Privacy Policy

Johannes Leonardo Privacy Policy

Effective Date: 9/27/2024

This Privacy Policy describes how Johannes Leonardo LLC (“Johannes Leonardo,” “we,” “our,” or “us”) collects, uses, and discloses information about you and applies to your use of any online service location that posts a link to this Privacy Policy, including our website located at www.johannesleonardo.com, and all features, content, and other services that we own, control, and make available through such online service location (collectively, the “Service”). By using the Service, you agree to our collection, use, and disclosure practices, and other activities as described in this Privacy Policy. If you do not agree with this Privacy Policy, then do not use the Service.

Data protection law makes a distinction between organizations that process information for their own purposes (known as “controllers” or “businesses”) and organizations that process information on behalf of other organizations (known as “processors” or “service providers”). This Privacy Policy applies only where we act a controller or business. It does not apply where we act as a processor or service provider, or in some instances a third party, on behalf of a client, which is subject to the client’s privacy policy. For further details about our processing on behalf of clients, please see the “Client Data” section below.

If you have any questions or wish to exercise your rights and choices, please contact us as set out in the “Contact Us” section. If you are a data subject in Europe, or a resident of California, Nevada, Colorado, Connecticut, Utah, or Virginia, please see our location-specific disclosures below.

For personal data transferred from the United Kingdom, the European Union, and Switzerland, we will provide appropriate safeguards, such as through the use of standard contractual clauses.

Information Collection

  1. Information You Provide to Johannes Leonardo

Johannes Leonardo collects information that you voluntarily submit to us through the Service. The categories of information we collect and have collected in the last 12 months include:

  • Contact Identifiers, including you or your employer’s first and last name, email address, phone number, and postal address;
  • User-generated Content, including content within any messages you send to us, such as feedback you provide or inquiries about available job postings; and
  • Professional, employment, or education-related information, including your employment and education history, transcript, writing samples, and references as necessary to consider your job application for open positions.

Please do not provide any information that we do not request.

  1. Information Collected Automatically

Johannes Leonardo also automatically collects certain information about your device and how your device interacts with our Service. The categories of information we automatically collect and have collected in the last 12 months include:

  • Internet Activity, including data about features you use, pages you visit, emails and advertisements you view, the time of day you browse, and your referring and exiting pages.
  • Device Information, including data about the type of device or browser you use, your device’s operating software, your internet service provider, your device’s regional and language settings.
  • Device Identifiers, including your device’s IP address.
  • Location Data, including non-precise location data (such as location derived from an IP address or data that indicates a city or postal code level).

The types of tracking technologies we use to automatically collect information include:

  • Cookies. A cookie is a small data file that certain websites write to your hard drive when you visit them. We may also use web bugs, clear gifs and similar technologies that collect data similar to that collected by a cookie. A cookie file can contain various types of information, including a user ID that the site uses to track the pages you have visited.
  • Pixels. A pixel (also known as a web beacon) is code embedded in a website, video, e-mail, or advertisements that sends information about your use to a server. There are various types of pixels, including image pixels (which are small graphic images) and JavaScript pixels (which contains JavaScript code). When you access a website, video, e-mail, or advertisement that contains a pixel, the pixel may permit us or another party to drop or read cookies on your device. Pixels are used in combination with cookies to track activity by a particular browser on a particular device.

For further information on tracking technologies and your rights and choices regarding them, please see the sections entitled “Analytics” and “Your Privacy Choices” below.

  1. Information from Other Sources.

We may obtain information about you from other sources, including publicly available sources, such as data in the public domain.

Use of Information

Johannes Leonardo uses information we collect in accordance with the practices described in this Privacy Policy. Our business purposes for collecting and using information, including in the last 12 months, include:

  • To operate and manage our Service;
  • To perform services requested by you, such as to respond to your inquiries;
  • To send you technical notices, updates, security alerts, information regarding changes to our policies, and support and administrative messages;
  • To prevent and address fraud, breach of policies or terms, and threats or harm;
  • To monitor and analyze trends, usage, and activities; and
  • To improve the Service or other Johannes Leonardo websites, applications, marketing efforts, products and services.
  • To send you direct marketing about our products, services, offers, promotions, rewards, and events we think you may be interested in;
  • To fulfill any other business or commercial purposes disclosed to you and with your consent.

