How Leadinfo complies with GDPR and keeps your data safe

We understand that strong data protection requirements are an important element of GDPR. In our data processing agreement, we share our privacy commitments and the terms for Leadinfo and our customers to meet the GDPR requirements. Our customers will find the Data Processing Agreement in their Settings in our product. If you want to get a copy, please contact us at support@leadinfo.com.


Leadinfo matches the IP address of the visitor against a publicly available database of company data (such as the Chamber of Commerce). According to the GDPR, the IP address is considered to be private data, and there must be solid justification for its use. The justification is ‘own legitimate interest’, provided for in Article 6(1)(f) of the GDPR. This article states working with personal data is permitted if this serves a clear interest and privacy standards are maintained.


Marketing and analytics are considered to be legitimate interests, and Leadinfo only uses private data in a limited capacity. IP addresses are not saved, and only publicly accessible corporate data is shared with the users. This means that Leadinfo maintains privacy standards.


As a Leadinfo user, you are obliged to state these facts in your company’s privacy statement, as well as the register of data processing operations.


We have been and are continually training all our employees in data protection awareness.


All of our vendors have been reviewed, evaluating their compliance status, and arranging similar GDPR-ready data processing agreements with them, or stopped using their tools if we don't achieve a healthy level of compliance.

How we protect your data:

Employee contractual confidentiality: All our employees and contractors have clauses on confidentiality in their contracts


Restricted Access:
Only employees with the right permissions have access to our offices, and systems with sensible data are protected by two-factor authentication.


Device Management:
The workstations of our employees and contractors are protected by lock screens, disk encryptions and secure networks and firewalls.


Amazon Web Services:
All our servers and data are hosted on Amazon Web Services in Ireland. You can read about Amazon’s security features and compliance from:

https://aws.amazon.com/security/ & https://aws.amazon.com/compliance/.


Encryption:
Access to our websites, applications and APIs is always secured with HTTPS.


IP Addresses:
Directly after Leadinfo’s systems have received an IP address, matched company data is requested and shown in the portal. The IP addresses are not shown or stored. Leadinfo clients do not have access to IP addresses. Naturally, they may be using their own software to check which IP addresses are visiting their website, but this information is not linked to Leadinfo.


How we make sure our systems stay available:

Monitoring

We have implemented various mechanisms and are constantly improving the monitoring of our networks, servers and applications. We monitor availability, errors, system behaviour, load and other resource usages.


Backups

We make regular backups of our customer data. And routinely test our recovery mechanisms and monitor backup integrity, and backup processes run as expected.


Disaster recovery

We use AWS Availability Zones to build our production infrastructure to ensure that customer data is stored redundantly across multiple data centres.

In addition, our production infrastructure provisioning is fully automated. In case of lost server instances due to hardware failures or others, we can start replacements quickly and safely with automated procedures. Our technical support is always on call and will be alerted in cases of failures or warnings in the system.


Production infrastructure

We implement various industry best practices for securing our production infrastructure.


Detailed logging

Access, changes to, provision and decommission of any servers or resources are logged in detail.


Firewalls

Databases, application instances, caches and other servers have been firewalled to only allow minimal required access both in our internal network and from outside.


Network monitoring of suspicious activity

We implement automated monitoring and logging of suspicious network activity, such as brute force attacks or denial-of-service attempts.


2FA access enforced

Two-factor authentication is required for accessing production resources.


Sharing and Disclosure

We do not share or disclose information to third parties except in certain situations. We may engage third-party companies, service providers, or business partners to process our data and support our business. These include, for example, server and hosting providers, payment processors and customer service and management tools. We ensure that these third parties process your data with the utmost care and in accordance with privacy legislation. Leadinfo does not mind you sharing data with third parties. However, you must inform the third parties about the source of this data and what they may or may not do with it in accordance with the law.


Change of ownership

We may disclose User Data to allow a change of ownership of Leadinfo (including, but not limited to, an acquisition by or merger with another company) and related transfer of all such information to the new owner, in which case any information remains protected in accordance with this Privacy Notice.


Legal obligations

We may disclose personal data if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.

We also may disclose personal information in order to:

  • protect Leadinfo from fraud, abuse or other criminal activity

  • protect Leadinfo rights and property against third-party allegations and claims

  • enforce our contracts and policies

  • protect the rights and safety of others


Data Retention

We keep your data as long as you remain a Leadinfo User. You can request your user account to be removed by contacting our support at support@leadinfo.com. After removal, your data is kept for 30 days in our system backups. For legal reasons, we have to retain certain information for a longer period. This includes such information as billing and payment data.

Compliance

EU General Data Protection Regulation (GDPR). As an EU-based company, we are committed to EU General Data Protection Regulation. We do not collect any information from anyone under 13 years of age. Our website, products and services are all directed to people who are at least 13 years old or older.

Cookies

Leadinfo does not use third-party cookies to recognise companies, recognition is purely based on IP addresses. In addition to this recognition, Leadinfo shows analytical information. For this purpose, we place two first-party cookies, through which only the client gets access to information on how their visitors use the website. These cookies are not linked to other information, and nothing is shared with third parties. There is no consent required by law for the use of these particular cookies.

Changes to this Privacy Notice

We will notify Leadinfo’s users of any non-trivial changes to the Privacy Notice via email.

Contacting us

Please feel free to contact us if you have questions regarding our privacy, this notice or our practices. You can email us at support@leadinfo.com.

 

If you need a printed version of this information, you can use the 'print' and 'save as PDF' option from your web browser.