Inclusive Leader Assessment Privacy Policy

Introduction

This privacy policy (“policy) explains how we, Greatheart Consulting, process your personal data (“your data”) that we collect through our Inclusive Leadership Assessment and any other service that references this policy, including what we use it for and how we store and protect it.

Who are we?

We are the company responsible for the processing of your data in accordance with this policy. Here’s our information:

GREATHEART CONSULTING

1201 3rd Avenue, Suite 2200 Seattle, WA 98101 USA

Email: info@greatheartconsulting.com

Telephone: 425.243.7473

 

Here are the contact details for our Information Security Administrator who will be able to answer questions you may have about the use of your data:

Julien Geiser

Information Security Administrator

info@greatheartconsulting.com

425-243-7473

Why, what and for long we process your data?

We process your data for these purposes:

  • To produce an individual feedback report for use as part of your personal development.

At a minimum, we process the following ordinary data about you:

  • First Name

  • Last Name

  • Email Address

Depending on your organization’s preferences and the legal jurisdiction in which you (or your company) reside and are bound, we may collect some or all of the following sensitive data:

  • Race / Ethnicity

  • Age range group

  • Gender identity

  • Company-specific information

    • Leadership level

    • Tenure

    • Job grade

    • Other

 

We process your data on the following legal bases:

  • Consent according to GDPR Article 6.1.a, contract performance GDPR Article 6.1.b, GDPR Article 6.1.f

We will retain your personal data for a period of 3 years

We collect your data from:

  • Your employer

  • From you, through our assessment’s registration process

Additional information

If you would like more information about our legal basis for processing your data, feel free to contact us. Your data may be used in an anonymized format for research purposes. We do not sell or rent your data to marketers or third parties.

Keeping your data safe

We use reasonable organizational, technical, and administrative measures to protect your data within our company.

The Internet is not a 100% secure environment and that means we cannot guarantee the security of the data you transmit to us. Emails sent via the Internet might not be encrypted, so we advise you not to include any confidential or sensitive information in your emails to us.

Third parties and processors

We use companies (processors) to help us deliver our services to you.

When we use a processor, we make sure that there is a legal agreement in place regarding how they will be handling data on our behalf. We’ll also make sure that they have appropriate security measures in place and make sure that there is a legal agreement in place.

Envisia Learning is a third-party and data processor working with Greatheart Consulting. The platform you are accessing is hosted and supported by Envisia Learning, an organization specializing in online assessment and development. As an organization, Envisia Learning is ISO 27001 compliant and operates its own server environment within a secure data center with appropriate logical and physical security controls in place. Envisia Learning’s Privacy Policy can be accessed for review.

In the event that we are involved in a bankruptcy, merger, acquisition, reorganization, your information may be transferred as part of that transaction. This policy will continue to apply to your information also after the information has been transferred to the new entity.

Your rights

You have the following rights:

  1. Your right of access and rectification - You have the right to ask us for copies of your personal data or ask us to rectify information you think is inaccurate. There are some exemptions, which means you may not always receive all the information we process but as a main rule you can always contact us and ask for your information.

  2. Your right to erasure - You can ask us to erase your information in certain circumstances.

  3. You also have the right to have the processing of your data restricted.

  4. Your right to withdraw your consent: If the processing of your data is based on your consent, you have the right to withdraw your consent at any time. Your withdrawal will not affect the lawfulness of the processing carried out before you withdrew your consent.

  5. Your right to restriction of processing and object to processing - You have the right to ask us to restrict the processing of your information and a similar right to object to processing.

  6. Your right to data portability: You have the right to receive your data in a structured, commonly used, and machine-readable format (data portability).

The law gives us one month to respond to you, but we will try to respond sooner.

There may be conditions or limitations on these rights. You are always welcome to contact us and ask. The same goes for some of the other rights.

If you have questions about the policy, feel free to contact us by using the contact details in this policy.

Last Updated: 5 June 2023