Notwithstanding the above, we may use information that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by applicable law. For information on your rights and choices regarding how we use your information, please see the section entitled “Your Privacy Choices” below.

Disclosure of Information

Johannes Leonardo discloses information we collect through the Service in accordance with the practices described in this Privacy Policy. The categories of parties to whom we disclose and have disclosed information to in the last 12 months, are as follows:

  • Service Providers. We disclose information to service providers that process information on our behalf. Service providers may assist us with services such as payment processing, data analytics, direct marketing, website hosting, and technical support. To the extent required by law, we contractually prohibit our service providers from retaining, using, or disclosing your information for any purpose other than to provide this assistance, although we may permit them to use information that does not identify you (including aggregate or de-identified information) for any purpose except as prohibited by law.
  • Affiliates. We disclose your information to our affiliates and related entities, including where they act as our service providers or for their own internal purposes.
  • Partners. We disclose information with our partners in connection with offering co-branded services, selling or distributing our products, or engaging in joint marketing activities.
  • Sweepstakes, Contests, Promotions. We may offer sweepstakes, contests, surveys, and other promotions (each, a “Promotion“) jointly sponsored or offered by other parties. If you voluntarily choose to enter a Promotion, your information will be disclosed to other parties as set out in the official rules that govern the Promotion, as well as for administrative purposes and as required by law (e.g., on a winners list). By entering a Promotion, you agree to the official rules that govern that Promotion, and may, except where prohibited by applicable law, allow the sponsor and/or other parties to use your name, voice and/or likeness in advertising or marketing materials.
  • Merger or Acquisition. We disclose your information in connection with, or during negotiations of, any proposed or actual merger, purchase, sale or any other type of acquisition or business combination of all or any portion of our assets, or transfer of all or a portion of our business to another business.
  • Security and Compelled Disclosure. We disclose your information to comply with the law or other legal process, and where required, in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We may also disclose your information as required by courts or administrative agencies and to the extent necessary to permit us to investigate suspected fraud, harassment or other violations of any law, rule or regulation, the Service rules or policies, or the rights of other parties or to investigate any suspected conduct which Johannes Leonardo deems improper. We may also disclose your information to protect the rights, property, life, health, security and safety of us, the Service or any other party.
  • Facilitating Requests. We disclose your information at your request or direction.
  • Consent. We disclose your information with notice to you and with your consent.

Without limiting the foregoing, we may disclose information that does not identify you (including information that has been aggregated or de-identified) except as prohibited by applicable law. For information on your rights and choices regarding how we disclose your information, please see the section entitled “Your Privacy Choices” below.

Client Data

Johannes Leonardo is an advertising agency, and we provide marketing services for our clients, such as campaign production and brand strategy. In that role, we collect and process information about individuals at the direction of our clients (“Client Data”). Client Data has historically included contact data, demographic data, content, service use data, and location data, among other information. Our processing of Client Data is governed by the terms of our service agreements with our clients and their privacy policies, and not this Privacy Policy. We are not responsible for how our clients treat the information we collect on their behalf, and we recommend you review their own privacy policies.

We acknowledge that you may have rights in connection with Client Data. If your information has been processed by us on behalf of a client and you wish to exercise any rights you have with such information, please inquire with our client directly. If you wish to make your request directly to us, please provide the name of the client on whose behalf we processed your information. We will refer your request to that client, and will support them to the extent required by applicable law in responding to your request.

For jurisdiction-specific disclosures regarding Client Data, please visit the relevant jurisdiction section at the end of this Privacy Policy.

Social Media and Technology Integrations

Our Service contains content from and hyperlinks to websites, locations, platforms, and services operated, owned, and maintained by other parties. In addition, we integrate technologies operated or controlled by other parties into parts of our Service. For example, we hyperlink from our Services to websites, social media platforms, and other services not operated or controlled by us. These other parties may use tracking technologies to independently collect information about you and may solicit information from you. Also, if you use one of their features, both we and the applicable other party may have access to and use information associated with your use of that feature. If you publicly reference our Service on a social network (e.g., by using a hashtag associated with Johannes Leonardo in a tweet or post), we may use your reference on or in connection with our Service.

