HIPAA Compliance Statement

 

Last updated: April 21st, 2023

Liongard complies with the HIPAA Standards for Privacy, Electronic Transactions and Security (including the HITECH Act and the Omnibus Rule of 2013). We have implemented policies, processes, and procedures designed to comply with Federal security laws, regulations, and rules, and we monitor ongoing compliance efforts and maintain various reporting mechanisms that are required by law or requested by our customers. We recognize that it is a key responsibility for our business and will continue to provide all of our various programs and services in accordance with the relevant requirements of all federal laws and regulations, including, as applicable, HIPAA.

Questions regarding our HIPAA policies or compliance may be directed to:

Liongard
Attn: Data Privacy
4201 Main St.
Suite 200-102
Houston, TX 77002

You may also contact the Data Privacy Team via our support email at compliance@liongard.com.

Liongard GDPR Compliance Statement

 

Last updated: October 30, 2024

Our Commitment to GDPR

The General Data Protection Regulation (GDPR) became effective May 25, 2018, with the purpose of strengthening security and regulation of data protection across the European Union, giving people greater rights to access and control their personal information. Liongard is committed to providing the best customer service and security to our customers, while also ensuring compliance with all laws and regulations.  As part of that commitment, we would like to provide you with the following information in accordance with GDPR.

GDPR Data Processing Policy

Liongard recognizes that strict protections are in place to protect the handling of EEA (European Economic Area) personally identifiable information.  Due to the importance of GDPR, Liongard has established the following GDPR Data Processing Policy.

This policy is meant to explain the following: (a) the entity that is collecting personal data; (b) the purposes for which personal data is collected; (c) how and why personal data will be used; (d) the period during which data will be retained; and (e) how you can contact Liongard regarding your data.

This policy supplements the existing Liongard Privacy Policy and unless specifically defined in this policy, defined terms in this policy have the same meaning as they do in the Privacy Policy.

Data Processor/Controller Role

Per GDPR definitions, a data controller has knowledge of why and how data is processed.  Whereas a data processor processes the data on behalf of the controller.

With respect to customer data collected on our websites via forms, email, and other communication methods, Liongard is considered the data controller.  In these instances, our customers provide their information to sign up for our services.  We may utilize compliant third-party data processors for this data, such as HubSpot.

With respect to customers’ data hosted on our Roar platform and our portfolio of solutions sold to customers, Liongard has minimal knowledge about data collected by its customers, and Liongard only processes data in accordance with customers’ instructions.  In these instances, Liongard is considered a data processor, and our customers are considered data controllers.

GDPR Roles and Employees

Liongard has a data privacy team to continuously improve security and compliance. The team is responsible for promoting awareness of the GDPR across the organization and improving GDPR policies and procedures.

Liongard understands that continuous employee awareness and understanding is vital to the continued compliance of the GDPR and have involved our employees in our preparation plans.

If you have any questions about our GDPR compliance policies, please contact our Data Privacy Team using one of the methods below:

Liongard
Attn: Data Privacy
1301 Fannin, Ste. 2440
Houston, TX 77002

You may also contact the Data Privacy Team via our support email at compliance@liongard.com. 

Categories of Data Subjects and Data Processed

Liongard collects data from users who join or engage with, the Liongard websites and products. The Liongard Privacy Policy describes the categories of data that Liongard may receive in this instance and how we protect that data. The types of data we may collect when you join or engage with, the Liongard website and products may include: (a) name, (b) postal address, (c) e-mail address, (d) telephone number, or any other information that is defined as personal or personally identifiable information under any applicable law or any other identifier by which you may be contacted online or offline.  We may also use analytics, tracking, and marketing platforms to process data, including Google Analytics, Intercom, MixPanel, Beamer, and LinkedIn.

Additionally, Liongard serves in the role of a data processor for our customers.  In this role, we may receive personally identifiable information of our customers, their employees, and their customers or other parties, including: (a) name, (b) postal address, (c) e-mail address, (d) telephone number, or any other information the Liongard products collect that is defined as personal or personally identifiable information under any applicable law or any other identifier by which you may be contacted online or offline.

Depending on which services you choose to use, Liongard may require additional information, such as a company name, billing information (including billing address, phone number, credit card information), a mobile telephone number, a physical mailing address, and/or payment information. Liongard may require information such as your social security number, or the equivalent, applicable tax ID, date of birth, bank account information and/or credit card information to verify your identity and provide this service to you. 

