Blog
Read the latest blogs
Jump to section:
Last Modified: July 1, 2024
1.1. In this privacy policy, you can learn more about how Leapwork ApS and affiliated companies Leapwork India Pvt Ltd, Leapwork LLC, Leapwork Germany GmbH, Leapwork The Netherlands B.V., Leapwork UK Limited, Leapwork Iberia Sociedad Limitada, Leapwork Poland Sp. z o.o. and Leapwork Sweden AB (collectively "Leapwork", "we", "us", "our") process your personal data in various situations.
1.2. We provide you with this information as we are required to do so under the EU General Data Protection Regulation (the "GDPR").
1.3. For our privacy notice to California residents, please see here.
1.4. For a quick glance at our privacy setup, please refer to the below summarizing overview:
Processing purposes |
Legal basis |
Retention period |
Visiting our website |
Article 6(1)(a) and (f) of the GDPR |
See cookie policy |
Using our software |
Article 6(1)(b) and (f) of the GDPR |
5 years |
Requesting a demo of our software |
Article 6(1)(f) of the GDPR |
5 years |
Entering into a contract with us |
Article 6(1)(b), (c), and (f) of the GDPR |
5 years |
Communicating with us |
Article 6(1)(f) of the GDPR |
5 years |
Visiting our social media platforms |
Article 6(1)(f) of the GDPR |
See the relevant privacy policy of the social media platform |
When you participate in surveys and questionnaires |
Article 6(1)(f) of the GDPR |
5 years |
When you are or represent a supplier, vendor or other third party |
Article 6(1)(f) of the GDPR |
5 years |
Receiving marketing material from us |
Article 6(1)(a) and/or (f) of the GDPR |
Until consent is withdrawn |
When you apply for a job with us |
Article 6(1)(f) of the GDPR |
3 years |
2.1. The Leapwork entity acting as controller may vary depending on the purpose of the processing. Below, you can find information on the processing of your personal data in the following situations:
2.2. Below, you can read more about the various purposes of our processing of your personal data in the different situations. You can also see which data we process, what the legal basis for our processing is, for how long we store the personal data and who we share it with.
2.3. Further, in the section Your rights etc, you can read about your rights and how to contact us.
3.1. We use cookies and similar tracking technologies to collect data about your visits and use when you use our website. This data includes:
Further, we process your personal data, which includes statistical data, when you use our software. The purpose of this processing is to aggregate data to be able to create unique insights and to continuously improve the product for the benefit of our customers.
3.2. The above data may contain personal data. The controller is Leapwork ApS. We collect the data on your use of our website in order to ensure a stable, secure and user-friendly experience, as well as to keep statistics about our website visitors. In some cases, with regards to the website, data is processed in order to target marketing based on the web browser.
3.3. The legal bases for our processing are:
3.4. Personal data contained in cookies will be deleted in accordance with the lifetime/period for each specific cookie. We disclose information to any third-party service providers that you have allowed to place cookies when you use the website, and we share your information with our group companies.
3.5. You can read more about our cookies and other similar tracking technologies, including their lifetime and disclosure to third parties, in our Cookie Policy using the cookies widget in the lower left corner of your browser.
4.1. Analytics in your use of our software.
We collect data regarding your use of Leapwork's software through various tracking technologies. This data includes:
Further, we process your personal data, including statistical data, to aggregate information and generate unique insights. This continuous data processing allows us to improve our software's performance, functionality, and user experience for the benefit of our customers.
4.2. Compliance monitoring.
We also process your personal data in relation to your license usage, and we may conduct audits to detect and prevent fraudulent activities. This data includes:
This processing is essential to maintain the integrity of our licensing model and ensure compliance with legal and contractual obligations.
4.3. Leapwork Client Portal.
The Client Portal is a cloud-hosted self-serve platform where you can manage, update and view all of your Leapwork details – administrative/profile related as well as analytics. Through the Client Portal, you can, among other things:
We collect data regarding your use of the Client Portal through various tracking technologies. This data includes:
4.4 Further, we process your personal data, including statistical data, to aggregate information and generate unique insights. This continuous data processing allows us to improve the Client Portal's performance, functionality, and user experience for the benefit of our customers.
