Sourced Leads Privacy Policy
Background
This Sourced Leads Privacy Policy (referred to as "Privacy Policy") informs why and how we process personal data about potential business customers (referred to as "Lead", “you” and jointly "Leads"), whose data we have collected from publicly available sources (such as LinkedIn) or from trusted data suppliers who provide prospective customers’ data to their clients.
Aiven Ltd, business ID: 2795743-5, is the data controller (referred to as "Aiven", "we" or "us") in relation to the processing of your personal data. As a data controller, Aiven is responsible for ensuring that personal data is processed in compliance with data protection laws. We take your data protection rights seriously and your personal data will be treated in a secure and confidential manner as set out in this Privacy Policy and as required by data protection laws.
If you have any questions or concerns about the way we use your data subject to this Privacy Policy, you may contact us by email at privacy@aiven.io.
Where do we collect your personal data and what personal data do we process?
We collect your personal data from the following two categories of data sources (collectively referred to as the “Sources”).
- Publicly available sources
We (or service providers acting on our behalf) collect personal data from publicly available online sources where individuals have made the information publicly accessible. These sources include, for example, professional networking sites such as LinkedIn, company websites and other public online sources.
When you create a profile on a publicly available source, such as LinkedIn, you can usually choose what information you make public and to what extent search engines can access your personal data. You can restrict search engines from accessing your public profile, or remove the relevant personal data, by changing the settings of, or your information on, the public source.
- Third-party data providers
We may obtain your personal data from trusted third-party data providers that collect and organise business-contact data (such as work phone numbers, and emails) and license this to their customers. Unlike publicly available sources, individuals do not create profiles directly for these providers’ services but instead, the providers source the data prior to making that data available to us. These third-parties have their own privacy policies that explain their data collection practices.
The third-party data providers that we currently use are:
- Clay Labs (see Clay Labs' Privacy Policy for more information about their privacy practices).
- More specifically, Clay Labs is a provider of a data enrichment platform who partners with a variety of third-party data providers that make data (such as work phone numbers or emails) available to Clay users. We have listed the data providers we most commonly use through Clay Labs. Because these third-party data providers are data controllers regarding their own databases and not Aiven, the processing of data thereof is governed by the respective third-party’s own privacy policy. We have added links to those privacy policies below, along with the respective point of contact if you wish to exercise your right to be forgotten and get your data deleted from those databases. For the avoidance of doubt, you may also exercise your rights, including erasure, directly with Aiven (see “What rights do you have?” below) regardless of any action taken with the third parties listed below.
- Forager; (Forager's Privacy Policy and Data Deletion Form);
- UpCell; (UpCell's Privacy Policy and Data Deletion Form);
- People Data Labs; (People Data Labs' Privacy Policy and Opt-Out Form);
- Wiza; (Wiza's Privacy Policy and Opt-Out Form);
- SmartE; (SmartE's Privacy Policy and deletion requests via email to: privacy@smarte.pro);
- Hunter.io; (Hunter.io's Privacy Policy and Hunter's data removal form);
- LeadMagic; (LeadMagic's Privacy Policy and Data Removal Form);
- Champify; (Champify's Privacy Policy and deletion requests via email to security@champify.io);
- Icypeas; (Icypeas' Privacy Policy and Opt-Out Form);
- Surfe; (Surfe's Privacy Policy and Opt-Out Form);
- Firmable; (Firmable's Privacy Policy and Removal Request Form);
- Pubrio; (Pubrio's Privacy Policy and Opt-Out Form)
- More specifically, Clay Labs is a provider of a data enrichment platform who partners with a variety of third-party data providers that make data (such as work phone numbers or emails) available to Clay users. We have listed the data providers we most commonly use through Clay Labs. Because these third-party data providers are data controllers regarding their own databases and not Aiven, the processing of data thereof is governed by the respective third-party’s own privacy policy. We have added links to those privacy policies below, along with the respective point of contact if you wish to exercise your right to be forgotten and get your data deleted from those databases. For the avoidance of doubt, you may also exercise your rights, including erasure, directly with Aiven (see “What rights do you have?” below) regardless of any action taken with the third parties listed below.
- OnFire, Inc.
Categories of personal data we collect from the Sources
The categories of personal data that we collect from the Sources are:
- Identity and contact information of the Leads (e.g. full name, email address, telephone number); and
- Lead’s company related data (e.g. title, position, field of the company)
What is the purpose and lawful basis for processing your data?
