LEGAL DISCLAIMER: Please note this article must be used for information purposes only. It does not, and is not intended to, constitute legal advice.
If you’re like many of our customers using InsidView products, you have questions about how InsideView is responding to the approaching EU GDPR and wondering if you can continue to use our contact data. This brief FAQ will answer those questions.
Will InsideView comply with the GDPR when it becomes effective on May 25, 2018?
Yes. InsideView follows privacy and security best practices and complies with applicable laws (both domestic and European) concerning all personal data that we process.
- We will adhere to all applicable privacy and security requirements of the GDPR.
- We have noted that the GDPR acknowledges that the processing of personal data for direct marketing purposes may be regarded as carried out for a ‘legitimate interest.’ We have undertaken a Legitimate Interests Assessment and we believe we can continue to collect (through publicly available sources) and share (with our customers and services distribution partners) Business Data, because it is within our legitimate business interests to do so and is not adverse to the privacy rights of the individuals concerned in the context of the GDPR.
How does InsideView protect its customers’ data?
InsideView obtains names and business contact information directly from our customers, whether in connection with our business relationship with them (e.g., an Order Form or an email from our customer contact) or by taking in data that our customers provide to us (e.g. in connection with an email validation services request). We do not share this data with our other customers; this data is not comingled with our core database.
What type of personal data does InsideView provide?
InsideView provides our customers with names, professional titles, and business contact information (“Business Data”) to help our customers locate and engage with other businesses (B2B data). We maintain a core database of Business Data that is derived from publicly-available sources (e.g., SEC website, company websites). Our offerings include providing this data to our customers.
- InsideView does not provide individual consumer contact information (no B2C data).
- InsideView does not process sensitive personal data and we do not process “special categories” of data as such term is used in the GDPR.
Can EU individuals opt-out of the InsideView database?
Will vendors that sub-process personal data on InsideView’s behalf also comply with GDPR?
Yes. InsideView will maintain the necessary DPA (Data Processing Agreement) flow-downs from its vendors/sub-processors involved in sub-processing our personal data.
Does InsideView comply with ISO/IEC controls for privacy of personal data?
Yes. InsideView will continue to maintain our compliance with the ISO/IEC 27001:2013 standard, including ISO/IEC 27018 controls for privacy of personal data (see www.insideview.com/compliance).