The information collected and stored by other parties, whether through our Service, or another parties’ service or device, remains subject to their own policies and practices, including what information they share with us, your rights and choices on their services and devices, and whether they store information in the U.S. or elsewhere. Johannes Leonardo is not responsible for and makes no representations regarding the privacy practices of other parties. You should carefully read their own privacy policies before providing any information to such parties.

Analytics

We use analytics services, such as Google Analytics, to help us understand how users access and use the Service, compile statistic reports on the Service’s activity, and provide other services relating to Service activity and internet usage.

As indicated above, vendors and other parties may act as our service providers, or in certain contexts, independently decide how to process your information. We encourage you to familiarize yourself with and consult their privacy policies and terms of use.

For further information on tracking technologies and your rights and choices regarding them, please see the sections entitled “Information Collected Automatically” above and “Your Privacy Choices” below.

Your Privacy Choices

  1. Jurisdictional Rights

Some regions provide additional rights by law, as described in our region-specific terms. This subsection details how you may exercise some of those rights to the extent they apply to you.

  • Data subject requests. To access, correct, delete, or exercise similar rights available to you in your region with respect to your information, please email us at websitesecurity [at] johannesleonardo.com. In the request, please specify which right you are seeking to exercise and the scope of the request.
  1. Tracking Technologies Choices

Most browsers accept cookies by default. You can instruct your browser, by changing its settings, to decline or delete all cookies. If you use multiple browsers on your device, you will need to instruct each browser separately. Your ability to limit cookies is subject to your browser settings and limitations. If you choose to delete cookies or decline a cookie, you may not be able to utilize all features of the Service.

Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Except as required by law, we do not respond to preference signals. For more information on “Do Not Track,” visit http://www.allaboutdnt.com.

  1. Analytics

Google provides tools to allow you to opt out of the use of certain information collected by Google Analytics at https://tools.google.com/dlpage/gaoptout. We are not responsible for the effectiveness of any third party opt-out tools.

  1. Communications

You have the option to opt-out of receiving promotional emails from Johannes Leonardo by clicking on the unsubscribe link that appears at the bottom of every promotional email that is sent out to you by Johannes Leonardo in relation to this Service, or contacting us at websitesecurity [at] johannesleonardo.com with the word UNSUBSCRIBE in the subject field of the email. Please note that your opt-out is limited to the email address used and will not affect subsequent subscriptions.

Data Security

We implement and maintain reasonable administrative, physical, and technical security safeguards to help protect information about you from loss, theft, misuse and unauthorized access, disclosure, alteration and destruction. Nevertheless, transmission via the internet is not completely secure and we cannot guarantee the security of information about you.

Children

The Service is intended for general audiences, and is not directed at children. We do not knowingly collect personal information (as defined by the U.S. Children’s Privacy Protection Act, or “COPPA”) from children. If you are a parent or guardian and believe we have collected personal information in violation of COPPA, contact us at websitesecurity [at] johannesleonardo.com. We will remove the personal information in accordance with COPPA. We do not knowingly “sell,” as that term is defined under the CCPA, the personal information of minors under 16 years old who are California residents.

International Transfers

We are based in the U.S. and the information we collect is governed by U.S. law.  If you are accessing the Service from outside of the U.S., please be aware that information collected through the Service may be transferred to, processed, stored, and used in the U.S. and other jurisdictions. Data protection laws in the U.S. and other jurisdictions may be different from those of your country of residence. Your use of the Service or provision of any information therefore constitutes your consent to the transfer to and from, processing, usage, sharing, and storage of information about you in the U.S. and other jurisdictions as set out in this Privacy Policy. For personal data transferred from the European Union, United Kingdom, or Switzerland, we will provide appropriate safeguards, such as through use of standard contractual clauses.

Retention

We retain information for the length of time that is reasonably necessary for the purpose for which it was collected, and as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements.

Changes to this Privacy Policy

We reserve the right to revise and reissue this Privacy Policy at any time. Any changes will be effective immediately upon posting of the revised Privacy Policy. Your continued use of our Service indicates your consent to the Privacy Policy then posted. If the changes are material, we may provide you additional notice to your email address.

