GDPR Compliance
What is the GDPR?
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union. For EUR residents, the regulation aims to increase their control over their personal data. For businesses, the GDPR becomes a unifying regulation across the EU. On the 25th of May, the GDPR took effect and replaced the 1995 Data Protection Directive.
Does this affect me?
The GDPR regulation applies to any EU residents’ data, regardless of where the processor or controller is located.
This means that if you’re using LeadFuze from the US to reach out to other US corporations, the regulation doesn’t affect you. However, if some of your customers or leads are in the EU, you should pay attention to it.
In practice, most companies need to take the GDPR into consideration. The LeadFuze team worked hard to prepare for GDPR and ensure we fulfill its obligations.
Data Processing Addendum
LeadFuze is in most cases a controller. If you would like a data processing addendum (DPA), assigning you as a Processor under Article 28 of the GDPR, we’ve made this procedure simple and have the contract ready to be signed. Contact us to get started.
How LeadFuze complies with the GDPR
Even though GDPR only applies to data from EU residents, we have applied the requirements of the regulation across the entire platform and service. This means we don’t restrict any privacy-related feature based on the geographical location of a data subject.
Here are some of the actions we’ve taken to ensure we remain compliant:
Security
We are always working towards ensuring the data we manage is secure. Aside from ensuring the data we host is securely on AWS servers, keeping SSL certificates up-to-date, and putting our data behind firewalls, we also limit the access to our data to only two engineers on the team.
Log retention
LeadFuze stores logs on AWS servers in order to improve the user experience, debug the software, and/or prevent fraud. These logs are maintained for 90 days before being deleted. We only use these logs for monitoring and debugging.
Data portability
GDPR gives you the right to download any data that you provide to a service. Not only does this make migration easier, but it also allows you to import your data into CSV or other platforms. LeadFuze has always made it possible for you to download data.
Right of erasure
As we source and crawl publicly available information, it means your data may end up in our database. If you would like to be removed, simply contact us and let us know. We will remove your information completely within 72 hours.
FAQ’s
Can I still Contact Leads in the EU?
Absolutely, as long as you have a business reason for doing so (such as they are within a market you serve), or have consent already. Your communication and how you interact with leads in the EU remain your responsibility.
What happens if I want to find leads from other countries?
You have the ability when searching for leads to not look within EU and can look for leads in other countries.
What about usage of different products like LeadFuze API’s?
When submitting an email address to our API, we may provide additional information about the lead such as the company they work for and details about that company. You are responsible for how the email address you supplied to us was captured as well as how the data is used in accordance with rules and regulations.
Any other questions?
We invite you to look at our Privacy Policy as it contains a precise description of how we process data. Should you have any other question, we’re here to help – contact us.