Privacy

Leadbacker GDPR Privacy Policy

Privacy (GDPR)

1.Processor Role

Leadbacker operates as a data protection processor under Article 28 GDPR, with clients serving as controllers under Article 4(7) GDPR.

2.Personal Data Categories Processed

  • First and last name
  • Email address
  • Department and direct supervisor
  • Login data
  • Device IP address used for Leadbacker
  • User-entered self-perception and external perception data from employee responses
  • Optional data: Gender, generation, company tenure duration

3.Processing Duration

“The duration of the commissioned processing corresponds to the duration of this license agreement.”

4.Data Use Limitations

Leadbacker processes data exclusively for license agreement performance. Anonymous client data may be collected for product improvement analysis.

5.Instruction-Only Processing

“Leadbacker as a processor undertakes to process personal data only on the documented instructions of the controller” unless required by EU law, with prior notification obligations.

6.Confidentiality Obligations

Personnel handling data must commit to confidentiality, with obligations extending beyond employment termination.

7.Security Measures

Leadbacker declares appropriate technical and organizational security measures per Article 32 GDPR.

8.Sub-Processor Authorization

Clients grant consent for sub-processor engagement with 14-day objection rights and equivalent data protection obligations imposed contractually.

9.Data Subject Rights Support

“Leadbacker as the processor undertakes to support the client as the controller to the extent possible with suitable technical and organizational measures” for data subject requests.

10.Compliance Support

Leadbacker supports client obligations under GDPR Articles 32–36 regarding security, breach notification, and impact assessments.

11.Data Deletion

“Leadbacker as the processor shall be obliged to delete or return all personal data one month upon completion” unless retention is legally required.

12.Audit and Transparency

Leadbacker provides compliance information and permits client-authorized audits and inspections.

13.Breach Notification

“Leadbacker shall inform the client without delay if it believes that a data transfer violates the GDPR or other applicable data protection regulations.”

14.Liability Limitation

Liability applies only for breaches of specific obligations in this section and applicable data protection legislation.

Dispute Resolution

German GDPR version provisions govern uncertainties.

Security & Compliance

Leadbacker maintains a layered set of compliance and security controls across its team, suppliers, and product surfaces.

  • GDPR — Team & Suppliers

    Full GDPR compliance applied uniformly across Leadbacker's own team and every contracted sub-processor, with DPAs in place and equivalent obligations cascaded down.

  • SCC Compliance

    EU Standard Contractual Clauses are in place for any data transfer involving processors or sub-processors outside the EEA, ensuring lawful cross-border data flows.

  • ISO 27001+ (in progress)

    Information security management aligned to ISO 27001 controls, with formal certification work currently in progress.

  • EU AI Act Compliance

    Adaptive Leadbacker Intelligence (ALI) is designed to meet the requirements of the EU AI Act — transparent, auditable, and operating within documented boundaries.