fullinfo B.V. (‘fullinfo’, ‘we’, ‘us’, or ‘our’) offers a business information platform. With an influx of new information on a daily basis, we constantly process personal data. Your privacy is important to fullinfo, which is why we adhere to the General Data Protection Regulation (‘GDPR’) and US privacy laws, including the California Consumer Privacy Act (‘CCPA’), where applicable.
This Privacy and Cookie Statement consists of two parts. The first part applies to both US and EU citizens. The second part applies to US citizens only. In case of a conflict between provisions from the first and second part, the provision that grants the best protection of your privacy rights takes precedence.
Part I – GDPR
Our Privacy and Cookie statement at a glance
In summary, we:
- Collect data from publicly available sources on the internet, such as company websites and professional social media, and store this in our database.
- Make these data available to our customers, who use the data for their own commercial purposes, as controller.
- Do not collect more data than is necessary for our customers’ or our own purposes.
- Store and refresh the data in our database so that our customers always have the latest, up-to-date information.
- Host your data in the European Union.
fullinfo ‘privacy by design’
At fullinfo, we have implemented privacy at the design stage of our technology because we care about privacy from every individual we hold in our database. This privacy and cookie statement (‘Privacy and Cookie Statement’) describes our policies and procedures on the collection, use and disclosure of personal information, tells you about your privacy rights and how the law protects you.
1. fullinfo as processor
fullinfo partly offers its platform in the role of processor, which means we search information if one of our customers requests us to do so. Our customer is the controller for the retrieved personal data. Please note that we do include retrieved personal data within our own database, to have the information more readily available for other customers. From this point onwards, we are the controller of this personal data. Additionally, fullinfo collects information for its database itself in its capacity as controller. Please see paragraph 2 for more information on the controller role for our database.
Our customers are the controller for the personal data that they request, access and use for their own purposes, and are as such required to, amongst others, inform data subjects about the processing of the personal data, including the source of the data, and to have a legal basis. Customers are also responsible for complying with other legislation with respect to this personal data, such as the legislation governing the use of email addresses and telephone numbers to approach data subjects for commercial purposes, including the ePrivacy Directive.
2. fullinfo as controller for its database
fullinfo’s role for its database is twofold. As detailed in paragraph 1, we include customer queries in our own database and are the controller from this point onwards for the database as a whole. The remainder of this Privacy and Cookie Statement relates to the processing of personal data for which fullinfo is the controller. Additionally, we proactively build our database ourselves. We compile and combine company profiles, including publicly available contact details, which may constitute personal data. Our scanning technology collects data from a variety of publicly available sources. We scan company websites, press releases, blogs, company records, social media and other publicly available information about companies and individuals. We also collect data from government publications, always in accordance with the terms and conditions for the disclosure and sharing of information. The information will be included in our platform, until new information is available, or the data is no longer necessary.
Through our application programming interface (‘API’) we license our customers to connect their business software to integrate with the fullinfo technology. The plugin technology we provide our licensed customers provides our customers with an automated service to verify their business contacts and it also allows our customers to add new business contacts to their business software.
We collect the following, publicly available personal data:
- LinkedIn handler
- Twitter handler
- Instagram handler
- Profile image
- Job Title
- Contact details
- Suppression list status
We collect this personal data based on our legitimate interest to offer our customers relevant information to contact the data subjects. Our platform functions similar to a search engine, but instead of returning many results in the form of hyperlinks to websites, we display the relevant data directly in a customer-friendly manner. We only index publicly available information which was published for business purposes, and only include limited data points, which may be of interest to our customers. As follows from the abovementioned overview, this mainly concerns company data, and some personal data. We do not collect special or sensitive categories of personal data. We handle the data with appropriate safeguards to mitigate and, where possible, eliminate privacy risks, including maintaining internal privacy and security policies, confidentiality obligations, offering transparency, and complying with data subject rights. Please contact us via the contact details below if you would like to inquire about the measures that we have taken.
Of course, you may also contact us if you object to this processing of your personal data. If you object, you will be removed from our database, and we will not include you again. To avoid re-entry into the database, we maintain a suppression list. The suppression list contains a minimum dataset (first name, middle name, last name, business email address, globally unique identifier (GUID) and LinkedIn URL) to ensure that fullinfo will stop the processing of your personal data.
