The EU General Data Protection Regulation (GDPR) is the most comprehensive change to EU data privacy law in decades. It took effect on the 25th May 2018. We work hard to comply with the GDPR and apply its principles as we build Outreach Index.
Does this affect me?
The GDPR regulation applies to any EU residents’ data, regardless of where the processor or controller is located. This means that if you’re using Outreach Index from the US to reach out to other US corporations, the regulation doesn’t affect you. But if some of your customers or leads are in the EU, you should pay attention to it.
In practice, most companies need to take the GDPR into consideration.
Data Processing Addendum
Outreach Index is in most cases a processor. As a data controller, under Article 28 of the GDPR, you need a data processing addendum (DPA) signed with your processors. We’ve made this procedure simple and have the contract ready to be signed. Contact us at contact (at) hireach.io to get started.
How Outreach Index is complying with the GDPR
Here are some of the actions we’ve taken to ensure we’re compliant:
Purposes of the processing
We process only publicly available online data for informational purposes. Our users have a legitimate interest in having easier access to already public data regarding other businesses. By working as a specialized search engine, we make it possible for companies to connect with each other.
Systematic pseudonymisation of non-public data
Our applications heavily pseudonymise data to ensure the privacy of data subjects. Any attributes that doesn’t need to remain in its original form is truncated to remove any possibility to be linked back to a specific data subject.
Right of erasure
Because we deal with publicly available web data, information removed from a website are also removed from our database. But if a data subject wishes to speed up the removal of any in our index, we offer a way to claim email addresses. It is then possible to either update the data or entirely remove it.
We’re taking the security of the data we manage very seriously. We store all data on our own servers behind a secure layer. We use industry standard security measures, such as strong encryption, multi-factor authentication and restricted access of server maintenance personnel.
Our processing is done exclusively in the EU
We store and process all our data exclusively in the EU. We even store our off-site backups within the EU.
We currently don’t collect any logs containing personal information.