Leeuwendaal privacy statement regarding Q12
Leeuwendaal is a comprehensive HR consultancy firm for the public sector. We offer services in e.g. the field of assessments, talent and team development, coaching and training. Leeuwendaal is ISO 9001 and ISO 27001 certified.
Leeuwendaal and Gallup (an international research and consultancy firm located in the USA) have entered into a partnership to implement the Q12. This is a tool that measures engagement, the results of which can be used for team development.
To perform the Q12, we record the following personal data:
|Personal data||Purpose||Ground for data processing*|
|Name and email address, unique ID||Making contact, creating and managing account||Legitimate interest|
|Completed questionnaire||Generation of the Q12 report||Legitimate interest|
*By legitimate interest we mean that these personal data are needed to process the Q12 questionnaire and generate reports.
At the client’s request, we may also ask for certain other data which we will include in the analysis (e.g. department, location, type and length of employment).
Who has access to your data?
Leeuwendaal: your data can only be accessed by the Leeuwendaal advisors and supporting staff who are directly involved in the performance of the assignment. We cannot view completed questionnaires at the individual level, only at team and organization levels.
Gallup: as the supplier of the questionnaire and processor of the data, Gallup can access all of your data. We have concluded a Data Processing Agreement with Gallup containing, among others, agreements about security and storage policy. Leeuwendaal remains responsible at all times for the processing of your data in Q12.
Client: the results processed in the report for the client are completely anonymized. The results can never be traced to individuals.
Security, to us, has two sides: technology and behavior.
Technology: the Q12 questionnaire is filled out in Gallup’s portal. Access to this portal is strictly secured according to the latest technological standards and based on the principles of privacy by design. Gallup is ISO 27001 certified. Naturally, Leeuwendaal has concluded a Data Processor Agreement with Gallup.
Behavior: Leeuwendaal and Gallup devote much attention to employee awareness with regard to personal data protection in practice. All staff are trained every year in the dos and don’ts of this subject.
The Q12 is a research tool to measure engagement at the team and organization levels. The results are placed in a broader context to investigate to what extent the results are comparable to, for example, other job groups, similar organizations, sectors, countries etc. To enable effective comparisons, it is necessary to store research data. The data are stored in pseudonymized form for a term of seven years. Analyses can never be traced to individuals.
Your data are stored on Gallup’s servers in the USA. Gallup is committed to the Privacy Shield. This Privacy Shield is recognized by the EU and offers the same level of protection as the GDPR.
Right of inspection, adjustment or removal
As a participant, you are in control of your own data at all times. This means that at any time, you can ask Leeuwendaal to allow you to inspect your personal data, or to remove them entirely. You can also ask us to correct factual errors. Leeuwendaal will then instruct Gallup to process your request.
In this document, we have explained how Leeuwendaal handles your personal data when you participate in Q12. We wish to emphasize that your participation in Q12 is entirely voluntary.
In case of any questions or doubts, please contact the Gallup project coordinators at Leeuwendaal by calling (+31)88 00 868 00 or by sending a message to firstname.lastname@example.org. We expect that they will be able to answer most questions directly. If they cannot answer your question, they will refer you to our Data Protection Officer, Mark Thorborg LLM. You can reach him through our general telephone number, (+31)88 00 868 00 or at email@example.com. You also always have the right to submit a complaint to the Dutch Data Protection Authority