How does Lusha process its data?

Types of data in our B2B Database

Lusha collects business contact information and other data associated with business professionals (“business profile information”) to enhance the free market and assist our customers to achieve more business transactions with minimum time and effort.

The business profile information consists of professional information that is similar to what you’d find on business cards, company websites or email signatures. Lusha’s database consists mainly of such business profile information.

To learn more about the Contact Attributes and Company Information that we provide to our Licensees, see the data we cover.

Lusha collects its data from various sources of data. Lusha does not necessarily have an active relationship with data subjects since some of Lusha’s dataset is already in the public domain. In certain cases, however, Lusha also collects personal data from data subjects through other methods (for example, email signature blocks).

To learn more about how Lusha collects its data, see our data sources.

The collection of personal data from various datasets results in a merging of such datasets meaning that Lusha might process a wider set of data. Lusha is taking action to remove any information beyond the scope of business profile information.

Lusha is a registered data broker in California and subject to CCPA (California Consumer Privacy Act).

Lusha also voluntarily adheres to certain privacy principles that are adopted around the world and is aligned with the GDPR (European General Data Protection Regulation), Brazil’s data protection act, and other relevant privacy laws.

What is the legal basis for this?

Since contact data is not collected from business professionals directly, Lusha’s processing activities are not based on their consent, but on the legitimate interest of both Lusha and its business customers, among other legal bases as applicable depending on the context.

The processing operations of Lusha’s services are based on two use cases for customers:

a. Business Intelligence (for Sales, marketing, and recruitment purposes)

Lusha helps organizations drive revenue by providing users with accurate and up-to-date business contact information.

Lusha allows users to reach out to future customers with ease, eliminating the friction in the sales, marketing, and recruitment process – helping users to convert more prospects into customers in a fraction of the time.

b. Fraud prevention

Lusha is designed to empower users to fight fraud by enabling them to verify and authenticate the correlation between an individual’s externalized attributes and the actual data supporting these attributes.

For more information on our legal bases for processing data, please read our Privacy Policy.

Legitimate Interest and Data Protection Impact Assessment

Many advanced privacy regimes claim that personal data must be obtained and processed lawfully and fairly. Personal data should be collected and processed based on a legitimate purpose, after balancing the interests of the organization against the interests and rights of the individual whose data is processed.

Lusha conducted a Data Privacy Impact Assessment (“DPIA”) with the help of first-tier law firms. The DPIA confirms that Lusha’s processing of business profile information satisfies the grounds for the processing of personal data for a legitimate interest. It also determined that this legitimate interest is not overridden by the interests or fundamental rights and freedoms of the data subject which requires protection of personal data. Here are the findings:

a. Nature of the data

The information collected by Lusha is extremely limited. It does not contain any special categories of personal data and is not related to children.

b. Reasonable expectations of Contacts

Although the Business Contacts that we provide our customers access to can be found on business social platforms or during the course of normal business correspondence, we do not collect data directly from Contacts. As a result, they may not know that their data is in our B2B Database. If Lusha obtained the data from a third party, Lusha sends a notice to Business Contacts and allows them to exercise any rights they may have, including the right to opt-out of Lusha’s B2B Database.

As a reminder, you may exercise your rights in relation to your data in our Privacy Form.

Where Lusha does not have enough data to inform Contacts, Lusha deletes their remaining data after a certain period, pursuant to our Data Retention Policy.

c. Processing proportionate to the purpose

Lusha follows data minimization principles and only collects data that are strictly necessary to achieve its purposes. Lusha has processes in place to limit the data processed to business contact information which is professional in nature. Through our Privacy Form, Contacts can claim control over their data.

As mentioned above, Lusha notifies Business Contacts of the option to remove their information from Lusha’s B2B Database, which, in turn, ensures that Lusha processes data as needed, following a proportionality assessment.

We process Contact Data with Safeguards and Compensating Controls

  • Data accuracy through two-source authentication − This assists in ensuring that Lusha only provides accurate and up-to-date information, which serves the purposes that Lusha set out to achieve and benefits Lusha’s business users.
  • B2B Use only – onboarding procedure − Lusha only allows users with a verified business email address to sign up to use its services (registration with free email services, such as Gmail, is not allowed).
  • Compliance reviews − Lusha implements methods and processes to remove customers that act as data brokers and/or do not comply with the Lusha Terms of Service.
  • Security of the data − Lusha does not allow for a “free” search of its database without registration (i.e. it does not allow users to search for and obtain a list of email addresses of all individuals who work at a certain company).
  • Data minimization – Lusha is continuously working to limit its collection and processing of personal data to only include what is necessary to provide its Services.
  • Transparency – Lusha has processes in place to contact all Contacts located in the European Economic Area and the United Kingdom whose Data is processed by Lusha in the Prospecting feature to: (i) inform them that Lusha processes their Data; (ii) provide the data subject with relevant and meaningful information, and (iii) inform Contacts that they have the option to opt-out.
  • Privacy rights – Contacts are able to reach out to Lusha and exercise their rights through our Privacy Form.