Basis for Processing

Liongard processes data based on (a) consent of the user or customer; and (b) the necessity of the data for providing the services that users are contracting for when they become members of the Liongard websites and products. IF YOU DO NOT CONSENT TO THE PROCESSING OF YOUR DATA OR YOUR CUSTOMERS’ DATA IN ORDER TO ACCESS AND USE THE LIONGARD WEBSITES AND PRODUCTS, PLEASE DO NOT USE, OR ENGAGE WITH, THE LIONGARD WEBSITES OR PRODUCTS.

We offer our customers a GDPR-compliant Data Processing Addendum (DPA), enabling you to comply with GDPR contractual obligations.

Cross-Border Transfer

Data centers hosting Liongard’s data and our customers’ data, including user data, are located within the United States and the European Union. Accordingly, as an EU citizen, to access the services and content provided by Liongard, your data may be transferred outside of the EU. By using the Liongard websites and products, you consent to the cross-border transfer of your data to receive access to the Liongard websites and products.

Where sub-processors are located outside of the EU, Liongard confirms that such sub-processors: (i) are located in a third country or territory recognized by the EU Commission to have an adequate level of protection; or (ii) have entered into Model Contractual Clauses with Liongard; or (iii) have other legally recognized appropriate safeguards in place, such as the EU-US Privacy Shield or Binding Corporate Rules.

Data Subject Rights

We are happy to provide easy-to-access information via our website and customer support processes of an individual’s right to access any personal information that Liongard processes about them and to request information about:

  • what personal data we hold about them
  • the purposes of the processing
  • the categories of personal data concerned
  • the recipients to whom the personal data has/will be disclosed
  • how long we intend to store your personal data for
  • if we did not collect the data directly from them, information about the source
  • the right to have incomplete or inaccurate data about them corrected or completed and the process for requesting this
  • the right to request the erasure of personal data (where applicable) or to restrict processing in accordance with data protection laws, as well as to object to any direct marketing from us and to be informed about any automated decision-making that we use
  • the right to lodge a complaint or seek judicial remedy and who to contact in such instances.  

Sub-Processors

We do not provide your data or your customers’ data to any third parties that do not require access to support our products and services.  Third parties who may receive your data so that Liongard can provide services include our cloud infrastructure provider (Amazon Web Services).

All sub-processors who process personal data in the provision of the services to the customer must comply with the obligations of Liongard set out in our DPA.

Use of Data

Liongard measures and analyzes visits, engagement, and requests of content on our sites and software. This allows us to improve user experiences and scope of marketing communications for the user.  In addition, we may process personal data for our customers as part of our suite of tools to perform cloud, network, and on-premise discovery, documentation, detection, and assessment services.  These services include logging and monitoring of our customers’ data in IT environments, which may include personally identifiable information of users in our customers’ IT environments.

Data Retention

Liongard will retain customer information for as long as the customer account is active or as needed to provide services. If you no longer want Liongard to use your information to provide you services, you may follow the “Withdrawal of Consent/Erasure” provision below. After closing your account, Liongard will solely use your information as necessary to comply with any applicable legal obligations.

How We Protect Your Data

Liongard takes the privacy and security of individuals and their personal information very seriously and takes every reasonable measure to protect and secure the personal data that we process. We have information security policies and procedures in place to protect personal information from unauthorized access, alteration, disclosure or destruction.

We implement a variety of security measures and processes to protect your personal information. We offer the use of a secure server. All information you provide is transmitted via Transport Layer Security (TLS) and stored securely by our third-party providers. Only authorized personnel are allowed access to the data and required to keep the information confidential.

We commit to having physical and logical controls to ensure the information we collect is limited to authorized users only.

We also rely on you (our customers) to implement best practice IT security safeguards, including password protection and use of strong passwords for your account. We also assign our customers sole responsibility for the data quality, legality and accuracy, and assurance that they have obtained any and all necessary permissions and authorizations necessary to permit Liongard, its affiliates, and sub-processors, to execute their rights or perform their obligations under our DPA.

Withdrawal of Consent/Erasure

If, at any point, you no longer wish to have your personal data processed by Liongard, simply send an email to compliance@liongard.com with the phrase “consent withdrawn” or “erase” in the subject line. Your request should include your name, company name, email address and physical address. Liongard will move expeditiously to stop the processing of your personal data and to remove your personal data from its systems. Please understand that, without access to your personal data, Liongard may not be able to provide certain services.