3. fullinfo as controller with respect to other data subjects: for which purposes do we process your personal data?
When you use our platform as a customer, or visit our website, we obtain various personal data from you. Each processing purpose is detailed below.
Creating and maintaining an account/subscription
You can, as a customer, create an account on our website (execution of the agreement), after which you can use our platform. We process the following personal data for this purpose:
- Contract contact name (first, middle and last name)
- Company name
- Business address and location
- Business email address
- Business phone number
- Business users who need to be provided access to the technology:
- User name (first, middle and last name)
- User business email address
- Payment details, which are used for payment and billing purposes
- Additional, voluntary added information
- IP address and log(in) information
We store your personal information until you delete your account or up to 2 years after you last logged in to your account. We will then send you an email to remind you of your account. If you do not use your account two weeks after this notification, we will then assume that you no longer wish to use our services and delete your account. Some data is stored longer if we are legally obligated to do so (e.g. because of the tax retention obligation).
Third-party social media login
It is also possible to register for an account and log in to use our platform through the following third-party social media services:
If you decide to register through or otherwise grant us access to a third-party social media service, we will collect personal data that is already associated with your third-party social media service’s account, such as your name, your email address. Most third-party social media services allow you to manage which data are shared when logging in.
You may also have the option of sharing additional information with us through your third-party social media service’s account. If you choose to provide such information, during registration or otherwise, we use this information for the conclusion and performance of the agreement with you, and consistent with this privacy statement.
We store your personal information until you delete your account or up to 2 years after you last logged in to your account. We then assume that you no longer wish to use the third-party social media log in.
When you send us an email, use our contact form, contact us by telephone or in any other way, you accept our offer to contact us (execution of the agreement). The same applies when we contact you for service purposes.
We process the following personal data for this purpose:
- Email address
- Any information you provide as part of the content of a message
We store your data for as long as this contact requires it or up to a maximum of 2 years after we last had contact with you; we want to make sure we have dealt with your query or complaint properly.
If you apply for one of our job openings or submit an open application, we process your personal data for the purpose of handling your application and in preparation for a possible employment contract.
We process the following personal data for this purpose:
- Name and address details
- Contact details (email address and telephone number)
- Curriculum Vitae
- Cover letter
- Salary requirements
- Any other information you provide in your application
In case you are not hired, your application details are stored for a maximum of 6 weeks after the position has been filled. We store this information so that we can contact you, should the position become vacant again within the probationary period. If we are unable to offer you a position at this time, we may – with your consent – store the application data for one more year. You can revoke your consent at any time by sending us an email. We will store your application data in your personnel file should you decide to work for us. This file will be stored for as long as necessary, and the application data will be kept for a maximum of 2 years after termination of the employment contract.
Social media and internet screening can be part of the application procedure. This is necessary for us to preserve our image when hiring new staff; we do this on a legitimate interest basis. We will do a search of your name on Google and on various social media but only insofar as this is necessary for the specific job function you apply for and only insofar as these profiles are public. We will not ask you to grant us access to a private social media page or to accept a request from us. The results of the screening will be discussed with you. Should you have any objections to this, you can inform us by email at the time of your application.
We use reCAPTCHA to prevent abuse of our contact forms by sending spam. By indicating that you are not a robot, it checks:
- how quickly the form is completed;
- which mouse movements are made while filling in the form;
- the IP address of the person completing the form.
4. General information about fullinfo as controller
When do we share your personal data with third parties?
fullinfo will only share your information with third parties to the extent permitted by current legislation. We may disclose your personal data to third parties when:
- we have contracted them to process certain data;
- it is necessary to conclude and/or perform the agreement with you;
- you have provided your consent;
- we have a legitimate interest in doing so;
- we are legally obligated to do so (e.g. if the police demand it in case of a suspicion of a crime, or by a valid request by public authorities (e.g. a court or a government agency)); or
- if we are involved in a merger, acquisition or asset sale but only to the extent that sharing of the personal data is necessary in that context.
Third parties processing personal data on our behalf:
- Payment service providers. Please note that we will not store or collect your payment card details. That information is provided directly to our third-party payment providers whose use of your personal data is governed by their privacy statement. Our payment providers adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.
- IT suppliers and service providers. We may share your personal information with service providers to be able to offer the platform, to monitor and analyze the use of our service, to help support and maintain our service, to show advertisements on third-party websites to you after you visited our service and to contact you.
