Privacy Notice
PRIVACY NOTICE
Leadership Architecture Diagnostic, Interview, Benchmark, and Platform Activities
Version date: [Date]
This Privacy Notice explains how Azimut SRL (“we,” “us,” “our”) processes personal data in connection with:
diagnostic questionnaires and assessments,
executive and employee interviews,
leadership architecture, governance, and decision-mapping projects,
benchmark and index development,
platform access and use,
client communications and project delivery,
related methodology improvement and AI-assisted analysis support.
1. Who we are
Controller
Azimut SRL
Registered office: [Address]
Registration number: [●]
Tax/VAT number: [●]
Email: [privacy@...]
Phone: [●]
Privacy contact / DPO (if applicable)
[Name / role / email]
Depending on the project structure, we may act:
as the sole controller,
as a joint controller with a client organization,
or as a processor/service provider for a client organization.
If a specific project uses a different role allocation, we will identify that in the relevant contract, invitation, app flow, interview materials, or project-specific privacy notice.
2. Scope of this notice
This Notice applies to personal data processed in connection with:
public or private diagnostic/assessment flows,
executive or employee interviews,
benchmark/index participation,
governance and sprint projects,
software platform access and usage,
related support, reporting, and project communications.
It does not apply to:
purely anonymous information that no longer relates to an identifiable person,
purely corporate information that does not identify an individual,
third-party websites or services that have their own privacy notices.
3. Categories of personal data we collect
Depending on the project or interaction, we may process the following categories of personal data.
3.1 Identity and business-contact data
name
business email
phone number
title / position
employer / organization
department / business unit
country / region relevant to the engagement
3.2 Assessment and diagnostic data
questionnaire responses
ratings, scores, and indicators
written/free-text responses
completion status and timestamps
role/team metadata relevant to analysis
3.3 Interview and qualitative data
interview scheduling details
interviewer notes
audio recordings, where used
video recordings, where used
transcripts
summaries
coded themes, analytical tags, and derived insights
quotations, where lawful and appropriate
3.4 Platform and usage data
account credentials and login identifiers
user IDs
role and permissions data
session and activity logs
system interaction data
support tickets and related communications
3.5 Commercial and project data
client contacts
contract/project information
billing and invoicing information
meeting records and email correspondence
3.6 Technical and security data
IP address
browser/device data
log data
authentication events
security and incident information
3.7 Sensitive or special-category data
We do not intentionally seek special-category personal data unless clearly necessary and lawfully supported. However, in interviews or free-text responses, participants may choose to disclose sensitive information. Where such processing is intentionally carried out, we will identify the relevant legal basis and Article 9 condition, such as explicit consent where appropriate.
4. Sources of personal data
We may collect personal data:
directly from you,
from the client organization engaging us,
from authorized users within the client organization,
through our platform or website,
through interviews, questionnaires, and project communications,
from approved service providers acting on our behalf.
If we receive your personal data indirectly, we will provide the information required by applicable law unless an exception applies.
5. Purposes of processing
We may process personal data for one or more of the following purposes.
5.1 Delivery of diagnostics and assessments
administering questionnaires and diagnostic processes
generating reports, scores, and indicators
analyzing organizational patterns and risks
5.2 Interviews and qualitative analysis
scheduling and conducting interviews
transcribing and analyzing interviews
identifying themes, patterns, and structural issues
supporting sprint design, governance review, or decision mapping
5.3 Client delivery and project management
managing the engagement
preparing reports, deliverables, and recommendations
coordinating workshops, meetings, and follow-up
5.4 Benchmark and index development
creating anonymized and aggregated benchmark outputs
comparing patterns across teams, organizations, sectors, or time periods
improving benchmark quality and methodology
5.5 Platform operation and support
user administration and authentication
service provision, support, troubleshooting, and maintenance
service monitoring and security
5.6 Security, compliance, and legal administration
maintaining records and logs
preventing misuse and unauthorized access
complying with legal obligations
establishing, exercising, or defending legal claims
5.7 Methodology and product improvement
improving our framework, tools, reports, and workflows
improving platform performance and usability
improving analysis quality, including AI-assisted support tools where used lawfully and appropriately
6. Legal bases for processing
Depending on the specific activity, we may rely on one or more of the following legal bases.
6.1 Consent
We may rely on consent for:
participation in certain interviews or research activities,
audio/video recording,
use of anonymized quotations where appropriate,
certain follow-up communications,
explicit consent for special-category data where required.
You may withdraw consent at any time. Withdrawal will not affect processing already carried out lawfully before withdrawal.
6.2 Contract
We may process data where necessary:
to perform a contract with a client,
to provide platform access or agreed services,
to take steps requested before entering into a contract.
6.3 Legitimate interests
We may process data where necessary for our legitimate interests, including:
delivering professional diagnostic and governance services,
securing our systems and platform,
improving methodology and service quality,
generating anonymized and aggregated benchmark outputs,
maintaining records and defending legal claims,
provided those interests are not overridden by your rights and freedoms.