Contact Us

If you have any questions about this Privacy Policy, the practices of this Service, or your dealings with this Service, you can contact us at websitesecurity [at] johannesleonardo.com or writing to us at:

Johannes Leonardo LLC
Attention: Director of Business Affairs
115 Broadway, 20th Fl.
New York, NY 10006

This Privacy Policy has been designed to be accessible to people with disabilities. If you experience any difficulties accessing the information here, please contact us at websitesecurity [at] johannesleonardo.com.

Additional Disclosures for Nevada Residents

Nevada law (NRS 603A.340) requires each business to establish a designated request address where Nevada consumers may submit requests directing the business not to sell certain kinds of personal information that the business has collected or will collect about the consumer. A sale under Nevada law is the exchange of personal information for monetary consideration by the business to a third party for the third party to license or sell the personal information to other third parties. If you are a Nevada consumer and wish to submit a request relating to our compliance with Nevada law, please contact us as at websitesecurity [at] johannesleonardo.com.

Additional Disclosures for California Residents

California provides additional rights to California residents, including through the California Consumer Privacy Act as replaced by the California Privacy Rights Act (“CCPA”). This section addresses those rights and only applies to California residents.  

We acknowledge that you may have rights under the CCPA in connection with the personal information we process on behalf of our clients. If personal information about you has been processed by us as a service provider on behalf of a client and you wish to exercise any rights you have with such personal information, please inquire with our client directly. If you wish to make your request directly to us, please provide the name of our client on whose behalf we processed your personal information. We will refer your request to that client, and will support them to the extent required by applicable law in responding to your request.

  1. Notice of Collection.

At or before the time of collection of your personal information, you have a right to receive notice of our data practices. Our data practices are as follows:

  • For the categories of personal information we have collected in the past 12 months, see the Information Collection section above.
  • For the categories of sources from which personal information is collected, see the Information Collection section above.
  • For the specific business and commercial purposes for collecting and using personal information, see the Use of Information section above.
  • For the categories of third parties to whom information is disclosed, see the Disclosure Information section above.
  • For the criteria used to determine the period of time information will be retained, see the Retention section above.

We do not “sell” or “share” your personal information as those terms as defined by the CCPA.

We do not knowingly sell or share the personal information of minors under 16 years old who are California residents.

  1. Right to Know, Correct, and Delete. 

You have the right to know certain details about our data practices. In particular, you may request the following from us:

  • The categories of personal information we have collected about you;
  • The categories of sources from which the personal information was collected;
  • The categories of personal information about you we disclosed for a business purpose or sold or shared;
  • The categories of persons to whom the personal information was disclosed for a business purpose or sold or shared;
  • The business or commercial purpose for collecting or selling or sharing the personal information; and
  • The specific pieces of personal information we have collected about you.

In addition, you have the right to correct or delete the personal information we have collected from you. These rights are subject to certain exceptions.

To exercise any of these rights, please follow the instructions for data subject requests in the Your Privacy Choices section above.. In the request, please specify which right you are seeking to exercise and the scope of the request. We will confirm receipt of your request within 10 business days and respond to your request within 45 days. We may require specific information from you to help us verify your identity and process your request. If we are unable to verify your identity, we may deny your request.

  1. Authorized Agent. 

You can designate an authorized agent to submit requests on your behalf. Requests must be submitted through the methods listed above. Except for opt-out requests, we will require written proof of the agent’s permission to do so and may verify your identity directly.

  1. Right to Non-Discrimination. 

You have the right not to receive discriminatory treatment by us for the exercise of any your rights. 

  1. Shine the Light. 

Customers who are residents of California may request (i) a list of the categories of personal information (as that term is defined by Shine the Light) disclosed by us to third parties during the immediately preceding calendar year for those third parties’ own direct marketing purposes; and (ii) a list of the categories of third parties to whom we disclosed such information. To exercise a request, please write us at the email or postal address set out in “Contact Us” above and specify that you are making a “California Shine the Light Request.” We may require additional information from you to allow us to verify your identity and are only required to respond to requests once during any calendar year. 

Additional Disclosures for Residents of Colorado, Connecticut, Utah, and Virginia

These additional rights and disclosures apply only to residents of Colorado, Connecticut, Utah, and Virginia. Terms have the meaning ascribed to them in the Colorado Privacy Act (“CPA”), the Connecticut Data Privacy Act (“CTDPA”), the Utah Consumer Privacy Act (“UCPA”), and the Virginia Consumer Data Protection Act (“VCDPA”), as applicable.

