Dealintent & GDPR Readiness
The General Data Protection Regulation (the “GDPR”) is an important legislation in the space of privacy and data protection. In this page, we address our commitment to adhering to the GDPR, how we are implementing it, and how these changes affect you, as our customers.
What is GDPR?
The GDPR is the European Union’s (“EU”) primary data protection and privacy law, which took effect on May 25th, 2018. The GDPR was conceptualized to protect and strengthen the right to data protection of EU individuals, and give them a greater say in how organizations collect and handle their personal data. The regulation modernized and replaced the age-old 1995 Data Protection Directive to keep pace with rapid technological developments and globalization, which have significantly changed the way personal data is collected, accessed and used.
Whom Does the GDPR Apply to?
The applicability of the GDPR extends far beyond the EU, to regulate the processing of personal data by organizations located outside the EU as well, if they offer goods or services to, or monitor the behavior of, EU individuals. It applies to all organizations processing and holding the personal data of EU individuals, regardless of the organization’s location.
What Constitutes Personal Data under the GDPR?
Personal data is any information related to an identified or identifiable natural person or ‘data subject’. This could be anything from a name, a photo, an email address, bank details, posts on social networking websites, location, or a computer IP address.
What Constitutes Dealintent Enrichment Data?
Dealintent Enrichment Data is any personal data obtained by us from public data platforms and from third-party partners to prepare profile enrichment and personality insights of our customer’s prospects and any other individuals or groups of persons.
What is Dealintent’s role as a controller for Dealintent Enrichment Data?
Dealintent will be the controller of Dealintent Enrichment Data. We will process this data as per our privacy policy. It is our responsibility to ensure compliance with GDPR as a controller. If an individual’s personal data is a part of Dealintent Enrichment Data, they can, inter alia, exercise the following rights by contacting us at hello@dealintent.com.
- Right to access and correct their personal data;
- Right to object or restrict the processing;
- Right to request erasure of their personal data.
In addition, such individuals also have the right to opt-out of processing or complain to a data protection authority about our collection and use of their personal data.
What is the legal basis for the data we process as a Controller?
Personal Data that we process as Controller
Legal basis for processing
User Data
We process our customers’ users’ contact information like full name, email address to be able to provide our products and services to our customers. For example, we use such information to verify their identity and help them log into our services.
Our legal basis for such processing is that it is
- necessary for the performance of our contract with our customers;t
- he consent of such users when they provide us with such data;
- our legitimate interests like protecting our products and services against fraud, and marketing our products to individuals, except where we are required by applicable law to obtain their consent.
Dealintent Enrichment Data
We use personal data like name, email address, phone number, designation, resume, interests that an individual may share on a public platform for profiling such individuals and to create assessment reports like personality overview and personalization insights.
Our legal basis for such processing is:
- our legitimate interests to offer products and services that aid in having a contextual relationship with prospective customers to thereby avoiding spamming or making effective selling propositions.
- our legitimate interests to improve the efficiency of our products and services;
To know more about how we process personal data as a controller you can visit our privacy policy available at https://www.dealintent.com/privacy-policy
What is Dealintent’s role with respect to processing its customers’ data?
We will be the processor of our customers’ data that is transmitted to us and the customer will be the controller. What this means is that we will process any personal data that our customer transmits to us only on our customer’s behalf. While it is the responsibility of the customer to ensure compliance with GDPR as a controller, Dealintent will, as a processor, enable the customer in its compliance in accordance with the agreements signed with the customer.
Commitment of Dealintent towards GDPR compliance
At Dealintent, we are committed to provide our customers as well as other individuals who interact with us, privacy and security in line with international best-practices and regulations. We understand we receive critical data from you and we want to make sure that you have access to all the details you require in understanding how we protect the data that you share with us.
Here are some of the steps we have taken towards GDPR compliance:
- Contractual Commitments
- Data Processing Agreements: We are required to implement contractual commitments with our customers as a part of GDPR’s requirements for processors. Our standard customer agreements include Data Processing Agreements that automatically apply to personal data originating in the EU when you purchase a license for our products. We work extensively with our legal team to ensure that such agreements are up-to-date and incorporate and reflect all continuing developments in the EU’s data protection law. You can find our Customer Data Processing Agreement here: https://www.dealintent.com/dpa
- Standard Contractual Clauses: Standard Contractual Clauses (“SCCs”) are one of the approved transfer methods to be put in place beforehand to ensure that protection guaranteed within the EU travels with personal data when it is transferred to a third country outside the EU. The SCCs are a set of compulsory clauses published by the EU Commission on 4 June, 2021 and are required to be included in contracts between data exporters and data importers. These SCCs are incorporated, as a default, in our Data Processing Agreements.
- Security Measures: We implement appropriate technical and organizational measures to protect customer data in our possession and to ensure that we serve our customers with secure products. You may request access to our security policy by writing to us at hello@dealintent.com
- Internal policies on data protection: We have established internal policies, guidelines and processes concerning the handling of personal data by our employees including policies on confidentiality, incident management, access control, endpoint security, data backup and vendor management.
- Right to Opt-out of processing for Dealintent Enrichment Data: Any individual who does not want their personal data to be a part of Dealintent Enrichment Data can opt out by simply sending an email to hello@dealintent.com. If an individual has exercised this option, we stop such processing of their personal data within 24 hours of receiving such a request. We maintain a do-not-disturb list of such individuals to ensure that we do not process their personal data in the future as well.
- Right to Opt-out of marketing communication: We only send marketing and promotional emails where we have obtained consent as required in the EU. Such emails also provide for an opt-out mechanism. We maintain a do-not-disturb list of recipients that have unsubscribed to our marketing communications.
- Updated privacy policy: We ensure that our privacy policy is periodically updated in line with the emerging requirements of data protection laws for the processing activities we undertake as a controller. You can read our privacy policy here.
- Accountability and Governance: We recognize the need to ensure that our employees understand the importance of data protection and are trained on the basic principles of GDPR. We extend training programs to our employees who handle personal data in the course of their employment in order to familiarize them with GDPR compliance. We also ensure that we implement measures to demonstrate that we fulfill obligations under GDPR.
- Assessments: We understand that compliance with GDPR is an ongoing process. In furtherance of our commitment to this we have internal assessments to ensure that our processing of an individual’s personal data does not override the interests, fundamental rights and freedoms of such individuals in relation to protection of their personal data.
- Onward compliance: We conduct the required due diligence to evaluate the security, privacy and confidentiality practices of our vendors prior to engaging them and execute agreements that impose GDPR-equivalent obligations on them.
If ever you need to know more about our commitment to GDPR compliance, please send an email to hello@dealintent.com.
Disclaimer
The content above is provided for informational purposes only. The information shared here is not meant to serve as legal advice. You should work closely with your legal and other professional counsel to determine exactly how GDPR may or may not apply to you and compliance with GDPR as applicable to you.