Right to Correct, Access or Portability of Data and Associated Procedure

You have the right to have any inaccurate data corrected by a data controller or processor. You also have the right to request access to your data or request that Liongard makes your data portable.  To request such action, you should send the request to compliance@liongard.com. Your request should include your name, company name, email address and physical address. Liongard will attempt to correct the data or to provide you your data in a simplistic and easily readable format as quickly as possible but in no more than thirty (30) days.

US Data Privacy Framework Policy

 

Last updated: November 19th, 2024

To protect the privacy of our customers’ personal information in their use of our Software-as-a-Service offerings (“SaaS Offerings”), Liongard complies with the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (DPF), as established by the United States Department of Commerce (collectively referred to as the “Governing Framework Principles”). The Governing Framework Principles govern the collection, use, and retention of personal information received by Liongard through its SaaS Offerings, that is transferred from the European Union (EU), Switzerland, and the United Kingdom (UK), including Gibraltar, to the United States (US). In the event of a conflict between the terms in this policy and Governing Framework Principles, the Governing Framework Principles govern.

Liongard is currently in the process of obtaining certification from the U.S. Department of Commerce and adheres to the Governing Framework Principles. To maintain Liongard’s commitment to the privacy standards under the Governing Framework Principles, Liongard will re-certify annually with the U.S. Department of Commerce. To learn more about the Governing Framework Principles, and to view Liongard’s certification, please visit https://www.dataprivacyframework.gov.

  • Regulatory Authority and Disclosures.
    • Liongard’s commitments under the Governing Framework Principles are reinforced by our internal governance procedures and are subject to the investigatory and enforcement powers of the United States Federal Trade Commission. Additionally, Liongard might be required to disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.
  • Personal Information Covered and Shared.
    • Liongard processes personal information for its customers through its SaaS Offerings, as such personal information defined by the Governing Framework Principles. This includes any information processed by Liongard through its SaaS Offerings that can identify or be linked to an identifiable individual, such as names, email addresses, and employment-related data, when transferred from the EU, UK, or Switzerland to the United States.
    • Liongard may share such personal information with its third-party service providers who process personal information on Liongard’s behalf as part of the SaaS Offerings. Liongard maintains agreements with these service providers mandating that their access, use and disclosure of personal information comply with the Governing Framework Principles, and limiting their use and disclosure of personal information to the performance of the SaaS Offerings. Liongard remains liable in the event that its third-party service providers fail to meet their obligations under their agreements with Liongard.
  • Dispute Resolution.
    • In alignment with the Governing Framework Principles, Liongard has committed to referring unresolved Data Privacy Framework concerns and complaints to JAMS Alternate Dispute Resolution, an independent dispute resolution provider based in the United States. JAMS provides its services at no cost to you, allowing for an independent third party to help resolve disputes. If you do not receive timely acknowledgment of your complaint from Liongard, or if we have not addressed your complaint to your satisfaction, please visit https://www.jamsadr.com/DPF-Dispute-Resolution for more information or to file a complaint. Under certain conditions, as further explained in the Data Privacy Framework Principles, you may be entitled to invoke binding arbitration if other dispute resolution methods have been exhausted.
  • Additional Information.
    • In compliance with the Governing Framework Principles, Liongard is committed to resolving complaints regarding the collection or use of personal information. Citizens, nationals, and residents of the EU, UK, and Switzerland with inquiries or complaints should first contact Liongard at privacy@liongard.com.
    • For information on how Liongard collects, uses and shares information as a data controller, please visit Liongard’s privacy policy, located at https://www.liongard.com/security-compliance/#privacy.

Helpful Resources

 

Contact Us:

Liongard
Attn: Data Privacy
4201 Main St.
Suite 200-102
Houston, TX 77002

You may also contact the Data Privacy Team via our support email at compliance@liongard.com.

Amazon AWS EU Data Protection information: https://aws.amazon.com/compliance/eu-data-protection/

HubSpot Data Privacy: https://legal.hubspot.com/data-privacy

Google Analytics/Google Data Protection: https://privacy.google.com/businesses/compliance/

Intercom GDPR Compliance: https://www.intercom.com/terms-and-policies#eu-us

Highlight Compliance & Security: https://www.highlight.io/docs/general/company/compliance-and-security

LinkedIn GDPR Compliance: https://privacy.linkedin.com/gdpr

Liongard Privacy Policy: https://www.liongard.com/privacy-policy/