Note that these rights and disclosures only apply to personal data we collect where we control the purposes and means of collection. Any questions or requests that you have relating to the processing of personal data by us on behalf of a client should be directed to the relevant client. We will support the client to the extent required by applicable law in responding to your request.

You have the following rights under applicable law:

  • To confirm whether or not we are processing your personal data
  • To access your personal data
  • To correct inaccuracies in your personal data
  • To delete your personal data
  • To obtain a copy of your personal data that you previously provided to us in a portable and readily usable format

To exercise any of these rights, please follow the instructions for data subject requests in the Your Privacy Choices section above. Please note these rights are subject to exceptions. We may require specific information from you to help us confirm your identity and process your request. If personal data about you has been processed by us as a processor on behalf of a client and you wish to exercise any rights you have with such personal data, please inquire with our client directly. If you wish to make your request directly to us, please provide the name of our client on whose behalf we processed your personal data. We will refer your request to that client, and will support them to the extent required by applicable law in responding to your request.

Authorized Agent.

You can designate an authorized agent to submit requests on your behalf. Requests must be submitted through the designated methods listed above. Except for opt-out requests, we will require written proof of the agent’s permission to do so and may verify your identity directly.

Appeals

If we refuse to take action on a request, you may appeal our decision within a reasonable period time by contacting us at websitesecurity@johannesleonardo.com and specifying you wish to appeal. Within 60 days of our receipt of your appeal, we will inform you in writing of any action taken or not taken in response to the appeal, including a written explanation of the reasons for the decisions. If the appeal is denied, you may submit a complaint as follows:

  • For Colorado residents, to the Colorado AG at https://coag.gov/file-complaint/
  • For Connecticut residents, to the Connecticut AG at https://www.dir.ct.gov/ag/complaint/
  • For Virginia residents, to the AG at https://www.oag.state.va.us/consumercomplaintform

Additional Disclosures for Data Subjects in Europe

  1. Roles

Data protection law in Europe make a distinction between organizations that process personal data for their own purposes (known as “controllers”) and organizations that process personal data on behalf of other organizations (known as “processors”).

In limited circumstances, Johannes Leonardo (located at the address set forth in the section entitled “Contact Us” above) operates as a controller, such as in connection with data collected from users who browse our website. However, Johannes Leonardo generally operates as a processor on behalf of our clients. The clients are the controllers and determine the purposes for which and the manner in which personal data are to be processed by Johannes Leonardo. Please visit the applicable client’s privacy policy for information about their privacy practices. Any questions that you may have relating to the processing of personal data by Johannes Leonardo on behalf of a client and your rights under data protection law should be directed to the client as the controller, not to Johannes Leonardo.

  1. Lawful Basis for Processing.

Data protection laws in Europe require a “lawful basis” for processing personal data. Our lawful bases include where: (a) you have given consent to the processing for one or more specific purposes, either to us or to our service providers, partners, or clients; (b) processing is necessary for the performance of a contract with you; (c) processing is necessary for compliance with a legal obligation; or (d) processing is necessary for the purposes of the legitimate interests pursued by us or a third party, and your interests and fundamental rights and freedoms do not override those interests.

  1. Your Data Subject Rights

If you are a data subject in Europe, you have the right to access, rectify, or erase any personal data we have collected about you. You also have the right to data portability and the right to restrict or object to our processing of personal data we have collected about you. In addition, you have the right to ask us not to process your personal data (or provide it to third parties to process) for marketing purposes or purposes materially different than for which it was originally collected or subsequently authorized by you. You may withdraw your consent at any time for any data processing we do based on consent you have provided to us.

To exercise any of these rights, please e-mail us at websitesecurity [at] johannesleonardo.com or send us a letter to the mailing address in the section entitled “Contact Us” above and specify which right you intend to exercise. We will respond to your request within 30 days. For information on how to exercise your rights for information collected and processed at the direction of our clients, see the section entitled “Information on Behalf of Our Clients” above. We may require additional information from you to allow us to confirm your identity. Please note that we store information as necessary to fulfil the purposes for which it was collected, and may continue to retain and use the information even after a data subject request as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

If you have any issues with our compliance, you have the right to lodge a complaint with a supervisory authority.