We collect the following types of data directly from you:

• Account and contact details. This includes contact details and details about your organization and role. These details may be provided by you when you use our services, fill in a form on our website, or interact with our sales or customer support team.
• Account settings. We allow you to configure settings for your account — for example, your communication preferences.
• Project and organization data. 360 Feedback Manager lets you create and customize project and organization spaces in which you can set-up questionnaires, reports, branding and further customizations.
• Participant data You provide the details of participants and we collect the responses they provide when you ask them for input.
• Support and sales conversations. When you send us a question, feedback, or any other type of message we keep a record for future reference. We also keep a record of conversations we have through other channels and emails.
• Other data you intentionally share. We may collect further data you intentionally share with us — for example, a testimonial.

We also collect the following data indirectly:

• Usage data. We may collect data about how you interact with 360 Feedback Manager services, for example the pages you visit and actions you take.
• Device data. We may record information about the device you are using, including the IP address, web browser and operating system.
• Referral data. When you visit 360 Feedback Manager by clicking on a link outside of 360 Feedback Manager, we collect data about where you came from.
• Data from other services. If you choose to use a service that integrates with 360 Feedback Manager, then we may collect additional data relating to that service.

We use the data to:

• Provide our services to you. This includes providing technical support for which our site administrators may need to access your project or participant data.
• Monitor, maintain and optimize our services.
  • We monitor your data to see when things are going well, when you might need help, and when we can optimize our services.
  • This includes reviewing possible technical or legal issues; data that enables us to tailor our service such as your location or the response rates you are getting to feedback questionnaires; and other data that gives us insights to help us improve our services in future.
• Contact you about your usage of our service or your account.
  • We use the contact details you provide to share updates that will affect your account and use of 360 Feedback Manager, and to support you in using your account effectively. For example, when you create a new account, you will receive welcome emails to help you get set-up. These emails are required as part of our service, and so cannot be opted out of unless you choose to cancel your account.
  • We may assign a Customer Success Manager to your account to help you get more value out of our services. As part of this role, your Customer Success Manager may review your data, and may share your data with you to help you better understand your usage.
• Respond to legal requests. If we receive a legal request for data, we may need to review the data so that we can plan how to respond.
• Anonymous data eg for use in benchmarking purposes

We may share:

• Your data with our service providers.
  • We use third party services for areas such as infrastructure, payment and support. This helps us to provide a better and more secure service to customers.
  • We list the specific service providers that we use when storing or processing your participant data on our Third Party Supplier page. We will notify you by email — providing at least 14 days warning — if we plan to give any new service providers access to your participant data in future.
• Your email address with your organization.
  • If your account uses an email address that can be associated with a specific organization, we may share your email address with others from that organization. This is to help your organization identify who in the organization currently has access to our services.
  • You can choose to use an alternative email address if you are not happy with your email address being shared.
• Your email address with participants in your projects. If we are contacted directly by a participant in one of your projects, we will typically provide your email address so that they can contact you directly for support.
• Aggregated or anonymized data with third parties. We may share this data to promote or help us improve our services. We will ensure that no individual or organization can be identified from the data shared.
• Your organization name and logo to help us to promote our services. We will not identify any individuals without express consent. If you do not want this data to be used in this way, you can contact our support team to opt out.
• Your data if our business ownership or structure changes. If the business ownership or structure supporting 360 Feedback Manager changes in future, the data may be transferred to any new owner such that we can continue to provide our service.
• Information you expressly consent to be shared. There are other times that we may ask for your permission to share specific data — for example, to share your contact details with our partners that provide other services such as coaching.

LMS Global will treat Your Data as Confidential Information and will only use and share it as detailed in this document.
However, this data will not be regarded as Confidential Information if it:

1. is or becomes public knowledge other than by a breach of this clause;
2. is received from a third party who lawfully acquired it and who is under no obligation restricting its disclosure;
3. was lawfully known by LMS Global before we received it from you;
4. is independently developed by LMS Global without reference to the Confidential Information.

You own the project and participant data you collect in 360 Feedback Manager, and can:

• Export your questionnaire and feedback responses.Within a project, you can export an Excel spreadsheet containing the questions from your questionnaire, and each of the individual feedback responses. This allows you to self-administer any disputes and legal requests, and gives you the flexibility and portability to work with other solutions as needed.
• Export the details of participants. You can also export an Excel spreadsheet containing a list of everyone being assessed within a project, along with their feedback providers and tasks they need to complete.
• Delete participants, projects and organizations. You can delete participants, projects or entire organizations within 360 Feedback Manager at any time. See the section on “How we delete data” below for further information.

You can also:

• Update your details and settings. You can update your account details and settings. You can update the email address used to login by contacting our support team.
• Update your communication preferences. You can opt out of promotional emails at any time.
• Delete your account. You can delete your entire account. If you are the only user associated with an organization, then the organization and all projects within it will also be deleted. See the section on “How we delete data” below for further information.

