Development Dimensions International's Privacy Policy

PRIVACY

Development Dimensions International's Privacy Policy

This Privacy Policy is effective as of July 2024.

Who we are

Development Dimensions International, Inc. (“DDI”) is a global leadership consulting firm that helps our customers to hire, promote, and develop exceptional leaders. From first-time managers to C-suite executives, our commitment is to be by the side of leaders to help make every moment count. From our founding in 1970, we have dedicated ourselves to finding science-based solutions that truly change the lives of leaders and the people they lead.

How we Care for your Personal Information

DDI is dedicated to protecting your personal data. This privacy policy contains essential information about the personal data we collect, and the how and why we collect, store, use, and share personal data. DDI designed and manages the site you are viewing.

This Privacy Policy applies to the collection and use of information of the websites and platforms where this policy is linked (“Sites”, “Product Sites”, “Website”, “DDI Applicant Sites”). None of the Sites publish content or collect data that is targeted at children.

The use of information collected through our Sites shall be limited to the purpose for which it was gathered. The sites are defined as:

“Product Sites”, that provide a service for which a Client has engaged DDI or gathers information for research purposes
“Website”, that provides information to prospective and existing Clients and other interested parties
DDI Applicant Sites, that gathers information on applicants for career opportunities at DDI

For our “Product Sites”, DDI will abide by each of these laws, as well as any other laws that govern the applicable jurisdiction, solely to the extent that we process your data subject to the jurisdiction covered by each applicable law. For the “Website” and DDI Applicant Sites, DDI will be controller of your data. The terms of which are detailed below.

Key Terms

We, us, our	Development Dimensions International, Inc. (U.S.) Click here to view a list of our global offices Click here to view a list of our licensed consultants
Client	Client is an organization who has contracted DDI to perform services on their behalf. Client may also mean your employer.
Our Data Protection Officer	DataProtectionOfficer@ddiworld.com
Personal data	Specific types of information relating to an identified or identifiable individual according to established information classifications
Special category personal data	Personal data revealing, political opinions, religious beliefs, philosophical beliefs, or trade union membership. Data concerning health, sex life or sexual orientation

PERSONAL DATA WE COLLECT
Categories of personal data we may collect about you as part of our product sites

First Name and Last Name

Email address

Publicly available career information

Data subject request records

Voice data (dependent upon Services provided to you by DDI)

User activity information obtained from session specific.

Geolocation data obtained via:
IP address
Cookies
Troubleshooting and support services

Categories of personal data we may collect about you as part of our applicant sites

Employment application data

Assessment results

Employment history

Professional accolades

Student education records of “eligible students” as defined under the Family Educational Rights and Privacy Act

Student directory information publicly disclosed by schools including:
Student name
Address
Telephone number
Date and place of birth
Honors and awards
Dates of attendance

Categories of personal data we may collect about you as part of our website

First Name and Last Name

Email address

DDI collects personal data drawn from inferences from the information identified above to create a profile about users who have opted-in to DDI-related products and/or services. These inferences include information about:
Consumer preferences
User characteristics
Behavior

How Your Personal Data Is Collected
DDI collects personal data directly from DDI’s Website, public sites, indirectly from your employer with your consent, or directly from you as an applicant. DDI may also collect information via automated monitoring of our websites and other technical systems and via communication systems such as email and instant messaging services.