6.4 Legal obligation
We may process data where necessary to comply with legal or regulatory obligations.
6.5 Special-category data
If special-category data is intentionally processed, we will rely on an applicable Article 9 condition, such as explicit consent where appropriate.
7. Controller / processor / joint-controller position
The role we play depends on the project.
7.1 Azimut as controller
We may act as controller where we determine the purposes and essential means of the processing, for example in our own benchmark, methodology-improvement, or platform-improvement activities.
7.2 Azimut and client as joint controllers
We may act jointly with a client organization where both parties jointly determine important purposes and means of a diagnostic or benchmark process.
7.3 Azimut as processor
We may act as processor where we process personal data solely on documented instructions from a client acting as controller.
Where relevant, the applicable role allocation will be clarified in the contract and project documentation.
8. Recipients of personal data
We may share personal data with:
our employees and authorized collaborators on a need-to-know basis,
client organizations, where relevant to the engagement,
hosting, cloud, storage, transcription, analytics, communications, and support providers,
professional advisers such as lawyers, auditors, and accountants,
regulators, courts, authorities, or law-enforcement bodies where legally required,
affiliates, successors, purchasers, financing parties, or spin-off entities in connection with a restructuring, financing, or sale, subject to appropriate safeguards.
Where a third party processes personal data on our behalf, it acts under appropriate contractual controls.
9. International transfers
If personal data is transferred outside the EEA/UK/Switzerland, we will do so only where an appropriate legal transfer mechanism exists, such as:
an adequacy decision,
Standard Contractual Clauses,
or another lawful safeguard.
You may contact us for more information about the safeguards used for relevant transfers.
10. AI-assisted analysis and automated decision-making
We may use software tools, scoring systems, analytics tools, transcription tools, and AI-assisted support tools to help with:
transcript handling,
summarization,
coding support,
pattern identification,
draft reporting,
and workflow improvement.
Unless specifically stated otherwise, we do not intend to use your personal data as the sole basis for decisions producing legal or similarly significant effects about you through solely automated decision-making.
Where a specific process involves materially different automated logic, we will provide additional information as required.
11. Anonymization, pseudonymization, and benchmark use
We may use information derived from projects to create:
anonymized and aggregated benchmark data, and
methodology-improvement outputs.
Where data is truly anonymized so that individuals are no longer identifiable by means reasonably likely to be used, it is no longer personal data. Where data is only pseudonymized, it remains personal data and continues to be handled under applicable data-protection rules.
We do not intentionally identify individual participants in external benchmark outputs unless separately permitted and lawful.
12. Retention
We keep personal data only for as long as reasonably necessary for the purposes described in this Notice, taking into account:
project needs,
legal and contractual obligations,
limitation periods,
audit and security requirements,
and whether data has been anonymized.
Suggested structure to finalize internally
client and project communications: [e.g. 3–7 years]
assessment response data: [e.g. 2–5 years]
raw interview recordings: [e.g. 6–24 months]
transcripts and coded analytical outputs: [e.g. 1–5 years]
security logs: [e.g. 6–24 months]
anonymized aggregated benchmark data: may be retained longer where it no longer identifies individuals
The final retention periods in the live notice should match your actual internal retention schedule.
13. Data subject rights
Subject to applicable law, you may have the right to:
request access to your personal data,
request correction of inaccurate data,
request deletion,
request restriction of processing,
object to certain processing,
receive data portability where applicable,
withdraw consent where consent is the legal basis,
lodge a complaint with a competent supervisory authority.
To exercise your rights, contact:
[privacy email / contact person]
14. Security
We apply reasonable technical and organizational measures designed to protect personal data, including, where appropriate:
role-based access controls,
MFA and credential controls,
encryption in transit,
secure storage,
vendor controls,
logging and monitoring,
restricted access to recordings and transcripts,
retention and deletion controls.
15. Cookies and similar technologies
If our website or platform uses cookies or similar technologies, certain technical or usage data may be collected for:
authentication,
security,
analytics,
performance,
and user experience.
A separate Cookie Notice or consent mechanism may apply where required.
16. Restructuring, spin-off, or sale
As the business evolves, personal data and related project records may need to be accessed or transferred in connection with:
internal restructuring,
financing,
a platform spin-off,
merger,
acquisition,
or sale of all or part of the business.
Where this happens, we will take appropriate steps to ensure continued lawful handling of personal data.
17. Changes to this notice
We may update this Privacy Notice from time to time to reflect legal, technical, operational, or business changes.
If we make material changes, we may publish an updated version and update the version date above, and where appropriate provide additional notice.
18. Contact and complaints
For questions, rights requests, or privacy concerns, contact:
Azimut SRL
[Name / role]
[Email]
[Phone]
[Address]
You also have the right to lodge a complaint with the competent supervisory authority