- Consultants and counsel
- Affiliates. We may share your information with our affiliates if required for the purposes set out above, in which case we will require those affiliates to honour our privacy statement. Affiliates include our parent company and any other subsidiaries, joint venture partners or other companies that we control or that are under common control with us.
fullinfo may disclose your personal data to parties located outside the European Economic Area (EEA) to provide our services, such as optimization tools. fullinfo will only do so if there is an appropriate level of protection for the processing of personal data. Please note that customers may access our services globally, the corresponding terms and appropriate safeguards are included in our terms of service.
How do we secure your personal data?
fullinfo takes appropriate technical and organisational measures for the processing of personal data to prevent loss or any form of unlawful processing (e.g. unauthorised access, tampering, modification or disclosure of personal data). The security of your data is important to us, but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While we strive to use appropriate means to protect your personal data, we cannot guarantee its absolute security.
How long do we retain personal data?
Insofar as we can mention determined retention periods, these are included under the specific purposes above. In case no retention period is included, we will retain the respective data for as long as is necessary for the purposes for which they were collected. We will retain and use your data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
We may also retain usage data for internal analyses purposes. Usage data is generally retained for a longer period, including for purposes of strengthening the security or improving the functionality of our service. In such case, the data will be anonymized after two years. Data may be retained longer as well if we are legally obligated to retain this data for longer time periods.
Social media buttons
We use social media buttons on our website that redirect you to LinkedIn. This gives you the option to follow us and share content. The buttons operate through bits of code provided by LinkedIn. If you want to know what LinkedIn does with your personal data, please read LinkedIn’s privacy statement. LinkedIn is located in the United States.
Our website uses first-party and third-party cookies. Cookies are small data files that can be automatically stored on or read from the visitors’ device (such as a PC, tablet or smartphone) when visiting a website. This is done via the web browser on the device. We may also use web beacons, flash cookies, tags and scripts to improve and analyse our service.
These cookies may collect the following data from you:
- IP address
- MAC address
- Cookie ID
- Website and click behaviour
- Referrer URL
- Location information (with additional consent)
The list of the cookies we use is shown in the overview below.
|Cookies, supplier, location and appropriate safeguards||Type||Purpose||Retention period|
|Contentful, GermanyPrivacy statement||Analytical||We use Contentful as content management system. Contentful creates unique identifiers, records the amount of people that visit our website, and tracks whether they have visited before.||Maximum of 180 days|
|Facebook, United StatesPrivacy statement||Marketing||The Facebook pixel is used to enable Facebook’s advertisement options. The pixel registers click behavior and website visits.||172 days|
|Fullinfo, the Netherlands||Necessary||This cookie registers the response to the cookie banner.||172 days|
Enabling and disabling cookies
You can set your web browser to only accept cookies with your consent. Consult your browser guide for more information. Please note that many websites will not function optimally when cookies are disabled.
Your mobile device may give you the ability to opt out of the use of information about the apps you use in order to serve you ads that are targeted to your interests:
- “Opt out of Interest-Based Ads” or “Opt out of Ads Personalization” on Android devices
- “Limit Ad Tracking” on iOS devices
You can also stop the collection of location information from your mobile device by changing the preferences on your mobile device.
Most cookies have an expiration date. When an expiration date is set, the cookie is automatically deleted once that date passes. You can also choose to delete the cookies manually before the expiry date. Please consult your browser guide for more information.
Which privacy rights do you have?
f you have any questions or would like to know what personal data we have about you, you can always contact us using the contact details below.
You have the following rights:
- Right of access: you have the right to access the personal data we process about you.
- Right to rectification: you have the right to correct or supplement the personal data we process about you, e.g. if they are incorrect or incomplete.
- Right to object: you have the right to object to the processing of your personal data and to the use of your personal data for direct marketing purposes.
- Right to erasure: you may request us to erase your personal data.
- Right to withdraw your consent: if you have consented to us processing personal data, you can withdraw your consent at any time.
- Right to data portability: if it is technologically possible, if you have submitted personal data to us, if this is processed by automated means and on the basis of your consent or to conclude and/or perform the agreement with you, you have the right to have the personal data we process about you transferred to you in a commonly used format or to a third party.
