GDPR, privacy, and security summary

The way Leadfeeder processes data is compliant with GDPR legislation.

Leadfeeder Tracker collects data to our Amazon Web Services infrastructure. All data is encrypted on transfer and at rest.

We collect the behavioral data of all website visitors. This includes; pages viewed, visitor source and time spent on the site.

The visitor IP address is collected to detect the company and geographic location. Leadfeeder only shows company visits; we automatically filter out all users visiting from residential IP addresses. All visit data is aggregated on the company level.

Leadfeeder also enriches that company data with contact data for individuals from publicly available data sources. Our data partners for contact data include Hunter and Full Contact.

Strong data protection commitments are a key part of the GDPR’s requirements. Our data processing agreement shares our privacy commitments and sets out the terms for Leadfeeder and our customers to meet the GDPR requirements. Our customers will find the Data Processing Agreement in their Settings in the tool. If you want to get a copy, please contact us at privacy@leadfeeder.com.

We have been and are continually training all our employees in data protection awareness. Additionally, a select number of employees are CIPP/E and CIPM trained and certified.

All of our vendors have been reviewed, evaluating their compliance status, and arranging similar GDPR-ready data processing agreements with them, or stopped using their tools if we don't achieve a healthy level of compliance.

If you use Leadfeeder and want to comply with the GDPR we recommend you do the following:

Leadfeeder tracker script sets the following cookies into the visitor's browser:

_lfa

Detailed description in this article.

Expires in 2 years

_lfa_consent

If your website has enabled the consent manager support for Leadfeeder, the visitor consent status is stored to this cookie.

Expires in 2 years

_lfa_test_cookie_stored

A cookie that is only temporarily used to check if the browser supports cookies or not. This cookie might show up in a cookie scanner for your consent management platform.

Expires immediately

_lfa_expiry

A local storage variable to store the duration for the Leadfeeder clientID stored in browser LocalStorage.

These are the details of what information Leadfeeder collects about you, how we use it, and what are your rights and choices.

User Data

We collect information from our Service users and visitors to our website. The information is collected in order to provide the Service. 

User-provided information

From users who sign-in to our Service we collect the following information:

Automatically collected information

If you are visiting our websites or accessing our applications, we collect the following information provided by your browser or mobile device:

Cookies and tracking

We use cookies on our websites and applications.

Cookies are small files that a site or its service provider transfers to your computers hard drive through your Web browser (if you allow) that enables the site or service provider's systems to recognize your browser, capture and remember certain information. We use cookies to compile aggregate data about site and application traffic and interaction so that we can offer better experience and tools in the future. We may contract with third-party service providers to assist us in better understanding our site visitors. These service providers are not permitted to use the information collected on our behalf except to help us conduct and improve our business.

Cookies are also used to store current session/login information for the Service.

In the interests of transparency and fairness, we're keeping an up to date documentation of the cookies used on website and Service. For the purposes of this documentation actual cookies, localStorage and session storage entities are treated the same. These details can be found here: https://www.leadfeeder.com/cookies-and-tracking/

We use User Data:

To provide the Service.

We use User Data in delivery, maintenance and enhancement of the Service, to provide support and to prevent or address technical or security issues.

To communicate with you

We may send you service-related messages and notifications. These include notifications that are part of the service. You can fully control what and when to receive these types of notifications. We also send administrative messages regarding your Leadfeeder subscriptions, technical status updates, and other related notifications.

We may also send you messages or call you regarding new product features and helpful tips on using the product and to offer training and support. You can opt-out from such messages and calls at any time.

For payments and billing

We collect payment and billing data from Leadfeeder Premium customers for fulfilment of payments for the Service.

For improvement of the Service and analytics

To help improve the Service, our website and to develop new features and functionality we collect and analyse usage information. Processing User Data for analytics purposes is done in aggregated or anonymised form.

We process User Data only where:

If you no longer wish to receive our newsletter or other promotional messages, you can opt-out of receiving them by following the instructions included on such messages.

You can request a copy, correction or deletion of your personal data by emailing privacy@leadfeeder.com. We will respond to your request within 30 days.

You can object to our processing of your personal data at any time. For any requests or concerns, please contact our Data Protection Officer at privacy@leadfeeder.com. If you are unsatisfied with the response you have the right to lodge a complaint with your supervisory authority.

Security

Confidentiality
Employee access
Customer data is only accessible by those who need to access it for their work, for example, Technical support.

