This article will answer some of your legal questions about Leadfeeder's Sales Intelligence CRM integration. Read below to learn more!
Quick Links:
Is it GDPR compliant to push contact records from Leadfeeder to the customer's own CRM system?
Please note that Leadfeeder does not provide legal advice. In principle, it is your responsibility to check that the data processing you carry out complies with applicable law.
As you may know, under most data protection legislation, such as the GDPR, a company must have a legal basis for processing personal data. If it does not have a legal basis for processing personal data and does so anyway, this processing is unlawful and may (if discovered) lead to fines, legal proceedings and other negative consequences.
In principle, the data processing of your customers or future customers (e.g. in your CRM) falls under Article 6 (1) lit. b GDPR (data processing for contract fulfillment). In this case, the data subjects have actively commissioned you and expect their data to be processed in connection with the services you provide.
In the case of contacts who are not yet customers or concrete future customers, i.e. there is no direct customer relationship, you may be able to rely on a ‘legitimate interest’ within the meaning of Article 6 (1) lit. f f of the GDPR.
What does it mean to invoke a ‘legitimate interest’?
Relying on ‘legitimate interests’ means that a company may collect and process personal data if
They have a legitimate reason for doing so AND
Their interest or right to process the data is stronger than the individual's interest in protecting their privacy (balancing test)
While the GDPR explicitly mentions sales and marketing activities as an example of lawful use (see recital 47 of the GDPR), the balancing test must be carried out for each individual person and cannot be generalized.
Does Leadfeeder process our CRM data in a legally compliant manner?
Leadfeeder processes all personal data shared with us via the CRM integration as a data processor in accordance with our Data Processing Agreement ("DPA") and the requirements of Article 28 GDPR. Our Data Processing Agreement (DPA) is based on the Standard Contractual Clauses published by the European Commission.
Leadfeeder's DPA governs this processing activity and the CRM integration is explicitly mentioned under "Section 2 - Subject matter and duration of data processing". Leadfeeder is therefore contractually and legally obliged not to use its customers' personal data for its own purposes. Leadfeeder strictly adheres to these requirements.
How does the data flow between Leadfeeder and the customer's own CRM system work?
Leadfeeder copies the data from the customer's own CRM system and compares it with the Leadfeeder database to establish relationships. In addition, Leadfeeder allows Leadfeeder users to create records in the customer's own CRM.
Leadfeeder stores the customer's own CRM data so that it can be matched, viewed and new records created.There is a regular sync that synchronizes the CRM database with the Leadfeeder database.
What data is copied by Leadfeeder from the customer's own CRM?
Data is currently copied from the objects
Accounts
Contacts
Leads
Tasks
Opportunities
When does Leadfeeder delete the data?
The data that Leadfeeder synchronizes from the customer's CRM system is stored on Leadfeeder's AWS servers in encrypted form (in transit and at rest).
If the Leadfeeder user decides to remove the CRM integration from Leadfeeder, Leadfeeder will delete all data that we have synchronized from the customer's CRM from their servers.
How often does Leadfeeder query the customer's CRM data?
Leadfeeder queries the customer's own CRM data daily to check for changes and synchronize any new records with the Leadfeeder database.
Does the data go to third parties?
No, apart from the sup-processors identified in the DPA.
--
Questions, comments, feedback? Please let us know by contacting our support team via the chat or by sending us an email at support@leadfeeder.com.