We have identified the purposes for processing your personal data as provided in the table below. These purposes each relate to a lawful basis for processing, as required by data protection laws.
Purpose for processing | Lawful basis |
|---|---|
Evaluate potential Leads in order to offer Aiven products and services by direct marketing. The processing in this regard includes categorizing and evaluating Leads’ interest in Aiven’s products and services by evaluating the position, title and the company the Lead works for. | The processing is necessary to achieve the legitimate interests pursued by Aiven. Aiven considers that it has a legitimate interest in carrying out direct marketing for attracting and offering services to high caliber leads. |
We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.
How do we perform the searches?
When we are looking for Leads, we always have certain predefined criteria to which against we perform the searches. The predefined criteria consists of the following information regarding the Lead (the combination used in each search may vary):
- Company information
- Company field of business
- Technology used by the company
- Job offers (e.g. Kafka engineers)
- Title
- Other similar company related information
In other words, we use pre-determined criteria and automated means to process personal data and create profiles of Leads. Although the processing may amount to profiling, as defined in data protection laws, we do not carry out any automated decision making that would have legal effects or similarly significant effects on the Leads.
After performing the search, our marketing staff will always review the results and decide which Leads to contact. In addition, before communicating, our marketing staff may also manually check the potential Lead’s profile in Public Services in order to determine whether the Lead or Lead’s company could be interested in or benefit from using Aiven products and services.
To whom we share your data?
We may have to share your personal data with the parties set out below for the purposes described in this Privacy Policy. These parties include:
- Service providers who provide IT and system administration services, including data enrichment service providers, our email service provider and CRM service providers.
All of our subsidiaries and third party service providers are required to take appropriate security measures to protect your data and they may only process personal data for the purposes mentioned in this Privacy Policy and in accordance with our instructions. We never sell your personal data.
Do we transfer personal data outside the EU/EEA?
We store personal data on servers located in the European Union ("EU"). However, some of our service providers or subsidiaries may be based outside the European Economic Area ("EEA"), including the United States of America, so their processing of your personal data will involve a transfer of personal data outside the EEA.
Whenever we transfer personal data out of the EEA, and unless a specific derogation applies, we seek to ensure that a similar degree of protection is afforded than that provided in the EEA by ensuring at least one of the following safeguards is implemented:
- Where possible, we will transfer personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission
- Where we use a service provider residing in a country outside the EEA that is not deemed to provide an adequate level of protection for personal data, we use specific contractual clauses approved by the European Commission (i.e. the Standard Contractual Clauses approved by the European Commission) or binding corporate rules approved by a competent data protection authority for the service provider which aim to provide personal data the same protection as it has in the EEA
Please email us at privacy@aiven.io if you want further information on the specific mechanism used by us when transferring your personal data out of the EEA or to obtain a copy of any contractual clauses in place, although some details may be redacted for confidentiality reasons.
How long will we retain personal data?
We will only retain personal data for as long as necessary to fulfill the purposes defined in this Privacy Policy. In general, we comply with the following criteria with respect to retaining and erasing personal data:
- Personal data are retained during the search and after when we perform direct marketing. Following this, personal data will be erased when we have no active marketing campaigns
What rights do you have?
Subject to certain exemptions and limitations, you have certain rights in relation to the processing of your personal data. You have the right to:
- Access your personal data
- Update incorrect or incomplete personal data
- Object to the processing of personal data
- Erase your personal data
- Restrict the use of your personal data
- The right to object processing, that is based on legitimate interest
- If we would process personal data on the basis of your consent, you will have the right to withdraw your consent at any time
Should you wish to exercise your above mentioned rights, please send a request to us at privacy@aiven.io.
In case you exercise your rights, we may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Updates to this privacy policy
We may update this Privacy Policy from time to time. If we make any updates to this Privacy Policy, we will always publish the updated version on this page.
Contact
If you have any questions regarding the processing of your personal data, please do not hesitate to contact us. See below for contact details:
Aiven OyAntinkatu 1,00100 Helsinki,Finlandprivacy@aiven.io
You have the right to make a complaint at any time to the supervisory authority in your country of residence. A list of the EEA supervisory authorities can be found here: https://edpb.europa.eu/about-edpb/about-edpb/members_en. In Finland, the relevant supervisory authority is the Office of the Data Protection Ombudsman: https://tietosuoja.fi/en/home. We would, however, appreciate the chance to deal with your concerns before you approach any supervisory authority so please contact us in the first instance.