Legal
Privacy Policy
1. Who We Are
Leadership Impact Institute (LII) is an independent professional certification body operating across the Middle East. LII is the data controller for all personal data processed in connection with its certification, accreditation, verification, and associated services.
This Privacy Policy explains how LII collects, uses, retains, and protects personal data. It applies to all individuals who interact with LII, including candidates, employers, accredited institutions, delivery partners, and visitors to lii.institute.
LII Institute is operated by Clever Find Consultancy Limited, a company incorporated in Ras Al Khaimah International Corporate Centre (RAK ICC), United Arab Emirates.
2. Personal Data We Collect
LII collects personal data only to the extent necessary for the purposes described in this Policy. The categories of personal data collected depend on the nature of your interaction with LII.
| Category | Examples | Collected from |
|---|---|---|
| Identity data | Full name, job title, professional designation | Certification applications, enquiry forms |
| Contact data | Email address, phone number, organisation name | Applications, accreditation, employer registration |
| Professional data | Employment history, leadership evidence, portfolio submissions, impact statements | Certification submissions, assessment process |
| Assessment data | Assessment grades, panel notes, assessor feedback, certification status | LII internal systems, assessor panels |
| Verification data | Certification reference number, level attained, date of award | Certification records; published on Digital Passport |
| Technical data | Browser type, IP address, pages visited, session duration | Website analytics (aggregated only) |
| Employer data | Organisation name, HR contact details, verification requests | Employer registration, verification portal |
3. Lawful Basis for Processing
LII processes personal data on the following lawful bases under UAE Federal Decree-Law No. 45 of 2021 (PDPL) and applicable data protection legislation:
- Contract performance — processing necessary to deliver certification, accreditation, or verification services you have requested
- Legitimate interests — maintaining certification records, operating the verification portal, improving assessment standards, and ensuring the integrity of the LII qualification
- Legal obligation — where processing is required to comply with applicable law or regulatory requirements
- Consent — for communications where consent is the appropriate basis; you may withdraw consent at any time without affecting processing already completed
4. How We Use Personal Data
LII uses personal data for the following purposes:
- Processing certification applications and managing the assessment process
- Issuing certificates, Digital Passports, and membership designations
- Operating the public credential verification portal at verify.lii.institute
- Managing employer and accreditation partner accounts
- Communicating with candidates, employers, and partners about their engagement with LII
- Maintaining the integrity of the LII qualifications register and certification records
- Responding to complaints, appeals, and enquiries
- Conducting quality improvement activities using aggregated or anonymised data where possible
- Complying with legal and regulatory obligations
5. The Verification Portal
LII operates a public credential verification portal at verify.lii.institute. The portal displays the following data for verified certificate holders: full name, certification level and code, date of award, and current certification status (Active / Lapsed / Withdrawn).
Publication of certification data in the verification portal is a core feature of the LII certification model and forms part of the terms accepted at the point of application. Candidates who do not wish their certification to appear in the public portal should raise this before submitting their application. LII will assess requests to restrict publication on a case-by-case basis, subject to the overriding interest of third parties in verifying credentials independently.
6. Sharing Personal Data
LII does not sell personal data. Personal data is shared only in the following circumstances:
- Assessors and Internal Verifiers — candidate data necessary for fair assessment, subject to confidentiality obligations
- Employer verification requests — verification data provided through the portal only (see Section 5)
- Accredited institutions — where an institution has submitted a candidate or requested verification of a candidate's certification
- Service providers — third-party technology and infrastructure providers operating under data processing agreements with LII
- Legal requirements — where disclosure is required by law, court order, or regulatory authority
7. Data Retention
LII retains personal data for as long as necessary for the purposes set out in this Policy and to meet legal obligations. The following retention periods apply as a general guide:
- Certification and assessment records — retained for the lifetime of the certification plus seven (7) years following lapse or withdrawal
- Application data (unsuccessful) — retained for two (2) years following the final decision
- Employer and partner records — retained for five (5) years following the end of the commercial relationship
- Complaints and appeals records — retained for six (6) years from closure
- Website analytics — aggregated data retained for up to three (3) years; no individually identifiable records are retained
8. Your Rights
Under UAE PDPL and applicable data protection law, you have the following rights in relation to personal data LII holds about you:
Access
Request a copy of the personal data LII holds about you and information about how it is processed.
Correction
Request correction of inaccurate or incomplete personal data held about you.
Deletion
Request deletion of personal data where there is no longer a lawful basis for its retention, subject to LII's legal and regulatory obligations.
Restriction
Request restriction of processing in certain circumstances, including where you contest accuracy or object to processing.
Objection
Object to processing based on legitimate interests where you have grounds relating to your particular situation.
Portability
Request transfer of data you provided to LII in a structured, machine-readable format where technically feasible.
To exercise any of these rights, submit a written request to certifications@lii.institute. LII will respond within 30 calendar days. Requests may be refused where fulfilment would conflict with LII's legal obligations or the legitimate interests of third parties.
9. Data Security
LII applies appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, loss, or destruction. These measures include access controls, encryption of data in transit, restricted assessor access, and regular security reviews. No transmission of data over the internet is completely secure; LII applies measures proportionate to the risk and sensitivity of data held.
10. Cookies and Website Analytics
The LII website uses minimal, privacy-preserving analytics to understand aggregate usage patterns. No advertising or tracking cookies are set. No individual user profiles are built from website activity. Where third-party analytics tools are used, data is processed in aggregate form and configured to anonymise IP addresses.
11. Changes to This Policy
LII may update this Privacy Policy from time to time. Material changes will be published on this page with the effective date updated. Continued use of LII services following publication of an updated Policy constitutes acceptance of the changes. If changes materially affect how LII processes your data, LII will provide direct notification where practicable.
12. Contact and Complaints
For all data protection enquiries, contact LII at certifications@lii.institute. If you believe LII has not handled your personal data in accordance with this Policy or applicable law, you have the right to submit a complaint to the relevant data protection authority in your jurisdiction. Internal complaints and appeals procedures are set out in the Complaints and Appeals Policy.