Development Dimensions International's Privacy Policy
Development Dimensions International's Privacy Policy
This Privacy Policy is effective as of July 2024.
Who we are
Development Dimensions International, Inc. (“DDI”) is a global leadership consulting firm that helps our customers to hire, promote, and develop exceptional leaders. From first-time managers to C-suite executives, our commitment is to be by the side of leaders to help make every moment count. From our founding in 1970, we have dedicated ourselves to finding science-based solutions that truly change the lives of leaders and the people they lead.
How we Care for your Personal Information
DDI is dedicated to protecting your personal data. This privacy policy contains essential information about the personal data we collect, and the how and why we collect, store, use, and share personal data. DDI designed and manages the site you are viewing.
This Privacy Policy applies to the collection and use of information of the websites and platforms where this policy is linked (“Sites”, “Product Sites”, “Website”, “DDI Applicant Sites”). None of the Sites publish content or collect data that is targeted at children.
The use of information collected through our Sites shall be limited to the purpose for which it was gathered. The sites are defined as:
- “Product Sites”, that provide a service for which a Client has engaged DDI or gathers information for research purposes
- “Website”, that provides information to prospective and existing Clients and other interested parties
- DDI Applicant Sites, that gathers information on applicants for career opportunities at DDI
For our “Product Sites”, DDI will abide by each of these laws, as well as any other laws that govern the applicable jurisdiction, solely to the extent that we process your data subject to the jurisdiction covered by each applicable law. For the “Website” and DDI Applicant Sites, DDI will be controller of your data. The terms of which are detailed below.
Key Terms
We, us, our |
|
Client | Client is an organization who has contracted DDI to perform services on their behalf. Client may also mean your employer. |
Our Data Protection Officer | DataProtectionOfficer@ddiworld.com |
Personal data | Specific types of information relating to an identified or identifiable individual according to established information classifications |
Special category personal data | Personal data revealing, political opinions, religious beliefs, philosophical beliefs, or trade union membership. Data concerning health, sex life or sexual orientation |
PERSONAL DATA WE COLLECT
Categories of personal data we may collect about you as part of our product sites
|
|
|
|
|
|
|
Categories of personal data we may collect about you as part of our applicant sites
|
|
|
|
|
|
Categories of personal data we may collect about you as part of our website
|
|
|
How Your Personal Data Is Collected
DDI collects personal data directly from DDI’s Website, public sites, indirectly from your employer with your consent, or directly from you as an applicant. DDI may also collect information via automated monitoring of our websites and other technical systems and via communication systems such as email and instant messaging services.
Why and How We Use Your Personal Data
Purpose | Reason |
To provide products and/or services to your employer | For the performance of our contract with your employer or to take steps at your employer’s request before entering a contract |
To verify identity | To comply with our legal and regulatory obligations |
Other processing necessary to comply with professional, legal, and regulatory obligations that might apply to our business, e.g., health and safety regulations. | To comply with our legal and regulatory obligations |
Gathering and providing information required by or relating to audits, inquiries, or investigations by regulatory bodies | To comply with our legal and regulatory obligations |
Ensuring business policies are adhered to, e.g., policies governing security and information use | For our legitimate interests or those of your employer, i.e., to make sure we are following our own internal procedures so we can deliver the best service to you |
Operational reasons, such as improving efficiency, training, and quality control | For our legitimate interests or those of your employer, i.e., to be as efficient as we can so we can deliver the best service for you at the best price |
Ensuring the confidentiality of commercially sensitive information | For our legitimate interests or those of your employer, i.e., to protect trade secrets and other commercially valuable information To comply with our legal and regulatory obligations |
Statistical norming in relation to the services provided by DDI. (Data that is used for statistical norming is de-identified.) | For our legitimate interests or those of your employer to ensure fair and accurate data sets and measurement tools |
Statistical analysis to help us manage our business, e.g., in relation to delivery of services, product performance, or other efficiency measures (Data that is used for statistical norming is de-identified.) | For our legitimate interests or those of your employer, i.e., to be as efficient and relevant as we can so we can deliver the best service for you at the best price |
Preventing unauthorized access and alteration to systems | For our legitimate interests or those of your employer, i.e., to prevent and detect criminal activity that could be damaging for us and for you To comply with our legal and regulatory obligations |
Updating and enhancing client’s records | For the performance of our contract with your employer or to take steps at your employer’s request before entering into a contract To comply with our legal and regulatory obligations For our legitimate interests or those of a third party, e.g., making sure that we can keep in touch with our clients/you about existing orders and new products |
Ensuring safe working practices, staff administration and assessments | To comply with our legal and regulatory obligations For our legitimate interests or those of a third party, e.g., to make sure we are following our own internal procedures and working safely so we can deliver the best service to you |
Marketing our services to:
| For our legitimate interests or those of a third party, i.e., to promote our business to existing and former clients For our legitimate interests or those of a third party, |
External audits and quality checks, e.g., for ISO certifications, accreditations, and the audit of our accounts | For our legitimate interests, i.e., to maintain our accreditations so we can demonstrate we operate at the highest standards applicable in our industry To comply with our legal and regulatory obligations |
To use full functionality offered by the Sites, a user may be required to provide certain Personal data.