4.5 The above data may contain personal data. The controller is Leapwork ApS. We collect the data on your use of our software and services to ensure a stable, secure, and user-friendly experience. This data is also used to compile statistics on software usage and license compliance, and to enable various functionality for your benefit. In some cases, data may be processed to target improvements in software features and user interfaces. We share your information with our group companies and relevant data processors used by us.
4.6 The legal bases for our processing are:
4.7. Personal data contained in tracking data will be deleted in accordance with our data retention policies. We disclose information to any third-party service providers involved in the analytics and auditing processes and share relevant data with our group companies to ensure comprehensive fraud detection and license compliance. You can read more about our data processing practices and retention policies in our Privacy Policy.
5.1. When you, as a company representative, request a demo of our software (e.g., via email or the contact form on our website) the communication will contain personal data, e.g., your contact details (including name and email address) and other personal data you may provide us with. The controller is Leapwork ApS or the entity you have contacted.
5.2. The legal basis for our processing of your name and contact details is article 6(1)(f) of the GDPR, as the processing is necessary for us to schedule with you and provide a free demo of our software.
5.3. Personal data pertaining to our general communication with you (such as email inquiries) will be deleted 5 years after the end of the financial year where your last inquiry has been handled/concluded. If your communication pertains to an order, personal data will generally also be deleted 5 years after the end of the financial year in which the order was placed. In specific situations, we may defer from our general retention periods (in case of e.g. complaints, objections or other specific situations).
5.4. Please see below regarding transfer of your personal data to third countries.
6.1. When you become a customer or partner with us, we process your personal data, including your full name and contact details, such as your email, phone number, company address, and any other information you provide us. The purpose of the processing is to manage our relationship with you. The controller is the Leapwork entity you have entered the agreement with.
6.2. The legal basis for our processing of your name and contact details is article 6(1)(b) of the GDPR, as the processing is necessary in order for us to fulfil our end of our agreement.
6.3. Further, we are obligated to store bookkeeping information, including information related to payments/transactions in accordance with the bookkeeping legislation. Based on the GDPR, our legal basis in that regard is article 6(1)(c).
6.4. The legal basis for our processing of any other information you may provide us is article 6(1)(f) of the GDPR, as we are pursuing our legitimate interests in tailoring our relationship to you.
6.5. As a starting point, we will delete your personal data 5 years after the end of the financial year where our agreement has ended. In specific situations, we may defer from our general retention periods (in case of e.g., complaints, objections or other specific situations).
6.6. We disclose personal data included in our account records to the relevant public authorities, including the tax and customs authorities, in connection with our statutory bookkeeping etc. Further, we disclose your personal data to our service providers and to our processors who e.g. host, develop and support our IT systems, and we share your information with our group companies.
6.7. Please see below regarding transfer of your personal data to third countries.
7.1. When you communicate with us directly (e.g., via email, telephone, the contact form on our website or with the Leapwork customer support or professional services teams) your communication will contain personal data, e.g., your contact details (including name and email address) and other personal data you may provide us with. The controller is Leapwork ApS or the entity you have contacted.
7.2. We process these personal data for the purpose of managing and answering your inquiries and offer support and/or training. The legal basis for the processing is article 6(1)(f) of the GDPR.
7.3. Personal data pertaining to our general communication with you (such as email inquiries) will be deleted 5 years after the end of the financial year where your last inquiry has been handled/concluded. If your communication pertains to a customer relationship, personal data will generally also be deleted 5 years after the end of the financial year in which the contractual relationship ended. In specific situations, we may defer from our general retention periods (in case of e.g. complaints, objections or other specific situations).
7.4. We disclose personal data included in our account records to the relevant public authorities, including the tax and customs authorities, in connection with our statutory bookkeeping etc. We also make your personal data available to our processors who e.g. host, develop and support our IT systems, and we share your information with our group companies.
7.5. Please see below regarding transfer of your personal data to third countries.
8.1. If you visit our pages at Facebook or LinkedIn, we may process the personal data that you make available to us via the pages, including your reactions on content, likes and comments, and any sharing of our content etc. The controller is Leapwork ApS.
