GDPR

GDPR Compliance Statement

At SalesDriver, we understand the critical importance of data privacy and security in today's digital landscape, especially as it pertains to the stringent standards set by the General Data Protection Regulation (GDPR). Our commitment to GDPR compliance is not just a legal obligation, but a core component of our values and operations. As an innovative AI platform specializing in lead generation for B2B companies, SalesDriver recognizes the unique challenges and responsibilities that come with handling data. In this document, we aim to provide a transparent and thorough overview of our practices, policies, and procedures that align with GDPR. The purpose of this document is to:

Demonstrate our commitment to protecting personal information and ensuring data security in every aspect of our operations.

Outline the measures and strategies we have implemented to comply with the GDPR, including how we collect, use, process, and store data.

Educate and inform our users and stakeholders about their rights under GDPR and how SalesDriver supports the exercise of these rights.

Detail our continuous efforts to maintain compliance with the GDPR, adapting to changes in the regulation and the evolving digital landscape.

We believe that compliance with GDPR is a journey that involves constant vigilance, improvement, and collaboration. As such, this document is a living entity, subject to updates and revisions to reflect our evolving practices and the changing regulatory environment. We invite our users, clients, and stakeholders to join us in upholding the highest standards of data privacy and protection, ensuring a secure and compliant digital ecosystem for all.

Utilize this glossary to understand key terms in the General Data Protection Regulation (GDPR) as they relate to SalesDriver's operations:

Consent: For contacts within the EU, explicit permission is required before they can be contacted by SalesDriver. If contact information is sourced indirectly (e.g., from public databases or LinkedIn), the source must be clearly identified during the initial communication with the Data Subject.

Cross-Border Data Transfer: This refers to the transmission of data and/or personal information outside the borders of the EU/EEA.

Data Subject: A natural person and citizen of the EU whose information, such as their LinkedIn URL, has been collected by SalesDriver and can be identified by a data controller.

Data Portability: The right of a data subject to obtain their personal data from the data controller in a commonly used, machine-readable format.

GDPR Terminology Glossary

Data Controller: This includes entities that manage or collect personal data. SalesDriver and its customers are considered data controllers.

Data Processor: An entity instructed by the data controller on how personal data should be handled. In certain contexts, SalesDriver may also act as a data processor.

Data Subject Rights: Rights under the GDPR including the right to be forgotten, the right to data portability, and the right to object to profiling.

GDPR Articles: The GDPR is composed of two main sections: the recitals and the Articles. The Articles contain the text of the legislation and outline the Privacy Management Activities (PMAs) required for compliance.

Personal Data: In the context of SalesDriver, personal data typically includes publicly available professional information, such as LinkedIn URLs, which are used to identify business leads.

Privacy by Design and Default: This principle requires companies to prioritize data privacy throughout the design process and to integrate adequate privacy controls into all new features by default.

At SalesDriver, we are committed to ensuring the security and protection of the personal information that we process, and to provide a compliant and consistent approach to data protection. We recognize the importance of GDPR and its implications for our AI-driven lead generation platform.

Gathers data about businesses and key decision-makers.

Company's GDPR Commitment

Crawls corporate websites, news portals, LinkedIn, and other sources.

Generates insights about persons and businesses for targeted outreach.

Important Note: SalesDriver does not collect or store personal data in the traditional sense. The unique identifier for every lead is their LinkedIn URL, which is publicly available information.

Our data processing activities are aligned with the GDPR:

Lawfulness, Fairness, and Transparency: We process data in a lawful, fair, and transparent manner, focusing on business-related information.

Purpose Limitation: Data is used solely for the purpose of lead generation within a B2B context.

SalesDriver is an AI platform designed to identify hot, qualified leads for B2B companies. Our platform:

Data Collection and Usage

Data Processing Compliance

Data Minimization: We ensure that only necessary data for the lead generation process is processed.

Accuracy: Efforts are made to keep data accurate and up to date.

Storage Limitation: Data is not stored beyond the necessary period for lead generation purposes.

Integrity and Confidentiality: We implement appropriate security measures to ensure data integrity and confidentiality.

We acknowledge and support the rights of data subjects under GDPR, including:

User Rights Under GDPR

SalesDriver has appointed a Data Protection Officer to ensure ongoing compliance with GDPR. The DPO can be contacted for any data protection-related queries or concerns.

Right to Access: Individuals have the right to access their personal data that we process.

Right to Rectification: Individuals can request the correction of inaccurate personal data.

At SalesDriver, we are dedicated to maintaining the highest standards of privacy and data protection. We continually review our systems and processes to comply with applicable data protection laws and regulations.  For further information or inquiries about our GDPR compliance, please contact our Data Protection Officer.

Commitment to Privacy

Data Protection Officer (DPO)

Right to Erasure: Individuals can request the deletion of their personal data.

Right to Restrict Processing: Individuals can request the restriction of processing of their personal data.

Right to Data Portability: Individuals can request the transfer of their data to another organization.

Right to Object: Individuals can object to the processing of their personal data.

The GDPR introduces stringent requirements for consent and legal bases for processing personal data, significantly influencing sales strategies, particularly in handling European data subjects. For SalesDriver, understanding and applying these regulations is crucial for compliant operations.

Key Legal Bases for Data Processing:

Consent of the Data Subject: Explicit permission must be obtained from individuals in the EU before processing their personal data. This is particularly relevant when SalesDriver uses data sourced from public domains like LinkedIn.

Direct Marketing as Legitimate Interest:

GDPR's Impact on SalesDriver's Operations

Legitimate Interest: This legal basis allows for data use that is not overridden by the data subjects' rights and freedoms, considering their reasonable expectations of how their data may be used. For SalesDriver, using data for direct marketing and lead generation could be seen as a legitimate interest, especially in a B2B context.

The GDPR recognizes direct marketing as a potential legitimate interest. However, its application is nuanced.

SalesDriver's approach to B2B marketing, like outreach based on professional information sourced from LinkedIn, may fall under this category, provided it's done thoughtfully and responsibly.

Unanswered Questions and Legal Interpretations:

Legal commentators note that the GDPR leaves room for interpretation, particularly regarding what constitutes a legitimate interest.

Based on current legal understanding, most B2B marketing activities, including newsletters and direct marketing, could be considered legitimate interests. However, this is subject to change as legal precedents evolve.

SalesDriver handles international data transfers through specific, secure channels provided by AWS. We emphasize that our operational tasks do not involve the handling of personal data as defined by GDPR, thereby reducing the complexity and risk associated with these transfers.

Importance of Targeted Campaigns:

Campaigns that are not relevant or targeted appropriately may not qualify as legitimate interests.

Geographical Relevance:

International Data Transfers

SalesDriver must ensure that its data-driven strategies and campaigns are finely tuned to be relevant and useful to the target audience, especially considering their industry or position.

These GDPR considerations primarily apply to prospects located within the EU.

For contacts outside the EU, these specific GDPR regulations do not apply, though SalesDriver should maintain a consistent standard of data protection and privacy globally.

Data Audit

SalesDriver commits to conducting internal audits regularly to ensure GDPR compliance. These audits occur with every system update and at the end of each quarter. The purpose is to review and assess how data is collected, processed, stored, and shared, ensuring all activities align with GDPR requirements.

Data Protection Impact Assessments (DPIA) & Data Breach Protocol

Even though SalesDriver does not typically deal with highly sensitive data, we have implemented robust data protection measures:

Security Accreditations: SalesDriver is currently attaining security accreditations similar to SOC 2 and ISO 27001. These certifications affirm our commitment to data security, availability, and confidentiality over sustained periods.

Architectural Protection: Our databases are designed to prevent the association of data with any individual, even in the event of a data breach. This architectural safeguard ensures an added layer of anonymity and security.

Protected Channels and Vendors: When dealing with sensitive data, SalesDriver employs protected channels and carefully selected vendors known for their high standards of data security.

In line with GDPR principles, SalesDriver anonymizes all crawled data stored in our databases. This approach is part of our commitment to minimizing the risk of personal data exposure and ensuring compliance with data retention policies under the GDPR.

Data Security Measures:

Data Retention

SalesDriver's GDPR Compliance Strategy

SalesDriver diligently works to maintain compliance with the General Data Protection Regulation (GDPR), recognizing the complexity and importance of this responsibility for both our company and our clients. Given the advanced nature of our AI-driven lead generation platform, our approach to GDPR compliance is thorough and multifaceted.

Key Aspects of SalesDriver's GDPR Compliance Strategy:

Comprehensive Data Processing Addendum: Included within our Privacy Policy and Terms of Service, this addendum allows users to understand and manage how their data is used. It enables them to access, modify, or delete their data in our system, in line with GDPR provisions.

Advanced Data Controls: We employ robust data encryption to safeguard user data against leaks and unauthorized access. Our team conducts regular security audits and adheres to the highest standards in information security.

Incident Response Protocols: SalesDriver has established and routinely tests data incident response processes to ensure their effectiveness.

Data Recovery and Integrity: Processes are in place for data recovery and maintaining data integrity, offering assistance to customers for any data loss or corruption.

Data Footprint Management: Systems are implemented to uphold customers' rights over their data within our platform.

Roles as Data Controller and Processor: SalesDriver functions as both a data controller and processor. As a controller, we acquire data for lead generation, and as a processor, we manage this data for outreach purposes. This dual role necessitates a nuanced and careful approach to GDPR compliance, balancing the need for effective lead generation with strict adherence to data protection laws.

Compliance as Data Controllers

SalesDriver's Commitment to GDPR Compliance as Data Controllers SalesDriver strictly adheres to the standards set forth in the GDPR as a data controller. Our approach to managing the data we collect is not only about ensuring our compliance but also about guiding our users to handle the data responsibly and in accordance with GDPR guidelines.

User Education and Compliance Assistance: We believe it is our duty to educate our users on GDPR compliance. Our aim is to keep them informed and equipped to use our data in a manner that maintains their compliance as well.

Collaboration with Secure Data Sub-processors: Our key data sub-processors, like AWS and Google Cloud Platform, also maintain high-level security standards (SOC 2, ISO 27001) and undergo strict security evaluations, ensuring an end-to-end secure environment.

Key Strategies for GDPR Compliance at SalesDriver:

EU Citizen Data Management Options: To prevent inadvertent GDPR violations, SalesDriver provides users with the option to exclude EU citizens from their prospecting lists. This feature helps our clients avoid the laborious task of manually verifying the compliance of each prospect.

Transparency and Consent in Data Usage: Customers of SalesDriver, especially those engaging with EU citizens, must be transparent in their use of personal data. They are required to obtain explicit consent from individuals before communicating with them and must offer an opt-out option for any subsequent communications. For users utilizing SalesDriver for sales engagement, we facilitate the inclusion of opt-out links in emails.

Data Enrichment Capabilities: SalesDriver can enrich data related to EU citizens if our users already possess their basic contact information. For instance, if a user has an individual's email and name, we can augment this with additional professional details like their title and company. However, this capability is contingent upon it being used for data hygiene or if there's a reasonable belief that the recipient would find the information relevant to their professional role.

Responsibility and Recommendation for Compliance: While SalesDriver maintains its compliance and assists users with theirs, we strongly recommend that all our customers thoroughly familiarize themselves with GDPR regulations. We also advise consulting privacy experts for any complex queries regarding compliance.

In addition to the measures already outlined, SalesDriver undertakes the following actions to maintain and enhance our compliance as a data processor under the GDPR:

Legal Collaboration and Preparation: We continuously work with our legal counsel to ensure we are fully prepared and compliant with GDPR. We also collaborate with our customers' legal teams when requested to ensure cohesive compliance efforts.

Use Case Evaluation: Every functionality and use case within the SalesDriver platform is carefully evaluated. This scrutiny ensures that our decisions can withstand legal scrutiny and comply with GDPR regulations.

Data Subject Request Workflows: We have established efficient internal workflows to promptly and thoroughly respond to data subject requests, ensuring their rights under the GDPR are respected and fulfilled.

Updating Contact Information and Notices: We maintain up-to-date contact information and notices, making it easy for data subjects and customer data controllers to reach us for GDPR-related matters.

Compliance as Data Processors

In-depth Review of Processor Responsibilities: An extensive review of GDPR requirements for data processors and our role as a joint controller in certain scenarios is routinely conducted to stay aligned with regulatory expectations.

Resource Allocation for Compliance: Necessary resources are allocated and utilized to support ongoing compliance efforts, including maintaining relevant documentation as mandated by GDPR.

Data Security Standards and Workflows: Our data security protocols and workflows are regularly updated to meet all the requirements imposed by the GDPR, ensuring the highest level of data protection.

Customer Contract Evaluations: All customer contracts are periodically evaluated to ensure legal compliance pathways are clearly outlined. Our responsibilities are distinctly detailed to prevent any confusion that could lead to compliance issues or penalties.

Aware of the evolving nature of laws and regulations, SalesDriver is committed to ongoing compliance efforts and to supporting our customers in their compliance journeys.

For any uncertainties or specific queries, consulting with attorneys specializing in data privacy or a data-specific officer is advisable. For questions specifically related to SalesDriver, our team is more than ready to assist.

If you have any questions about this GDPR Compliance Statement, or our privacy or security practices, please contact us:

hello@salesdriver.world

Conclusion

Email: george@salesdriver.world

hello@salesdriver.world
+1 (786) 998-2898
1000 Brickell Ave Ste 715 Miami, FL 33131, US
690218, 37 Brodetsky str., Tel Aviv-Jaffa, Israel