We ensure compliance with data protection laws through multiple means that broadly include (and are not limited to):
- only obtaining business data from publicly available sources and validating our data set;
- screening our telephone database against multiple Do Not Call registries around the world, including the DNC lists in the UK (TPS and CTPS), US, Germany, France, Ireland, Canada, Spain, Portugal, Croatia, Sweden and Belgium;
- having conducted a legitimate interest assessment, balancing tests, a transfer impact assessment, and a data protection impact assessment with our external counsels;
- having a clear privacy policy and a dedicated team that deals with DSARs in due time;
- notifying data subjects in compliance with our transparency obligations under Art 14 GDPR, where we informed them that we had data on them, explained our processing activities and gave them the option to exercise any of their rights, including the option to opt-out;
- keeping up-to-date with the latest data privacy changes and updates;
- holding the ISO 27001 and SOC2 type II certification for our information security compliance;
- being registered with the ICO, the UK regulator and as a Data Broker under CCPA in the US;
- having relevant contracts and safeguards in place when dealing with third parties to ensure we can process the data compliantly; and
- constantly reviewing our compliance processes and mechanisms to ensure we can provide our services compliantly, while upholding data subjects rights and interests.