Privacy Notice

Last Updated: March 22, 2023

TRUSTe

 

Lusha is committed to protecting and processing your personal information responsibly. We value the data you share with us and treat it with respect.

This Privacy Notice describes how Lusha collects, uses, and shares your personal information. Additionally, it outlines how you can access and control your personal information. Just click here to access your data and understand its source, or here to remove your data from our service.

Lusha collects personal information related to your profession, similar to the information you would find on a business card or in a business email signature block. We store this information in our database, and make it available to our customers, who use this information to conduct their own business-to-business (B2B) sales, marketing, and recruiting activities.

For additional information about our privacy practices and resources to control your data, visit our Privacy Center. 

1. What is Lusha and what do we do?

Who we are

Lusha Systems Inc. is an incorporated company established in Delaware, with its registered office at 800 Boylston Street, Suite 1410, Boston, MA 02199 USA. Lusha Systems Inc. and/or its affiliates (“Lusha”, “we”, “us”) are responsible for processing Data as described in this Privacy Notice.

To contact us, and for more information, see below.

What we do

Lusha helps business customers (e.g. HR professionals, B2B professionals, sales professionals) validate, verify and find business contact information of relevant Contacts (as defined below) retained in Lusha’s B2B database (“Lusha B2B Database”, and “Services”).

Lusha may collect, use or otherwise process Data (as defined below) relating to:

  • An individual’s business contacts details as defined below (“Contact”) (this information is made available in our Lusha B2B Database);
  • an authorized user of a Lusha Licensee pursuant to our Terms of Service (“End User”);
  • a visitor of our website and Services (“Visitor”).

This Privacy Notice outlines our practices with respect to processing personal data of Contacts, End Users and Visitors (“Data”). Please read it carefully so that you understand how we collect, use, and process your Data, and how you may opt-out of our Data use, or otherwise access, rectify, and/or erase your Data.

Where Data about you as a Contact is collected and processed by us in the Lusha B2B Database, you may opt-out of the processing here and we will add your Data to our suppression list.

If you do not agree with this Privacy Notice or any part of it, you should not access this website or use our Services.

If you have any questions about this Privacy Notice, please contact our Privacy Team.

2. Our approach

Lusha is committed to providing its innovative services while respecting the privacy of everyone involved and complying with any applicable privacy and data protection laws.

We are committed to providing our Licensees and End Users with the most useful and accurate Data possible in our Lusha B2B Database and have implemented internal measures for accuracy and relevancy purposes. In particular, we implement processes to cross-check and verify the accuracy of the Data in the Lusha B2B Database and have adopted procedures to avoid storing non-business (i.e., personal and private) contact details in the Lusha B2B Database to the extent reasonably possible.

Lusha only collects Data to the extent necessary and does not collect sensitive data related to health, religious beliefs, political opinions, or ethnicity.

As part of our ongoing commitment, Lusha’s privacy practices are audited on a yearly basis by an independent third party and maintains ISO 27701 certification.

All processing activities on behalf of our Licensees are framed in a lawful and secure way, pursuant to Lusha’s Data Processing Addendum (“DPA”). If you are a Licensee, you can send us any request relating to the Data we process on your behalf in accordance with our DPA.

3. Types of information we collect from or about you

We collect and process Data:

3.1 Data about Contacts

We process business-related Data about Contacts. This Data is limited to what you would normally find on a business card or in a business email signature block, or to what is necessary to contact an individual with a business social network profile or to verify the authenticity of such a profile. We then provide this Data to our Licensees in the Lusha B2B Database.

To learn more about this Data, click on this link to see the Data we process under “Contact Attributes” and “Company Attributes”.

Our Lusha B2B Database relies on Data retrieved or derived from information from the following sources:

  • Our Community Program: Our community members may share Data of their professional business network with us, such as email header, and signature blocks from their business email. Please note that community members must opt-in to sharing the Data of their professional business network with us in accordance with the Community Program terms. You can learn more about Lusha’s Community Program here.
  • Our email composing features: Where Lusha End Users provide us access to their email account for the purposes of using our email composing features, we obtain Data using Google’s or Microsoft’s APIs. Click here for more information about the protections we implement when we use this Data.
  • Our affiliates and group members: We receive Data from affiliates, i.e. subsidiaries, parent companies, joint ventures, and other corporate entities under common ownership or in the same corporate group.
  • Publicly available sources: Our proprietary algorithm scans publicly available sources and retrieves public information to understand standard corporate email patterns (e.g. firstname.lastname@company.com). We use this Data only after we have verified it in accordance with our internal processes.
  • Business social network profiles: When an End User uses our browser extension while using LinkedIn, we read the minimum Data presented on the LinkedIn profile pages that the End User is browsing for providing the Service( e.g. name, position, company, contact details if public)
  • Third parties (for information about companies): We rely on business partners to collect company information about and maintain a verified list of existing companies. We use this information to ensure that the Data we process relates to business details obtained from the above is only added to the Lusha B2B Database if it relates to business details (as opposed to personal contact details). If we detect personal contact details, we will not add this to the Lusha B2B Database.