- Right to restrict processing: in some cases, you can request that we restrict the processing of your personal data (temporarily or otherwise).
Please note that in some cases, we may be entitled to (partly) not comply with your request. We may ask you to provide identification details to fulfil your request to ensure that the requested personal data belongs to the right person.
We will generally comply with your request within one month. However, this period may be extended by two months depending on the specific privacy rights or the complexity of the request. If we extend this period, we will inform you in good time.
If you wish to exercise any of your rights, you can do so by sending an email to our Data Protection Officer via email@example.com.
Our service does not address anyone under the age of 13. We do not knowingly collect personal data from anyone under the age of 13. If you are a parent or guardian and you are aware that your child has provided us with their data, please contact us. If we become aware that we have collected data from anyone under the age of 13 without verification of parental consent, we take steps to remove that information from our servers.
Changes to this Privacy and Cookie Statement
When there is a change in our services, we will also need to change our Privacy and Cookie Statement. We will let you know via email and/or a prominent notice on our platform, prior to the change becoming effective and update the “Last updates” date at the top of this Privacy and Cookie Statement. Changes to this Privacy and Cookie statement are effective when they are posted on this page.
Links to other websites
Our website or service may contain links to other websites that are not operated by us. If you click on a third-party link, you will be redirected to that third party’s site. We strongly advise you to review the Privacy Statement of every site you visit.
We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.
Filing a complaint
Should you feel we have not been able to help you properly with any questions about your privacy, you have the right to file a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or the competent supervisory authority of your country.
For questions about our Privacy and Cookie Statement or your rights, you can always contact us using the information below:
3029 AK Rotterdam
Chamber of Commerce number: 82102066
Data protection officer email address: firstname.lastname@example.org
Part II – US Citizens Only
This second part of our Privacy and Cookie Statement only applies to US citizens. This second part is an addition to the first part to comply with US privacy legislation and in particular the CCPA. In this part of the Privacy and Cookie Statement we refer to the CCPA, but this part also applies to similar laws from other states (such as the Nevada Privacy Law).
Do Not Track
Californian law requires us to disclose how we respond to “do not track” signals from browsers. Do Not Track (‘DNT’) is a concept that has been promoted by US regulatory authorities, in particular the US Federal Trade Commission (‘FTC’), for the Internet industry to develop and implement a mechanism for allowing internet users to control the tracking of their online activities across websites. Our service does not respond to Do Not Track signals.
However, some third-party websites do keep track of your browsing activities. If you are visiting such websites, you can set your preferences in your web browser to inform websites that you do not want to be tracked. You can enable or disable DNT by visiting the preferences or settings page of your web browser.
The sale of personal data
The CCPA requires us to disclose whether we sell your personal information. As defined in the CCPA, ‘sell’ and ‘sale’ means selling, renting, releasing, disclosing, disseminating, making available, transferring, or otherwise communicating orally, in writing, or by electronic or other means, a consumer’s personal information by the business to a third party for valuable consideration. This means that we may have received some kind of benefit in return for sharing personal information, but not necessarily a monetary benefit.
fullinfo provides a business information platform. To this extent, we collect data which we license, as part of our platform, to our customers. Once we receive and confirm a verifiable consumer request from you, we will stop selling your personal information. To exercise your right to opt-out, please contact us via the contact details under Part I. The collected information and its source it listed in the table below.
You can change this by disabling analytical and marketing cookies via this link.
Sale of information of minors under 16 years of age
We do not sell the personal information of consumers we actually know are less than 16 years of age, unless we receive affirmative authorization (the ‘right to opt-in’) from either the consumer who is between 13 and 16 years of age, or the parent or guardian of a consumer less than 13 years of age. Consumers who opt-in to the sale of personal information may opt-out of future sales at any time. To exercise the right to opt-out, you (or your authorized representative) may submit a request to us by contacting us.
If you have reason to believe that a child under the age of 13 (or 16) has provided us with personal information, please contact us with sufficient detail to enable us to delete that information.
Your rights under the CCPA
The CCPA provides you with the following rights:
- Request for information: under the CCPA, you can request that we disclose how we have collected, used, and shared your personal information over the past twelve months, including the categories of personal information we collected and our purposes for doing so; the categories of sources for that information; the categories of third parties with whom we shared it for a business purpose and our purposes for doing so. Companies that sell personal information must make additional disclosures. If you send us a request, please make sure to let us know if you make your request on the basis of the CCPA or the GDPR. (The CCPA is limited to the past twelve months, while the GDPR is not.)
