General Data Protection Regulation (GDPR) Compliance Statement

Leadfellow OÜ (“Leadfellow”, “we”, “us”, or “our”) is committed to complying with the General Data Protection Regulation (GDPR), which is a European Union (EU) regulation that enhances the protection of personal data of individuals within the EU. This GDPR Compliance Statement outlines how we collect, use, disclose, and protect the personal data of individuals within the EU when they use our website (https://leadfellow.com) and our application (https://prm.leadfellow.com) (collectively, the “Service”).

Legal Basis for Processing Personal Data

We only process the personal data of individuals within the EU when we have a legal basis for doing so. The legal basis for processing personal data depends on the purpose for which the data is processed. We process personal data for the following purposes:

– To provide our Service to you: We process personal data to fulfill our contractual obligations to you and to provide you with our Service.

– To comply with our legal obligations: We process personal data to comply with our legal obligations, such as tax and accounting requirements.

– For legitimate interests: We process personal data for our legitimate interests, such as to improve our Service and to communicate with you about our products and services. We always balance our legitimate interests against your privacy rights and only process personal data when our legitimate interests are not overridden by your interests, rights, and freedoms.

– With your consent: We may process personal data based on your consent. You can withdraw your consent at any time by contacting us at [email protected].

Categories of Personal Data We Process

We may process the following categories of personal data of individuals within the EU:

– Contact information, such as name, email address, and phone number.

– Payment information, such as credit card details.

– Technical information, such as IP address, browser type, and operating system.

– Usage information, such as the pages you visit on our website and the features of our Service that you use.

– Marketing information, such as your preferences for receiving marketing communications.

Data Transfers Outside the EU

We may transfer the personal data of individuals within the EU to our service providers and partners located outside the EU, such as in the United States. We ensure that any such transfers are made in compliance with the GDPR and that appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions from the European Commission.

Data Subject Rights

Under the GDPR, individuals within the EU have the following rights:

– Right to access: You have the right to access your personal data and to receive information about how we process it.

– Right to rectification: You have the right to request the correction of your inaccurate or incomplete personal data.

– Right to erasure: You have the right to request the deletion of your personal data when it is no longer necessary for the purposes for which we collected it or when you withdraw your consent.

– Right to restrict processing: You have the right to request the restriction of processing of your personal data when you contest the accuracy of the data or when you object to its processing.

– Right to data portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit it to another controller.

– Right to object: You have the right to object to the processing of your personal data when it is based on our legitimate interests or for direct marketing purposes.

– Right to withdraw consent: You have the right to withdraw your consent to the processing of your personal data when it is based on your consent.

To exercise your GDPR rights, please contact us at [email protected].

Data Security

We implement appropriate technical and organizational measures to ensure a level of security appropriate to the

risk of processing personal data, taking into account the nature, scope, context, and purposes of processing personal data, as well as the likelihood and severity of risks to the rights and freedoms of individuals within the EU. These measures include:

– Access controls: We restrict access to personal data to authorized personnel only.

– Encryption: We use encryption to protect personal data in transit and at rest.

– Monitoring: We monitor our systems and networks for security breaches and promptly investigate and respond to any incidents.

– Training: We provide regular training to our personnel on data protection and privacy.

Data Retention

We retain personal data of individuals within the EU only for as long as necessary to fulfill the purposes for which we collected it, unless a longer retention period is required by law. We regularly review our retention practices and delete personal data that is no longer necessary.

Third-Party Links

Our Service may contain links to third-party websites, applications, and services that are not owned or controlled by Leadfellow. We are not responsible for the privacy practices of these third parties and recommend that you review their privacy policies before providing any personal data to them.

Changes to this GDPR Compliance Statement

We may update this GDPR Compliance Statement from time to time in response to changing legal, technical, or business developments. When we update this statement, we will revise the “last updated” date at the top of the statement. If we make material changes to this statement, we will provide you with notice in accordance with applicable law.

Contact Us

If you have any questions or concerns about this GDPR Compliance Statement or our data protection practices, please contact us at [email protected].