8.2. We process these personal data for the purpose of managing our social media platforms and communicating with our followers through these platforms. The legal basis for the processing is article 6(1)(f) of the GDPR, as we are pursuing the above-mentioned legitimate interests. Your personal data is deleted in accordance with applicable data protection policies in place to the relevant social media platforms (see the links below).
8.3. Please note that when using our social media platforms, the provider (such as e.g., Facebook) will also process your personal data for its own purposes, including for targeted marketing purposes. You may find further information on the processing activities in the relevant privacy notices:
9.1. During your relationship with Leapwork, we might send you invitations to participate in various surveys and questionnaires. For this purpose, we process your personal data, including your name and contact details, such as your email, phone number and other relevant information necessary for the specific survey in question. The purpose of the processing is to gain insights into our software or service offerings. The controller is Leapwork ApS.
9.2. The legal basis for our processing of your responses to our surveys and questionnaires is article 6(1)(f) of the GDPR, as we are pursuing our legitimate interests in continuously improving our product.
9.3. We will delete (or anonymize) your personal data 5 years after the end of the financial year where our contract has ended.
9.4. We disclose information only to any third-party service providers (marketing/survey automation platforms), and we share your information with only the relevant people in our group companies.
9.5. Please see below regarding transfer of your personal data to third countries.
10.1. When you communicate with us (e.g., via email) as or on behalf of supplier, vendor or another third party, your communication may often contain personal data, e.g. your contact details (including name and email address), as well as association with a certain company or other personal data you may provide us with. We may also receive such personal data from a third party, such as your employer.
10.2. We process these personal data for the purpose of managing and answering your inquiries and orders and to communicate with you/the company you represent.
10.3. The legal basis for the processing is article 6(1)(f) of the GDPR, as we are pursuing our legitimate interests in managing general inquiries and fulfilling any agreement, we may have concluded with the company you represent.
10.4. Personal data pertaining to our communication with you will generally be deleted 5 years after the end of the financial year in which our last contact with the business you represent took place.
10.5. We disclose personal data included in our account records to the relevant public authorities, including in connection with our statutory bookkeeping etc. We may also disclose your personal data to our relevant business partners, including external advisors. Finally, we make your personal data available to our processors who e.g., host, develop and support our IT systems, and we share your information with our group companies.
10.6. Please see below regarding transfer of your personal data to third countries.
11.1. When you receive marketing material from us (e.g. newsletters), we process personal data on you (e.g. name and email address), as well as association with a certain company or other personal data you may provide us with.
11.2. To the extent we send you information on our products and services for marketing purposes, we will either ask for your consent (in accordance with article 6(1)(a) of the GDPR) before processing your information in this way or process your personal data based on our legitimate interests (in accordance with article 6(1)(f) of the GDPR.
11.3. We will process your personal data for as long as we have valid consent or reason to do so.
12.1. General.
When you apply for a job with one of our European-based companies, we process your personal data in different situations, which you can read more about below. The controller is Leapwork ApS.
12.2. Receipt of applications etc.
12.2.1 When we receive your application, we will read it and select the persons who we will call for an interview. The selection is based on your qualifications in relation to the specific position(s). You will be called for the interview by email or telephone.
12.2.2 As part of the recruitment process, we will receive and process the personal data that you have included in your application, CV and any other material that you may have forwarded along with your application. We may also ask you to send us additional information. The information obtained in this connection will include information about your previous employments, including information relating to work assignments, skills and performance, and information about your personal appearance and interpersonal skills. We will also obtain other information about you if we consider such information to be necessary for the assessment of your application.
12.2.3 The legal basis for processing the personal data is article 6(1)(f) of the GDPR as we pursue the legitimate interest in the processing of the personal data being necessary for our assessment of you as a person and your skills in relation to the contents of the position.
12.2.4 Further, our processing of data that you make available to us on your own initiative is deemed to be performed on the basis of your consent (in accordance with the relevant consent provisions of the GDPR and/or national data protection laws[1]).
12.3. Social media.
12.3.1. If relevant, we will obtain available information published by you on social media, such as LinkedIn and Facebook.
12.3.2. The legal basis for processing the personal data published by you is article 6(1)(f) of the GDPR as we pursue the legitimate interest in the processing of the personal data being necessary for our assessment of you as a person in relation to the contents of the position.
