Web Project s.r.o. ID No.: 28596935, registered seat at Dlouhá 730/35, Prague 1 - Old Town, 110 00, the Czech Republic, incorporated in the Commercial register maintained by the Municipal Court in Prague, section C, file 306366 (collectively, "Leadspicker," "we," or "us") offers a sales engagement platform called "Leadspicker" that aims to help businesses improve their marketing strategies by effectively engaging with potential prospects and other interested parties. Leadspicker may provide other services involving data and marketing as well. User's privacy is the most important goal, so the private policy describes the rights that apply to the information clients submit to us or that we collect and use to provide our Services as defined below.
Leadspicker's Services are defined as the sales engagement platform "Leadspicker," provided to clients based on Terms of Service of Leadspicker platform that is offered, made available, and facilitated through the website www.leadspicker.com. Any services or content provided through a website or app that is owned and operated by a third party are not considered part of Leadspicker's "Services."
By accessing the Service, you acknowledge the collection, use, disclosure and other handling of your information as described below.
I. Opening statements
We process personal data in order to fulfill contracts with clients and on the basis of legitimate interest. We only process it to the extent necessary for the purpose. We process and manage personal data through computer systems and the computer systems of our processors.
Our legitimate interest is therefore to enter into a contract with a client and to provide the client with Services, and furthermore, after the contract has been fulfilled, it is a legitimate interest to protect our rights arising from our relationship with the client.
The data provided is an essential element of the contract and must therefore be provided in order to conclude such a contract. The only ramification of non-providing of personal data is the inability to conclude and fulfill the contract and to provide Services.
According to Art. 21 of the General Data Protection Regulation (GDPR), a data subject can express an objection. In case a data subject expresses an objection against the processing of personal data for the abovementioned purposes, the controller shall not process personal data of the data subject for such purposes anymore.
Leadspicker may carry out automated individual decision-making within the meaning of Article 22 of the GDPR.
II. Data collection
Leadspicker may receive the following types of information from its clients:
Enrollment details. Information about client’s contact details when registering for the Services on webpage leadspicker.com such as first and last name, e-mail addresses, professional title, company name, and password that is being hashed on our backend.
Billing information. When purchasing a subscription of the Services, such as billing name and address, credit card number and other information to validate payment method and identity.
Email communications. When contacting us via a messaging platform (such as Linkedin), we may retain your message, contact details, and username or email address. For newsletter sign-up, we will use your name and email address to send the newsletter to you. You have the option to discontinue receiving our marketing emails or newsletter by clicking the unsubscribe link in the email or changing your email preferences in your account settings. It is not possible to opt-out of receiving transactional emails that are related to your account or usage of our services.
Customer client records. Information about client’s business contacts, such as contacts list or customer list; for instance, first and last name, email address, telephone number, professional title, and company name. The use of information provided by the client is governed by Terms and Conditions of the Services.
We process personal data based on your consent or our legitimate interests. We may also process data to fulfil a contract you entered with us or to comply with legal obligations. If you have any questions regarding the legal basis for processing your personal data, you can email us at firstname.lastname@example.org
Data Transfer to Third-Party AI Model for Sequence Generation
In enhancing our AI sequence generator feature, Leadspicker utilizes OpenAI's GPT-4 for crafting sequence templates. We are committed to upholding your privacy and only transfer data to GPT-4 after receiving your explicit consent. This consent is obtained through a clear, user-initiated action by ticking a box within our application.
When you opt to utilize the 'Generate Sequence' feature and activate the corresponding checkbox, you provide informed consent for the transfer of the specific data you input to GPT-4, exclusively for the purpose of sequence template creation.
Rest assured, this data interaction with GPT-4 is confined to sequence generation. Your data is not used for any other purpose, nor is it shared with any additional third parties. Our partnership with OpenAI includes robust data protection protocols to safeguard the confidentiality and integrity of your data during this process.
For inquiries or additional information regarding our use of GPT-4 for sequence generation, please reach out to us at email@example.com.
III. Data storage
We keep personal data for the time we actually need the data. That is, for as long as is strictly necessary to fulfill the purpose of data processing. Furthermore, we keep the personal data for a period of 5 years from the fulfillment of the contract to exercise potential legal claims, and we are also obliged to keep your personal data for 5 years from the end of the accounting period within the accounting system and to archive the tax documents for 10 years.