Why and How We Use Your Personal Data

Purpose	Reason
To provide products and/or services to your employer	For the performance of our contract with your employer or to take steps at your employer’s request before entering a contract
To verify identity	To comply with our legal and regulatory obligations
Other processing necessary to comply with professional, legal, and regulatory obligations that might apply to our business, e.g., health and safety regulations.	To comply with our legal and regulatory obligations
Gathering and providing information required by or relating to audits, inquiries, or investigations by regulatory bodies	To comply with our legal and regulatory obligations
Ensuring business policies are adhered to, e.g., policies governing security and information use	For our legitimate interests or those of your employer, i.e., to make sure we are following our own internal procedures so we can deliver the best service to you
Operational reasons, such as improving efficiency, training, and quality control	For our legitimate interests or those of your employer, i.e., to be as efficient as we can so we can deliver the best service for you at the best price
Ensuring the confidentiality of commercially sensitive information	For our legitimate interests or those of your employer, i.e., to protect trade secrets and other commercially valuable information To comply with our legal and regulatory obligations
Statistical norming in relation to the services provided by DDI. (Data that is used for statistical norming is de-identified.)	For our legitimate interests or those of your employer to ensure fair and accurate data sets and measurement tools
Statistical analysis to help us manage our business, e.g., in relation to delivery of services, product performance, or other efficiency measures (Data that is used for statistical norming is de-identified.)	For our legitimate interests or those of your employer, i.e., to be as efficient and relevant as we can so we can deliver the best service for you at the best price
Preventing unauthorized access and alteration to systems	For our legitimate interests or those of your employer, i.e., to prevent and detect criminal activity that could be damaging for us and for you To comply with our legal and regulatory obligations
Updating and enhancing client’s records	For the performance of our contract with your employer or to take steps at your employer’s request before entering into a contract To comply with our legal and regulatory obligations For our legitimate interests or those of a third party, e.g., making sure that we can keep in touch with our clients/you about existing orders and new products
Ensuring safe working practices, staff administration and assessments	To comply with our legal and regulatory obligations For our legitimate interests or those of a third party, e.g., to make sure we are following our own internal procedures and working safely so we can deliver the best service to you
Marketing our services to: Existing and former clients Third parties who have previously expressed an interest in our services;	For our legitimate interests or those of a third party, i.e., to promote our business to existing and former clients For our legitimate interests or those of a third party,
External audits and quality checks, e.g., for ISO certifications, accreditations, and the audit of our accounts	For our legitimate interests, i.e., to maintain our accreditations so we can demonstrate we operate at the highest standards applicable in our industry To comply with our legal and regulatory obligations

To use full functionality offered by the Sites, a user may be required to provide certain Personal data.

How We Use Anonymized Aggregate Data

Summaries of de-identified or anonymized and aggregated data analyses may be presented to public audiences (e.g., scientific conferences). Review of DDI’s general approaches and accumulated results with professional audiences ensures that DDI's assessment methods remain up-to-date with best practices and professional, technical, and legal standards. While these summaries may be linked to general industries, the identities of client organizations and individuals remain confidential.

Summaries of aggregated data may also be used to create normative profiles (or “benchmarks”) for assessments. Normative profiles will not identify individuals or client organizations; however, the source data may link back to some or all the client organizations that are contained within the data set for the purpose of defining the characteristics of the norm sample (such as platform, industry, etc.)

Circumstances Under Which We Share Personal Data

DDI will never sell your Personal Data.

We only allow our service providers to handle your personal data if we are satisfied they take commercially reasonable and appropriate measures to protect your personal data. We also impose contractual obligations on service providers to confirm they can only use your personal data to provide services to us, to you, or to remain compliant with applicable laws and regulations of pertinent jurisdictions. We may also share personal data with external auditors in relation to ISO accreditation and the audit of our accounts.

We may also need to share some personal data with other parties, such as potential buyers of some or all our business during a re-structuring. We will typically anonymize or de-identify information, but this may not always be possible. Recipients of your personal data will be bound by confidentiality obligations.

DDI will be responsible for the actions of any service providers to whom your Personal Data has been transferred in their performance of Services provided to you, your employer, or DDI.

Product Site

DDI routinely shares personal data with

Our affiliates and licensees as required to deliver services to our Clients

Service providers we use to help deliver our products and services to you

Law enforcement agencies and regulatory bodies to comply with legal and regulatory obligations

Applicant Site

DDI routinely shares personal data with

Our affiliates and licensees

Other third parties we use to help us run our business, such as marketing agencies or website hosts;

Third parties approved by you

Auditors (e.g., in pursuit of ISO and other certifications)

Our insurers and brokers (e.g., cybersecurity insurance providers)

Our bank(s)

Law enforcement agencies and regulatory bodies to comply with legal and regulatory obligations

Website

DDI routinely shares personal data with

Other third parties we use to help us run our business, such as marketing agencies or website hosts;

