Our Commitment: We are fully committed to GDPR compliance and protecting the privacy rights of individuals in the European Economic Area. This page explains our data protection practices and your rights.
1. Our Role Under GDPR
LeadFluxA acts as a Data Controller for personal data we collect directly from users (account information, usage data). We act as a Data Processor when processing business prospect information discovered by our customers through the platform.
2. Your Rights Under GDPR
Right to Access
Request a copy of the personal data we hold about you.
Right to Rectification
Request correction of inaccurate or incomplete data.
Right to Erasure
Request deletion of your personal data ("right to be forgotten").
Right to Portability
Receive your data in a structured, machine-readable format.
Right to Restrict
Request restriction of processing in certain circumstances.
Right to Object
Object to processing based on legitimate interests or direct marketing.
3. Exercising Your Rights
To exercise any of your GDPR rights, you can:
- Access your account settings to update or delete your data
- Submit a request through our contact form
We will respond to your request within 30 days as required by GDPR.
4. Legal Basis for Processing
- Contract: Processing necessary to provide our Services to you
- Legitimate Interests: Processing for our business interests (improving services, security), balanced against your rights
- Consent: Where you have provided explicit consent (marketing communications)
- Legal Obligation: Processing required by law
5. Data Protection Measures
- Encryption of data in transit and at rest
- Regular security assessments and penetration testing
- Employee training on data protection
- Data processing agreements with all vendors
- Privacy by design principles in product development
6. International Transfers
When we transfer data outside the EEA, we ensure adequate protection through:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- Adequacy decisions where applicable
- Binding Corporate Rules for group transfers
7. Data Breach Notification
In the event of a data breach affecting your personal data, we will:
- Notify relevant supervisory authorities within 72 hours
- Notify affected individuals if there is high risk to their rights
- Document all breaches and remediation steps