LAST UPDATED: July 27, 2023
LeveragePoint Innovations Inc. (“LeveragePoint”, the “Company”, “we”, or “our”) complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF), the UK Extension to the EU-U.S. Data Privacy Framework (UK Extension to the EU-U.S. DPF), and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from persons in the European Union (“EU”), Switzerland, and the United Kingdom (UK) to LeveragePoint in the United States. LeveragePoint has certified to the Department of Commerce that we adhere to the Data Privacy Framework Program (DPF, formerly Privacy Shield Principles) of notice, choice, accountability for onward transfer, security, data integrity and purpose limitation, access, and recourse, enforcement, and liability (collectively, the “Principles”). To learn more about the Data Privacy Framework and to view our certification, please visit https://www.dataprivacyframework.gov/s/.
With respect to personal data received or transferred pursuant to the DPF, the United States Federal Trade Commission has jurisdiction over LeveragePoint’s compliance with the DPF. We adhere to the DPF principles except, as required or allowed by law, to meet legal, governmental, law enforcement, or national security obligations.
We are a provider of a software-as-a-service solution under commercial agreements with customers (“Customers”), most of which are business entities, via our LeveragePoint for Value Management proprietary tool. For the purpose of this DPF Statement, the LeveragePoint tool is referred to as the “Tool.”
LeveragePoint Tool: In connection with the Tool, Customers identify personnel as authorized users; user information may include personal data (“Personal Data”) for login and authorization to use the Tool, including email address and name. We host and process the data, including any Personal Data contained within the Tool, based upon the direction and the instructions of our Customers.
LeveragePoint accesses the data, including any Personal Data contained within the Tool, as necessary to provide the services within the Tool, including updating the Tool and addressing Customer support issues. As an agent processing Personal Data on behalf of our Customers, we do not own or control the Personal Data that we process on behalf of our Customers and do not have a direct relationship with each individual whose Personal Data may be processed in connection with the Tool.
Customers are responsible for ensuring that the Personal Data that may be provided by individuals to the relevant Customers is accurate, complete, and current. We depend on the relevant Customers to update and correct Personal Data to the extent necessary for the purposes for which the information was collected or subsequently authorized by the relevant individuals. Individuals using the Tool who seek access or who seek to correct, amend, or delete Personal Data that we maintain on behalf of Customers in connection with providing services under the Tool should make such requests directly to the relevant Customer. To the extent practicable, when an individual is unable to contact the appropriate Customer, or does not obtain a response from the Customer, we will provide reasonable assistance in forwarding the individual’s request to the Customer. Individuals using the Tool should submit complaints concerning the processing of their Personal Data to the relevant Customer, in accordance with the Customer’s dispute resolution process. We will participate in this process to the extent required by law and at the request of the Customer or the individual.
LeveragePoint Website: We obtain Personal Data directly from individuals who visit and provide Personal Data through the LeveragePoint website. Before individuals choose to submit their Personal Data to us, we provide a link to our Privacy Policy which states that we may disclose their Personal Data to certain third parties. Individuals may contact LeveragePoint as indicated below regarding the use or disclosure of their Personal Data or to request that we update or correct their Personal Data.
We will not use Personal Data obtained from our website or the Tool for purposes beyond the scope that the information was originally collected or subsequently authorized by the individual. We will not retain Personal Data for longer than necessary or in accordance with the Customer agreement.
LeveragePoint may disclose Personal Data, without offering an opportunity to opt-out, to service providers we have retained to perform services on our behalf or if we are required to do so by law or legal process. LeveragePoint may share Personal Data with third parties as further described in our privacy policy. Except as permitted or required by applicable law, in the event we transfer Personal Data provided by our Customers to a third party that is not subject to EU, UK, and Swiss data protection laws, or an adequacy finding, LeveragePoint either (i) requires such third party to subscribe to the relevant Principles or (ii) contractually requires such third party to provide at least the same level of privacy protection as is required by the relevant Principles. In the event that we share Personal Data with a third party, we remain liable under the Principles if our agent processes Personal Data in a manner inconsistent with the Principles.
In compliance with the DPF, we commit to resolving complaints about our collection or use of Personal Data. EU, UK, and Swiss individuals with inquiries or complaints regarding our DPF policy should first contact LeveragePoint at Privacy@LeveragePoint.com. We will respond to any such complaints within 45 days.
In the event that we fail to respond, or our response is insufficient or does not address the concern, LeveragePoint has registered with JAMS, an alternative dispute resolution provider based in the United States to provide independent third-party dispute resolution at no cost to the complaining party. To contact JAMS and/or learn more about their dispute resolution services, including instructions for submitting a complaint, please visit: https://www.jamsadr.com/eu-us-privacy-shield. In the absence of a resolution by LeveragePoint and JAMS and under certain and limited conditions, you may have the possibility to engage in binding arbitration through the DPF panel.
Individuals may address any questions or concerns regarding our Data Privacy Framework certification or our practices concerning Personal Data by emailing us at Privacy@LeveragePoint.com; or by writing to us at: LeveragePoint Innovations Inc., c/o Privacy Officer, 246 Walnut St., Suite A, Newton, MA 02460 U.S.A.