- Organizing it into the sections listed in the Table of Contents below,
- Providing a series of examples that help illustrate how the policies may be implemented by LeapXpert, and
- Defining and capitalizing a few terms that are used more than once for simplicity and brevity.
When we refer to “LeapXpert”, we mean LeapXpert, Inc. or any other LeapXpert affiliate that provides services or products to customers, as relevant.
Table of Contents:
- Information We Collect And Receive
- How We Use Personal Data
- How We Share And Disclose Information
- Disclosures of Personal Data
- Your Rights
- Data Retention
- Cookies and Similar Technologies
- Age Limitations
- Third Party Services
- Jurisdiction and Cross-Border Transfers
- Contacting LeapXpert
Note that the Services allow Customer Users to communicate with individuals for business purposes through communication services that are integrated with the Services. If you communicate with a Customer User, the Services will also collect certain information from you, like your phone number. When you use our Services as a Customer User or communicate with a Customer User through our Services (collectively, “End Users”), our processing of your Personal Data is governed by the Customer Agreement.
When delivering the Services, LeapXpert processes End Users’ Personal Data as a “processor” on behalf of such Customer as described in the Customer Agreement. This includes processing for the following purposes:
- Providing the Services to Customer and its Customer Users, including providing personalized user experiences;
- Troubleshooting and providing technical support;
- Technically improving the functioning of the Services (e.g., to detect bugs, fix errors, troubleshooting); and
- Securing the Services.
2. Information We Collect And Receive
LeapXpert may collect and receive your Personal Data in a variety of ways:
|Information||Examples of Personal Data||Source|
|Customer Data||As described above, Customer Data includes messages, files, images, voice, or other content submitted through the Services by End Users. Customer Data may also include similar data a Customer User provides in accordance with the consent process provided by your device, including any contact information that a Customer User chooses to import (such as importing an address book to find coworkers), images (for example, when sending images as messages when using the Services), or other files submitted through the Services via your device.||End Users who use the Services to make and receive calls or send and receive messages|
|Customer Instance and Customer User Account Information||Email address, phone number, password, domain and/or similar account details.||Customer or Customer Users|
|Call and Message Log Data||Your phone number, sending-party number, receiving-party number, forwarding numbers, sender and recipient email address, time and date of calls and messages, duration of calls, routing information, and types and volumes of calls and messages.||End Users who use the Services to make and receive calls or send and receive messages|
|Usage Metadata||When a Customer User interacts with the Services, metadata is generated that provides additional context about the way the Customer User works and/or uses the Services, including information on Customer Instances, people, features, content and links you interact with, the types of files shared and what Third Party Services are used (if any).||Customer Users|
|Device Information||Information about devices accessing the Services, including type of device, what operating system is used, device settings, application IDs, unique device identifiers and crash data. Whether we collect some or all of this information depends on the type of device used and its settings.||Customer Users|
|Location Information||Approximate location and/or precise location. Whether we collect some or all of this information depends on the specific Services plan set forth in the applicable Customer Agreement. We may, for example, use a business address submitted by our Customer, or an IP address received from your device to determine approximate location. We may also collect location information from devices in accordance with the consent process provided by your device, for example from GPS and other sensor data from your device, or information about things near you, such as Wi-Fi access points, cell towers, and Bluetooth-enabled devices.||Customer Users|
3. How We Use Personal Data
LeapXpert will only process Customer Data as a processor on behalf of the Customer, in accordance with the Customer’s instructions set forth in the Customer Agreement. LeapXpert will not process Customer Data for its own business purposes.
LeapXpert uses other information as described in the following table:
|Purpose||Example of Processing Activity||Categories of Personal Information||Legal Basis|
|Managing Customer Instance Accounts||Create or update Customer Instance account||Customer Instance and Customer User Account Information||We undertake these activities to perform our obligations under the Customer Agreement.|
|Product Development and Improvement||
||Call and Message Log Data; Usage Metadata; Device Information; Location Information||We undertake these activities because we have a legitimate interest to develop and improve our products so that we can continue our business activities.|
|Security and Fraud Prevention||Authenticating accounts and activity, detecting, investigating, and preventing malicious conduct or unsafe experiences, addressing security threats, protecting public safety, and securing LeapXpert Services. This includes detecting, preventing, and responding to fraud, abuse, security risks, and technical issues that could harm LeapXpert, you, or the Customer.||Customer Instance and Customer User Account Information; Call and Message Log Data; Usage Metadata; Device Information; Location Information||We undertake these activities because we have a legitimate interest to maintain the safety and security of our Services.|
|Compliance with Law and Legal Obligations||Complying with law applicable to LeapXpert that requires the processing of Personal Data, including responding to data subject requests and a valid and binding order of a governmental body.||Customer Instance and Customer User Account Information; Call and Message Log Data; Usage Metadata; Device Information; Location Information||We will undertake these activities to comply with a legal obligation where this obligation stems from a European or Member State law, or because we have a legitimate interest in complying with other laws applicable to us.|
|Asserting or Defending Against Legal Claims and Proceedings||As relevant to assert or defend against legal claims and proceedings, including but not limited to investigations issued by supervisory authorities, class action claims, group litigation orders and proceedings initiated by data subjects.||Customer Instance and Customer User Account Information; Call and Message Log Data; Usage Metadata; Device Information; Location Information||We undertake these activities because we have a legitimate interest to assert or defend against claims.|
|Aggregating and/or Anonymizing Personal Information||We may aggregate and/or anonymize Personal Data such that it will no longer be considered Personal Data. We may use such aggregated or anonymous information for any purpose. For example, we may share aggregated or anonymized information with prospects or partners for business or research purposes, such as telling a prospective LeapXpert Customer the average amount of time spent using the Services.||We will undertake these activities because we have a legitimate interest to generate data for our use, which we may use and disclose for any purpose, as it no longer identifies you or any other individual.|
|Business Transactions||In case of a merger, acquisition and/or other reorganization and restructuring of our business (including prospective transactions), we might need to disclose your Personal Data to the prospective buyer or business partner to facilitate such a business transaction.||We undertake these activities because we have a legitimate interest to facilitate the business transaction, which may take place for various business reasons.|
Generally, no one is under a statutory or contractual obligation to provide any Personal Data or other information. However, certain information is collected automatically and, if certain information is not provided, we may be unable to provide the Services.