Learn more about Our Data Sources

All of the Data collected from our sources described above is analyzed by Lusha’s proprietary algorithm to organize, scan, and merge certain Data attributes into a unique identifiable “Business Contact Card” which is published on the Lusha B2B Database. [We suppress any Data that our algorithms detect as non-business Data.]

We are focused on providing business Data only in the Lusha B2B Database, so we have implemented measures to exclude contacts who are public servants or otherwise public figures. If you opt-out, we will also remove your Data from the Lusha B2B Database and hold it on our suppression list.

3.2 Information we collect about and from End Users

Data we process about End Users

We collect Data directly from End Users where they interact with us. For example, this is the case when End Users create an account, use our Services, contact us via our website or support channels. The Data includes:

  • name
  • professional email address
  • professional phone number
  • professional mailing address
  • location
  • user activity
  • referred friend’s professional email address and name (only if you use our referral service)
  • any other information you provide us voluntarily when you communicate with us.

We do not sell any Data or information shared with us by our paying Licensees, End Users, or customers unless they decide to join our Community Program.

Data we collect through Lusha Integrations

As part of the Services, End Users or Licensees may integrate Lusha with certain platforms (“Integrations”). When using Lusha’s Integrations, Data from End Users’ or Licensee’s CRM tools, email, browser extension (such as Chrome add-on) or other software will be transmitted to Lusha, so Lusha can match or cleanse this data against Data held in the Lusha B2B Database.

For example, End Users can use our Integration browser extension while browsing the profile pages of Contacts on business social networks, such as LinkedIn. When an End User does this, our browser extension collects the Data about Contacts presented on the profile pages that you are browsing.

Through these Integrations, Lusha may also collect Data about Contacts and Lusha may run these through its proprietary algorithm to organize, scan, merge and update certain Data into an existing “Business Contact Card” on the Lusha B2B Database, or otherwise improve Lusha’s research processes and the content provided by its Services.

By connecting your email account as an Integration, Lusha may scan and/or extract business contact details from the inbox and may use it to improve its services.

Data our Payment Partner collects

For End Users and Licensees that pay for the Services by credit cards, our service provider Stripe Inc. processes your payment information, while Lusha does not have direct access to it. We have an agreement with Stripe to ensure that your payment information is processed in a secure and confidential way.

3.3 Information we process about End Users and Visitors alike

If you are an End User using our Services as an authorized user of a Lusha Licensee or a Visitor that visits our website or Service, we automatically collect information sent to us by your computer, mobile phone, or other access devices. This information includes:

  • Your device information (for example, the type of browser and operating system your device uses, your language preference, your domain name, and the time you accessed the website)
  • Your mobile network information
  • Your IP address
  • Alerts for troubleshooting errors and bugs

Where you are not logged into your account, this information is unidentified to you and we are not aware of the identity of the user from which this information is collected.

We use cookies and other similar technologies (e.g. web beacons, log files, scripts and eTags) (“Cookies”) to enhance your experience using the Service. Cookies are small files which, when placed on your device, enable us to provide certain features and functionality. For more information, please read our cookie policy.

4. How and why do we use your Data?

4.1 Data about Contacts 

Context of processingPurpose of processingLegal basis
Purposes related to the provision of our Services
  • Enabling our End Users and Licensees and service providers to access and use our Lusha B2B Database
  • Enriching, updating, cross-checking and validating the Lusha B2B Database
  • Our legitimate interest in fighting against identity theft and online fraud
  • Our legitimate interest in providing accurate and up to date Contact Data, allowing our End Users and Licensees to engage with other businesses and business representatives in meaningful and effective online and offline interactions
Purposes related to the analysis and improvement of our Services
  • Responding to your questions, support requests or feedback
  • Our legitimate interest in operating a successful business
Purposes related to compliance with regulations and the fight against fraud
  • Detecting and preventing fraudulent and illegal activity, or any other type of activity that may jeopardize or negatively affect the integrity of the Services
  • Responding to your requests regarding your Data
  • Investigating violations and enforce our policies, and as required by law, regulation, or other governmental authority, or to comply with a subpoena or similar legal process, or respond to a government authority’s request
  • Our legitimate interest in ensuring the safety and proper functioning of our Services
  • Our legitimate interest in ensuring that our Terms of Use and other policies are complied with
  • Our legitimate interest relating to the exercise of our rights or the defense of our legal rights
  • Compliance with our legal obligations