We limit our use of data to providing or improving user-facing features that are visible and prominent in Leadspicker's user interface.
The client undertakes to:
1. ensure that provided personal data is always processed in accordance with the GDPR, that the data is up-to-date, accurate and true, and that the data is relevant to the stated purpose of the processing;
2. take appropriate measures to provide data subjects with all information, to inform them of their rights and to make any disclosures required by the GDPR in a concise, transparent, comprehensible and easily accessible manner using clear and plain language;
3. comply with any other obligations imposed by the GDPR.
Leadspicker undertakes to:
1. process personal data only on the basis of documented instructions from the client, in particular should the personal data be transferred to a third country or an international organization;
2. ensure that the persons authorized to process personal data undertake to observe confidentiality, unless they are subject to a legal obligation of confidentiality;
3. take all measures required by Article 32 of the GDPR and assist the client in complying with the obligations under Articles 32 to 36 of the GDPR, taking into account the nature of the processing and the information available to Leadspicker;
4. take into account the nature of the processing of personal data and assist the client in complying with the obligation to respond to requests to exercise the data subject's rights as well as other obligations under the GDPR;
5. ensure that the systems for automated processing of personal data are used only by authorized persons who will only have access to personal data corresponding to the authorization of such persons, on the basis of specific user authorizations established exclusively for such persons;
7. at the request of the client, provide the client at any time with any information necessary to demonstrate that the obligations set out in the GDPR have been complied with and to allow an audit or inspection to be carried out in relation to the processing of personal data;
8. upon termination of the provision of Services under the Terms of Service of Leadspicker platform, in accordance with the client’s decision, either delete all personal data or return it to the client and delete existing copies, unless it is under a legal obligation to store the personal data;
9. comply with any other obligations imposed on it by the GDPR.
Leadspicker and the client further undertake:
1. to implement such technical, organizational, personnel and other appropriate measures within the meaning of the GDPR to ensure and be able to demonstrate at any time that the processing of personal data is carried out in accordance with the GDPR so as to prevent accidental or unauthorized access to, alteration, destruction or loss of, unauthorized transmission of, or other unauthorized processing of, personal data and data media containing such data, as well as other misuse of such data, and to review and update such measures as necessary;
2. keep and review and update records of the processing of personal data in accordance with the GDPR;
3. report any personal data breaches to the data protection authority in a proper and timely manner and cooperate with the data protection authority to the extent necessary;
4. keep each other informed of all circumstances relevant to the performance of its obligations under this article;
5. maintain the confidentiality of personal data and security measures, the disclosure of which would compromise the security of personal data, even after the termination of the contract according to the Terms of Service of Leadspicker platform.
IV. Data sharing
We may share the service information with the following parties:
1. Trusted third parties that perform services for us, with us, or on our behalf, including without limitation providers of technical infrastructure and technical and customer support, hosting providers, billing support, and payment providers. We limit our use of data to providing or improving user-facing features that are prominent in Leadspicker's user interface, and we obtain your consent for such use.
2. For security purposes, such as efforts to detect and address fraud, credit risk, security, or technical issues. We may allow access to data if necessary for security purposes, for example, investigating a bug or abuse.
3. To comply with applicable laws, legal processes, or other legal requirements. We may share data when necessary to comply with the law or respond to legal requests.
4. As part of a merger, acquisition, or sale of assets of Leadspicker, after obtaining explicit prior consent from the user. We may transfer data in connection with significant business events, subject to obtaining your affirmative agreement.
5. When we believe in good faith that such sharing is reasonably necessary in order to investigate, prevent, or take action regarding possible unlawful activities or to comply with legal process or other legal requirements; when we deem disclosure appropriate in situations involving potential threats to the physical safety of any person, potential violations of our terms (such as our Terms of Service), or claims of violation of the rights of third parties; or when we deem disclosure appropriate to protect the rights, property and safety of us, our employees, users, or another person or entity (the disclosures described here may involve the good faith sharing of your information with, for example, law enforcement, government agencies, courts, or other parties); and
6. In any other circumstance where we have appropriate consents or are otherwise permitted by law to share it.
We do not allow humans to read the data, except in the limited circumstances outlined above. Additionally, we prohibit the following:
1. Transferring or selling user data to third parties like advertising platforms, data brokers, or any information resellers.