How We Use Anonymized Aggregate Data
Summaries of de-identified or anonymized and aggregated data analyses may be presented to public audiences (e.g., scientific conferences). Review of DDI’s general approaches and accumulated results with professional audiences ensures that DDI's assessment methods remain up-to-date with best practices and professional, technical, and legal standards. While these summaries may be linked to general industries, the identities of client organizations and individuals remain confidential.
Summaries of aggregated data may also be used to create normative profiles (or “benchmarks”) for assessments. Normative profiles will not identify individuals or client organizations; however, the source data may link back to some or all the client organizations that are contained within the data set for the purpose of defining the characteristics of the norm sample (such as platform, industry, etc.)
Circumstances Under Which We Share Personal Data
DDI will never sell your Personal Data.
We only allow our service providers to handle your personal data if we are satisfied they take commercially reasonable and appropriate measures to protect your personal data. We also impose contractual obligations on service providers to confirm they can only use your personal data to provide services to us, to you, or to remain compliant with applicable laws and regulations of pertinent jurisdictions. We may also share personal data with external auditors in relation to ISO accreditation and the audit of our accounts.
We may also need to share some personal data with other parties, such as potential buyers of some or all our business during a re-structuring. We will typically anonymize or de-identify information, but this may not always be possible. Recipients of your personal data will be bound by confidentiality obligations.
DDI will be responsible for the actions of any service providers to whom your Personal Data has been transferred in their performance of Services provided to you, your employer, or DDI.
Product Site
DDI routinely shares personal data with
Our affiliates and licensees as required to deliver services to our Clients |
Service providers we use to help deliver our products and services to you |
Law enforcement agencies and regulatory bodies to comply with legal and regulatory obligations
|
Applicant Site
DDI routinely shares personal data with
Our affiliates and licensees |
Other third parties we use to help us run our business, such as marketing agencies or website hosts; |
Third parties approved by you |
Auditors (e.g., in pursuit of ISO and other certifications) |
Our insurers and brokers (e.g., cybersecurity insurance providers) |
Our bank(s) |
Law enforcement agencies and regulatory bodies to comply with legal and regulatory obligations |
Website
DDI routinely shares personal data with
Other third parties we use to help us run our business, such as marketing agencies or website hosts; |
Third parties approved by you |
Third-party Use of Personal Data
Online Surveys | DDI's third-party online survey provider collects and stores user information in a secure and private manner on behalf of DDI to manage online surveys. This provider allows DDI to create surveys and questionnaires for distribution to potential survey respondents. Our third-party online survey service provider maintains respondent information that may include information about DDI survey recipients, and other demographics and data useful to DDI. Our third-party online survey provider uses the information they collect to improve the service they provide to DDI. No information is shared with other third parties. |
Newsletter Subscriptions | DDI’s third party newsletter publishing service provider for managing email newsletter subscriptions collects and stores visitor information in a secure and private manner on behalf of DDI. This information includes, but is not limited to, email address lists, articles, survey answers, letters, and usage statistics. This information is owned by DDI and is not accessible to any other third parties. If you no longer wish to receive our newsletter, you may opt-out by following the optout instructions which are included in each communication. |
Online Client Service Chat | DDI's third party online client service chat service provider collects and stores user information in a secure and private manner on behalf of DDI to manage online chat sessions. If using this function, users will be asked to enter their names in whatever format or detail they prefer. During the chat, users engage in a live question and answer session with a DDI employee. Our third-party online client service chat service provider maintains dialogue transcripts of these chats. After the chat, users may be asked to fill out an exit survey to obtain valuable feedback about DDI service. Filling out the exit survey is voluntary. The surveys may ask for contact information and for demographic information. Data is also collected through aggregated tracking information from cookies. Our third-party online client service chat service provider uses the information they collect to improve the service they provide to DDI. No information is shared with other third parties. Our third-party online client service chat service provider uses cookies to link profile information (submitted by individuals to DDI) with the chat sessions managed by DDI's employees. By setting a cookie, users do not have to enter their profile information more than once, thereby saving time while on the chat session. Other statistical information about how our Sites are used is collected to assist the user with their client service experience. |
