This policy was last modified May 25th, 2018.
It does not apply to any third party site or service linked to our Services or recommended or referred by our Services or by our staff. Further, it does not apply to any other site or online service operated by Leanpath, or to any of our offline activities.
What information do we collect?
In the European Union, Leanpath may be referred to as a “data controller,” because we collect, retain and process personally identifiable information. Dependent on your contractual relationship with Leanpath, we may also be identified as a “data processor.”
We collect information in three ways: information which you provide us, information which is collected as you use our Services, as well as information provided to us from other sources.
Information you provide us
While using our Services, you may be asked to provide personal information that identifies you as user of our Services. This may include information such as: your name, e-mail address, phone number, position or title at your place of employment, and your postal address. These types of information we will refer to as your “Personal Information.”
We do not collect or use personal financial information of any kind.
We do not collect or use personal health information of any kind.
Information we collect as you use our services
Our systems also collect – automatically – technical details of your interaction with our Services, including: your Internet (IP) address, browser type and revision, device type, and operating system. We also collect information on the time and date you interact with our Services, and how you interact with them – what pages or services you use, how long you use them, what content you access, what content you download, and referrer URL of your request.
We may also track your actions in response to any messages you receive from Leanpath or through our Services, such as whether you opened such messages. If you send or receive messages through our Services via SMS text message, we may log phone numbers, phone carriers, and the date and time that the messages were processed. Carriers may charge recipients for texts that they receive.
We will refer to these types of information as “Automated Information”.
Information we collect from other sources
From your employer: If we have a contractual relationship with your employer, they may provide us with the Personal Information that identifies you as user of our Services.
What do we use your information for?
We use the information we collect from our Services for the following purposes:
- Provide you with services that you or your employer has requested: We use your information to deliver our services, such as sending you summaries, alerts, and recommendations based on your data from Leanpath Online, that are rendered as part of your or your employers contract with us.
- Maintain, improve, or develop new services: We use your information to ensure our Services are working as intended, such as tracking outages or troubleshooting issues that are reported to us. We may also use your information for testing, research, analysis, and product development.
- Provide personalized services: Your information helps us to personalize the use of our Services, such as identifying you by your name when you are logged into our Services.
- Communicate with you: We use the information we collect, like your email address, to interact with you directly, in furtherance of our legitimate interests in our relationship with you. If you have an account on Leanpath Online, you can manage some of your messaging preferences here. Please note that you cannot opt out of receiving certain administrative, transactional, or legal messages from Leanpath.
- Monitor effectiveness & compliance: We may use the information we collect, like your name and the activities you have completed using our Services (e.g feature usage on Leanpath Online or events submitted using the Tracker) to understand your progress or compliance with our Services.
We do not rent, sell, trade, or lend any personally-identifiable information we collect, ever.
We do not make decisions concerning you using personally-identifiable information you provide, ever.
Sharing your information with your employer
If you register or access our Services in the context of your employment, certain information about you including your name, contact info, content and any activity related to your account may be shared with your employer.
What is our legal basis for collecting and using information?
For those in the European Union, the following represents our legal grounds for processing information about you under EU data protection laws, which is that our use of your information is based on the grounds that:
- We need it to provide you the Services, including to operate the Services, provide customer support and personalized features and to protect the safety and security of the Services. If your use is in the context of your employment, then these commitments and agreements have been made with your employer;
- We have a legitimate interest in using your information–for example, to provide and update our Services, to improve our Services so that we can offer you an even better user experience, to safeguard our Services, to communicate with you, to measure, gauge, and improve the effectiveness of our Services, to monitor and prevent any problems with our Services, and to personalize your experience;
- You have given us your consent to do so for a specific purpose; or
- The use is necessary for compliance with a legal obligation.
Do we disclose any information to outside parties?
We do not sell our users’ private personal information.
We share information about you in the limited circumstances outlined below and with appropriate safeguards on your privacy:
- Third Party Vendors: We may share information about you with third party vendors who need to know information about you in order to provide their services to us. This group includes vendors that help us provide our Services to you (like payment providers, email delivery services, customer chat and email support services), those that assist us with our coaching and marketing efforts (e.g. by providing tools for identifying a specific target groups or improving communication effectiveness), and those that help us understand and enhance our Services (like analytics providers). We require vendors to agree to privacy commitments in order to share information with them.
- Legal Requests: We may disclose information about you in response to a subpoena, court order, or other governmental request.
- To Protect Rights, Safety, and Others: We may disclose information about you when we believe in good faith that disclosure is reasonably necessary to protect the safety or rights of Leanpath, third parties, or the public at large.
- With Your Consent: We may share and disclose information with your consent or at your direction.
- Aggregated or De-Identified Information: We may share information that has been aggregated or reasonably de-identified, so that the information could not reasonably be used to identify you. For instance, we may publish aggregate statistics about the use of our Services.
- Support or Feedback Requests: If you send us a request (for example, via a support email or one of our feedback mechanisms), we reserve the right to publish that request in order to help us clarify or respond to your request or to help us support other users.
- Links: Our Services may contain links to unaffiliated third party services. Except as set forth herein, we do not share your personal information with them, and are not responsible for their privacy practices. We suggest you read the privacy policies on or applicable to all such third party services.
How long do we keep your information?
We generally discard information about you when we no longer need the information for the purposes for which we collect and use it–which are described in the section above–and we are not legally required to continue to keep it.
How do we protect your information?
While no online service is 100% secure, we work very hard to protect information about you against unauthorized access, use, alteration, or destruction, and take reasonable measures to do so, such as monitoring our Services for potential vulnerabilities and attacks.
Yes. Some of the Automated Information we collect from you is stored on your computer in the form of browser cookies. Cookies are small files that are transferred, during a web interaction, to your computer’s hard drive through your web browser. Cookies allow us recognize your browser, and to capture and recall information that assists us in improving your experience of our services.
Managing Cookies: It may be possible to disable some (but not all) Cookies through your device or browser settings, but doing so may affect the functionality of the services available on our Services. The method for disabling Cookies may vary by device and browser, but can usually be found in preferences or security settings.
Children’s Online Privacy Protection Act Compliance
We are in compliance with the requirements of COPPA (Children’s Online Privacy Protection Act), we do not knowingly collect any information from anyone under 18 years of age. Our Services are all directed to people who are at least 18 years old or older.
If we learn that Leanpath has inadvertently collected personally identifiable data from persons under 18 years of age without verifiable parental consent, we immediately delete that information.
If you are a parent or guardian with concerns in this area, please contact our Data Protection Officer, as described below.
Notification of changes
Your privacy rights
Depending on your country of residence, your privacy rights may include the right to:
- Know what Personal Information Leanpath collects, how that information is transmitted and retained, and to what uses that information is put, generally.
- Know what Personal Information Leanpath retains concerning you, specifically.
- Receive a machine-readable copy of the Personal Information Leanpath retains concerning you, solely.
- Change Personal Information Leanpath retains concerning you, specifically.
- Request the deletion of Personal Information Leanpath retains concerning you, solely.
- Know what permissions and processing authorizations you have given Leanpath, with respect to your Personal Information.
- Change or revoke permissions and processing authorizations you have given Leanpath in the past, with respect to your Personal Information.
- Receive notification in the unlikely event that your Personal Information or personally-identifiable Automated Information is inadvertently breached by Leanpath.
At any time, you may take action on the rights listed above by contacting Leanpath’s Data Protection Officer (DPO) as indicated below:
Data Protection Officer
8305 SW Creekside Place, Suite A
Beaverton, OR, USA 97008