PRIVACY POLICY

Effective since: June 25, 2024

SCOPE OF THIS POLICY

This Privacy Policy (“Policy”) applies between you and Snovio Inc. (“Snovio”, “Company”, “we”, “us”, “our”), the owner and provider of the website https://li-prospect-finder.com/ (“Website”). This Policy applies to our use of any personal data processed by us in relation to the provision of our LI Prospect Finder extension functionality which is provided via the Snovio web application on app.snov.io (“Platform”).

When processing your personal data, we can play different roles under the GDPR and other applicable laws and regulations. When providing our LI Prospect Finder extension functionality, we may act as a data controller, joint controller, or data processor under the GDPR and as a business or service provider under the CCPA as amended and other applicable US data protection laws and regulations, respectively.

Regarding the use of the LI Prospect Finder extension functionality, you can be a client, prospect, or related person:

  • You are a client when you share third-party personal data with us when you use our LI Prospect Finder extension functionality.
  • You are a prospect when your personal data related to your business interests or occupation is collected in the process of providing the LI Prospect Finder extension functionality to our clients.
  • You are a related person if your personal data related to business information and contained in various publicly available sources (e.g., social media platforms) has been uploaded by our clients as part of Business Data while using the LI Prospect Finder extension functionality.
INTERPRETATION AND DEFINITIONS

We use the following definitions in this Policy:

data controller” means the natural or legal person who (alone or jointly or in common with other persons) determines the purposes for which and how any personal data is processed.

data processor” means the natural or legal person who processes personal data on behalf of the data controller.

joint controllers” means two or more controllers jointly determining the purposes and means of processing.

data subject” is a natural person about whom the Company holds personal data.

personal data” means any information relating to you and helping identify you (directly or indirectly), such as your name, last name, email, location data, etc.

processing” means any operation or set of operations which is performed on personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

services” means services provided by the Company when the client uses the LI Prospect Finder extension functionality.

TYPES OF PERSONAL DATA WE COLLECT

In connection with the LI Prospect Finder extension functionality, we may collect and process two types of information: prospect data and business data, which relate to prospects and related persons, respectively. In particular, we collect:

Prospect data:

(a) Prospect Information. We collect and process third-party personal data generated/collected through the LI Prospect Finder extension functionality. Such information can include email address and/or first name, last name, corporate email, location (not precise), industry, current and previous position, place of work, and links to social media.

Business data:

(b) Business Information. Through the LI Prospect Finder extension functionality, we can collect and process business information such as company name, location, website, HQ phone, year of foundation, industry, company size, and company social media. In some cases, this information may include personal data, for example, individual name and/or surname as a company name (such as a partnership), contained in the website URL, or phone number of the related person published as a general business contact.

We use the personal data we collected and the personal data you provided us with or requested us to collect only for the purposes listed in this Policy. We may share personal data with third parties solely for the purposes listed herein.

We DO NOT sell your data.
We DO NOT use automated decision-making and profiling.
We DO NOT intentionally collect and process the personal data of children or any sensitive personal data. Please, refrain from sharing your or third-party sensitive personal data.
GROUNDS FOR PROCESSING

We collect and process your personal data or the personal data you provided us with in accordance with the provisions of the GDPR and other applicable data protection laws and regulations.

The GDPR provides an exclusive list of lawful bases allowing us to process personal data. During the personal data processing in connection with the use of the LI Prospect Finder extension functionality, when we act as a data controller, we mainly rely on the legitimate interests of the Company, clients, and third-party data subjects under Article 6.1(f) of the GDPR.

We can process prospect data and business data based on our, our client’s legitimate interests, and the legitimate interests of the client’s potential business partner, namely to:

  • contribute to business cooperation between our clients and their potential business partners;
  • create and assist in discovering new business-targeted marketing and sales opportunities for our clients and their potential business partners;
  • allow our clients to expand their database of potential business partners;
  • allow the clients’ potential business partners to approach new potential and verified clients or suppliers;
  • allow the clients’ potential business partners to commercialize the use of their publicly posted information related to their professional or business interests/occupation.

You may read more about it in Snovio’s Joint Controllership Agreement.

We process only strictly necessary data that was subject to the legitimate interest assessment procedure.

HOW WE USE YOUR DATA

The table below provides details of the type of personal data processed to provide the LI Prospect Finder extension functionality, the legal bases we rely on, the third parties with whom we may share your personal data, and information about the source of such data that we process when acting as a data controller.