Third parties approved by you

Third-party Use of Personal Data

Online Surveys	DDI's third-party online survey provider collects and stores user information in a secure and private manner on behalf of DDI to manage online surveys. This provider allows DDI to create surveys and questionnaires for distribution to potential survey respondents. Our third-party online survey service provider maintains respondent information that may include information about DDI survey recipients, and other demographics and data useful to DDI. Our third-party online survey provider uses the information they collect to improve the service they provide to DDI. No information is shared with other third parties.
Newsletter Subscriptions	DDI’s third party newsletter publishing service provider for managing email newsletter subscriptions collects and stores visitor information in a secure and private manner on behalf of DDI. This information includes, but is not limited to, email address lists, articles, survey answers, letters, and usage statistics. This information is owned by DDI and is not accessible to any other third parties. If you no longer wish to receive our newsletter, you may opt-out by following the optout instructions which are included in each communication.
Online Client Service Chat	DDI's third party online client service chat service provider collects and stores user information in a secure and private manner on behalf of DDI to manage online chat sessions. If using this function, users will be asked to enter their names in whatever format or detail they prefer. During the chat, users engage in a live question and answer session with a DDI employee. Our third-party online client service chat service provider maintains dialogue transcripts of these chats. After the chat, users may be asked to fill out an exit survey to obtain valuable feedback about DDI service. Filling out the exit survey is voluntary. The surveys may ask for contact information and for demographic information. Data is also collected through aggregated tracking information from cookies. Our third-party online client service chat service provider uses the information they collect to improve the service they provide to DDI. No information is shared with other third parties. Our third-party online client service chat service provider uses cookies to link profile information (submitted by individuals to DDI) with the chat sessions managed by DDI's employees. By setting a cookie, users do not have to enter their profile information more than once, thereby saving time while on the chat session. Other statistical information about how our Sites are used is collected to assist the user with their client service experience.
Tracking Technologies (limited to marketing purposes)	Our third-party business service provider uses cookies to link visits to our site with click-through from pay-per-click sponsored ads, placed by DDI on external search engine sites. They work by placing a cookie on a user's computer when he/she clicks on one of our pay-per-click sponsored ads. Then, if the user reaches one of DDI's designated conversion pages, the cookie is connected to our web page. When a match is made, the third-party business service provider records a successful conversion for DDI. Some of our third-party business service providers (e.g., aggregate traffic analytic services such as Google Analytics, search engines and live help chat) use cookies on our site. We have no access to or control over these cookies. Third parties with whom we partner to provide certain features on our Site, or to display advertising based upon your web browsing activity, use local shared objects (“LSOs”) such as HTML 5 to collect and store information. Various browsers may offer their own management tools for removing HTML 5 LSOs. This Privacy Policy covers the use of cookies by the Sites and does not cover the use of cookies by any third parties. Technologies such as cookies or similar technologies are used by DDI and our marketing partners on some of our Sites. These technologies are used in analyzing trends, storing username and password so that you do not have to enter it each time you visit the site, administering the Site, tracking users’ movements around the Site, and gathering demographic information about our user base. We may receive reports based on the use of these technologies from these marketing partners in an individual and/or aggregated format.
Advertising	We engage a third-party ad network to either display advertising on our Sites or to manage our advertising on other sites. Our third-party partner may use technologies such as cookies to gather information about your activities on this Site and other sites to provide you advertising based upon your browsing activities and interests. If you do not want to have this information used for serving you interest-based ads, you may opt-out by clicking, here (or if located in the European Union click, here). Please note this does not opt you out of being served all ads; you will continue to receive generic ads.
Promotional Communications	DDI may use your personal data to send you updates by mail, email, telephone, text message, or other instant message about our products and services, including exclusive offers, promotions, new products and/or suggested services. DDI maintains a legitimate interest in processing your personal data for promotional purpose (see above “How and why we use your personal data”). This means we do not usually require your consent to send you promotional communications. However, where consent is needed, we will ask for this consent separately and clearly prior to the communication. DDI will always treat your personal data with the utmost respect and never sell it to other organizations. DDI may ask you to confirm or update your marketing preferences if you instruct us to provide further products or services in the future, or if there are changes in the law, regulation, or the structure of our business. Visit this page to select the type of marketing emails you would like to receive from us or to unsubscribe
Testimonials	DDI may post client testimonials on our Sites, which may contain personal data. We do obtain the client's consent via email prior to posting the testimonial to post their name along with their testimonial. If you wish to have your personal data removed from this section of our site, please contact us at DataProtectionOfficer@ddiworld.com.

Personal Data Disclosed to Vendors

In the last 12 months, DDI disclosed personal data to vendors in the following categories that identifies, relates to, describes, is capable of being associated with, or could be linked, direct or indirectly, with a particular consumer or household:

Identifiers (e.g., first and/or last name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers);
Information that identifies, relates to, describes, or is capable of being associated with, a particular individual, including, but not limited to, his or her name, signature, physical characteristics or description, address, telephone number, education, employment, employment history, or any other similar information;
Characteristics of protected classifications under California or federal law;
Commercial information (e.g., products or services purchased, obtained, or considered, or other purchasing or consumer histories, tendencies or similar information);
Biometric information;
Internet or other electronic network activity information (e.g., browsing history, search history, and information regarding a consumer’s interaction with an Internet Web site, application, or advertisement);
Geolocation data;
Audio, electronic, visual, haptic, or similar information;
Professional or employment-related information;
Inferences drawn from any of the information identified above to create a profile about a consumer reflecting the consumer’s preferences and characteristics.