4.2 Data about End Users

Context of processingPurpose of processingLegal basis
Purposes related to the provision of our Services
  • Enabling our End Users and Licensees and service providers to access and use our Lusha B2B Database
  • Enable you to compose and process emails if you use our email composing functionality
  • Our legitimate interest in providing accurate and up to date Contact Data, allowing our End Users and Licensees to engage with other businesses in meaningful and effective online and offline interactions, pursuant to the Agreement with a License
Purposes related to the use of the Services, the creation and management of your account
  • Registering, maintaining and managing your user account or membership with us
  • Verifying your registration to the Services and approve your email address
  • Communicating with you regarding the Licensee’s purchase, inquiries, support request, feedback, or questions
  • Processing your order, including sending you any necessary emails related to the Licensee’s purchase of any paid Services
  • Sending you important announcements in relation to security, privacy, or the administration of our Services
  • Personalizing our Services to ensure its content is presented in the most effective manner for you and your device
  • Our legitimate interest in providing accurate and up to date Business Contact information, allowing our End Users and Licensees to engage with other businesses in meaningful and effective online and offline interactions, pursuant to the Agreement with a Licensee
  • Compliance with our legal obligations, including those applicable to our Payment Partner as a payment service provider, such as anti-money laundering, anti-corruption, and credit card fraud
  • Where applicable, your consent
Purposes related to the analysis and improvement of our Services
  • Conducting troubleshooting, Data analysis, testing, research, statistical and survey analysis
  • Our legitimate interest in ensuring the safety and proper functioning of our services
Purposes related to the promotion of our Services
  • Signing you up for our newsletters or alerts
  • If you opted in to marketing, communicating with you about our latest updates, upgrades, and services
  • Building and maintaining our End User and Licensee community
  • Our legitimate interest in promoting our Services
  • Where applicable, your consent
Purposes related to compliance with regulations and the fight against fraud
  • Detecting and preventing fraudulent and illegal activity, or any other type of activity that may jeopardize or negatively affect the integrity of the Services
  • Responding to your requests regarding your Data
  • Investigating violations and enforce our policies, and as required by law, regulation or other governmental authority, or to comply with a subpoena or similar legal process, or respond to a government authority’s request
  • Our legitimate interest in ensuring the safety and proper functioning of our services
  • Our legitimate interest in ensuring that our Terms of Use and other policies are complied with
  • Our legitimate interest relating to the exercise of our rights or the defense of our legal rights
  • Compliance with our legal obligations, including those applicable to our Payment Partner as a payment service provider, such as anti-money laundering, anti-corruption, and credit card frau

4.3 Information about End Users and Visitors 

Context of processingPurpose of processingLegal basis
Purposes related to the analysis and improvement of our Services
  • Conducting troubleshooting, Data analysis, testing, research, statistical and survey analysis
  • Ensuring our services are working properly
  • Our legitimate interest in ensuring the safety and proper functioning of our services

5. Additional restrictions

Notwithstanding anything else in this Privacy Notice, if you provide Lusha access to your email account, for the purpose of using our email composing features, the following types of your Google data or Microsoft data will be subject to these additional restrictions:

Lusha will only use access to read, write, modify, or control email message bodies, metadata, headers, and settings to enable End Users to compose and process emails and will not transfer this data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets. We will not use this data for serving advertisements, selling data, or any other purpose except as set hereinabove or as otherwise permitted in line with Customer-/End User-specific consent.

Lusha’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

Further, Lusha’s use of the Microsoft API is subject to Microsoft’s privacy policies, you can edit your settings and revoke consents provided to Microsoft at any time by following the instructions in the following links: https://account.live.com/consent/Manage and/or https://myapps.microsoft.com.

6. How we share your information

We may share information with third parties in the ways and for the purposes described above.

