Privacy Policy

Please review this Privacy Policy to understand how leads.cm (“Data Controller”) manages the personal data we collect when you visit or use our website, leads.cm.

By accessing or using our website or services, you agree to this Privacy Policy and consent to the collection, transfer, storage, disclosure, and use of your personal data as outlined here. Our services include privacy controls that influence how we handle your personal data. For a detailed list of your data rights and how to exercise them, please refer to Section IX.

This policy may be updated occasionally. By continuing to visit or use the website or services after we make changes, you accept those changes, so please check the policy periodically for any updates.

1. Data Controller

The Data Controller, responsible for determining the purpose and method of processing your personal data, is leads.cm, a company incorporated under the laws of the United States, with email: [email protected] (referred to as “Data Controller,” “Provider,” “Service Provider,” “we,” or “us”).

2. Definitions

  • “Leads.cm”: The leads service provided by Provider.
  • “Affiliate”: Any entity controlled by Provider, where “control” means ownership or rights exceeding 50%.
  • “Data Protection Officer (DPO)”: Ensures that Provider independently applies data protection laws. DPO tasks are defined in Articles 37, 38, and 39 of the EU GDPR.
  • “GDPR”: Regulation (EU) 2016/679 governing the protection and free movement of personal data.
  • “Personal Data”: Any information relating to an identifiable person, directly or indirectly, particularly by reference to an identifier.
  • "Service" or "Services": Services accessible on or through our website, such as email verification using our website or API.
  • “API”: Application programming interface that connects Provider’s Service with other sites or applications.
  • “Website”: Refers to leads.cm and any subdomains, operated by Provider.
  • “Website Visitor”: Any individual or company visiting our website who may communicate with us.
  • “User”: Website Visitor who subscribes to our communications or free services on our website.
  • “Customer”: User who utilizes our paid services on the website.

3. Information We Collect and Why We Collect It

This Privacy Policy applies when we are acting as the data controller with respect to the following personal data of Website Visitors, Users, and Customers:

Information You Provide Voluntarily:

  • Account Data: Name, email, and password, and sometimes phone number, provided during registration and subscription to our free trial. Used to provide services, communicate with you, and ensure website security.
  • Email Marketing Data: If you connect your third-party email marketing account to our service, we require your API key or other authorization to manage your email lists and reports.
  • Correspondence Data: Information from any communication with us, used for record-keeping and communication.
  • Notification Data: Information provided for subscribing to notifications.
  • Payment Data: Billing address and VAT number collected for providing paid services.
  • Transaction Data: Details about transactions, such as timing and purchase codes. Payment transactions are handled by Stripe and PayPal. We do not store full credit card or PayPal details.

The legal basis for processing voluntarily provided information is consent (Art. 6(1)(a) GDPR) and performance of the contract (Art. 6(1)(b) GDPR).

Information We Collect Automatically:

  • Usage Data: Information such as IP address, browser type, location, and website interactions collected for analytics, fraud prevention, and communications.

The legal basis for processing Usage Data is our legitimate interest (Art. 6(1)(f) GDPR), specifically for analytical purposes, fraud prevention, and communications.

If you are a Website Visitor, we process:

  • Correspondence Data
  • Notification Data
  • Usage Data

If you are a User, we process:

  • Account Data
  • Email Marketing Data
  • Correspondence Data
  • Notification Data
  • Usage Data

If you are a Customer, we process:

  • Account Data
  • Email Marketing Data
  • Correspondence Data
  • Notification Data
  • Payment Data
  • Transaction Data
  • Usage Data

4. How We Protect Your Personal Data

We implement technical and operational measures to safeguard your personal data. Security measures include:

  • Secure transmission via encrypted connections
  • Firewalls and limited access for employees and trusted partners
  • Regular system monitoring and penetration testing

We use Stripe for payment processing and store only the last four digits of payment card numbers. While we strive to protect your data, no security measures are foolproof. In the event of a security breach, we may notify you electronically to advise on protective steps. Data may be transferred outside the EEA; if so, we ensure compliance with this Privacy Policy.

5. Data Retention Period

We retain personal data only as long as necessary. If processed based on consent, we retain it until consent is withdrawn, after which it is deleted. Data processed under legitimate interests is retained only as long as necessary, e.g., Correspondence Data up to 10 years, and Usage Data up to 50 months after the end of the relationship.

6. Cookies

We use cookies and similar technologies for tracking. For more details on types, purposes, and management of cookies, please see our Cookie Policy.

7. Sensitive Data

Please do not provide us with sensitive personal data (e.g., government IDs, financial account information, race, religion, health information, etc.).

8. Use of Services by Minors

Our services are not directed to anyone under 18, and we request that minors do not provide personal data through our services.

9. Sharing Information with Others

In certain cases, we may share your personal data with third parties, such as:

  • Hosting providers (e.g., Cloudflare)
  • IT and service improvement providers
  • Data analytics and advertising providers (e.g., Google Inc., Facebook, Hotjar)

These companies process data per our instructions and this Privacy Policy.

10. Data Protection Rights

We want you to be fully aware of your data protection rights:

  • Right to Withdraw Consent: You may withdraw consent for processing at any time.
  • Right to Access: Request copies of your personal data. A small fee may apply.
  • Right to Rectification: Correct inaccurate or incomplete information.
  • Right to Erasure: Request data deletion under certain conditions.
  • Right to Restrict Processing: Request processing limitations under certain conditions.
  • Right to Object: Object to our processing of your data under certain conditions.
  • Right to Data Portability: Request that data be transferred to another organization or you.
  • Right to Lodge a Complaint: In Hungary, complaints can be directed to the Information Commissioner’s Office at ico.org.uk.

To exercise any of these rights, please contact us at [email protected].

11. Contact Us

If you have questions or concerns about this Privacy Policy, the data we hold, or your rights, please contact us:

Email: [email protected]