PurposesType of personal dataLegal groundsThird parties recipientsSource
Maintenance of a database of contact information of potential customers or business partners to assist our clients in finding prospects according to the set search criteria (a) Prospect Information
(b) Business Information
Legitimate interests of the Company,
Сlients, and such third parties
(Article 6(1)(f)).
AWS,
Contractors
Clients, the LI Prospect Finder extension

The Company can process certain personal data as a data processor, at the request and pursuant to the instructions given by the Client of the Platform (a data controller in that case):

PurposesType of personal dataLegal groundsThird parties recipientsSource
Providing our clients with the LI Prospect Finder extension functionality for searching the personal data of potential customers or business partners (a) Prospect Information
(b) Business Information
Determined by the respective data controller, namely, the Client.AWS,
Contractors
Clients, the LI Prospect Finder extension

In some situations, we can act as joint controllers with our Clients. When we act as a joint controller jointly with you, the Joint Controllership Agreement shall be applicable to you. In such a case, we may process the following personal data:

PurposesType of personal dataLegal groundsThird parties recipientsSource
Maintenance of a database of contact information of potential customers or business partners to assist our clients in finding prospects according to the set search criteria (a) Prospect Information
(b) Business Information
Legitimate interests of the Company,
Сlients, and such third parties
(Article 6(1)(f)).
AWS,
Contractors
Clients, the LI Prospect Finder extension
USE OF LI PROSPECT FINDER EXTENSION

To use the LI Prospect Finder extension, you need to be registered at and logged into app.snov.io. Upon installation and activation of the extension, the extensions may collect personal information such as email addresses and business profiles from publicly available sources. Handling and storing of this information in your account on your behalf occurs only at your request. At the same time, we may store certain information obtained when you use the LI Prospect Finder extension, such as the business profiles you visited. This data is stored in our database and can be found through a search inside the Platform.

If you do not want your personal data to be included as part of our service, you may opt-out by contacting us at help@snov.io or opt-out from all mailing lists on the Platform through this form. You can read more in the ‘HOW TO DELETE MY DATA’ section of this Policy.

DATA SECURITY, INTEGRITY, AND RETENTION

We store and process your personal data until we do not need it for any of the purposes defined in this Policy unless longer storage is required or expressly permitted by law.

We store Prospect Information provided to us by our clients, excluding email addresses, for the entire period when a client uses our services and 3 months after the deletion of the client’s account on the Platform. In any case, such information can be deleted if we obtain a deletion request from a prospect.

We may not delete or anonymize your data if we are compelled to keep it to comply with the law or legal process.

Notwithstanding any of the aforementioned periods of data storage, you may request to delete your personal data by sending us an email at help@snov.io or contacting us in another way convenient for you.

We have implemented appropriate organizational, technical, administrative, and physical security measures that are designed to protect your personal data from unauthorized access, disclosure, use, and modification. We regularly review our security procedures and policies to consider appropriate new technology and methods.

SHARING YOUR DATA WITH OTHER ENTITIES

We may share your personal data as a data controller with joint controllers and data processors in accordance with the provisions specified hereafter.

Sharing personal data with joint controllers

The Company can act as a joint controller when providing services to Clients. You can read more about this in the Joint Controllership Agreement.

When we act as a joint controller for a particular processing of personal data, a data subject may exercise his/her rights under the GDPR in respect of and against both joint controllers.

Sharing personal data with data processors

There are many features necessary to provide you with our services that we cannot complete ourselves, thus we seek help from third parties. We may grant some service providers access to your personal data, in whole or in part, to provide the necessary services. We have established supplier assessment procedures to ensure we choose trusted partners who provide appropriate security measures and safeguards.

Therefore, we may share and disclose your personal data to other data processors:

  • Amazon Web Services, AWS (Amazon.com, Inc., USA): to provide secure transfer and storage of personal data on the servers. You may read its Privacy Notice here;
  • We may disclose some of your personal data to our outsourced technical specialists in order to improve our Platform and your experience as well as deliver the functionality of the Platform. We may disclose your data to sales and marketing specialists to provide you with better client service, communicate with you at your request, send you newsletters and increase sales. Also, we may disclose some of your personal data to our outsourced legal professionals to make our business accurate and transparent. The abovementioned specialists are collectively referred to as Contractors.

We may transfer your personal data to countries outside the EU and EEA (for example, Ukraine, China, and Brazil) that are not determined to offer an adequate level of data protection on the basis of Article 45 of GDPR (adequacy decision) with appropriate safeguards as determined under the GDPR.

We only transfer your personal data to third parties within requirements under the GDPR. Where possible, we always enter into Data Processing Agreements (DPAs) and Non-Disclosure Agreements (NDAs) with them and treat personal data transfer seriously. Where the Contractor has an appropriate data processing agreement in place, Snovio may adjoin such a data processing agreement. If so, Snovio and the Contractor may regulate the transfer of the personal data to such Contractor by means of this data processing agreement.