  • With our End Users and Licensees (Contacts only): We share Contacts stored in the Lusha B2B Database with our End Users and Licensees, for the purpose of providing our Services and allowing access to authentic, current, and up to date business contact information.
  • Within Lusha or our Payment Partner: We may share your information within Lusha. To the extent permitted by law and taking into account the protection of your rights and freedoms with respect to the processing of your Data, and the consent you have given (if any), your Data will only be accessible by a limited and defined number of recipients within Lusha (such as employees) or our Payment Partner.

Please be assured that such access to your Data will be strictly on a “need to know” basis and will be subject to our internal privacy policy and an obligation of confidentiality.

  • With our service providers: Your Data will generally not be disclosed to recipients outside Lusha or our Payment Partner. In some cases, however, Lusha uses third-party sub-processors acting on its behalf under contracts that will include strict data protection obligations. A full list of sub-processors, including their purpose, locations, and transfer method can be found here.

In particular, we will provide your Data to service providers or suppliers as part of our normal business operations. Such service providers include (i) hosting services providers, (ii) data analytics providers, (iii) payment processors, and (iv) security services providers.

When you are joining the Lusha group or fan page on Facebook, Facebook and We are acting as joint controllers. The same goes when you are visiting our LinkedIn Page.

  • Facebook Inc., headquartered at 1 Hacker Way, Menlo Park, CA 94025, United States of America. The joint controller addendum can be found here.
  • LinkedIn Corporation is headquartered at 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA. The joint controller addendum can be found here.

Please note that when it comes to connecting your CRM, Google, or Microsoft accounts to our Service (via Google connect, Office 365 Login, etc.) Lusha acts as an independent controller.

  • In connection with an asset sale, merger, bankruptcy, or other business transaction: We may share Data while negotiating or in relation to a change of corporate control such as a restructuring, merger, or sale of our assets.
  • With other third parties and with public authorities: In certain circumstances, we may also share and disclose such your information, if we believe in good faith that such disclosure is necessary or required: (i) to comply with a law, regulation, governmental or securities exchange requirement, court order, judicial proceeding, or legal process, such as a subpoena or a search warrant; (ii) to address a violation of the law; (iii) to investigate fraud or criminal activity, and to protect our rights or those of our affiliates, vendors and users, or as part of legal proceedings affecting or may affect us or our affiliates, vendors or users; and (iv) to allow Lusha to exercise its legal rights or respond to a legal claim.

7. How long do we keep your Data?

Lusha has implemented a retention policy, setting retention periods taking into account the type of information that is collected and the purpose for which it was collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time.

We only keep your Data for the time necessary for the purposes described above.

  • Contacts: We retain your Data for the duration necessary to provide our Services and, thereafter in archives, to comply with our legal obligations, resolve disputes and enforce our policies.
  • Lusha End Users: We retain your Data for the duration of your active account on Lusha. We may keep your Data for 3 years following the last activity in your account in order to comply with our legal and contractual obligations or to protect ourselves from any potential disputes (as required by laws applicable to record-keeping and to have proof and evidence concerning our relationship, should any legal issues arise following the termination of your account), all in accordance with our Data Retention Policy.

We retain this Data strictly on your behalf, in accordance with reasonable instructions and as further stipulated in our Data Processing Addendum and other commercial agreements with Licensees or other relevant customers.

Lastly, we retain Data in our suppression list for the duration necessary to provide our Services, which includes ensuring that any Contacts who are public figures or who have exercised their right to opt-out remain excluded from the Lusha B2B Database.

Once the retention period has passed, Lusha takes the appropriate and adequate measures to dispose of all and any Data in a secure and lawful manner in accordance with NIST 800-88 guidelines for media sanitization.

8. How to opt-out or access, rectify, and/or erase your Data

Lusha allows you to access your Data, edit or obtain Data collected about you by contacting our Privacy Team.

Note that we maintain a suppression list which may include personal data, for the sole purpose of ensuring that opt-out requests are respected and that your contact information no longer appears in the Lusha B2B Database in the future if you have opted-out.

For any request relating to your Data, contact our Privacy Team. In particular, you may request:

  • Information and access to a copy of your Data: you may obtain confirmation as to whether or not your Data is processed by Lusha. As applicable you may get more information on the Data we hold and how your Data is processed, and get a copy of your Data.
  • Rectification of your Data: you may rectify your Data if it is inaccurate or incorrect or out-of-date. You may also have incomplete Data completed.
  • Erasure of your Data: you may request the erasure of your Data, e.g. if you object to the processing of your Data (see below). However, we may have legal or legitimate reasons for retaining the Data depending on the context. Upon complying with your request, we shall also inform the customers that purchased your data, for more information see here.
  • Limitation of processing: you may request a limitation of your Data, e.g. in case of issue or audit. We will mark your Data to limit their future processing.
  • Data portability: you may receive the Data that you have provided to Lusha, in a structured, commonly used and machine-readable format, and you have the right to transmit this Data to another data controller without hindrance from us. This right only applies where the processing of your Data is based on your consent or is Data you have provided to us for the performance of the Lusha Terms of Service.

