Skip to main content
All CollectionsGDPR
GDPR Frequently Asked Questions
GDPR Frequently Asked Questions
Marcus Svensson avatar
Written by Marcus Svensson
Updated over a week ago

What do we need to do to be GDPR compliant when we use Albacross?

To be compliant when using Albacross, you must obtain valid consent and inform your visitors on your website about the use of Albacross’ Tracking Script, specifically:

  1. Obtain the valid consent of your visitors to set cookies in their devices and read them;

  2. Inform the visitors about the cookies that your website is using; 

  3. Inform the visitor about our (Albacross) use of information from the cookies set in their devices to improve our Intent Data Service

For detailed information and help with how to do this, read our GDPR Compliance Checklist.  

Yes, as mentioned above, you need to inform visitors about the use of Albacross’ Tracking Script and therefore, will need to update your privacy and cookie policy when you sign up with Albacross. 

It’s easy to make this change. Just copy and paste the text from our GDPR Compliance Checklist into the relevant section of your policies (As a guide, it could go into the same section as where you state the use of your Google Analytics script or other tracking tools).

You must obtain valid consent from your visitors to set cookies in their devices and read them. You obtain consent by enabling a pop-up when visitors land on your website asking them to either accept or decline the use of cookies. 

For detailed information and help with how to do this, read our GDPR Compliance Checklist.  

How do I inform my visitors that Albacross will process their data?

You must inform the visitors about the cookies that your website is using as well as inform the visitors about Albacross’ use of information from the cookies set in their devices to improve our service. 

Follow the steps in our GDPR compliance checklist for more information about the steps you need to take.

Are we the data processor or data controller?

As a customer of Albacross, you are the data controller as you determine the purpose and means of processing data.

Albacross is the data processor as we process data on behalf of you, the data controller. However, once we have processed your data, we store this information in our database which enables us to expand our global coverage and improve our services for our customers. We then become data controllers and abide by data controller requirements.

Is Albacross data GDPR compliant?

Yes!

Albacross reveals the companies visiting your website by identifying IP addresses and matching them to company data in our proprietary database. IP addresses constitute personal data and therefore, Albacross must comply with the GDPR.

Albacross also enriches company data with contact data for individuals. All contact information shown in our platform has been provided by our third-party data partners. Those contacts have given consent that their information be shared with third parties, therefore complying with the GDPR. Our data partner for contact data is Cognism.    

We outline our terms for Albacross and our customers to meet the GDPR requirements in our Data Processing Agreement and Privacy Policy. If your legal team would like a signed copy, please get in touch legal@albacross.com

What is legitimate interest and how does it work with Albacross?

The GDPR states that personal data for direct marketing purposes may be regarded as carried out for a legitimate interest. 

This means the company whose personal data you’re processing must have a legitimate interest in what you’re offering them. As Albacross identifies the companies visiting your website and provides the contact details for the representatives of those companies that are deemed potential customers (a prospect), you have a legal ground to inform them about your services in order to win the company as a customer. 

The GDPR is there to protect and control the use of personal data. It is not intended to hinder business or industry but to ensure businesses consider the rights and freedoms of their data subjects. 

Familiarise yourself with the rights that individuals have when it comes to personal data. Think about the contact you will have with them and ensure that it won’t affect their rights and freedom. Be mindful that in B2B Marketing, certain factors might impact interest - take into account industry, location, and position at the company when you reach out to the individual.

What types of personal data will be processed as part of the service?

The following types of personal data are processed by Albacross on behalf of the Customer under the DPA:

(a)   IP address – IPv4 or IPv6;

(b)  Location based on IP address

(c)   URL – including “Query String”:

(d)  Referer/Origination-website for the visitor;

(e)   UserAgent – including i.a. OS, browser and screen resolution;

(f) Domain from form input fields (e.g. albacross.com); and

(g)   Fingerprint hash

Have the contacts we acquire through Albacross agreed that we can contact them? 

All email addresses in Albacross are provided by a third party that ensures contacts have given consent for their details to be shared with third parties.

Under GDPR, is it ok to cold call or email a person whose contact details are shown in the Albacross platform? 

Under GDPR regulation, you cannot store emails for a longer period of time without a purpose. However, to contact people on their public emails is not at all in conflict with GDPR if you have a legitimate reason, can state where the data comes from and why it is being processed, as well as state the contact has the option to opt-out. 

Rules on publicly available email addresses fall under the marketing law of the countries you operate in.

When you receive the contact data from Albacross, you need to ensure you abide by the rules of the marketing laws in the countries you operate in. Most countries will have rules on email spamming at the very least and in some instances, countries will have more detailed use cases of how you can use emails for marketing. Checking the local laws in the markets you operate in is recommended.  

Where does the contact data come from?

All contact information shown in our platform has been provided by our third-party data partners. Those contacts have given consent that their information be shared with third parties, therefore complying with the GDPR. Our data partner for contact data is Cognism. See more on how Cognism gathers their data.

How long can we store this contact data in our systems?

The GDPR Act in itself does not set out a specific minimum or maximum data retention period, however, it does state that personal data processed for any purpose or purposes shall not be kept for longer than is necessary. Countries will have specific marketing laws which will include rules on data retention, therefore it is advised you check the local laws of the markets in which you operate.

Can we still use Albacross even though we do not have a GDPR process in place?

The GDPR is a European law. Any business operating in the EU market must abide by the GDPR therefore, Albacross will only enter contractual agreements with customers who implement the necessary steps to meet the GDPR requirements. 

For countries outside of the EU, you as a data controller must be compliant with applicable data protection legislation as you have the first contact with data subjects and are therefore the one that will dictate how and why data is processed.

For support on how to comply in regards to the services we offer, please read our GDPR compliance checklist.

We outline how we comply with the GDPR in our Data Processing Agreement which can be shared with potential customers or people you contact from Albacross. Please note, this document is how we comply as a data processor. As a data controller, you should also share your Privacy Policy which states how you collect data.

Yes, of course. Please send your request for a signed Data Processing Agreement (DPA) to legal@albacross.com and add the name, company name, and email address for the person that will be responsible for signing the DPA and we will process the request. 

Here is all the documentation you need:

Did this answer your question?