General Data Protection Regulation (GDPR)

GDPR

About GDPR

Organizations established in the EU and processing personal data of EU-based individuals are, in almost all cases, required to comply with the GDPR as of May 25, 2018. The GDPR updates and harmonizes the framework for processing personal data in the European Union, and brings with it new obligations for organizations and new rights for individuals.

Our Commitment

Although, Lusha is not subject to the statute’s territorial scope provisions of the GDPR, the team at Lusha is fully committed to the principals of the GDPR. Our legal and policy experts have closely analyzed the requirements of the GDPR and continue to monitor new guidance on best practices for implementing the requirements of the GDPR. We have taken these GDPR principals to heart and made changes to our products, contracts and policies to ensure that we are fully aligned with the GDPR. Lusha services are aligned with the GDPR as of May 25, 2018.

 

Worldwide Product Compliance

Many of our customers operate in multiple jurisdictions around the world. To ensure a consistent user experience, Lusha has also adopted the GDPR principals to its entire platform and supports it worldwide. We believe that the use of uniform rules and program logic will greatly enhance our customers’ ability to comply with the GDPR’s requirements (if they are subject to GDPR).

Your Rights Regarding Your Personal Information

We respect your privacy rights no matter where you are from and therefore you may contact us at any time and we shall work diligently to respect your choices and requests regarding your Personal Information. The purpose of the list stipulated below is to allow Users and Contacts to exercise their rights under applicable privacy and data protection regulations:

  • Right of Access: You may request access to your personal information and obtain a copy of your personal information which is being processed by Lusha. If you wish to find out what personal information is being processed by Lusha, we will provide you with the following, free of charge: purposes of processing, categories of personal information processed, recipient(s) of personal information, length of time during which the information will be stored; your privacy rights; and information on data transfers. Such requests are made by contacting our Privacy Team. Please be sure to provide the relevant details.
  • Right of Rectification: You may request to change, update or complete any missing data we process about you, by contacting our Privacy Team with your relevant details. Please note that we may rectify, replenish, or remove incomplete or inaccurate information, at any time and at our own discretion.
  • Right of Erasure: You may at any time request the deletion of your personal information. In this case, if there is no overriding legitimate interest to continue processing your personal information we will erase your data. Such a request will be made by contacting our Privacy Team with your relevant details.
  • Right of Restriction of Processing: You may request that we restrict processing your personal information if the accuracy of the Personal Information is contested by you. To make such a request, please contact our Privacy Team and provide all relevant information.
  • Right to Data Portability: You have the right to receive personal information in a structured, commonly used and machine-readable format. To make such a request, please contact our Privacy Team and provide all relevant information.
  • Right to object to processing Data: You have the right to object to the processing your data. Such a request will be made by contacting our Privacy Team with your relevant details.

However, please note that these rights are not absolute, and may be subject to our own legitimate interests and regulatory requirements
If you are not satisfied with our response or believe we are collecting or processing your Personal Information not in accordance with the laws, you can complain to the applicable data protection authority.

Retention

Personal Information will be retained by Lusha for as long as necessary to provide our services, and as necessary to comply with our legal obligations, resolve disputes and enforce our policies. Retention periods will be determined taking into account the type of information that is collected and the purpose for which it was collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time.
You may request deletion of your personal data, as specified above. Please be notified: If your information is fully deleted from the Lusha Database, it may be obtained again in the future, if it is collected through public platforms or our business partners. In this case, since we have complied with your deletion request, we will not have records regarding your contact data and your contact information may be reintroduced into the Lusha Database. We recommend you to periodically check your profile or the Services to ensure that your then-existed profile or account include only the Information you chose to have displayed.

Legal Basis for processing

The biggest myth about the GDPR is that consent is the ONLY way to lawfully process personal information concerning EU data subjects. While consent is one basis for lawful processing, it is not the only one.
Lusha’s lawful basis for processing is its legitimate interest in providing its services to its users, for more information please contact our Privacy Team.

The categories of recipients of the personal data

In order to provide our service, we may share certain personal data with companies and individuals that subscribe to our service. We may also share personal data with the following recipients: (i) our subsidiaries; (ii) subcontractors and other third-party service providers (e.g. payment processors, advertisers and marketers, hosting services, etc.); (iii) auditors or advisers of our business processes; and (iv) any potential purchasers or investors in Lusha.

Transfer of Data to a Third Country

If we transfer personal data outside of the EU or EEA, we only do so in accordance with the legal mechanisms are providing an adequate level of protection and aligned with the GDPR.

 

Contact

If you have any additional question on our privacy practices, please feel free to address us at Privacy@Lusha.co.

In addition, individuals from the EU may contact our EU representative regarding all requests related to data protection and privacy:

DP-Dock GmbH
Lusha Systems Inc
Ballindamm 39
20095 Hamburg
Germany