12.4. References.
12.4.1. If we wish to obtain information about you from your current or former employer using your references, we will first ask for your consent. Unless you are otherwise specifically notified by us, the information we obtain in that connection will include the following categories: Information about your previous employments, including information relating to work assignments, skills and performance, your personal appearance and interpersonal skills, and the reason for not being or no longer wanting to be employed by the employer in question.
12.4.2. The legal basis is the consent you give for the purpose of using your references, in accordance with article 6(1)(a) of the GDPR.
12.5. Use of personality and competency tests.
12.5.1. During the recruitment process relating to some positions, we may use a personality test and/or a competency test. Typically, the tests are taken after our first interview with you. The purpose of the tests is to identify your personal preferences and skills, forming a basis for a dialogue with you about your personal resources and conduct. The tests will be part of the overall basis for selecting the right candidate for the position.
12.5.2. The legal basis for processing the personal data is article 6(1)(f) of the GDPR as we pursue the legitimate interest in the processing of the personal data being necessary for our assessment of your personal skills based on the tests.
12.6. Criminal record.
12.6.1. During the recruitment process, we may ask you to show your criminal record certificate. Whether a criminal record certificate is required depends on the position, including the responsibilities and powers involved. If we consider it to be relevant to the position for which you have applied, we will ask you to request a personal criminal record certificate.
12.6.2. Please note that no processing of personal data takes place regarding criminal records, as you will in any case only be asked to show us a physical copy of the criminal record certificate (and you are thus not asked to send us a copy via email or otherwise provide us with a copy for us to keep).
12.7. Background checks.
12.7.1. During the recruitment process, we may, depending on your role and the location, ask for your consent to perform a background check to verify your identity as well as, in some situations and to the extent permitted by applicable law, we may also collect data related to criminal offences and proceedings.
12.8. Job interviews.
12.8.1. If you progress in the recruitment process, we will conduct interviews where we will focus on your professional and personal skills as well as the challenges etc. of the job. We will write down some of the information disclosed during the interview(s). We only use the relevant information in the assessment of whether you should be offered a position.
12.8.2. The legal basis for processing the personal data is article 6(1)(f) of the GDPR as we pursue the legitimate interest in the processing of the personal data being necessary for our assessment of you as a person and your skills in relation to the contents of the position.
12.9. Drafting of employment agreement.
12.9.1. If we offer you a position, we will process the personal data necessary for staff administration purposes. In that case, you will receive further information on this.
12.9.2. The legal basis for processing the general personal data stated in the application documents may (also) be 6(1)(b) of the GDPR as it may be necessary to process the personal data in question for the purpose of drafting an employment agreement, if relevant.
12.10. Recipients of your personal data.
12.10.1. Certain data will be made available to our processors, for example our IT system providers etc., and if relevant, we share your information with our group companies.
12.10.2. Please see below regarding transfer of your personal data to third countries.
12.11. Storage of your personal data.
12.11.1. We will store your personal data for the period necessary for us to fulfil the purposes for which they were collected. Leapwork is committed to driving inclusive recruitment processes and believes in equal opportunity for all our job applicants. To document these processes, your personal data will be kept by us for three years for documentation purposes in the event of a legal claim. For that reason, we have established a maximum time limit of three years for the storage of job applications. As a general rule, we erase or anonymise your personal data according to this time limit unless it is necessary that we continue to store them, e.g. for the purpose of particular cases or the like.
12.11.2. If we employ you, the personal data that we have processed during the recruitment process will, if relevant, be stored in your personnel file in accordance with the applicable retention periods of your employment. In that case, you will be further notified of the processing of your personal data.
12.12. Mandatory processing of personal data.
12.12.1. Under the data protection rules, you are entitled to be informed of whether the provision of personal data is a statutory requirement, or a requirement necessary to enter into a contract, and of whether you are obligated to provide the personal data and of the possible consequences of failure to provide such data.
12.12.2. It should be noted in that respect that under certain national legislations, including the Danish Health Information Act (helbredsoplysningsloven), an employee must state of its own motion or at the employer's request to that effect whether the employee knows that (s)he suffers from an illness or shows symptoms of an illness which will significantly affect the employee's ability to carry out the work in question.
