Last Updated January 31, 2022
This policy describes how Sounding Board Labs, Inc. (“Sounding Board” or the “Company”) collects, aggregates, stores, safeguards and uses the data and information (including non-public personal information, or “NPI”) provided by users through our website, www.soundingboardinc.com (the “Site”), as well as information collected by us through other means, including by email, over the phone, or in offline communications. This Site is operated by the Company and has been created to provide information about our company and our coaching services and related services (together, the “Services”).
We take your privacy and the security of your information seriously.
This policy explains:
1.5 In some Sections below we refer to “GDPR art.” and then mention some numbers and letters. Where we do this, we are referencing a specific article within the European Union’s General Data Protection Regulation (or GDPR) that permits us to collect and use your data in a specific way. We do this for two reasons: (1) in some instances, we are required to under GDPR; and (2) because GDPR is considered to be the highest standard of privacy law in the world and we want you to know that, irrespective of where you live, we are applying the highest standards when it comes to your personal data. GDPR doesn’t apply to everyone, only those who are geographically located in the EU. That said, we still want to outline our GDPR obligations so you can understand what we are doing.
2.2 Along those lines, SoundingBoard is the “Controller” of the personal data it collects, which means we are the entity that decides how to collect, process, and use personal data.
3.1 Not all data is “personal data” under the law, but a lot of it is, and more than you might think. Because we operate in more than one country, we’ve taken the approach that the broadest definition of personal data is best, because it allows us to explain what we collect more simply. And so, for SoundingBoard’s purposes, personal data is:
3.3 As explained below, we may combine different kinds of personal data in the performance of our services. We’ll also sometimes combine the personal data you’ve given us with non-personal data. For example, we might combine data about the time and location of your coaching session with data about your review of the session or the coach to improve our offerings and make changes to our sessions. If the combined data can identify you, we’ll treat it like personal information, even though some parts of the combined data (like the weather) can’t identify you.
3.4 We do not collect any “Special Categories” of Personal Data about you. This includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data, or information about criminal convictions or offenses.
We collect personal data in a variety of ways, depending on how you interact with us, including:
5.1 Direct interactions. You may give us your Basic, Purchase, Technical, Coaching Session, Profile, or Feedback and Marketing Data, by interacting with us, as when you:
sign up for or take part in sessions;
5.2 Through automated technologies or interactions. As you interact with our website, we automatically collect Product Data about your equipment, browsing actions and patterns. We collect this personal data by using cookies, server logs and other similar technologies. We may also receive Product Data about you if you visit other websites employing our cookies.
5.3 From third parties or publicly available sources. We may receive personal data about you from various third parties and public sources. We also store or process personal data through our third-party vendors, including
A general note on marketing data: We advertise because we want people to participate in to, and get value from, our sessions, and because we want our business to succeed. That means we place ads, send emails, run promotions, send out questionnaires, take surveys, conduct interviews, and do everything else that a marketing department does to try to create a brand. We’re telling you this bluntly so that you have an easier time understanding what we mean when we talk about marketing: it’s our effort to help our business grow.
Part of that growth is understanding what our existing coachees like, what they don’t like, and what they might like in the future. We want to know, for instance, why our coachees took part in a particular session. We think that knowing what our customers like will help us improve our existing services and design and deliver new, better ones in the future.
The most important part in all of this: you have control over how, and if, we market to you. The basis upon which we use this information is your consent (GDPR art. 6(1)(a)) and you can withdraw that consent at any time. You can always decide how much information you share and how we contact you when it comes to marketing.
7.1 Promotional offers
We use your Basic, Coaching Session, Usage, Profile, and Feedback and Marketing Data to create a marketing profile for you so that we can send you information about what sessions, products, or services you may find interesting. If you’ve opted-in to receive communications, we’ll send you emails, texts, or other communications in the format you’ve chosen. We may ask you to opt-in to marketing communications via email, on our website, in the app, or in a physical location like a store or a conference.
7.2 Third-party marketing
As explained above, we do share Marketing and Profile data about you with commercial partners and third parties who may want to directly market to you. We will get your express opt-in consent before we share your personal data with any other company for their own marketing purposes.
7.3 Opting out
You can ask us or third parties to stop sending you marketing messages at any time by contacting us at any time.
Where you opt-out of receiving these marketing messages, this will not apply to personal data provided to us as a result of a product/service purchase, warranty registration, product/service experience, or other transactions.
7.5 Change of purpose
If we need to use your personal data for an unrelated purpose, we will notify you and we will explain the legal basis which allows us to do so.
7.6 Data retention
We delete or anonymize your Personal Data as soon as it is no longer required for the purposes we have collected unless we are legally required to continue processing your Personal Data. The one primary exception here is that, if you ask us to delete your data and “forget” you, or ask us not to contact you, we’ll keep your email address on our master do-not-contact list as proof that we followed your request and so that we can avoid contacting you in the future.
7.7 Automated Decisions
We don’t use an automated decision-making system (an algorithm or machine learning tool) to make decisions about you. We’ll use a system that makes recommendations for what we think you’ll like, but acting on those recommendations is always in your hands, not ours.
9.2 For those present in the EU, we won’t transfer your Personal Data outside of the European Economic Area unless the place we are transferring it has a similar degree of protection for personal data as the EEA or we have another lawful basis for transferring the data.
9.3 In order for us to transfer personal data out of the European Union, we’ll need your consent to do so, and we’ll always ask for it before transferring data. We also use the Standard Contractual Clauses in agreements to ensure an adequate degree of security and privacy for personal data.
9.4 If you have questions about transferring data out of the EEA, please contact us and we’ll provide you with more information.
