Skip to main content

Privacy Policy

Effective Date: 6.24.2024 

 

  1. Introduction

Canvas Leadership, LLC (“Canvas,” “we,” “us,” or “our”) is committed to protecting your privacy and ensuring the security of your personal data. This Privacy Policy outlines how we collect, use, and protect your personal data in compliance with applicable regulatory requirements, including the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). 

  1. Scope

This Privacy Policy applies to all personal data collected, used, or processed by Canvas in the course of our consulting engagements, use of third-party solutions, and through our website. It includes data collected from clients, website visitors, and participants in our programs. 

  1. Types of Data Collected

We may collect the following types of personal data: 

  • Contact Information: Name, email address, phone number, job title, and organization. 
  • Professional Information: Work history, educational background, and professional qualifications. 
  • Interaction Data: Information collected during training sessions, surveys, and collaborative activities. 
  • Usage Data: Information about how individuals interact with our website and third-party tools. 

  1. Purpose of Data Collection

We collect and use personal data for the following purposes: 

  • To facilitate and enhance training and development programs: Collecting feedback and responses to tailor programs to participants’ needs. 
  • To communicate with participants and respond to inquiries: Using personal data to communicate effectively and provide necessary information regarding our services. 
  • To analyze survey responses and improve our services: Understanding participant satisfaction and identifying areas for improvement. 
  • To manage and support collaborative projects using third-party tools: Facilitating collaboration and project management through tools like Microsoft Teams, Microsoft Office, Miro, and Achieve. 

  1. Legal Basis for Processing

Our processing of personal data is based on the following legal grounds: 

  • Consent: When you have given clear consent for us to process your personal data. 
  • Performance of a Contract: When processing is necessary for the performance of a contract with you or your organization. 
  • Legitimate Interests: When processing is necessary for our legitimate interests, provided these interests are not overridden by your rights and interests. Our legitimate interests include improving our services, ensuring system security, and conducting business analysis. 

  1. Third-Party Processors

We use third-party tools such as Microsoft Teams, Microsoft Office, Miro, and Achieve to process personal data. We select these providers based on their compliance with relevant data protection laws and their implementation of robust security measures. However, we cannot guarantee their compliance beyond our due diligence in selecting and reviewing these providers. 

  1. Data Retention

Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected or as required by law. We adhere to the retention policies of our third-party providers. Generally, personal data is retained for the duration of the contractual relationship and for a period thereafter as necessary to comply with legal obligations, resolve disputes, and enforce agreements. 

  1. Data Subject Rights

Individuals have the following rights regarding their personal data: 

  • Right to Access: You can request access to your personal data. 
  • Right to Rectification: You can request correction of inaccurate or incomplete data. 
  • Right to Erasure: You can request deletion of your personal data. 
  • Right to Restrict Processing: You can request restriction of processing under certain conditions. 
  • Right to Data Portability: You can request transfer of your data to another organization. 
  • Right to Object: You can object to the processing of your personal data. 
  • Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw consent at any time. 

To exercise these rights, please contact us at info@canvasleadership.com or +1 203-216-0131. We will verify your identity before processing your request and guide you through the steps required to address your request, including directing you to the relevant third-party providers if necessary. 

  1. Data Security

We implement appropriate technical and organizational measures to protect personal data. Our measures include encryption, access controls, regular security audits, and employee training. Our third-party providers, including Microsoft Teams, Microsoft Office, Miro, and Achieve, also implement robust security measures to protect data, such as encryption, access controls, and regular security audits. 

  1. International Data Transfers

Personal data may be transferred internationally by our third-party providers. These providers take steps to protect your data during such transfers, in compliance with applicable data protection regulations. The safeguards include: 

  • Adequacy Decisions: Transfers are made to countries deemed to have an adequate level of data protection by the European Commission. 
  • Standard Contractual Clauses (SCCs): For transfers to countries without an adequacy decision, SCCs approved by the European Commission are used to ensure data protection. 
  • Binding Corporate Rules (BCRs): Some providers use BCRs to allow safe data transfers within their corporate group. 
  • Technical and Organizational Measures: Providers implement measures such as encryption and regular security audits to protect data during transfers. 

While we do not directly list the specific countries where data may be processed, we select providers that comply with the relevant data protection conditions of the country of origin, maintaining a high level of data security and protection. 

  1. Automated Decision-Making

We do not use automated decision-making processes, including profiling, in our data processing activities. Our third-party partners may use automated decision-making. 

  1. Updates to the Privacy Notice

We may update this Privacy Notice periodically. Any changes will be posted on our website, and the effective date will be updated accordingly. We also review the updated policies of our third-party providers to stay apprised of their level of compliance. 

  1. Data Classification and Data Handling Policy

13.1 Data Classification 

Data is classified into the following categories: 

  • Public Data: Information that can be freely shared with the public without any risk. Examples include marketing materials and publicly available company information. 
  • Internal Data: Information intended for internal use only. Unauthorized disclosure could cause minor harm to the organization. Examples include internal memos and employee handbooks. 
  • Confidential Data: Information that is sensitive and restricted to specific personnel. Unauthorized disclosure could cause significant harm to the organization or individuals. Examples include business plans, internal reports, and non-public financial information. 
  • Personal Data: Any information relating to an identified or identifiable natural person. This includes names, email addresses, job titles, and survey responses collected through third-party tools such as Microsoft Teams, Microsoft Office, Miro, and Achieve. 
  • Sensitive Personal Data: A subset of personal data that requires extra protection. This includes data about racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, and data concerning a person’s sex life or sexual orientation. 

13.2 Data Handling 

13.2.1 Collection 

  • Collect only the minimum necessary data required for the specified purpose. 
  • Ensure data collection methods are secure and comply with applicable laws. 

13.2.2 Storage 

  • Store data in secure environments, utilizing third-party tools compliant with data protection regulations. 
  • Implement access controls to restrict access to classified data based on role and necessity. 

13.2.3 Use 

  • Use data only for the purposes for which it was collected and within the scope agreed upon with clients. 
  • Ensure that personal data is processed in accordance with GDPR, CCPA, and other relevant regulations. 

13.2.4 Sharing 

  • Share data internally only on a need-to-know basis. 
  • Use secure methods to share data externally, selecting third-party recipients based on their compliance with relevant data protection laws. 

13.2.5 Retention 

  • Retain data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law. 
  • Regularly review and securely delete data that is no longer needed, following the retention policies of third-party providers. 

13.2.6 Disposal 

  • Secure deletion for electronic data. 
  • Ensure that third-party tools have adequate data disposal procedures in place. 

  1. Contact Information

For any questions or concerns regarding this Privacy Policy or our data protection practices, please contact us at: 

Canvas Leadership, LLC
Email: Privacy@canvasleadership.com
Phone: +1 203-216-0131 

Close Menu