12.12.3. Further, as a potential future employee, you are subject to the general duty of transfer which means that you must not knowingly withhold information that may be relevant to your opportunity for being employed.
12.12.4. Moreover, it should be noted that if you are offered a position, we will use certain personal data about you to draft your employment agreement, including your name and address.
12.12.5. If you do not wish to provide the information that you are required to provide under the provisions of the Danish Health Information Act or similar legislation and/or according to your duty of transfer or the information necessary for drafting an employment agreement, or any other information which we are required to collect from you by law, we will be unable to offer you a position.
13.1. We transfer your personal data to countries outside the EU and EEA, when making data available to our processors, including to the US. Further, we also transfer your personal data to the UK, US and India when we share personal data with our group companies located in the UK, US and India.
13.2. The bases for such transfers are
13.3. If you want additional information about our transfer of personal data outside the EU and EEA, you can make a request for such additional information by contacting us (see contact information below).
14.1. You have special rights to help you control your personal data, and we wish to make it easy for you to exercise those rights:
14.2. Right to withdraw consent
Where you have given your consent for our processing of your personal data, you have the right to withdraw your consent at any time. You can withdraw your consent by contacting us, see below under "Contact".
If you wish to unsubscribe to our newsletters, you can also withdraw your consent by unsubscribing in the emails you receive from us.
If you withdraw your consent, the withdrawal will not affect the lawfulness of processing that has already been carried out based on your consent.
14.3. Right of access
You have the right to have confirmed whether we collect or process your personal data, and, if so, you have the right to request a copy of your personal data in a digital format.
14.4. Right of rectification
You have the right to require that we correct any inaccurate personal data concerning you, and that we complete incomplete personal data.
14.5. Right of erasure
In certain circumstances, you have the right to request that we erase personal data concerning you; for example, if it is no longer necessary for the purposes for which it was originally collected.
14.6. Right to restrict processing
In certain circumstances, you have the right to request that we restrict the processing of your personal data, e.g., if you believe that the personal data is not accurate or lawfully processed.
14.7. Right to object to the processing
In certain circumstances, you have the right to request that we stop processing your personal data.
14.8. Right to data portability
In certain circumstances, you have the right to receive the personal data you have provided us with in a structured, commonly used, machine readable format, and the right to have us transmit the data to another entity, where technically feasible.
14.9. Complaint to a supervisory authority
14.9.1. If you want to lodge a complaint with a supervisory authority about our processing of your personal data, you can do so by contacting the Danish Data Protection Agency via their website, File a complaint (datatilsynet.dk).
14.9.2. You may also contact your local regulator (outside Denmark) to receive guidance on how to file a complaint, see: Our Members | European Data Protection Board (europa.eu).
14.9.3. Further, if you are a resident in the United Kingdom, detailed information on the full content of your rights (and any conditions that may apply) is provided by the United Kingdom’s Information Commissioner’s Office and is available on their website: https://ico.org.uk/your-data-matters.
14.9.4. You can read more about your rights in the Danish Data Protection Agency's guidelines on data subjects' rights, which is available at datatilsynet.dk (in Danish). Please contact us if you wish to exercise your rights. The relevant contact details are stated below.
You can contact our headquarters at
Leapwork ApS
CVR no. 36 92 42 25
Store Kongensgade 72
1264 Copenhagen
Denmark
Please check our other locations on our website for an overview of the other Leapwork companies.
You can always reach us at email: privacy@leapwork.com.
If you are a consumer located in California, we process your personal information in accordance with the California Consumer Privacy Act (CCPA). This section provides additional details about the personal information we collect and use for purposes of CCPA.
The sections above describe the personal information we may have collected about you within the last twelve (12) months, including the categories of sources of that information. We collect this information for the purposes of, as well as disclose it, as described in the above sections.
Your CCPA Rights and Choices. As a California consumer and subject to certain limitations under the CCPA, you have choices regarding our use and disclosure of your personal information:
[1] Relevant provisions may be: Articles 6(1)(a) and 9(1)(a) of the GDPR, depending on the specific information provided by you.
©2024, Leapwork. All rights reserved.