10.1 We work hard to keep your data (and ours) safe. We use a variety of tools – technological, administrative, and physical – to keep data secure. These safeguards are designed to ensure that whatever Personal Data we keep is protected against unlawful access or use. Despite our best efforts, however, no security measures are completely impenetrable.
10.2 We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
11.1 When you provide us with personal data, you have rights about how we use it, and why. In some circumstances, those rights are set out in specific legislation like the European Union’s GDPR, Canada’s PIPEDA, or California’s Consumer Privacy Act. In general, you have the right to:
If you wish to exercise any of the rights set out above, please contact us.
11.2 No fee usually required
In some rare circumstances, you may have to pay a fee regarding a request, but in general you don’t have to pay anything to exercise these data rights.
11.3 What we may need from you
In order to make sure that you’re the person entitled to exercise the rights listed above, we’ll sometimes request information to verify your identity. We will not ask for more data than is necessary to confirm your identity.
11.4 Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it may take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
By email: email@example.com
27068 La Paz Rd #318, Aliso Viejo, CA 92656
Privacy rights are very complicated. We want you to be able to make informed choices about how and why you share your data with us. Here are some links to important guidance and documents from governments and policy groups that talk about key issues. We’ve outlined key rights under the GDPR and CCPA below, but here are some other helpful links:
Your EU Rights
If you’re present in the European Union, the Information Commissioner’s Office in the UK provides a succinct explanation the rights you have when it comes to data.
The Federal Trade Commission is the main agency that handles privacy issues. They have a series of posts about consumer privacy rights that you can read here.
Canada’s Personal Information Protection and Electronic Documents Act (“PIPEDA”) covers privacy rights as well, and the Office of the Privacy Commissioner offers its explanation of rights here.
Rights for EU Residents
If you are present in the EU, you have the right to:
Request access to your personal data (commonly known as a “data subject access request”) (GDPR art.15). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
Request correction of the personal data that we hold about you (GDPR art.16). This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us.
Request erasure of your personal data (GDPR art.17). This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. We’ll also maintain a record of your email address in a master list of deletion requests to demonstrate that we have complied with your request and will not contact you in the future.
Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts on your fundamental rights and freedoms (GDPR art.21). You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms.
Request restriction of processing of your personal data (GDPR art.18). This enables you to ask us to suspend the processing of your personal data in the following scenarios: (a) if you want us to establish the data’s accuracy; (b) where our use of the data is unlawful but you do not want us to erase it; (c) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it.
Request the transfer of your personal data to you or to a third party (GDPR art.20). We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you.
Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.
You have the right to object to the processing of your Personal Data under certain circumstances in particular if we process your Personal Data on the basis on legitimate interest (GDPR Art. 6 (1)(b)) or if we use your personal data for marketing purposes.
You have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your residence, place of work or place of the alleged infringement if you consider that our processing of your Personal Data infringes the applicable data protection laws. Please contact us at “Contact Us” and we will provide you with detailed information as regards the contact details of the appropriate supervisory authority.
Your California Privacy Rights
If you are a California customer, you have the right to receive, once per year, free of charge, 1) the identity of any third-party company to which we have disclosed your personal information as defined by California’s “Shine the Light” law for that company’s own direct marketing purpose; and 2) a description of the categories of personal information disclosed. To request this information, please contact us at firstname.lastname@example.org or the mail address set forth in the section entitled “Contact Us” below. Requests must include “California Privacy Rights Request” in the first line of the description and include your name, street address, city, state, and ZIP code. Please note that we are not required to respond to requests made by means other than through the provided email or mail address.
Tommy is at his best helping clients think through complex challenges in order to create a positive impact on their organizations. He thrives when interacting with others whether helping his team succeed or working with clients to build long-term partnerships. He has extensive experience consulting with organizations on driving their employee experience, guiding organizations through change, and working to ensure organizations are moving the needle when it comes to their results.
Most recently, Tommy was a Client Services Leader overseeing some of GP’s most prized accounts on a global level. His responsibilities included overall client growth strategy, retention, and satisfaction. He represented all of GP Strategies’ major business lines including leadership, coaching, and engagement, digital transformation, outsourced services, and technology implementation solutions.
Before GP Strategies, Tommy spent several years with TTEC Digital (formerly rogenSI) where he led the sales team, eventually becoming the regional Learning & Performance practice leader for North America. While managing the P&L and sales team he also led the largest global relationship for the firm (Deloitte Globally). During his time at TTEC, he focused on delivering blended learning solutions that incorporate technology and hands-on training. Before TTEC Digital, he spent several years dedicated to strength-based leadership disrupting the business landscape regarding performance management and employee engagement with thought leader Marcus Buckingham at The Marcus Buckingham Company / TMBC (now ADP).
Tommy has had the privilege of working with some of the most well-known global brands in professional services, retail, technology, and healthcare including Deloitte, Facebook, Microsoft, Bank of America, Novartis, Gap Inc., lululemon, and Intel. Several projects he led for Deloitte were Global GNPS, New Partner Pivot, NextGen Partner Program Deloitte China, Present to Win, the RPM project on performance management, and Unconscious Bias.
Tommy holds a BS in Health Sciences from Texas A&M University, and an MBA from Universidad del CEMA.
Our expert coaches combine top notch coaching, business acumen and organizational savvy to truly become your leadership “Sounding Board”. Sounding Board coaches are all industry certified and strongly vetted going through a 3 step qualification process and receiving ongoing supervision and development.
Want to learn more about how Sounding Board can help your organization?
Simply fill out the form below and we will be in contact soon. If you are interested in becoming a Sounding Board Coach please visit our careers page.