Loc Leaders Community is operated by Phrase a.s. with its registered office at Václavské náměstí 2132/47, 110 00 Prague 1, Czech Republic (“Phrase a.s.”, “we”, “us” and “our”) (acting as a data controller). 

In this Privacy Notice, we describe the types of personal data that we collect in connection with your membership in the Loc Leaders Community, how we use and protect that data and how you can contact us and exercise your rights regarding your personal data.

We reserve the right to make any changes to this Privacy Notice at any time. Please check the Privacy Notice periodically for changes, although, if you are a member of Loc Leaders Community, we may also notify you via email of any changes that, in our sole discretion, materially impact your membership or the way we process your personal data. Your continuous membership in Loc Leaders community will signify your acceptance of all changes to this Privacy Notice made by us from time to time.

1. What personal data do we collect about you?

We collect the following personal data in connection with your relationship with us: your name and surname, job title and details about your job position, name of your organization, information about your professional career, user name, email address, phone number, information from your LinkedIn profile, information about your participation in conferences, information about our historic interaction with you or your organization, IP address of the device and type of Internet browser you use to connect to Phrase. 

2. How do we obtain your personal data?

We obtain personal data about you from three different sources. We obtain some of the personal data directly from you, such as your name, surname and contact details. 

Then there are certain personal data that are created in the course of our relationship with you or your organization, such as information about our interaction with you and through your use of Loc Leaders Community. Finally, we also collect some personal data about you from public sources such as your LinkedIn profile.

3. How do we use your personal data?

Your personal data is processed for the following purposes:

• to enable you create an account in the Loc Leaders Community;
• to enable you to participate in the Loc Leaders Community
• to maintain our business relationship with you or your organization;
• our internal reporting;
• to ensure network and information security;
• to analyse and understand how Loc Leaders Community is being used and to enhance its functionality;
• for future marketing, including sending you updates and marketing materials about Loc Leaders Community by email (unless you have indicated that you do not want to receive these marketing materials).

4. On what legal basis do we use your personal data?

We use your personal data on the following basis:

• processing your personal data to enable your use of Loc Leaders Community is necessary so that we can operate this community;
• processing of your personal data to comply with our legal obligations; and
• processing of your personal data for other purposes listed in the Section “How do we use your personal data?” is based on our legitimate interest in processing personal data for these purposes: (i) to help us to maintain a productive business relationship with you, (ii) to improve our ability to understand your (business) needs; (iii) to improve and enhance the community; and (iv) to ensure network and information security.

5. How long will we keep your personal data?

If you are a member of the Loc Leaders Community, we will always keep your personal data for the period for which you will be participating in the community. If you cancel your membership in the Loc Leaders Community, your data will be deleted within 30 days of receipt of your request.

We will also keep your personal data where required by law or where we need to do so in connection with potential or actual legal action or an investigation involving Phrase a.s.

6. With whom do we share your personal data?

Your personal data might be accessible to our affiliates within the Phrase Group:

• Phrase a.s., with its registered office at Václavské náměstí 2132/47, 110 00 Prague 1, Czech Republic;
• Phrase GmbH, with its registered office at ABC-Straße 4, 20354 Hamburg, Germany;
• Phrase UK Ltd, with its registered office at 73 Cornhill, EC3V 3QQ, London, United Kingdom;
• Phrase OpCo Ireland Limited, with its registered office at Unit A6, Santry Business Park, Swords Road, D09 X651 Dublin 9, Ireland;
• Phrase OpCo Spain, S.L., with its registered office at Calle Entença, 325-335, Planta 1ª, 08029 Barcelona, Spain;
• Phrase, Inc., with its office at 350 East Avenue, Suite 203 in Rochester, NY 14604, United States of America.

The personal data might be shared with the affiliates within the Phrase Group in order for them to provide you with certain support and marketing activities.

We may share your personal data with other recipients, in particular, our suppliers, under a written agreement which commits such recipients to appropriate safeguards in relation to handling of your personal data (including in relation to maintaining confidentiality of your personal data and implementing appropriate technical and organizational security measures).

To the extent we act as a data controller with respect to personal data, we use the following processors to process personal data on our behalf:

• Forj Software, Inc., with offices at 20935 Swenson Drive Suite 125, Waukesha, WI 53186, USA – community engagement and knowledge sharing platform;
• Google Ireland Limited, with offices at Gordon House, Barrow Street, Dublin 4, Ireland – email client and document storage provider;
• HubSpot Inc., with offices at 2 Canal Park, Cambridge, MA 02141, USA – marketing management and customer support software provider;
• Notion Labs Inc., with offices at 2300 Harrison Street, San Francisco, CA 94110, USA – database and knowledge management platform provider;
• SFDC Ireland Limited, with offices at Salesforce Tower Dublin, North Dock, Dublin, D01 W2Y3, Ireland – customer relationship management software provider;
• Slack Technologies Limited, with offices at Salesforce Tower Dublin, North Dock, Dublin, D01 W2Y3, Ireland – communication platform provider.

We do not sell your personal data to any third parties.

7. Location of your data

Your personal data may be transferred to, stored and processed in the countries outside the European Economic Area (EEA) to countries in which Phrase, its affiliates, suppliers, contractors or other vendors are located or maintain facilities. These countries include the USA, United Kingdom and Japan.

We reserve the right to change our business partners and/or data locations. When we transfer any personal data to the USA or any other country outside the EU or EEA in which Phrase, its affiliates, contractors, suppliers or vendors maintain facilities, we will implement such appropriate legal mechanisms as are required by EU data protections laws to ensure an adequate level of personal data protection by such third parties receiving your personal data.