2. Transferring, selling, or using user data for serving ads, including retargeting, personalized, or interest-based advertising.
3. Transferring, selling, or using user data to determine credit-worthiness or for lending purposes.
We do not transfer your personal data to any other country, except as stated above if they are foreign persons. We ensure that our employees, agents, contractors
V. Data security
We strive to safeguard the confidentiality of your account and other personally identifiable information maintained in our records. Nevertheless, we are unable to provide an absolute assurance of complete security. While we employ transport layer security (TLS) to encrypt the transmission of information when it is submitted on our website, it is important to note that transmitting information over the Internet carries inherent risks. Factors such as unauthorised access or use, hardware or software malfunction, and other unforeseeable circumstances may compromise the security of user information at any given moment.
In accordance with the applicable legal standard, we ensure the protection of the personal data we process and store through appropriate technical and organizational measures. In addition to our authorized personnel, third parties who provide us with services (e.g. processors - IT service providers, carriers) also have access to the data.
VI. Rights of data subjects
Right of access by the data subject
In accordance with Article 15 of the General Data Protection Regulation (GDPR), the data subject is entitled to obtain confirmation from the data controller as to whether or not personal data pertaining to them is being processed. If such processing is taking place, the data subject has the right to access the personal data and obtain the following information:
1. The purposes for which the personal data is being processed;
2. The categories of personal data concerned;
3. The recipients or categories of recipients to whom the personal data has been or will be disclosed, including any recipients in third countries or international organisations;
4. Where feasible, the envisaged timeframe for which the personal data will be retained, or if this is not possible, the criteria utilised to determine such a period;
5. The existence of the right to request rectification or erasure of personal data, or the restriction of processing of personal data pertaining to the data subject, as well as the right to object to such processing;
6. The right to lodge a complaint with a supervisory authority;
7. If the personal data has not been obtained from the data subject, any available information regarding its source;
8. The existence of automated decision-making, including profiling, as referred to in Article 22(1) and (4) of the GDPR, and at least in these cases, meaningful details about the logic employed, as well as the significance and the anticipated consequences of such processing for the data subject.
Right to rectification
In accordance with Article 16 of the General Data Protection Regulation (GDPR), the data subject has the right to request the rectification of any inaccurate personal data pertaining to them from the controller without undue delay. Considering the purposes for which the personal data is being processed, the data subject also has the right to have incomplete personal data supplemented by providing a supplementary statement.
Right to erasure
In accordance with Article 17 of the General Data Protection Regulation (GDPR), the data subject is entitled to request the controller to erase personal data concerning them without undue delay, and the controller has an obligation to do so where one of the following grounds apply:
1. The personal data is no longer required for the purposes for which it was collected or otherwise processed;
2. The data subject withdraws their consent to the processing of personal data based on Article 6(1)(a) or Article 9(2)(a) of the GDPR, and there is no other legal basis for the processing;
3. The data subject objects to the processing pursuant to Article 21(1) of the GDPR, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR;
4. The personal data has been unlawfully processed;
5. The personal data must be erased to comply with a legal obligation under the laws of the European Union or Member State to which the controller is subject;
6. The personal data has been collected in relation to the provision of information society services as referred to in Article 8(1) of the GDPR.
Right to restriction of processing
In accordance with Article 18 of the General Data Protection Regulation (GDPR) the data subject has the right to request the controller to restrict the processing of their personal data in certain circumstances. These circumstances include situations where the accuracy of the personal data is contested by the data subject, and the controller needs time to verify the accuracy of the data. Another situation is where the processing of personal data is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead. Additionally, if the controller no longer needs the personal data for processing purposes, but the data subject requires them for legal claims, they can request the restriction of processing. Lastly, the data subject can object to the processing of their personal data while the verification of the legitimate grounds of the controller is pending.
Right to object
In accordance with Article 21 of the General Data Protection Regulation (GDPR), the data subject is entitled to object, on grounds related to their particular situation, to the processing of personal data concerning them which is based on the legitimate interests pursued by the controller. In the present scenario, the legitimate interest solely involves processing personal data for the purpose of sending information and advertisements to clients. If a data subject objects to the processing of their personal data for the purpose of direct marketing, the controller must cease processing their personal data for such purposes, unless the data subject gives unrestricted and informed consent to the processing.
