Leadfeeder and Data Processing:
The way Leadfeeder processes data is compliant with GDPR legislation.
Leadfeeder uses Google Analytics data to show you the companies that visit your website. This business data is captured by default in Google Analytics, Leadfeeder just makes the data more accessible. Leadfeeder then enriches that company data with contact data for individuals from publicly available data sources. Our data partners for contact data include Hunter and Full Contact.
Strong data protection commitments are a key part of the GDPR’s requirements. Our data processing agreement shares our privacy commitments and sets out the terms for Leadfeeder and our customers to meet the GDPR requirements. Our customers will find the Data Processing Agreement in their Settings in the tool. If you want to get a copy, please contact us at email@example.com.
We have been and are continually training all our employees in data protection awareness. Additionally, a select number of employees are CIPP/E and CIPM trained and certified.
All of our vendors have been reviewed, evaluating their compliance status, and arranging similar GDPR-ready data processing agreements with them, or stopped using their tools if we don't achieve a healthy level of compliance.
Google is committed to following the GDPR. Read more about Google Analytics data privacy and security here.
Using Leadfeeder and complying with the GDPR
If you use Leadfeeder and want to comply with the GDPR we recommend you do the following:
- State your usage of Leadfeeder in the same places you state your usage of Google Analytics
- State your usage of Leadfeeder in any places you list your usage of tracking and cookies
Leadfeeder and Privacy
These are the details of what information Leadfeeder collects about you, how we use it and what are your rights and choices.
We collect information from our Service users and visitors to our website. The information is collected in order to provide the Service.
From users who sign-in to our Service we collect the following information:
Automatically collected information
If you are visiting our websites or accessing our applications, we collect the following information provided by your browser or mobile device:
- Pages accessed
- Time of visit
- Time of last visit
- Name of the owner of the IP address
- Reverse domain of the IP address
- Referring site, application, or service, including the relevant search queries that led you to Leadfeeder’s website
- Browser information
- Operating system and device information
- IP address (from users signing in to the service, for security purposes)
Cookies and tracking
Cookies are also used to store current session/login information for the Service.
In the interests of transparency and fairness, we're keeping an up to date documentation of the cookies used on website and Service. For the purposes of this documentation actual cookies, localStorage and session storage entities are treated the same. These details can be found here: https://www.leadfeeder.com/cookies-and-tracking/
How are we using the data
We use User Data:
To provide the Service.
We use User Data in delivery, maintenance and enhancement of the Service, to provide support and to prevent or address technical or security issues.
To communicate with you
We may send you service-related messages and notifications. These include notifications that are part of the service. You can fully control what and when to receive these types of notifications. We also send administrative messages regarding your Leadfeeder subscriptions, technical status updates and other related notifications.
We may also send you messages or call you regarding new product features and helpful tips on using the product and to offer training and support. You can opt-out from such messages and calls at any time.
For payments and billing
We collect payment and billing data from Leadfeeder Premium customers for fulfilment of payments for the Service.
For improvement of the Service and analytics
To help improve the Service, our website and to develop new features and functionality we collect and analyse usage information. Processing User Data for analytics purposes is done in aggregated or anonymised form.
We process User Data only where:
- Processing User Data is necessary for providing the Service.
- Processing is necessary to comply with a legal obligation.
- Processing is in legitimate interests of Leadfeeder, but not in conflict of our users' rights.
If you no longer wish to receive our newsletter or other promotional messages, you can opt-out of receiving them by following the instructions included on such messages.
You can request a copy, correction or deletion of your personal data by emailing firstname.lastname@example.org. We will respond to your request within 30 days.
You can object to our processing of your personal data at any time. For any requests or concerns, please contact our Data Protection Officer at email@example.com. If you are unsatisfied with the response you have the right to lodge a complaint with your supervisory authority.
Customer data is only accessible by those who need to access it for their work, for example, Technical support.
Employee contractual confidentiality
All our staff contracts have clauses on confidentiality.
Access to customer data is logged
Access by our staff to any customer data is logged in detail.
Security & privacy policies
We have internal security and privacy policies in place to support our staff with dos and don’ts of handling customer data.
We enforce and implement the following practices on staff workstations and mobile devices
- Disk encryption
- Lock screens
- Mobile device remove wipe/management
- Secure networks and firewalls
Security & privacy training
All our staff members receive security and privacy training at on-boarding and on an ongoing basis.
Amazon Web Services
All our servers and data are hosted on Amazon Web Services, USA and Ireland.
