July 2020
Leadspace helps companies take back control of their marketing and sales data with its leading intelligent B2B Customer Data Platform. It provides with advanced tools for enriching and updating customers’ data with rich and open B2B data graph in the industry. Next, it leverages AI to unlock the insights and opportunities in customers’ data. Then, it helps activating the enhanced data, in real-time, across sales and marketing systems. Leadspace’s services enable effective and high-performing inbound, outbound, and ABM efforts that drive revenue.
Leadspace does not process sensitive personal data. Leadspace's services do not include any processing of data related to consumer behavior, data covered by specific US legislation such as social security numbers, health related data, education related data, personal information related to children, credit reports, other financial data and government issued IDs. Furthermore, Leadspace's services do not process any "special categories of data", as this term is defined by Regulation (EU) 2016/679 ("GDPR").
Leadspace employs adequate privacy and information security controls, to meet US laws, including the California Consumer Privacy Act (CCPA), and general practice standards. Leadspace has also performed a comprehensive program to support Leadspace customers' GDPR-related regulatory needs.
A summary of Leadspace's information security and privacy measures and controls:
- Leadspace employs adequate information security measures, procedures and policies, backed by certifications and annual audits to the ISO 27001 and 22301 Information Security and Business Continuity Management standards.
- At customers' request and subject to appropriate confidentiality arrangements, Leadspace is able to provide summary reports of third-party information security audits and penetration tests.
- Leadspace fully encrypts customer data in transmission and at rest.
- Leadspace employs GDPR and CCPA-related procedures and policies, including breach management and notification, data retention, impact assessments, assistance to controllers and records of processing.
- Leadspace is self-certified with the EU-US Privacy Shield Framework and received the necessary statements and certifications to verify that Leadspace's agents (as this term is referred to under the principles of the Privacy Shield Framework) provide the same level of protection. The statement of certification is available at:
https://www.privacyshield.gov/participant?id=a2zt0000000PBV4AAO&status=Active
Though the Court of Justice of the European Union invalidated the Privacy Shield Framework, as of July 16, 2020, Leadspace continues to maintain its adherence to the Privacy Shield principles. As necessary and per request, Leadspace is able and ready to engage its customers under the EU Controller to Processor Standard Contractual Clauses, or under an alternative future contractual agreement offered by the EU Commission, to support the lawful transfer of personal information under the GDPR.
- Leadspace offers its customers a standard data processing agreement (DPA), alongside the Software Service Agreement, to support the processing of GDPR-covered personal data. The current version of the DPA is available at: https://www.leadspace.com/leadspace-data-processing-addendum-dpa/.
- Leadspace keeps the data on secured servers of known hosting services (Google Cloud Platform and Amazon Web Services), with adequate attestations of compliance and certifications. Additional information about their practices, including their compliance with international standards can be found at:
https://cloud.google.com/security/compliance/
http://aws.amazon.com/compliance/;
- Leadspace maintains transparent privacy practices and publishes its privacy notice at: https://www.leadspace.com/privacy-notice/;
- Leadspace receives appropriate representations and warranties of compliance with laws from service providers and data sources.
- Leadspace provides individuals with opt-out options from mailing lists and from sharing data with third parties.
- Leadspace provides individuals with an opt-out option from selling their personal information, pursuant to the provisions of the CCPA, at: https://www.leadspace.com/do-not-sell-form/.
- Leadspace maintains on-boarding and annual security and privacy training to its personnel.
- Leadspace has formed a team to manage on-going privacy-related issues.
- Leadspace receives on-going legal and compliance guidance from Leadspace's counsel, who is a Certified Information Privacy Professional (CIPP/US and CIPP/E).