When transferring personal data to third countries outside the EEA, we will rely (i) either on adequacy decisions of the European Commission under Article 45 of the GDPR (where the European Commission recognizes that a third country ensures a level of protection adequate to the GDPR) or (ii) on standard contractual clauses agreed with the parties with which we share the data internationally.

The countries recognized by the European Commission as having an adequate level of protection can be found on the webpages of the European Commission here, and include, among others, also the USA (when sharing personal data with commercial organizations participating in the EU-US Data Privacy Framework), Japan (when sharing personal data with private sector organizations) and Canada (when sharing personal data with specific federally regulated organizations).

Where we cannot rely on the adequacy decision, we will rely on data transfer agreements based on model standard contractual clauses (SCCs) approved by the European Commission to ensure that the persons to whom we transfer data in those countries commit to ensure an adequate level of protection of your personal data. In addition to the SCCs we require strict security standards and measures to be employed by each of our processors and sub-processors, including additional technical and organizational measures as required by applicable EU case law and guidelines. We also contractually require our processors and sub-processors to provide us with a prompt notice of any data breach or security incident concerning processed data.

8. Protecting your personal data

We have implemented and will maintain appropriate technical and organizational measures, internal controls, and information security routines in accordance with good industry practice while keeping in mind the state of technological development in order to protect your data against accidental loss, destruction, alteration, unauthorized disclosure or access or unlawful destruction. Such measures may include, without limitation, taking reasonable steps to ensure the reliability of employees having access to your data and providing for limited access rights and access controls on a need-to-know basis; authentication; personnel training; regular back up; data recovery and incident management procedures; restrictions on storing, printing and disposal of personal data; software protection of devices on which personal data is stored; etc.

We have also implemented Information Security Management in accordance with the requirements of information security standard – ISO 27001, including penetration tests, vulnerability scans, secure development frameworks, access management, supplier management and compliance processes.

Please see our Security Statement for more information.

9. Your rights

This section describes your rights under the applicable laws and the procedures for exercising them. If you exercise any of your rights pursuant to this section or pursuant to the applicable laws, we will notify each recipient to whom your personal data has been disclosed, as specified in Section 8 of this Privacy Notice, about any correction, deletion, or restriction of processing carried out in accordance with your request, unless this notification proves impossible or requires disproportionate effort.

To exercise your rights, please contact us at privacy@phrase.com. We will respond within one (1) month after receipt of your request. In exceptional circumstances, we retain the right to extend this period by up to two (2) months. We will in any event inform you within one (1) month after receipt of your request if we decide to extend the period for our response. If needed, we might ask you for additional information to confirm your identity before processing your request.

You are not required by law to provide your personal data to us, however, if you don’t, then we may not be able to provide you or your organization with our service. If you object to the processing of your personal data, we will respect that choice in accordance with our legal obligations. Depending on the scope of your request, this could mean that we will not be able to provide you or your organization with our service.

If you would like to exercise any of your rights, please let us know by getting in touch using the contact details below.

You are entitled to:

Request access to processing information

You have the legal right to request information at any time about whether we are processing your personal data. If this is the case, you have the right to be informed about the extent to which your personal data is being processed as well as to be provided with a copy of your personal data. Where the personal data is transferred to third countries, you also have the right to be informed of the appropriate safeguards implemented by us in relation to the transfers.

Request the correction and/or deletion of your personal data

You have the right to obtain the rectification of inaccurate personal data concerning you and/or to have incomplete personal data completed. In certain circumstances you have the right to erasure of the personal data concerning you without undue delay. The right to erasure does not apply, in particular, if processing is necessary to comply with legal obligations.

Object to the processing of your personal data

You have the right to object at any time to the processing of your personal data that is based on legitimate interest. We will no longer process personal data unless we can demonstrate legitimate grounds for the processing which override the interests, rights and freedoms of you as data subject or for the establishment, exercise or defense of legal claims. If you object to processing of your data for direct marketing purposes, we will cease to process your data for these purposes.

Request the restriction of the processing of your personal data

If you request us to restrict the processing of your personal data, e.g. in circumstances when you contest the accuracy, lawfulness or our need to process your personal data, we will limit processing of your personal data to the necessary minimum (storage) and, if applicable, will process them only for the establishment, exercise or defense of legal claims or, where necessary, for protection of rights of another natural or legal person, or other limited reasons dictated by the applicable law. In case the restriction is lifted, and we continue processing your personal data, you will be informed accordingly without undue delay.

Portability of your personal data

You have the right to receive personal data relating to you and which you have provided to us. If you approach us with such a request, we will provide your personal data in commonly used and machine-readable format to you without undue delay from receipt of your request. If you request so, we will send your personal data to a third party (another data controller) which you will identify in your request, unless such request would adversely affect rights or freedoms of others and where technically feasible.

Withdraw your consent

If you have provided us with any consent to the processing of personal data, for example for marketing communication, you can withdraw your given consent at any time without stating any reason. We will stop any further processing of your personal data. Please note that the withdrawal of your consent does not affect the lawfulness of any processing based on consent before its withdrawal.

Children’s privacy

Phrase Solutions are not intended for individuals under the age of 16, and we do not knowingly collect personal data from children under 16. If we become aware that we have collected personal data from a child under 16, we will take immediate steps to delete such information and close the associated account. Legal guardians who believe that we may have collected data from their child under 16 should contact us in accordance with this Privacy Notice to request the removal of the data.

Complain to a data protection authority 

You have the right to submit a complaint concerning our data processing activities of Phrase a.s.:

Úřad pro ochranu osobních údajů, at Pplk. Sochora 727/27, 170 00 Praha 7, Czech Republic.

10. Contact us

If you have questions or requests regarding the processing of your personal data or require additional information, please contact us at privacy@phrase.com.Last updated on: Jun 17, 2025