This article tries to answer most frequently asked questions by OxyLeads customers regarding GDPR compliance. It is intended for general information purposes only and does not constitute legal advice. We recommend seeking specific legal advice by own legal counsel regarding any legal issues related to GDPR application or requirements.
What is the GDPR?
The General Data Protection Regulation (“GDPR”) is a new European privacy regulation that came into force on 25th of May 2018 and replaced the EU Data Protection Directive 95/46/EC. The GDPR aims to strengthen the security and protection of personal data in the EU and harmonize EU data protection law.
To whom does the GDPR apply?
GDPR applies to all entities established in the EU.
GDPR also applies to all entities that are not established in EU whose data processing activities are related to:
- the offering of goods or services to data subjects in the EU;
- the monitoring of data subjects’ behavior that takes place within the EU.
Does OxyLeads comply with the GDPR?
Yes, we do. We are based outside of EU and we do not monitor the behavior of data subjects in EU, however, we have business customers in EU and we offer our services there. This means that GDPR applies to our activities related to processing data of our EU customers. Our privacy team is reviewing our current service features and practices to ensure we are compliant with GDPR requirements.
Is OxyLeads a data controller?
In all cases where we provide services to our customers or process customer data OxyLeads acts as a data controller. Usually, the processing of customer data is necessary for providing our services or to be compliant with legal obligations. In other cases, we ask for our customers’ consent or base processing activities on our legitimate interests.
Moreover, OxyLeads is a data controller in terms of data of our B2B leads.
If you are based in EU and use OxyLeads services for commercial purposes, you are also a data controller and are subject to GDPR requirements.
What about the data of our B2B leads?
The data of our B2B leads comes from publicly available sources. We collect this data under the legal basis of our legitimate interests to provide easily accessible and manageable information about companies, decision makers and other important people in B2B relationships.
Please note that we have no direct relationship with EU based data subjects that can be found while using OxyLeads services. We do not offer any services to them and we do not monitor their behavior (as it is described in GDPR recitals 23 and 24), therefore GDPR does not apply to us when we process B2B leads data.
However, the GDPR might apply to you, if you are using our database to offer goods and services to data subjects based in EU or if you are based in EU.
As we want to help our clients be compliant with all applicable data protection laws, we provide additional information about the data that we process in our databases:
- we do not process any information concerning EU data subjects’ personal life – we only process their professional details (such as professional email, position, employer);
- the professional details that we process are already publicly available (e. g., they are accessible and can be found on companies’ websites or professional social networks);
- we take reasonable and appropriate measures to protect all personal data. Secured infrastructure, secure communication channels, and encryption serve to maintain the confidentiality of data.
How can OxyLeads customers become GDPR compliant?
If GDPR applies to your activities, we suggest taking into consideration the following requirements:
- the requirement to provide specific information to data subjects, if their data have been obtained from other data sources than from themselves (Article 14 of GDPR);
- the requirement to facilitate the exercise of data subject rights (Article 12, 15 – 22 of GDPR);
- the requirement to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk (Article 32 of GDPR).
As a data controller, you might be subject to other GDPR requirements, but the ones provided above in our opinion are the most important.
How OxyLeads helps customers to be compliant with GDPR?
- the right to get familiar with own personal data that we process;
- the right to demand correcting incorrect, inaccurate or incomplete data;
- the right to demand erasing personal data or restricting the processing of personal data when personal data is processed without complying with legal requirements or when there is another legal basis;
- the right to data portability;
- the right to object to processing of own personal data.
What if I need more information?
If you have any privacy-related questions, please contact us at [email protected].