The right to lodge a complaint with a supervisory authority
In accordance with Article 77 of the General Data Protection Regulation (GDPR), it is within the rights of every data subject to file a complaint with a supervisory authority. In the Czech Republic, the designated supervisory authority is the Úřad pro ochranu osobních údajů. The webpage of this supervisory authority is provided for reference purposes:https://www.uoou.cz/
VIII. Policy Towards Children
Our Services are not intended for individuals under the age of 13, and we do not intentionally gather personal information from children under the age of 13. Should we become aware that a child under the age of 13 has furnished us with personal information, we will take appropriate measures to delete said information and terminate the child's account. In the event that you discover that your child has disclosed personal information to us without your authorization, please contact us at firstname.lastname@example.org
If you have any questions or concerns regarding our privacy policies, please send us a detailed message by email to email@example.com.
IX. Limited Use
Leadspicker app's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. By using Leadspicker, you agree to these terms. To learn more about the Google API Services User Data Policy, please visitGoogle API Services User Data Policy including the Limited Use requirements.
If you choose to connect a Gmail account to Leadspicker, we will ask you to grant Leadspicker application permissions to access your Gmail account. These permissions are necessary to sustain the functionality of our Services, as intended and described in the Terms of Service. In particular, we will need to access your inbox folder in order to send emails by your name and to detect replies to those emails.
Additionally, Leadspicker has the capability to send emails on your behalf, but only for emails that you choose to send within the Leadspicker app. While utilizing our services, such as crafting email campaigns and managing contact lists, Leadspicker gains access to the information within the email contact lists you create in your Leadspicker account and the subject lines and content of the emails sent through the Leadspicker platform.
This data is securely stored on our servers. Our employees, contractors, and any human, in general, are not allowed to access your personal information, including the data obtained via Google API. We could access user data only after obtaining the user’s affirmative agreement. We may need access to the user data to resolve a support issue, provide advice on service usage or provide any other help, requested by the user. Also, we can access such information when/if necessary for a security investigation or comply with applicable laws.
You can effortlessly retrieve your contact lists from your Leadspicker account at any moment by clicking the "export" button. Additionally, you have the option to modify or delete contacts from your account at any time.
Leadspicker never sells, shares, or rents your contact lists to third parties, nor does it use them for purposes other than those outlined in this policy. We utilize the information from your contact lists solely for legal obligations, invoicing, compiling internal statistics, and providing customer support services.
In compliance with Google's limited use policy, Leadspicker's use and transfer of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements. Specifically:
1. Leadspicker will limit its use of data obtained from Google APIs to providing or improving user-facing features that are visible and prominent in the Leadspicker application's user interface.
2. Leadspicker will not transfer data obtained from Google APIs to third parties, including advertising platforms, data brokers, or information resellers, except in the following cases:
-To provide or improve user-facing features that are visible and prominent in the Leadspicker application's user interface, with the user's consent.
-For security purposes, such as investigating abuse.
-To comply with applicable laws.
-As part of a merger, acquisition, or sale of assets of Leadspicker, after obtaining explicit prior consent from the user.
3. Leadspicker will not use data obtained from Google APIs for serving ads, including retargeting, personalized, or interest-based advertising. Additionally, Leadspicker will not use such data to determine credit-worthiness or for lending purposes.
4. Leadspicker will ensure that its employees, agents, contractors, and successors comply with the Google API Services User Data Policy, including the Limited Use requirements.
By using Leadspicker, you agree to these terms. To learn more about the Google API Services User Data Policy, please visit Google API Services User Data Policy, including the Limited Use requirements.
X. Final Statements
If you have any questions or concerns regarding our privacy policies, if you wish to be provided with more detailed information on any of the points, request deletion or redaction of incorrect data, please send us a detailed message by email to firstname.lastname@example.org
You can contact us at any time to request details of the processing of your personal data and we will provide you with detailed information free of charge or provide you with a copy of the data processed. This is your right to access your personal data. However, we must advise you that in the event of repeated or unreasonable requests, we are entitled to charge you for the cost of providing the information or to refuse to provide the information.
Leadspicker does not fulfil the characteristics of Article 37(1) of the GDPR and is therefore not obliged to appoint a data protection officer in this sense.