We understand that strong data protection requirements are an important element of the GDPR. In our data processing agreement, we share our privacy commitments and the terms for Leadinfo and our customers to meet the GDPR requirements. Our customers will find the Data Processing Agreement in their Settings in our product. If you want to get a copy, please contact us at firstname.lastname@example.org.
Leadinfo matches the IP address of the visitor against a publicly available database of company data (such as the Chamber of Commerce). According to the GDPR, the IP address is considered to be private data, and there must be solid justification for its use. The justification is ‘own legitimate interest’, provided for in Article 6(1)(f) of the GDPR. This article states working with personal data is permitted if this serves a clear interest and privacy standards are maintained.
Marketing and analytics are considered to be legitimate interests, and Leadinfo only uses private data in a limited capacity. IP addresses are not saved and only publicly accessible corporate data is shared with the users. This means that Leadinfo maintains privacy standards.
As a Leadinfo user, you are obliged to state these facts in your company’s privacy statement, as well as the register of data processing operations.
We have been and are continually training all our employees in data protection awareness.
All of our vendors have been reviewed, evaluating their compliance status, and arranging similar GDPR-ready data processing agreements with them, or stopped using their tools if we don't achieve a healthy level of compliance.
How we protect your data:
Employee contractual confidentiality: All our employees and contractors have clauses on confidentiality in their contracts
Restricted Access: Only employees with the right permissions have access to our offices and systems with sensible data are protected by two-factor authentication.
Device Management: The workstations of our employees and contractors are protected by lock screens, disk encryptions and secure networks and firewalls.
Amazon Web Services: All our servers and data are hosted on Amazon Web Services in Ireland. You can read about Amazon’s security features and compliance from:
Encryption: Access to our websites, applications and APIs is always secured with HTTPS.
IP Addresses: Directly after Leadinfo’s systems have received an IP address, matched company data is requested and shown in the portal. The IP addresses are not shown or stored. Leadinfo clients do not have access to IP addresses. Naturally, they may be using their own software to check which IP addresses are visiting their website, but this information is not linked to Leadinfo.
How we make sure our systems stay available:
We have implemented various mechanisms and are constantly improving the monitoring of our networks, servers and applications. We monitor availability, errors, system behaviour, load and other resource usages.
We make regular backups of our customer data. And routinely test our recovery mechanisms and monitor backup integrity and backup processes run as expected.
We use AWS Availability Zones to build our production infrastructure to ensure that customer data is stored redundantly across multiple data centres.
In addition, our production infrastructure provisioning is fully automated. In case of lost server instances due to hardware failures or others, we can start replacements quickly and safely with automated procedures. Our technical support is always on call and will be alerted in cases of failures or warnings in the system.
We implement various industry best practices on securing our production infrastructure.
Access, changes to, provision and decommission of any servers or resources are logged in detail.
Databases, application instances, caches and other servers have been firewalled to only allow minimal required access both in our internal network and from outside.
Network monitoring of suspicious activity
We implement automated monitoring and logging of suspicious network activity, such as brute force attacks or denial-of-service attempts.
2FA access enforced
Two-factor authentication is required for accessing production resources.
Sharing and Disclosure
We do not share or disclose information to third parties except in certain situations. We may engage third-party companies service providers or business partners to process our data and to support our business. These include for example server and hosting providers, payment processors and customer service and management tools. We ensure that these third parties process your data with the utmost care and in accordance with the privacy legislation. Leadinfo does not mind you sharing data with third parties. However, you must inform the third parties about the source of this data and what they may or may not do with it in accordance with the law.
Change of ownership
We may disclose User Data to allow a change of ownership of Leadinfo (including, but not limited to, an acquisition by or merger with another company) and related transfer of all such information to the new owner, in which case any information remains protected in accordance with this Privacy Notice.
We may disclose personal data if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.
We also may disclose personal information in order to:
- protect Leadinfo from fraud, abuse or other criminal activity
- protect Leadinfo rights and property against third-party allegations and claims
- enforce our contracts and policies
- protect rights and safety of others
We keep your data as long as you remain as a Leadinfo User. You can request your user account to be removed by contacting our support at email@example.com. After removal, your data is kept for 30 days in our system backups. For legal reasons, we have to retain certain information for a longer period. This includes such information as billing and payments data.
EU General Data Protection Regulation (GDPR)
As an EU based company, we are committed to EU General Data Protection Regulation.
We do not collect any information from anyone under 13 years of age. Our website, products and services are all directed to people who are at least 13 years old or older.
Changes to this Privacy Notice
We will notify Leadinfo’s users of any non-trivial changes to the Privacy Notice via email.
Please feel free to contact us if you have questions regarding our privacy, this notice or practices. You can email us at firstname.lastname@example.org.
If you need a printed version of this information you can use the 'print' and 'save as PDF' option from your web browser.