Tracking Technologies (limited to marketing purposes) | Our third-party business service provider uses cookies to link visits to our site with click-through from pay-per-click sponsored ads, placed by DDI on external search engine sites. They work by placing a cookie on a user's computer when he/she clicks on one of our pay-per-click sponsored ads. Then, if the user reaches one of DDI's designated conversion pages, the cookie is connected to our web page. When a match is made, the third-party business service provider records a successful conversion for DDI. Some of our third-party business service providers (e.g., aggregate traffic analytic services such as Google Analytics, search engines and live help chat) use cookies on our site. We have no access to or control over these cookies. Third parties with whom we partner to provide certain features on our Site, or to display advertising based upon your web browsing activity, use local shared objects (“LSOs”) such as HTML 5 to collect and store information. Various browsers may offer their own management tools for removing HTML 5 LSOs. This Privacy Policy covers the use of cookies by the Sites and does not cover the use of cookies by any third parties. Technologies such as cookies or similar technologies are used by DDI and our marketing partners on some of our Sites. These technologies are used in analyzing trends, storing username and password so that you do not have to enter it each time you visit the site, administering the Site, tracking users’ movements around the Site, and gathering demographic information about our user base. We may receive reports based on the use of these technologies from these marketing partners in an individual and/or aggregated format. |
Advertising | We engage a third-party ad network to either display advertising on our Sites or to manage our advertising on other sites. Our third-party partner may use technologies such as cookies to gather information about your activities on this Site and other sites to provide you advertising based upon your browsing activities and interests. If you do not want to have this information used for serving you interest-based ads, you may opt-out by clicking, here (or if located in the European Union click, here). Please note this does not opt you out of being served all ads; you will continue to receive generic ads. |
Promotional Communications | DDI may use your personal data to send you updates by mail, email, telephone, text message, or other instant message about our products and services, including exclusive offers, promotions, new products and/or suggested services. DDI maintains a legitimate interest in processing your personal data for promotional purpose (see above “How and why we use your personal data”). This means we do not usually require your consent to send you promotional communications. However, where consent is needed, we will ask for this consent separately and clearly prior to the communication. DDI will always treat your personal data with the utmost respect and never sell it to other organizations. DDI may ask you to confirm or update your marketing preferences if you instruct us to provide further products or services in the future, or if there are changes in the law, regulation, or the structure of our business. |
Testimonials | DDI may post client testimonials on our Sites, which may contain personal data. We do obtain the client's consent via email prior to posting the testimonial to post their name along with their testimonial. If you wish to have your personal data removed from this section of our site, please contact us at DataProtectionOfficer@ddiworld.com. |
Personal Data Disclosed to Vendors
In the last 12 months, DDI disclosed personal data to vendors in the following categories that identifies, relates to, describes, is capable of being associated with, or could be linked, direct or indirectly, with a particular consumer or household:
- Identifiers (e.g., first and/or last name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers);
- Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, physical characteristics or description, address, telephone number, education, employment, employment history, or any other similar information;
- Characteristics of protected classifications under California or federal law;
- Commercial information (e.g., products or services purchased, obtained, or considered, or other purchasing or consumer histories, tendencies or similar information);
- Biometric information;
- Internet or other electronic network activity information (e.g., browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement);
- Geolocation data;
- Audio, electronic, visual, haptic, or similar information;
- Professional or employment-related information;
- Inferences drawn from any of the information identified above to create a profile about a consumer reflecting the consumer’s preferences and characteristics.
DATA LOCALIZATION
Where Your Personal Data is Held
With the exception of the Transtalent product offerings listed below, all personal data provided to DDI is hosted in the United States.
- Data provided for Transtalent in Simplified Chinese is hosted in China with Alibaba Cloud.
- Data provided for Transtalent in Traditional Chinese, Thai language, or English language is hosted in Singapore with Alibaba Cloud.
Data may also be accessed or used globally where authorized Client or DDI associates providing services to the Client are located. In addition, DDI follows the General Data Protection Regulation (“GDPR”) which applies across the European Union, China’s Personal data Protection Law (“PIPL”), Canada’s Personal data Protection and Electronic Documents Act (“PIPEDA”), Thailand’s Personal Data Protection Act (“PDPA”), as well as all applicable data privacy and security regulations in applicable jurisdictions.
Information may also be stored at our offices and those of our group companies, third party agencies, service providers, employees, contractors, affiliates, representatives, and agents as described above (see: “Who We Share Your Personal data With” above). Some of these third parties may be based outside the European Economic Area and the United States. Note: subprocessors’ servers are not located outside the EEA and U.S.
International Data Transfers
To deliver services to you, it is sometimes necessary for us to share your personal data outside the European Economic Area and United States, e.g.:
- With our offices outside the EEA and U.S.;
- With your and our service providers located outside the EEA or U.S.;
- If you are based outside the EEA or U.S.;
- Where there is an international dimension to the services we are providing you.
