Comprehensive Privacy Notice — Leaderlix

Last updated: March 26, 2026

1. Identity and address of the data controller

Digital Business, Coaching and Marketing Services LLC (hereinafter “Leaderlix,” “we,” or “the Controller”), a company incorporated in the United States of America, commercially operating under the Leaderlix brand, is the data controller responsible for the processing of your personal data in accordance with the General Data Protection Regulation of the European Union (GDPR, Regulation EU 2016/679) where applicable.

Becas y Conferencias LTFL S.C., domiciled in Mexico City, Mexico, acts as joint controller and is the obligated entity under Mexico's Federal Law for the Protection of Personal Data Held by Private Parties (LFPDPPP) and its Regulations.

Leaderlix operates three business units:

  • Leaderlix Health — Medical communication and key opinion leader development for the pharmaceutical industry.
  • Leaderlix Teams — Corporate training, leadership, and executive communication.
  • Leaderlix Profit — Strategic consulting focused on business results.

Privacy contact:

2. Personal data we collect

CategorySpecific data
Identification dataFirst name and last name
Professional contact dataCorporate email address, phone number
Employment dataCompany or organization, job title or position
General location dataCountry
Professional network dataLinkedIn profile URL
Business interaction dataEvent attendance history, internal commercial classification
Browsing dataIP address, browser type, pages visited, session duration (collected through cookies and tracking technologies)

We do not collect sensitive personal data as defined in Article 3, Section VI of the LFPDPPP, nor special categories of data under Article 9 of the GDPR.

3. Purposes of processing

3.1 Primary purposes

  1. Management of the B2B business relationship, including registration and administration of corporate contacts.
  2. Organization, coordination, and follow-up of in-person and virtual events.
  3. Provision of contracted corporate training, consulting, and medical communication services.
  4. Administration of access to our LMS and CRM platform (FOCUS1).
  5. Issuance of invoices, quotations, and commercial documentation.
  6. Operational communication related to contracted services or confirmed events.
  7. Compliance with applicable legal, tax, and regulatory obligations.

3.2 Secondary purposes

  1. Sending commercial communications, newsletters, and promotional materials.
  2. Invitations to events, seminars, and activities organized by Leaderlix.
  3. Preparation of studies, statistical analyses, and market segmentation for internal purposes.
  4. Service quality evaluation through satisfaction surveys.

To opt out of secondary purposes, contact contact@leaderlix.com.

4. Legal basis for processing

4.1 Under the LFPDPPP (Mexico)

  • Implied consent: By providing your personal data and not expressing objection (Article 8, LFPDPPP).
  • Legal relationship: Processing necessary for fulfillment of contractual obligations (Article 10, Section IV, LFPDPPP).

4.2 Under the GDPR (European Union)

  • Legitimate interest (Article 6.1.f GDPR): For processing professional contact data in B2B business relationships.
  • Performance of a contract (Article 6.1.b GDPR).
  • Consent (Article 6.1.a GDPR): For commercial electronic communications. Withdrawable at any time.
  • Legal obligation (Article 6.1.c GDPR): For tax and regulatory compliance.

5. Source of personal data

  1. Directly from the data subject: Registration forms, event sign-ups, quotation requests, business card exchange.
  2. Platform migration: Data previously stored in HubSpot CRM, migrated to FOCUS1.
  3. Professional networks: Publicly available LinkedIn profile information.
  4. Imports from corporate clients: Participant lists for events or training programs.

6. Data transfers

6.1 Domestic transfers

  • Tax and regulatory authorities, where legally required.
  • Accounting and legal service providers, under confidentiality agreements.

6.2 International transfers

Your personal data is stored and processed on servers in the United States of America, operated by Railway.

ProviderPurposeSafeguards
RailwayInfrastructure and database hostingStandard Contractual Clauses (SCCs)
Google (Analytics)Web traffic analysisSCCs + IP anonymization
PostHogPlatform usage analyticsSCCs + US server processing

Leaderlix does not sell, rent, or trade personal data to third parties.

7. Data subject rights

7.1 ARCO Rights (LFPDPPP)

  • Access: Know what personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Cancellation: Request deletion of your data.
  • Opposition: Object to processing for specific purposes.

7.2 GDPR Rights

  • Data portability (Art. 20 GDPR): Receive your data in structured format (CSV or JSON).
  • Restriction of processing (Art. 18 GDPR).
  • Object to legitimate interest processing (Art. 21 GDPR).
  • Not be subject to automated decisions (Art. 22 GDPR).
  • Withdraw consent at any time.
  • Lodge a complaint with an EU supervisory authority.

7.3 How to exercise rights

Send a request to: contact@leaderlix.com

Include: full name, associated email, description of the right, and supporting documentation.

Response times: LFPDPPP: 20 business days. GDPR: 1 calendar month.

In Mexico, complaints may be filed with INAI: www.inai.org.mx.

8. Cookies and tracking technologies

TypePurposeLegal basis
Strictly necessaryWebsite functionality, authentication, securityLegitimate interest
Analytics (Google Analytics)Traffic analysisConsent (GDPR)
Analytics (PostHog)FOCUS1 platform usageConsent (GDPR)

Google Analytics is configured with IP anonymization enabled.

9. Data retention period

CategoryPeriodJustification
Active commercial contact dataBusiness relationship + 20 yearsStrategic B2B value and statute of limitations
Inactive contact data20 years from last interactionPotential reactivation in long-cycle industries
Event participant data20 years from eventHistorical documentation
Billing data20 yearsTax obligations
Consent recordsProcessing duration + 5 yearsAccountability
Browsing data (cookies)Maximum 13 monthsEuropean authority guidelines

10. Security measures

Technical: Encryption at rest (PostgreSQL), TLS/HTTPS, RBAC, secure token authentication, encrypted backups.

Administrative: Internal data processing policies, confidentiality agreements, staff training, incident response procedures.

Physical: Railway data centers with SOC 2 certification.

11. Data Protection Officer

Email: contact@leaderlix.com

Controller: Digital Business, Coaching and Marketing Services LLC, USA.

Joint Controller (LFPDPPP): Becas y Conferencias LTFL S.C., Mexico City, Mexico.

12. Changes to this privacy notice

Leaderlix reserves the right to modify this privacy notice. Changes will be published on this page and, for material changes, data subjects will be notified at least 30 days in advance.

13. Applicable law and jurisdiction

  • Mexico: LFPDPPP, its Regulations, and Privacy Notice Guidelines. Competent courts: Mexico City.
  • European Union: GDPR and applicable member state legislation.