Privacy Policy
Personal Data Protection Policy - WEBHUNT SRL
Introduction
WEBHUNT SRL is committed to protecting the personal data of its employees, clients, partners, and other individuals it interacts with. This data protection policy explains how we collect, use, store, and protect personal data in accordance with Regulation (EU) 2016/679 (GDPR) and applicable national legislation. WEBHUNT acts both as a controller and a joint controller together with its B2B clients to determine the purposes and means of processing personal data.
- Collection and Processing of Personal Data
1.1 Types of Data Collected
- Identification Data: Name, surname, business email addresses, phone numbers, LinkedIn profile URLs.
- Professional Data: Job titles, employer information, relevant public posts from professional social networks, such as Github.com, LinkedIn.com and others alike.
1.2 Sources of Data Collection
- Public and Professional Sources: LinkedIn, LinkedIn Sales Navigator.
- Third-party Partners: Apollo.io, PeopleDataLabs.com, Zoominfo.com, PIPL.com, Zerobounce.com, OpenAI.com
- Processing Partners: Clay Labs Inc.
Each of the numbered partners publicly share a Privacy Policy where data subjects can request access to their data and exercise their legal rights.
1.3 Methods of Data Collection
- Manual and Automated Collection through APIs: We use APIs to automatically gather data from various sources.
- Verification and Validation of Data through the “waterfall enrichment” process: This process involves multiple data sources to ensure the accuracy and validity of collected data.
- Purposes of Personal Data Processing
2.1 Lead Generation
Identification and collection of data of individuals forming the Ideal Customer Profile (ICP) for our B2B clients. This involves collecting and processing data such as business email addresses, phone numbers, and LinkedIn profile URLs to identify potential leads.
2.2 Marketing Campaigns
Creation and sending of email campaigns and LinkedIn messages to evaluate the interest of targeted individuals in the products and services offered by our clients. This includes analyzing engagement metrics and responses to tailor future communications effectively.
2.3 Analysis of Public Posts
Collection and analysis of information from public posts to discover the interest of targeted individuals. This helps us understand potential leads’ interests and needs, enabling us to create more targeted and relevant marketing campaigns.
- Legal Grounds for Data Processing
3.1 Execution of a Contract (Art. 6(1)(b) GDPR)
Processing personal data of clients and business partners for providing contracted services. This includes activities such as lead generation and marketing campaigns executed on behalf of our clients.
3.2 Legitimate Interest (Art. 6(1)(f) GDPR)
Processing contact data collected from public sources for lead generation and B2B marketing activities. We act on our Client’s legitimate interest in promoting their services and products, facilitating business growth through effective marketing strategies.
We conduct Legitimate Interest Assessments for all our data subjects, by following the GDPR guideline (including the 3-part-test) to ensure our communication is on-point, relevant, respectful and with minimum impact on our data-subject’s rights.
- Data Storage and Security
4.1 Storage Locations and Infrastructure
- Data Management Applications: Data is stored in cloud applications such as AIRTABLE.COM, secured through VPN and encryption.
- Data Retention Period: Data is kept for a period of 90 days after being delivered to our clients, ensuring compliance with data minimization and storage limitation principles.
4.2 Technical Security Measures
- Two-Factor Authentication (2FA): Implemented at each source of information used by WEBHUNT, including LinkedIn Sales Navigator, Apollo.io, GoDaddy, and other platforms. This adds an extra layer of security by requiring a second form of verification.
- Encryption: Data is encrypted on proprietary servers and during transfer using end-to-end encryption and SHA256. This ensures that data is unreadable to unauthorized individuals.
- Secure Transfer: Data is transferred exclusively through secure download links using services like Google Drive or Dropbox. This prevents unauthorized access during data transmission. Data transfers via external devices is prohibited.
- Secured VPN: Use of a VPN with a dedicated cloud account secured through encryption for data storage. This provides a secure tunnel for data transfer and access.
- Activity Monitoring and Access Logging: We use monitoring and logging software to monitor user activities. This helps in detecting and responding to any suspicious activities promptly.
- Role-Based Access Control (RBAC): We implement restricted and monitored access to sensitive data. This ensures that only authorized personnel have access to sensitive information.
4.3 Data Verification and Validation
- Waterfall Enrichment: To ensure data accuracy, WEBHUNT uses a process called “waterfall enrichment,” involving multiple partners for verifying and validating business email addresses.
- Rights of Data Subjects
WEBHUNT respects the rights of data subjects according to Articles 12-23 of GDPR, including:
- Right of Access: Individuals can request access to their personal data.
- Right to Rectification: Individuals can request corrections to inaccurate or incomplete data.
- Right to Erasure: Individuals can request the deletion of their personal data.
- Right to Restriction of Processing: Individuals can request a restriction on the processing of their data.
- Right to Data Portability: Individuals can request to receive their data in a structured, commonly used, and machine-readable format.
- Right to Object: Individuals can object to the processing of their data in certain circumstances.
Requests regarding data access, rectification, erasure, restriction, data portability, or objection should be sent to [email protected].
DPO Contact:
Leonard Dumitru
+40774008831
[email protected]
- Security Incident Management
In the event of security incidents, WEBHUNT will promptly report to the National Supervisory Authority for Personal Data Processing (ANSPDCP) and the National Cyber Security Directorate (DNSC) in accordance with the internal procedure. Incidents will be documented and analyzed to prevent future occurrences.
- Data Transfer Outside the EU
WEBHUNT transfers data to countries outside the EU for services provided by the following entities, which are certified under the EU-U.S. Data Privacy Framework.
This ensures that the data receives an adequate level of protection. You may consult https://www.dataprivacyframework.gov/ to verify each of the join-controllers specified below.
- Joint Controllers
WEBHUNT collaborates closely with its clients, acting as a joint-controller to decide together why and how your personal information is processed. This collaboration is essential to ensure GDPR compliance and adequate data protection.
| Name | Role | Responsibilities | Country of Origin |
|---|---|---|---|
| GoDaddy Operating Company, LLC | Processor | Hosting services provider. Stores website data and ensures hosting infrastructure security. | USA |
| Zenleads Inc. (dba Apollo.io) | Processor | Collects and enriches personal data via APIs. Verifies and validates business email addresses. | USA |
| LinkedIn Corporation | Joint Controller | Public data source for collecting information about targeted individuals. | USA |
| Google LLC | Joint Controller | Provides Google Analytics for monitoring web traffic and collecting analytical data about site visitors. | USA |
| OpenAI Ireland Limited | Processor | Provides data enrichment and personalization services for marketing campaigns. | Ireland |
| PeopleDataLabs.com | Processor | Collects additional contact data and provides APIs for quick access to updated information. | USA |
| Zoominfo.com | Processor | Finalizes the “waterfall enrichment” process through additional verification and contact data completion. | USA |
| Microsoft | Joint Controller | Provides cloud services and productivity solutions (e.g., Azure, Office 365). | USA |
| ZeroBounce | Processor | Verifies and validates email addresses to ensure data accuracy and quality. | USA |
- Policy Review
WEBHUNT SRL periodically reviews this policy to ensure continuous compliance with legal requirements and best practices in personal data protection. Policy updates are communicated to all relevant stakeholders to ensure they are aware of any changes and can adapt their practices accordingly.