INTERNATIONAL DATA TRANSFERS

For transfers to countries that do not fall under the requirements of Article 45 of the GDPR on the adequacy of the level of protection, we may transfer your personal data to third countries outside the EU and the EEA, including the onward transfers of the personal data from the third countries to other third countries, under Article 46 of the GDPR with the appropriate safeguards, including the SCC.

We disclose your personal data to the countries outside the EU and the EEA, in compliance with our internal International Transfer Procedure in order to adduce adequate safeguards with respect to the protection of privacy and fundamental rights and freedoms of natural and legal persons.

We put supplementary technical and organizational measures in place when transferring data outside the EU and the EEA. e.g. prior assessment of the service supplier’s reliability and personal data protection practices, encryption of the transferred personal data, prompt reacting to any threats to confidentiality, integrity and availability of the personal data, conducting transfer impact assessments (TIA) when necessary, etc.

CHILDREN’S PRIVACY

We undertake the best possible efforts to secure the processing of personal data belonging to the underage. Therefore, the Platform does not knowingly collect personal data from persons under the age of 13.

By registering on the Platform and entering into the contract with the Company, you acknowledge that you have reached the age of 13, and under the laws of your country of residence, you have all rights to provide us with your personal data for processing.

If you have any reason to believe that a child under the age of 13 has provided his/her personal data to us, please contact us at help@snov.io.

RIGHTS UNDER GDPR

We kindly invite you to share your concerns with us in the first place regarding any issue related to your personal data processing. You may use the following channels to address your inquiries: help@snov.io.

When we act as a joint controller with regard to particular processing of prospect data and business data, you may exercise your rights under the GDPR in respect of and against both our clients and us.

If we receive any complaint, claim or request from the data subject, which shall be completed by our joint controller, we immediately notify the joint controller of such request and inform the data subject of the applied measures and further performance steps regarding serving such complaint/claim/request.

Please, note that we may need to confirm your identity to process your requests to exercise your rights under the GDPR. Thus, we may not be able to satisfy your request if you do not provide us with sufficient detail to allow us to verify your identity and respond to your request.

Right under the GDPRDescriptionHow to exercise it
Right to withdraw consent
(Art. 7)
You can withdraw your consent for data processing at any time.You can submit a request.
Right to be informed
(Art. 13, 14)
You have the right to be informed about the collection and use of your personal data.All information about our collection and use of your personal data is described in this Privacy Policy, the Cookies Policy, and the Terms of Use.
Right of access
(Art. 15)
You have the right to confirm whether your personal data is being processed by us and access such data, along with specific information. You can submit a request.
Right to rectification
(Art. 16)
You have the right to correct inaccurate personal data about you and to have incomplete personal data completed. You can submit a request.
Right to erasure (“right to be forgotten”)
(Art.17)
You have the right to have your personal data deleted without undue delay where one of the following grounds applies:
  • the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
  • you withdraw consent to consent-based processing;
  • you object to the processing under certain rules of applicable data protection law;
  • the personal data have to be erased for compliance with a legal obligation in the European Union or an EU Member State law;
  • the personal data have been collected in relation to the offer of information society services referred to in Article 8(1);
  • the personal data have been unlawfully processed.
You can submit a request.
Right to restriction of processing
(Art. 18)
You can limit the way in which we use your data where one of the following applies:
  • you contest the accuracy of the personal data;
  • processing is unlawful, but you oppose erasure;
  • we no longer need the personal data for the purposes of our processing, but you require personal data for the establishment, exercise, or defense of legal claims;
  • you have objected to processing, pending the verification of that objection.
You can submit a request.

Where processing has been restricted on this basis, we may continue to store your personal data.

However, we will only otherwise process it:
  • with your consent;
  • for the establishment, exercise, or defense of legal claims;
  • for the protection of the rights of another natural or legal person;
  • or for reasons of important public interest.
Right to data portability
(Art. 20)
You have the right to receive your personal data in a structured, commonly accepted, and machine-readable format and have the right to request that we transmit this data directly to another controller to the extent that the legal basis for our processing of your personal data is your consent or performance of a contract and the processing is carried out by automated means. You can submit a request.
Right to object
(Art. 21)
You have the right to object to our processing of your personal data at any time to the extent that the processing is based on point (e) or (f) of Article 6(1), including profiling based on those provisions.