You can read about Amazon’s security features and compliance from:
https://aws.amazon.com/security/ & https://aws.amazon.com/compliance/
Access to our websites, applications and APIs is always secured with HTTPS.
Any data transferred to and from our integrations is encrypted.
Where applicable, intra application communication is also encrypted.
Our databases, logs, caches and other storage where we keep customer data are encrypted at rest.
- At rest, AES-256 encryption is used.
- Transit in and out of Leadfeeder systems is always HTTPS encrypted (TLS 1.2 – 1.0. RSA with AES128 GCM SHA256)
- Intra-application transit, inside our production network is AES-256 encrypted.
We implement various mechanisms and are constantly improving monitoring of our networks, servers and applications. We monitor errors, availability, system behaviour, load and other resource usage.
We backup our customer data hourly, daily and weekly. We routinely test our recovery mechanisms and monitor backup integrity and backup processes run as expected.
Our production infrastructure is built on fault-tolerant systems that ensure that customer data is stored redundantly across multiple data centres (AWS Availability Zones).
In addition, our production infrastructure provisioning is fully automated. In case of lost server instances due to hardware failures or others, we can start replacements quickly and safely with automated procedures.
Our technical staff is always on call and will be alerted in cases of failures or warnings in the system.
We implement various industry best practices on securing our production infrastructure.
2FA access enforced
Two-factor authentication is required for accessing production resources.
Databases, application instances, caches and other servers have been firewalled to only allow minimal required access both in our internal network and from outside.
Network monitoring of suspicious activity
We implement automated monitoring and logging of suspicious network activity, such as brute force attacks or denial-of-service attempts.
Access, changes to, provision and decommission of any servers or resources are logged in detail.
With Leadfeeder’s privileges and access controls you can manage who can access and which data.
Users can be configured to have limited access or privileges to make changes to Leadfeeder settings.
Google and Microsoft login
We currently support Google (GSuite) and Microsoft Office 365 federated login methods.
We store our data in Amazon Web Services (https://aws.amazon.com) data centres in the USA and Ireland.
As the data is transferred to outside the EU, we need to make sure that the data recipients are bound by data privacy responsibilities as stringent as those in force in the EU. Amazon.com Inc., including Amazon Web Services Inc. is certified under EU-U.S. Privacy Shield framework, which is a framework for ensuring that U.S. companies uphold data privacy at the same level as companies in EU and offer you as the data subject the same rights in regards to your data.
Sharing and Disclosure
We do not share or disclose information to third parties except in the following situations:
User instructions or consent
Information may be disclosed to third-parties if we are explicitly instructed to do so by the user, or by user consent.
Third-party service providers
We may engage third-party companies service providers or business partners to process our data and to support our business. These include for example server and hosting providers, payment processors and customer service and management tools. We ensure that these third parties process your data with utmost care and in accordance with the privacy legislation.
An up-to-date list of our processors is available on request from firstname.lastname@example.org.
Change of ownership
We may disclose User Data to allow a change of ownership of Leadfeeder (including, but not limited to, an acquisition by or merger with another company) and related transfer of all such information to the new owner, in which case any information remains protected in accordance with this Privacy Notice.
We may disclose personal data if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.
Enforcement of our rights, prevention of fraud, and for safety
We also may disclose personal information in order to:
- protect Leadfeeder from fraud, abuse or other criminal activity
- protect Leadfeeder rights and property against third-party allegations and claims
- enforce our contracts and policies
- protect rights and safety of others
We keep your data as long as you remain as a Leadfeeder User. You can request your user account to be removed by contacting our support at email@example.com. After removal, your data is kept for 7 days in our system backups. For legal reasons we have to retain certain information for a longer period. This includes such information as billing and payments data.
EU General Data Protection Regulation (GDPR)
As an EU based company with thousands of customers in the EU, we are committed to EU General Data Protection Regulation.
We do not collect any information from anyone under 13 years of age. Our website, products and services are all directed to people who are at least 13 years old or older.
Changes to this Privacy Notice
We will notify Leadfeeder users of any non-trivial changes to the Privacy Notice via email.
Data Protection Authority
Finnish Data Protection Authority:
Office of the Data Protection Ombudsman
Please feel free to contact us if you have questions regarding our privacy, this notice or practises. You can email us at firstname.lastname@example.org.
If you need a printed version of this information you can use the 'print' and 'save as PDF' option from your web browser.