DATA LOCALIZATION

Where Your Personal Data is Held
With the exception of the Transtalent product offerings listed below, all personal data provided to DDI is hosted in the United States.

Data provided for Transtalent in Simplified Chinese is hosted in China with Alibaba Cloud.
Data provided for Transtalent in Traditional Chinese, Thai language, or English language is hosted in Singapore with Alibaba Cloud.

Data may also be accessed or used globally where authorized Client or DDI associates providing services to the Client are located. In addition, DDI follows the General Data Protection Regulation (“GDPR”) which applies across the European Union, China’s Personal data Protection Law (“PIPL”), Canada’s Personal data Protection and Electronic Documents Act (“PIPEDA”), Thailand’s Personal Data Protection Act (“PDPA”), as well as all applicable data privacy and security regulations in applicable jurisdictions.

Information may also be stored at our offices and those of our group companies, third party agencies, service providers, employees, contractors, affiliates, representatives, and agents as described above (see: “Who We Share Your Personal data With” above). Some of these third parties may be based outside the European Economic Area and the United States. Note: subprocessors’ servers are not located outside the EEA and U.S.

International Data Transfers
To deliver services to you, it is sometimes necessary for us to share your personal data outside the European Economic Area and United States, e.g.:

With our offices outside the EEA and U.S.;
With your and our service providers located outside the EEA or U.S.;
If you are based outside the EEA or U.S.;
Where there is an international dimension to the services we are providing you.

The following countries to which we may transfer personal data have been assessed by the European Commission as providing an adequate level of protection for personal data:

Andorra, Argentina, Canada, Faroe Islands, Guernsey, Israel, Isle of Man, Japan, Jersey, New Zealand, Republic of Korea, Switzerland, the United Kingdom, and Uruguay.
For more information, see the official website of the European Commission, here: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/adequacy-decisions_en

Except for the countries list above, non-EEA countries do not have the same data protection laws as the United Kingdom and EEA. DDI will, however, ensure the transfer complies with data protection laws and exercise reasonable efforts to keep all personal data secure. Our standard practice is to use standard contractual clauses that have been approved by the European Commission. To obtain a copy of those clauses, see: https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc/standard-contractual-clauses-international-transfers_en. If you would like further information, please contact our Data Protection Officer (see “How to Contact Us” below).

Data Privacy Framework (DPF)

DDI complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. DDI has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF.

DDI has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern. To learn more about the Data Privacy Framework (DPF) program, and to view our certification, please visit https://www.dataprivacyframework.gov/

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, DDI commits to cooperate and comply respectively with the advice of the panel established by the EU data protection authorities (DPAs) and the UK Information Commissioner’s Office (ICO) and the Swiss Federal Data Protection and Information Commissioner (FDPIC) with regard to unresolved complaints concerning our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF.

In compliance with the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF and the Swiss-U.S. DPF, DDI commits to resolve DPF Principles-related complaints about our collection and use of your personal data. EU and UK individuals and Swiss individuals with inquiries or complaints regarding our handling of personal data received in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. DPF should first contact DDI using the contact provided below:

If you have a question or complaint related to participation by DDI in the DPF Frameworks, we encourage you to contact us using the details in the Contact Us section below. For any complaints related to the DPF Frameworks that DDI cannot resolve directly, we have chosen to cooperate with the relevant EU Data Protection Authority, or a panel established by the European data protection authorities, for resolving disputes with EU individuals, the UK Information Commissioner (for UK individuals), and the Swiss Federal Data Protection and Information Commissioner (FDPIC) for resolving disputes with Swiss individuals.

Please contact us if you’d like us to direct you to your data protection authority contacts. As further explained in the DPF Principles, binding arbitration is available to address residual complaints not resolved by other means. DDI is subject to the investigatory and enforcement powers of the U.S. Federal Trade Commission (FTC).

How Long We Keep Your Personal data

We retain your Personal data for as long as needed or permitted considering the purpose(s) for which it was obtained. The criteria used to determine our retention periods include:

The length of time we have an ongoing relationship with you or our client (your employer)
A period to respond to any questions, complaints, or claims made by you or on your behalf
Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records for a certain period before we can delete them)
Whether retention is advisable to fulfill a lawful request made by a regulatory body of an applicable jurisdiction

Your Rights Under the General Data Protection Regulation (“GDPR”) to the extent we are processing data under GDPR jurisdiction.