Also, you have the right to object to our processing of your personal data for direct marketing purposes (including profiling).
You can submit a request.
Right not to be subject to a decision based solely on automated processing, including profiling
(Art. 22)
This right restricts us from making solely automated decisions, including those based on profiling, which produce legal or other significant effects for data subjects. We DO NOT use automated decision-making and profiling.
Right to lodge a complaint
(Art. 77)
You have the right to lodge a complaint with the supervisory authority if you believe that the processing of your personal data violates the requirements of the GDPR. You can submit the complaint in the EU member state of your place of habitual residence or to the data protection authority stated in this Privacy Policy.
Right to compensation
(Art. 82)
Any person who has suffered material or moral damage as a result of a violation of GDPR requirements has the right to receive compensation from the controller or processor for the caused damage. Court proceedings for exercising the right to receive compensation shall be brought before the courts competent under the law of the EU Member State referred to in Article 79(2).

Supervisory Authority under GDPR:

In case of any questions regarding data protection, you can apply to the supervisory authority. We will cooperate with the appropriate governmental authorities to resolve any privacy-related complaints that cannot be amicably resolved between you and us. You can find the full list of EU supervisory authorities through the link.

YOUR US STATE PRIVACY RIGHTS

California residents’ rights

Under the California Consumer Privacy Act (the “CCPA”) amended with the California Privacy Rights Act (the “CPRA”), California residents have certain rights regarding our collection, use, and sharing of their personal information.

We may collect various categories of personal information when you use our LI Prospect Finder extension functionality, including personal information of related persons and third-party prospects.

In particular, depending on actual circumstances, we may collect the following categories of personal information specified in the CCPA when you use and/or access our Platform:

  • Category A – Identifiers;
  • Category B – Personal information categories listed in the Cal. Civ. Code § 1798.80(e);
  • Category D - Commercial information;
  • Category F – Internet or other similar network activity;
  • Category G – Geolocation data;
  • Category I – Professional or employment-related information;

You can find a detailed description of the personal information that we may collect from you above in the ‘TYPES OF PERSONAL DATA WE COLLECT’ section of this Policy. The purposes of the collection and/or use of personal information are stated in the 'HOW WE USE YOUR DATA' section of this Policy. Note that in the ‘SHARING YOUR DATA WITH OTHER ENTITIES’ section of this Policy, you can review the categories of third parties with whom we may share your personal information. The terms used within those sections of this Policy are taken from the GDPR in consideration of the definitions established in the CCPA.

If you are a California resident, to the extent provided for by the CCPA and subject to applicable exceptions, you have the following rights in relation to the personal information we have about you:

  • Right to obtain information. You can request information about what personal information has been collected about you and how we have used that personal information during the preceding 12 months.
  • Right of access. You can request a copy of the personal information that we have collected about you during the preceding 12 months.
  • Right to deletion. You can request us to delete the personal information that we have collected from you unless it is necessary for us to maintain your personal information in certain cases under the CCPA, such as protection against malicious, deceptive, fraudulent, or illegal activity.
  • Right to be free from discrimination relating to the exercise of any of your privacy rights.

The CPRA amended the CCPA and added new additional privacy protection rights for California residents, as follows:

  • Right to correct inaccurate personal information. You can request us to correct the inaccurate personal information about you.
  • Right to limit the use and disclosure of sensitive personal information. This right allows you to limit the use and disclosure of your sensitive personal information by the company. We don’t intentionally collect any sensitive personal information about you.

We take the protection of your privacy seriously, so in no way will we discriminate against you for exercising any of your rights granted by the CCPA, as amended.

You can exercise your rights under the CCPA, as amended by sending us an email by any other means of communication convenient for you, including those listed in the ‘CONTACT INFORMATION’ section of this Policy.

Please note that we may need to confirm your identity to process your requests to exercise your rights under the CCPA, as amended. Thus, we may not be able to satisfy your request if you do not provide us with sufficient detail to allow us to verify your identity and respond to your request.

Virginia, Colorado, Connecticut residents’ rights

Under the Virginia Consumer Data Protection Act (the “VCDPA”), Colorado Privacy Act (the “CPA”), and Connecticut Data Privacy Act (the “CTDPA”), residents have certain rights regarding the collection, use, and sharing of their personal information.

You can find a detailed description of the personal information that we may collect from you above in the ‘TYPES OF PERSONAL DATA WE COLLECT’ section of this Policy. The purposes of the collection and/or use of personal information are stated in the 'HOW WE USE YOUR DATA' section of this Policy. Note that in the ‘SHARING YOUR DATA WITH OTHER ENTITIES’ section of this Policy, you can review the categories of third parties with whom we may share your personal information. The terms used within those sections of this Policy are taken from the GDPR in consideration of the definitions established in the VCDPA, CPA and CTDPA.