The following countries to which we may transfer personal data have been assessed by the European Commission as providing an adequate level of protection for personal data:
- Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Republic of Korea, Switzerland, the United Kingdom, and Uruguay.
- For more information, see the official website of the European Commission, here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en
Except for the countries list above, non-EEA countries do not have the same data protection laws as the United Kingdom and EEA. DDI will, however, ensure the transfer complies with data protection laws and exercise reasonable efforts to keep all personal data secure. Our standard practice is to use standard contractual clauses that have been approved by the European Commission. To obtain a copy of those clauses, see: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en. If you would like further information, please contact our Data Protection Officer (see “How to Contact Us” below).
Data Privacy Framework (DPF)
DDI complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. DDI has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.
DDI has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, DDI commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.
In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, DDI commits to resolve DPF Principles-related complaints about our collection and use of your personal data. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact DDI using the contact provided below:
If you have a question or complaint related to participation by DDI in the DPF Frameworks, we encourage you to contact us using the details in the Contact Us section below. For any complaints related to the DPF Frameworks that DDI cannot resolve directly, we have chosen to cooperate with the relevant EU Data Protection Authority, or a panel established by the European data protection authorities, for resolving disputes with EU individuals, the UK Information Commissioner (for UK individuals), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) for resolving disputes with Swiss individuals.
Please contact us if you’d like us to direct you to your data protection authority contacts. As further explained in the DPF Principles, binding arbitration is available to address residual complaints not resolved by other means. DDI is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).
How Long We Keep Your Personal data
We retain your Personal data for as long as needed or permitted considering the purpose(s) for which it was obtained. The criteria used to determine our retention periods include:
- The length of time we have an ongoing relationship with you or our client (your employer)
- A period to respond to any questions, complaints, or claims made by you or on your behalf
- Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records for a certain period before we can delete them)
- Whether retention is advisable to fulfill a lawful request made by a regulatory body of an applicable jurisdiction
Your Rights Under the General Data Protection Regulation (“GDPR”) to the extent we are processing data under GDPR jurisdiction.
Right to Access | The right to be provided with a copy of your personal data (the right of access) |
Right to Rectification | The right to require us to correct any mistakes in your personal data |
Right to be Forgotten | The right to require us to delete your personal data in certain situations |
Right to Restriction of Processing | The right to require us to restrict processing of your personal data—in certain circumstances, e.g., if you contest the accuracy of the data |
Right to Data Portability | The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations |
Right to Object | The right to object: --at any time to your personal data being processed for direct marketing (including profiling). --in certain other situations to our continued processing of your personal data, e.g., processing carried out for the purpose of our legitimate interests. |
Right Not to be Subject to Automated Individual Decision-Making | The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you |
You can make any of these requests in relation to your personal data by submitting a data subject access request or contacting us by email, phone or post using the details in the “How to contact us” section of this Privacy Policy.
Your Rights Under the California Consumer Privacy Act (“CCPA”) and the California Privacy Rights Act ("CPRA") to the extent we to the extent we are processing data under CCPA or CPRA jurisdiction.
Disclosure of Personal data We Collect About You | You have the right to know:
Please note that we are not required to:
|
Personal data Sold or Used for a Business Purpose | N/A |
Right to Deletion | Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will:
Please note that we may not delete your personal data if it is necessary to:
|
Protection Against Discrimination | You have the right to not be discriminated against by us because you exercised any of your rights under the CCPA. This means we cannot, among other things:
Please note that we may charge a different price or rate or provide a different level or quality of goods or services to you, if that difference is reasonably related to the value provided to our business by your personal data. |
How We Keep your Personal Data Secure
DDI is committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorized access, use, or disclosure. For example, we store the personal data you provide on computer systems that have limited access and are in controlled facilities. DDI complies with applicable data protection laws, including applicable security breach notification laws. If you want more information, please see ddiworld.com/gisp.
Your Choices, and How to Contact Us
You have the opportunity to opt out of receiving communications from DDI through your account on our Website or by using the unsubscribe links at the bottom of our emails.
You can exercise any of your rights as described in this Privacy Policy, and review and request changes to your personal information that DDI has collected by completing our Data Subject Access Request form here, by emailing dataprotectionofficer@ddiworld.com, or by mailing your request to the postal address below.
If you have a complaint or would like to report unethical behavior please email dataprotectionofficer@ddiworld.com or mail your concern to the postal address below.
Attn: DDI Data Protection Officer
Development Dimensions International, Inc.
1225 Washington Pike
Bridgeville, PA 15017 USA
Changes to this Privacy Notice
DDI may change this privacy notice from time to time. When we do, we will post changes on the Sites and other places deemed appropriate, so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we share or disclose it.