Right to Access	The right to be provided with a copy of your personal data (the right of access)
Right to Rectification	The right to require us to correct any mistakes in your personal data
Right to be Forgotten	The right to require us to delete your personal data in certain situations
Right to Restriction of Processing	The right to require us to restrict processing of your personal data—in certain circumstances, e.g., if you contest the accuracy of the data
Right to Data Portability	The right to receive the personal data you provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations
Right to Object	The right to object: --at any time to your personal data being processed for direct marketing (including profiling). --in certain other situations to our continued processing of your personal data, e.g., processing carried out for the purpose of our legitimate interests.
Right Not to be Subject to Automated Individual Decision-Making	The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning you or similarly significantly affects you

You can make any of these requests in relation to your personal data by submitting a data subject access request or contacting us by email, phone or post using the details in the “How to contact us” section of this Privacy Policy.

Your Rights Under the California Consumer Privacy Act (“CCPA”) and the California Privacy Rights Act ("CPRA") to the extent we to the extent we are processing data under CCPA or CPRA jurisdiction.

Disclosure of Personal data We Collect About You	You have the right to know: The categories of personal data we have collected about you; The categories of sources from which the personal data is collected; Our business or commercial purpose for collecting or selling personal data; The categories of third parties with whom we share personal data, if any; and The specific pieces of personal data we have collected about you. Please note that we are not required to: Retain any personal data about you that was collected for a single one-time transaction if, in the ordinary course of business, that information about you is not retained; Reidentify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal data; or Provide the personal data to you more than twice in a 12-month period.
Personal data Sold or Used for a Business Purpose	N/A
Right to Deletion	Subject to certain exceptions set out below, on receipt of a verifiable request from you, we will: Delete your personal data from our records; and Direct any subprocessors to delete your personal data from their records. Please note that we may not delete your personal data if it is necessary to: Complete the transaction for which the personal data was collected, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, provide a good or service requested by you, or reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform a contract between you and us; Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity; Debug to identify and repair errors that impair existing intended functionality; Exercise free speech, ensure the right of another consumer to exercise his or her right of free speech, or exercise another right provided for by law; Comply with the California Electronic Communications Privacy Act; Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when our deletion of the information is likely to render impossible or seriously impair the achievement of such research, provided we have obtained your informed consent; Enable solely internal uses that are reasonably aligned with your expectations based on your relationship with us; Comply with an existing legal obligation; or Otherwise use your personal data, internally, in a lawful manner that is compatible with the context in which you provided the information.
Protection Against Discrimination	You have the right to not be discriminated against by us because you exercised any of your rights under the CCPA. This means we cannot, among other things: Deny goods or services to you; Charge different prices or rates for goods or services, including through the use of discounts or other benefits or imposing penalties; Provide a different level or quality of services to you; or Suggest that you will receive a different price or rate for goods or services or a different level or quality of goods or services. Please note that we may charge a different price or rate or provide a different level or quality of goods or services to you, if that difference is reasonably related to the value provided to our business by your personal data.

How We Keep your Personal Data Secure

DDI is committed to protecting the security of your personal data. We use a variety of security technologies and procedures to help protect your personal data from unauthorized access, use, or disclosure. For example, we store the personal data you provide on computer systems that have limited access and are in controlled facilities. DDI complies with applicable data protection laws, including applicable security breach notification laws. If you want more information, please see ddiworld.com/gisp.

Your Choices, and How to Contact Us

You have the opportunity to opt out of receiving communications from DDI through your account on our Website or by using the unsubscribe links at the bottom of our emails.

You can exercise any of your rights as described in this Privacy Policy, and review and request changes to your personal information that DDI has collected by completing our Data Subject Access Request form here, by emailing dataprotectionofficer@ddiworld.com, or by mailing your request to the postal address below.

If you have a complaint or would like to report unethical behavior please email dataprotectionofficer@ddiworld.com or mail your concern to the postal address below.

Attn: DDI Data Protection Officer

Development Dimensions International, Inc.

1225 Washington Pike

Bridgeville, PA 15017 USA

Changes to this Privacy Notice

DDI may change this privacy notice from time to time. When we do, we will post changes on the Sites and other places deemed appropriate, so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we share or disclose it.