyone.

Our current Processor partners are:

• Typeform – collating survey information https://www.typeform.com/help/gdpr-compliance/?utm_source=autopilot&utm_medium=email&utm_campaign=gdpr&utm_content=hcarticle
• Integromat – API functionality to transfer data from Typeform to VBA analytics in. No personal data is stored. https://www.integromat.com/en/kb/privacy.html
• Infomaniak – email and web hosting (and eventually server) https://news.infomaniak.com/en/general-data-protection-regulation/
• Microsoft – provides Excel, Sharepoint and Outlook services https://www.microsoft.com/en-us/TrustCenter/Privacy/gdpr/default.aspx
• mailchimp – marketing/sales partner currently basic contact data and opt-in status clients but we expect to implement this as part of further business development https://www.hubspot.com/data-privacy/gdpr-checklist

How long we retain your data

If you leave a comment, the comment and its metadata are retained indefinitely. This is so we can recognise and approve any follow-up comments automatically instead of holding them in a moderation queue.

For users that register on our website (if any), we also store the personal information they provide in their user profile. All users can see, edit, or delete their personal information at any time (except they cannot change their username). Website administrators can also see and edit that information.

As a default we keep form entries, usage analytics and customer purchase records indefinitely pending periodic audits to remove inactive data on a yearly basis.

Our Privacy Policy

Audit and Update

LB will audit and send any Privacy Policy updates or significant information that may effect the rights or security of personal data.

Individual Rights

LB respect, consider and enable the following rights for individuals as highlighted by the GDPR regulations:

• The right to be informed
• The right of access
• The right to rectification
• The right to erasure
• The right to restrict processing
• The right to data portability
• The right to object
• Rights in relation to automated decision making and profiling.

LB also respectfully protect our ability to refuse to comply with a request for erasure where the personal data is processed for the following reasons, however we deem this an unlikely scenario:

• to exercise the right of freedom of expression and information.
• to comply with a legal obligation or for the performance of a public interest task or exercise of official authority.
• for public health purposes in the public interest.
• archiving purposes in the public interest, scientific research historical research or statistical purposes; or
• the exercise or defence of legal claims.

Contact reporting@leading-brains.com with any requests or queries.

Where we send your data

In this section, you should list all transfers of your site data outside the European Union and describe the means by which that data is safeguarded to European data protection standards. This could include your web hosting, cloud storage, or other third party services.

European data protection law requires data about European residents which is transferred outside the European Union to be safeguarded to the same standards as if the data was in Europe. So in addition to listing where data goes, you should describe how you ensure that these standards are met either by yourself or by your third-party providers, whether that is through an agreement such as Privacy Shield, model clauses in your contracts, or binding corporate rules.

Suggested text: Visitor comments may be checked through an automated spam detection service.

Your contact information

Any queries should be directed to reporting@leading-brains.com

Additional information

All assessment and reporting data is purged of personal data for analytics.

How we protect your data

For future consideration on our own platform:

In this section we will explain what measures we have taken to protect users’ data. This could include technical measures such as encryption; security measures such as two-factor authentication; and measures such as staff training in data protection or a Privacy Impact Assessment.

What data breach procedures we have in place

Definition

“A data breach is a security incident in which sensitive, protected or confidential data is copied, transmitted, viewed, stolen or used by an individual unauthorised to do so.”

Document current process within LB

User Data

• This is held in the normal function of our contractual relationship, in sales and business development or for accounting and reporting processes.
• This personal data is used to distribute reports and follow up on services and is provided via consent in the survey format.
• LB will only keep personal data to ensure services are provided accurately and for opt-in marketing and communications.
• For analytics all personal identifiable data is erased immediately after the assessment report is sent.

Process that can be completed in 72 hours

In the event of a breach of our own systems or being notified of a breach in partner systems all co-founders will be consulted. Technical expertise will be employed in a situation where proprietary systems have been compromised. Notification to those known to be effected and all those with personal data held within affected systems or partners within 72 hours and updated every 24 hours until complete resolution.

What third parties we receive data from

Not currently applicable.

What automated decision making and/or profiling we do with user data

Not currently applicable.

Industry regulatory disclosure requirements

Not currently applicable.