Austrian Data Protection Authority and Google Analytics
We await with interest the position of the Dutch and German regulators regarding the decision of the Austrian Data Protection Authority on the use of Google Analytics and the European privacy law.
We are not concerned about our own services because Leadinfo, unlike Google Analytics, does not store data to US entities. Leadinfo’s data is stored at AWS (Amazon Web Services EMEA SARL) in Ireland.
All you need to know about GDPR.
Are you curious about the impact of GDRP on Leadinfo’s IP Tracking? Arnoud Engelfriet of ICTrecht compiled a list of answers for us.
Is the use of Leadinfo legal under the GDPR?
Yes, the use of Leadinfo is legal under the GDPR, which was introduced as a European privacy law on 25 May 2018.
Leadinfo matches the IP address of the visitor against a publicly available database of company data (such as the Chamber of Commerce). According to the GDPR, the IP address is considered to be private data, and there must be solid justification for its use. The justification is ‘own legitimate interest’, provided for in Article 6(1)(f) of the GDPR. This article states working with personal data is permitted if this serves a clear interest and privacy standards are maintained.
Marketing and analytics are considered to be legitimate interests, and Leadinfo only uses private data in a limited capacity. IP addresses are not saved and only publicly accessible corporate data is shared with the users. This means that Leadinfo maintains privacy standards. As a Leadinfo user, you are obliged to state these facts in your company’s privacy statement, as well as the register of data processing operations.
Do clients have access to IP addresses?
No, Leadinfo clients do not have access to IP addresses. Naturally, they may be using their own software to check which IP addresses are visiting their website, but this information is not linked to Leadinfo.
What should I mention on my site when I use Leadinfo?
GDPR requires companies to inform their visitors about what happens to their personal data. They must do so in a privacy statement. An explanation in the Terms and Conditions is not legally valid. You can choose how you would like to word this in your privacy statement. The following is a sample text that you could base your text on: To measure B2B use of our website, we use the Leadinfo solution based in Rotterdam. This service shows us company names and addresses based on the IP addresses of our visitors. The IP address is not stored after use.
Should I explain my usage of Leadinfo in my cookie notification?
Do I have to ask visitors for their consent before using Leadinfo?
No, you do not require visitors’ consent to use Leadinfo. Consent is not always required according to the GDPR. The justification is ‘own legitimate interest’, provided for in Article 6(1)(f) of the GDPR. This article states working with personal data is permitted if this serves a clear interest and privacy standards are maintained.
What are the risks of using Leadinfo without notifying met visitors?
It would be a direct violation of the provisions of the GDPR to process personal data without making notification of this in a privacy statement. If you do not follow these rules, you could receive a fine of up to 40 million euros for each transgression. Leadinfo urges its clients to always clearly state that they are using its services.
How long are IP addresses stored?
Directly after Leadinfo’s systems have received an IP address, matched company data is requested and shown in the portal. The IP addresses are not shown or stored.
Can I stop someone from receiving my company data through Leadinfo’s software?
Business owners who do not want their data to be made visible to Leadinfo users can block access to their company data through this link. Our users will no longer see whether or not these companies use their website.
Can I contact visitors directly?
You are free to contact visitors directly using data acquired through Leadinfo’s software. The GDPR does not apply to company data such as public telephone numbers. Please be aware that sending unsolicited commercial emails or text messages contravenes spam laws, even when these are sent to public telephone numbers or info@ email addresses. If you’d like to contact a person within a company, you must have a clear basis for doing so, such as an opt-in or a warm client relationship. Simply the fact that someone has visited your site is not a sufficient basis for emailing or calling this person. You will need an additional, specific reason to engage in personal contact.
Am I allowed to use a visitor’s info@ email address to establish contact?
Whether a company’s info@ email address is considered private data is legally doubtful. This would mean that the requirement for a basis for using this address does not apply to info@ addresses. There is no jurisprudence available on this point.
Can I share data acquired from Leadinfo with third parties?
Leadinfo does not mind you sharing data with third parties. However, you must inform the third parties about the source of this data and what they may or may not do with it in accordance with the law.