General Data Protection Regulation (GDPR)




About GDPR

Organizations established in the EU and processing personal data of EU-based individuals are, in almost all cases, required to comply with the GDPR as of May 25, 2018. The GDPR updates and harmonizes the framework for processing personal data in the European Union, and brings with it new obligations for organizations and new rights for individuals.

Worldwide Privacy Compliance

Many of our customers operate in multiple jurisdictions around the world. To ensure a consistent user experience, Lusha has also adopted the GDPR principles to its entire platform and supports it worldwide. We believe that the use of uniform rules and program logic will greatly enhance our customers’ ability to comply with the GDPR’s requirements (if they are subject to GDPR).

Lusha enables compliance with the GDPR when it processes personal data on behalf of its customers.

Under the contractual relationship, Lusha acts as a Processor for its customers and signs Data Processing Agreement.

Legal Basis for processing

The biggest myth about the GDPR is that consent is the ONLY way to lawfully process personal information concerning EU data subjects. While consent is one basis for lawful processing, it is not the only one.

Lusha’s lawful basis for processing is its legitimate interest in providing its services to its users, for more information visit our dedicated page here.

Transfer of Data to a Third Country

If we transfer personal data outside of the EU or EEA, we only do so in accordance with the legal mechanisms that are providing an adequate level of protection and aligned with the GDPR.

Lusha hosts its data in the US and uses Standard Contractual Clauses (SCC) measures with supplement transfer tools to ensure compliance with the EU level of protection of personal data, as well as recommendations on the European essential guarantees for surveillance measures.

For more information regarding our sub-processors- visit our Sub Processors page.

rs or advisers of our business processes; and (iv) any potential purchasers or investors in Lusha.


If you have any additional questions on our privacy practices, please feel free to contact our Privacy Team under “Other Request”.