As an administrator of organizations or projects within 360 Feedback Manager, you and your client have responsibilities as the “Data Controller” for the personal data collected or entered by you.
You should make yourself familiar with the data protection laws that apply to the country or countries that you and your participants are operating in. For example, you are required to adhere to the General Data Protection Regulation 2016 (GDPR).
As a baseline, we recommend that you:

• Have clear policies that you share with participants covering:
  
  • How their data will be used
  • Who their data will be shared with
  • When their data will be deleted
  • How they can access, delete and rectify data.
• Ensure you have lawful grounds for collecting data about someone being assessed. For an employee, this is typically covered by their employment contract. If not covered by any contract, you may need to explicitly ask for the consent of the person being assessed.
• Ensure you have lawful grounds for collecting data from the person providing feedback. Again, this can be covered by an existing contract or by explicitly asking for consent.
• Manage your data securely. For example, you should never share your 360 Feedback Manager login details, and you should take care with any data you export to your own device.
• Allow a second administrator access to your 360 Feedback Manager organizations and projects. This is to ensure that another user can support your organization in the event of you leaving the organization, getting sick, going on long-term leave, or otherwise being unavailable when they access is needed.

If we receive a request for data from a participant in a project you have access to (a “data subject request”), we will provide your contact details to the participant so that the participant can contact you directly. It is your responsibility as the Data Controller to then respond to that request. To support you in responding to these requests, 360 Feedback Manager makes it easy to export both feedback reports and individual responses.

We have embedded security into every part of our business, from recruitment through to end-user support. Our Security Statement summarizes how we keep your data secure.
We use the guidance provided by the Information Commissioner’s Office ICO to help us to meet our responsibilities.
Regardless of the steps we take, there is always a risk of your personal data being accessed by unauthorized third parties. In the unlikely event of a security breach that may affect your data:

• We will contact you within 72 hours of identifying the breach and confirm what data is at risk
• We will provide guidance on how to remedy or mitigate any potential damage to your organization as soon as possible, with regular status updates if the breach is ongoing
• We will provide a full written report within 2 weeks that details the root causes behind the breach, the steps we have taken to address it, and the steps we will take to prevent a similar breach from occurring.

If you would like your security team to be notified in the event of a security breach, you can provide additional email addresses to our support team.

You can delete your organization, project and participant data at any time using features available online. You can also request for your entire account to be deleted.
Your data will initially be ‘soft-deleted’ such that it can be recovered by our system administrators if needed. Your data will then be permanently deleted within 18 months. This gives you ability to run a second project to the same participants on a follow-up 360 a year later.
Please note that personal data will continue to exist in our backup systems for approximately 12 months after it is deleted from our database.

360FM platform servers are based in the UK and the European Economic Area. See 360FM Platform - Sub-processors to see which company manage our servers and mail delivery systems.

LMS Global has a worldwide team of employees and contractors. Any LMS Global team member accessing or processing your data will have a direct contract and/or confidentiality agreement with LMS Global to protect your data in line with these Terms.

360 Feedback Manager may use third-party service providers, including providers outside of the European Economic Area that have been granted trusted supplier status by the EU. All service providers have been reviewed to ensure they will also protect your data in line with these Terms, and will be subsequently reviewed on a regular basis to ensure they continue to meet our requirements.

By agreeing to these Terms you agree that we can transfer Personal Data outside of the European Economic Area in this way, without additional advance notification.

10.1. Backup and restoration
LMS Global will regularly and frequently back up your Data to one or more geographically-dispersed locations. These backups typically ensure that no more than 72 hours of Data can be lost even in the event of a disaster.

LMS Global will test backups and disaster recovery procedures to ensure that access to systems and Data can be restored in a timely manner.

11.1. Compliance and auditing
LMS Global will provide you with information to support you in performing reviews of how we process your data where required by — and to the extent required by — data protection legislation such as the General Data Protection Regulation 2016 (GPDR). This will be an additional charge.

11.2. Data protection impact assessments
LMS Global will assist you in performing a data protection impact assessment where required to by data protection legislation such as GDPR. This can typically be achieved by reviewing these Terms, our Privacy Policy and Security Statement.

11.3. Further supporting your compliance
LMS Global will notify you immediately if we become aware that You are asking us to perform any activity that would infringe GDPR or other data protection laws.

For an updated list of third-party sub-processors please refer to 3 - Sub-processors used with the 360FeedbackManager Application.docx. Your use of 360 Feedback Manager implies acceptance of each of our sub-processors' Terms and Conditions.

You can contact the 360 Feedback Manager privacy team with any queries you have at privacy@360feedbackmanager.com