We may collect various categories of personal information when you use our LI Prospect Finder extension functionality, including personal information of related persons and third-party prospects. Under the jurisdiction of applicable state laws, you may possess certain rights. Subject to the laws of your particular jurisdiction, you may have the following rights:

  1. Right of access. You can request confirmation of whether or not we are processing your personal data and request access to such personal data.
  2. Right to correction. You can request correcting inaccuracies in your personal data, taking into account the nature of the personal data and the purposes of the processing.
  3. Right to deletion. You can request the deletion of personal data provided by or obtained about you.
  4. Right to data portability. You can request obtaining a copy of your personal data that you previously provided to us in a portable and, to the extent technically feasible, readily usable format that allows you to transmit the data to another controller without hindrance, where the processing is carried out by automated means.
  5. Right to opt-out. You can request opting out of the processing of the personal data for purposes of (i) targeted advertising, (ii) the sale of personal data, or (iii) profiling in furtherance of decisions that produce legal or similarly significant effects concerning the consumer.

We take the protection of your privacy seriously, so we will not discriminate against you for exercising any of your rights granted by the VCDPA, CPA, and CTDPA.

You can exercise your rights under the VCDPA, CPA, and CTDPA by sending us an email or using any other means of communication convenient for you, including those listed in the ‘CONTACT INFORMATION’ section of this Policy.

Please, note that we may need to confirm your identity to process your requests to exercise your rights under the VCDPA, CPA, and CTDPA. Thus, we may not be able to satisfy your request if you do not provide us with sufficient detail to allow us to verify your identity and respond to your request.

BRAZILIAN RESIDENTS’ RIGHTS

This section will help you understand your rights under the LGPD and the way how we ensure them. If you are a user located in Brazil, you are able to exercise the following rights with respect to your personal data that we process:

  • right to confirmation of the existence of the processing;
  • right to access the data;
  • right to correct incomplete, inaccurate or out-of-date data;
  • right to anonymize, block, or delete unnecessary or excessive data or data processed in noncompliance with the provisions of the LGPD;
  • right to the portability of data to another service or product provider, by means of an express request;
  • right to delete personal data processed with the consent of the data subject;
  • right to obtain the information about the possibility of not giving consent and about the consequences of the refusal;
  • right to obtain the information about public and private entities with which the controller has shared data;
  • right to revoke consent.

Please note! We cannot respond to your request or provide you with personal information if we cannot verify your identity and confirm the personal data relates to you. We will only use such personal data to verify your identity

You may exercise the aforementioned rights by submitting your request at help@snov.io or in any other way convenient for you.

HOW TO DELETE YOUR DATA

We kindly ask you to contact us directly so that we can quickly satisfy your deletion request or you can use a dedicated tool to delete your personal data from our Platform by yourself as described below.

You may request the Company to delete all of your personal data using the following options of your choice:

  • by sending a request to Snovio via email help@snov.io or through any other available means of communication;
  • by using Snovio’s Clear from list feature, which works as follows: upon receipt of the signal that a person used the dedicated form, the Company will delete the personal information it holds as a data controller and pass through such request for deletion to the current and future data controllers (our clients in this case) if any.

In any case, please let us know if you have any difficulties in deleting your personal data. We will be happy to help you.

CHANGES TO THIS POLICY

This Policy may be changed from time to time due to the implementation of new technologies, laws’ requirements or for other purposes. If the modifications materially alter your rights or obligations hereunder, we will make reasonable efforts to notify you of the change. Also, we encourage you to regularly review this Policy to check for any changes.

Such notification may be provided via your email address, posted on our social media accounts or announcement on the Website and/or by other means consistent with applicable law.

If possible, we always give advance notice of upcoming changes by indicating when the new version Privacy Policy will take effect. If you continue to use our service or otherwise provide us with your personal information after the new version of the Privacy Policy goes into effect, we assume that you agree to the changes.

CONTACT INFORMATION

If you have a question related to this Privacy Policy, our processing activities, or your data subject rights under GDPR, CCPA, LGPD, and other applicable laws, you can contact our Data Protection Officer directly using the following details:

External Data Protection Officer
Privacity GmbH
Germany, Hamburg,
Neuer Wall 50, 20354
Email: snovio_dpo@snov.io.

You may also contact us directly, including by post, using the following details:

OUR REPRESENTATIVE IN THE EU/EEA

Snovio Inc. has appointed Privacity GmbH as its EU/EEA representative pursuant to Article 27 GDPR. You can contact the representative at:

Privacity GmbH
Germany, Hamburg,
Neuer Wall 50, 20354
Email: representative@privacity.de