4. Disclosures of Personal Data
We disclose Personal Data to our affiliates and service providers, such as hosting providers, IT and related infrastructure providers and analytics providers. We also disclose your Personal Data as necessary or appropriate, in particular when we have a legal obligation or legitimate interest to do so, to comply with a legal obligation, including public authority requests for disclosure, for dispute resolution purposes, and in connection with a sale or business transaction.
5. Your Rights
If you would like to request to access, correct, update, suppress, restrict, or delete Personal Data, object to or opt out of the processing of Personal Data, withdraw your consent where processing is based on your consent (which will not affect the lawfulness of processing prior to the withdrawal), or if you would like to request to receive a copy of your Personal Data for purposes of transmitting it to another company (to the extent these rights are provided to you by applicable law), you should contact the Customer whose Customer Instance you use. As an End User, your Personal Data is managed by the Customer as the controller of your Personal Data. We can only act on the instructions of our Customers, so you must contact the Customer directly to exercise any rights over your Personal Data.
If you are a resident of the European Economic Area (“EEA”) or the United Kingdom, you have the right to lodge a complaint with an EU/EEA data protection authority for your country or region where you have your habitual residence or place of work or where an alleged infringement of applicable data protection law occurs, or with the UK’s Information Commissioner. A list of EU data protection authorities is available at https://ec.europa.eu/newsroom/article29/items/612080.
6. Data Retention
We will retain Customer Data in accordance with a Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use or non-use of the Services, unless a longer retention period is required or permitted by law (for example, for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements). Depending on the Services plan, the Customer may be able to customize its retention settings and apply those customized settings at the Customer Instance level. Customer may also apply different settings to messages, files or other types of Customer Data. The deletion of Customer Data and other use of the Services by Customer may result in the deletion and/or de-identification of certain associated Personal Data. For more detail, please contact the Customer whose Customer Instance you use.
The criteria used to determine our retention periods include (i) the length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services); (ii) whether there is a legal obligation to which we are subject; or (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
Where a legal obligation arises or retention is advisable in light of our legal position, in some circumstances, we will retain certain Personal Data, even after your account has been deleted and/or we no longer provide the Services to you; for example if we receive a preservation order or search warrant, related to your Services account, we will preserve Personal Data subject to such order or warrant after you delete your Services account.
7. Cookies and Similar Technologies
LeapXpert takes security of data very seriously. LeapXpert works hard to protect Personal Data you provide from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the Personal Data we collect, process, and store, and the current state of technology. Given the nature of communications and information processing technology, LeapXpert cannot guarantee that Personal Data, during transmission through the Internet or while stored on our systems or otherwise in our care, will be 100% safe from intrusion by others.
9. Age Limitations
The Services are not directed to individuals under the age of sixteen (16), and we do not knowingly collect Personal Data from individuals under 16.
10. Third Party Services
11. Jurisdiction and Cross-Border Transfers
Your Personal Data may be stored and processed in the United States where we have facilities or in which we engage service providers, and by using the Services you understand that your Personal Data will be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country.
Where this will involve transferring your Personal Data outside the UK and/or EEA, we rely on the following safeguards:
- Adequacy Decisions: The UK Secretary of State and the European Commission have recognized certain countries as providing an adequate level of data protection, so that Personal Data can be transferred to those countries without additional safeguards. For transfers from the EEA, the full list of these countries is available here. For transfers from the UK, the full list of these countries is available here.
- Standard Contractual Clauses: For transfers of Personal Data from the UK and/or EEA to the United States, which are not currently considered adequate as explained above, we have put in place standard contractual clauses to protect your Personal Data. You may obtain a copy of these measures by contacting us in accordance with the “Contacting LeapXpert” section below or by following this link.
13. Contacting LeapXpert
Because email communications are not always secure, please do not include credit card or other sensitive information in your emails to us.
You may also contact our Data Protection Officer (DPO) by emailing firstname.lastname@example.org