Employee contractual confidentiality
All our staff contracts have clauses on confidentiality.

Access to customer data is logged
Access by our staff to any customer data is logged in detail.

Internal practices
Security & privacy policies
We have internal security and privacy policies in place to support our staff with dos and don’ts of handling customer data.

Device management
We enforce and implement the following practices on staff workstations and mobile devices

Security & privacy training
All our staff members receive security and privacy training at on-boarding and on an ongoing basis.

Data Centres
Amazon Web Services
All our servers and data are hosted on Amazon Web Services within EU/EEA area.

You can read about Amazon’s security features and compliance from:  
https://aws.amazon.com/security/ & https://aws.amazon.com/compliance/

Encryption
Transit
Access to our websites, applications and APIs is always secured with HTTPS.

Any data transferred to and from our integrations is encrypted.  

Where applicable, intra application communication is also encrypted.

At rest:
Our databases, logs, caches and other storage where we keep customer data are encrypted at rest.

Technical details

Availability

Monitoring
We implement various mechanisms and are constantly improving monitoring of our networks, servers and applications. We monitor errors, availability, system behaviour, load and other resource usage.  

Backups
We backup our customer data hourly, daily and weekly. We routinely test our recovery mechanisms and monitor backup integrity and backup processes run as expected.

Disaster recovery
Our production infrastructure is built on fault-tolerant systems that ensure that customer data is stored redundantly across multiple data centres (AWS Availability Zones).   

In addition, our production infrastructure provisioning is fully automated. In case of lost server instances due to hardware failures or others, we can start replacements quickly and safely with automated procedures.  

Our technical staff is always on call and will be alerted in cases of failures or warnings in the system.

Production infrastructure

We implement various industry best practices on securing our production infrastructure.

2FA access enforced
Two-factor authentication is required for accessing production resources.

Firewalls
Databases, application instances, caches and other servers have been firewalled to only allow minimal required access both in our internal network and from outside.

Network monitoring of suspicious activity
We implement automated monitoring and logging of suspicious network activity, such as brute force attacks or denial-of-service attempts.

Detailed logging
Access, changes to, provision and decommission of any servers or resources are logged in detail.

Product

With Leadfeeder’s privileges and access controls you can manage who can access and which data.

User privileges
Users can be configured to have limited access or privileges to make changes to Leadfeeder settings.

Google and Microsoft login
We currently support Google (GSuite) and Microsoft Office 365 federated login methods.

Location

We store our data in Amazon Web Services (https://aws.amazon.com) data centres within EU/EEA area.

Sharing and Disclosure

We do not share or disclose information to third parties except in the following situations:

User instructions or consent

Information may be disclosed to third-parties if we are explicitly instructed to do so by the user, or by user consent.

Third-party service providers

We may engage third-party companies service providers or business partners to process our data and to support our business. These include for example server and hosting providers, payment processors and customer service and management tools. We ensure that these third parties process your data with utmost care and in accordance with the privacy legislation.

An up-to-date list of our processors is available on request from privacy@leadfeeder.com.

Change of ownership

We may disclose User Data to allow a change of ownership of Leadfeeder (including, but not limited to, an acquisition by or merger with another company) and related transfer of all such information to the new owner, in which case any information remains protected in accordance with this Privacy Notice.

Legal obligations

We may disclose personal data if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.

Enforcement of our rights, prevention of fraud, and for safety

We also may disclose personal information in order to:

Data Retention

We keep your data as long as you remain as a Leadfeeder User. You can request your user account to be removed by contacting our support at support@leadfeeder.com. After removal, your data is kept for 7 days in our system backups. For legal reasons we have to retain certain information for a longer period. This includes such information as billing and payments data.

EU General Data Protection Regulation (GDPR)

As an EU based company with thousands of customers in the EU, we are committed to EU General Data Protection Regulation. 

Changes to this Privacy Notice

We will notify Leadfeeder users of any non-trivial changes to the Privacy Notice via email.

Data Protection Authority

Finnish Data Protection Authority:
Office of the Data Protection Ombudsman
https://tietosuoja.fi/en/contact-information

Please feel free to contact us if you have questions regarding our privacy, this notice or practises. You can email us at privacy@leadfeeder.com.

If you need a printed version of this information you can use the 'print' and 'save as PDF' option from your web browser.

RELATED: