The General Data Protection Regulation (GDPR) establishes rules concerning the protection of individuals with regard to their personal data. It aims to protect the fundamental rights of European residents by allowing them to retain control over their personal data. This common European framework establishes principles for achieving this objective, such as transparency, data security and purpose limitation. Applying these rules can enable you to gain and retain the trust of your prospects and customers.
Contrary to what one might think, these regulations do not only apply to European operators. In fact, any organization that processes the personal data of individuals located in the European Union might be subject to the GDPR. Therefore, when you carry out a personal data processing operation concerning individuals located in this territory, the obligations of the GDPR may apply to you.
So if you want to use our services to process the personal data of individuals located in the European Union, we recommend that you be attentive about the obligations that might arise from this.
The key words of the GDPR
- Data Subject: The natural person, the individual whose personal data is being processed.
- Data Controller: The operator who determines the purposes and means of processing personal data.
- Data Processor: The operator who processes personal data on behalf of the data controller.
- Legal Basis: Any data controller must be able to demonstrate a legal basis for processing personal data. Otherwise, the processing is unlawful. The possible legal bases are listed exhaustively in Article 6 of the GDPR.
- Personal Data: Any information (whether public or not) relating to an identified or identifiable natural person.
You and PhantomBuster with regard to the GDPR
- When we process the personal data of our users, we are the data controller because we determine the purposes (e.g. providing our services, improving our product) and means (determination of the data collected, subcontractors). More information in our Privacy Policy.
- When we process personal data relating to your leads, via our platform or our extension, we act as a data processor. Indeed, you determine your needs/purposes, the data necessary to fulfill your purposes, and the legal basis on which you will rely. We process this data on your behalf, in accordance with your instructions when you set up your automations in your workspace. More information in our Data Processing Agreement.
PhantomBuster assists you in your compliance
- You can easily export data relating to a data subject to respond to a right of access (Right of access).
- You can ensure the accuracy of the data by updating your leads’ data proactively or at their request (Principle of accuracy, right of rectification).
- You can delete your leads from your workspace proactively or in response to a deletion request (Principle of minimization, right to erasure).
- Our platform and web browser extension show the lead’s indicative location – when available – so you can decide whether to keep or delete it. (Geographical scope of application of GDPR).
- You have full control over who you share lead data with according to the rights to your workspace that you decide (Principle of security, integrity, confidentiality).
Recommendations for your GDPR compliance when using our services
- Comply with GDPR obligations towards your European leads
If you are a business operator established in the European Union that processes personal data, you are subject to the GDPR. If you are not established in the European Union, we recommend being attentive to the location of your prospects. If they are located in European territory, you might be subject to the GDPR for the processing of their personal data.
- Observe the prospecting rules that apply to you
Depending on your situation, we advise you to pay attention to the rules relating to consent (opt-in / opt-out, depending on whether your activity is aimed at individuals or professionals).
- Invest in legal advice
Don’t hesitate to call on legal advice to guide you in your compliance. The trust of your prospects and customers is worth it.