You may also object to the processing of your Data for certain purposes.

  • To stop receiving marketing communications from us: you may demand that we stop any direct marketing to you, at any time. You will find a link or instructions to unsubscribe in any such communications from us.
  • For other purposes: you may object to the processing of your Data where such processing is based on legitimate interest as described above. Please describe the reasons relating to your particular situation to justify your request. If applicable, we will stop the processing unless we have compelling legitimate grounds.

If you have given us your consent, you may withdraw that consent at any time for future processing. This will not affect the lawfulness of the processing prior to the withdrawal of consent.

Minors

The products and services of Lusha are not targeted to or intended for children under the age of 18. In the event that we become aware that a Contact or End User is under the age of 18, we will discard such information. If you have any reasons to believe that a minor has shared any information with us, please contact us at support@lusha.com.

9. How do we safeguard and transfer your Data?

We will take all steps reasonably necessary to ensure your information is treated securely and in accordance with this Privacy Notice.

Once we receive your information, we take all appropriate technical and organizational measures, reasonable precautions, and follow industry best practices to safeguard your information against loss, theft, unauthorized use, access, or modification.

We are headquartered in the United States of America and, while our Data is stored on Amazon Web Services in the United States of America, many of our Data processing activities are carried out from other countries including by staff operating outside the European Economic Area who work for us or for one of our service providers or partners.

Our affiliate Lusha Systems Ltd. and some of our staff are located in Israel, where there is an adequate level of protection of personal data according to the European Commission (2011/61/EU: Commission Decision of 31 January 2011) and the competent authority of the United Kingdom (see Information Commissioner’s Office).

Where applicable, e.g. when our customers are subject to the GDPR and export data to us, we have signed contracts based on the Standard Contractual Clauses approved by the European Commission or the United Kingdom International Data Transfer Agreement or Addendum (as applicable) or similar contracts ensuring essentially the same level of protection for further transfers.

For a list of our subprocessors and means of transfer visit our subprocessors page.

10. Changes to this policy

Lusha may modify this Privacy Notice from time to time, to reflect eventual changes in the way we process Data. If we make material changes to this policy (such as a change in our processing purposes, a change in the identity of the controller, or even a change regarding the way you can exercise your rights in relation to our processing activities), we will notify you, as appropriate, depending on the substance of the change, by email or by means of a notice on our website’s homepage, prior to the changes becoming effective.

11. Contact us

Should you have any queries regarding this Privacy Notice or about how Lusha uses your data that are not answered here, please contact our Data Protection Officer, Assaf Gilad, by email.

If you are a Contact or Visitor, Lusha Systems Inc. and Lusha Systems Ltd. (a company incorporated in Israel with registered address at 132 Derech Menachem Begin,Tel Aviv 6701101) are joint controllers of your Data. You can exercise your rights here, and find out more information about the joint controller arrangement by contacting our Data Protection Officer by email.

If you are an End User, the relevant data controller is the Lusha entity that your company contracts with, as set out in the Agreement.

Lusha has appointed DP-Dock GmbH as a contact point in the European Union and the United Kingdom. We hope that in the first instance, you can raise any questions and concerns with our Data Protection Officer by email, but you can also contact DP-Dock GmbH at lushasystems@gdpr-rep.com or write to them:

In the EU:
DP-Dock GmbH
Attn: Lusha Systems, Inc.
Ballindamm 39
20095 Hamburg
Germany

In the UK:
DP-Data Protection Services UK
Attn.: Lusha Systems, Inc.
16 Great Queen Street
London WC2B 5AH
United Kingdom

12. Complaints

If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint. Please email the details of your complaint to:

  • In the United Kingdom, the Information Commissioner’s Office https://ico.org.uk/;
  • Anywhere else, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.

Alternatively, if you have an unresolved privacy or Data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider at https://feedback-form.truste.com/watchdog/request.

 

VersionUpdatedStatus
V5March 22, 2023Current
V4Sep 16, 2022 Obsolete
V3July 24, 2022Obsolete
V2June 1, 2022Obsolete
V1June 20, 2021 Obsolete