- The right to opt out of sales: as stated before, we only place third-party cookies with your explicit consent. You can withdraw your consent at any moment.
- Your right to notification. Under the CCPA, a business cannot collect new categories of personal information or use them for materially different purposes without first notifying you.
- Nondiscrimination for exercising your CCPA rights: the CCPA prohibits us from discriminating against you for exercising your rights under the law. Such discrimination may include denying services, charging different prices or rates for services, providing a different level or quality of services, or suggesting that you will receive a different level or quality of goods or services as a result of exercising your rights.
- Your right to delete personal data: you can request that we delete your personal data. We honor such request unless an exception applies. Exceptions such as when the information is necessary to complete the transaction or contract for which it was collected or when information is being used to detect, investigate, or prevent security incidents, comply with laws, identify and repair bugs, or ensure another consumer’s ability to exercise their rights provided by law.
You can exercise these rights by contacting us. You can find our contact details in the first part of this Privacy and Cookie Statement. We will respond to your request within 45 calendar days, and we might extend this deadline with another 45 days if we are allowed to do so by law. It is possible that we are required by the GDPR to respond sooner regarding certain information. We will always comply with your request, unless we do not have to, or we are not allowed to, based on the applicable legislation.
Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable CCPA request related to your personal information. Your request to us must:
- provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative;
- describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.
We cannot respond to your request or provide you with the required information if we cannot:
- verify your identity or authority to make the request; and/or
- confirm that the personal information relates to you.
The CCPA categories of personal data we collect including the sources
In the first part of this Privacy and Cookie Statement we describe the information we collect, and for which purposes we collect it. The table below organizes the information around the personal information categories set forth in the CCPA.
|CCPA Personal Information Category||Information Sources|
|Identifiers (e.g., real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, or other similar identifiers)||This is information you provide directly or through your interactions with our services (as described in the Privacy and Cookie Statement) or via partners that enable us to provide our services, via our technology, or automatically from you.|
|Information categories listed in the Californica Customer Records stature (Cal. Civ. Code § 1798.80(e)) (e.g., name, signature, address, telephone number, bank account number, etc.)||This is information you provide directly or through your interactions with our services (as described in the Privacy and Cookie Statement) or via partners that enable us to provide our services, via our technology, or automatically from you.|
|Commercial information (e.g., records and history of products or services purchased or considered)||This is information you provide to us directly when you make use of our service.|
|Internet or other electronic network activity information (e.g., interaction with our service or advertisement)||This is information you provide to us directly when you make use of our service or contact us.|
|Professional or employment-related data||This is information you provide to us if you make an account and indicate which employees must receive a user account.|
Sharing personal data
We may share your personal data for a business purpose. The first part of this Privacy and Cookie Statement describes when we share your personal data and with whom. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performance of the contract.
In the preceding twelve months, we have disclosed the following categories of personal data for a business purpose:
- Category A – Identifiers
- Category B – Information categories listed in the California Customer Records stature (Cal. Civ. Code § 1798.80(e))
- Category D – Commercial information
- Category F – Internet or other electronic network activity information
The types of categories correspond with the categories used in the CCPA. This does not mean that all examples of that category of personal information were in fact sold, but reflects our good faith belief to the best of our knowledge that some of that information from the applicable category may be and may have been shared for value in return.
We may use or disclose personal information we collect for business purposes or commercial purposes (as defined under the CCPA), which may include the following (as further detailed under Part I):
- to operate our service and to provide you with our service;
- to provide you with support and to respond to your inquiries, including to investigate and address your concerns and monitor and improve our service;
- to fulfil or meet the reason you provide the information. For example, if you share your contact information to ask a question about our service, we will use that personal information to respond to your inquiry. If you provide your personal information to purchase a product or service, we will use that information to process your payment and facilitate delivery;
- to respond to law enforcement requests and as required by applicable law, court order, or governmental regulations;
- as described to you when collecting your personal information or as otherwise set forth in the CCPA;
- for internal administrative and auditing purposes;
- to detect security incidents and protect against malicious, deceptive, fraudulent or illegal activity, including, when necessary, to prosecute those responsible for such activities.