This Website collects some Personal Data from its Users.
This document can be printed for reference by using the print command in the settings of any browser.
Personal Data collected for the following purposes and using the following services:
- Google Ad ManagerPersonal Data: Cookies; Usage Data
- Google Analytics with anonymized IP, Google Ads conversion tracking, Hotjar Form Analysis & Conversion Funnels, WordPress Stats and Google AnalyticsPersonal Data: Cookies; Usage Data
- Contacting the User
- Contact formPersonal Data: email address; first name; last name; phone number
- Mailing list or newsletterPersonal Data: email address
- Phone contactPersonal Data: phone number
- Displaying content from external platforms
- Google Maps widget and YouTube video widgetPersonal Data: Cookies; Usage Data
- Heat mapping and session recording
- Infrastructure monitoring
- StatusCakePersonal Data: Cookies; Usage Data
- Interaction with data collection platforms and other third parties
- Hotjar Recruit User TestersPersonal Data: Cookies; Usage Data; various types of Data
- Interaction with online survey platforms
- Hotjar Poll & Survey widgetsPersonal Data: Cookies; Usage Data; various types of Data
- Platform services and hosting
- Registration and authentication
- Tag Management
- Google Tag ManagerPersonal Data: Usage Data
Further information about Personal Data
Lead Forensics Software Data Compliance Policy
The Lead Forensics Product The Lead Forensics product is a market leading B2B sales and marketing enablement tool. It is SaaS (Software as a Service) and provides businesses with insight relating to their website visitors. Lead Forensics works on the basis of reverse business IP tracking. A small tracking code is placed on a business’ website(s) which then enables them to identify the business IP addresses of their website visitors. Lead Forensics matches the identified business IP address to a wholly owned global database of businesses and business information.
The Lead Forensics software is almost entirely focused on leveraging business related information to effectively match a business IP address with wider business data to provide valuable business related visitor information to our customers. Lead Forensics does not identify any personal IP addresses, mobile devices or any other data than that associated with the business.
Business related data is not applicable under GDPR – which has the intention of protecting personal data. Therefore, the majority of the Lead Forensics solution and its features are not relevant to GDPR.
Contact Data An additional feature of Lead Forensics aside from the main solution, is to provide customers with the contact information of key decision makers at the organisations that have pro-actively visited the company website. As this information contains details including first name, last name, email address and LinkedIN profile, this aspect of Lead Forensics constitutes the processing of personal data and therefore, is required to be compliant with GDPR.
Lead Forensics will only ever collect business IP addresses, which are then matched to a business profile, from there Lead Forensics offers customers the opportunity to purchase the contact details of relevant decision makers within the matched business. The data available will only relate to decision makers at the organisations that have pro-actively visited a customer’s website, in this regard it is anticipated that this data will be leveraged by the Lead Forensics customer base under the lawful basis for processing of ‘Legitimate Interests’. It is anticipated that Lead Forensics customers will select the most appropriate point of contact from the data provided by Lead Forensics to convey a highly relevant, targeted message either by email, telephone or by post to the business address and to the point of contact. Any correspondence will be based upon their likely interest in the organisation’s product or service following their visit to the organisation’s website.
Under GDPR, Lead Forensics will only ever process necessary personal data, which is limited to first name, last name, LinkedIn profile URL and email address. Lead Forensics will process further business related data such as business IP, business name, job function and business telephone numbers. No sensitive personal data will be collected or processed in any way.
Lead Forensics customers have the option of using Lead Forensics without leveraging contact data, in which case the Lead Forensics solution is unrelated to GDPR on the basis that it will only process business data. If a customer opts to use the contact data feature of Lead Forensics, it is deemed that this will be leveraged under the lawful basis of ‘Legitimate Interests’, however the customer will be responsible for ensuring the data used is processed within their business in a method that is
compliant with GDPR – each customer will be responsible for conducting their own due diligence checks and producing their own policies as applicable to their business.
Six Lawful Basis for Processing Personal Data Under the EU General Data Protection Regulation (GDPR) there are six lawful basis for processing personal data. These are detailed as follows:
- Consent The individual has given clear consent for you to process their personal data for a specific purpose
- Contract The processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract
- Legal Obligation The processing is necessary for you to comply with the law (not including contractual obligations)
- Vital Interests The processing is necessary to protect someone’s life
- Public Task The processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law
- Legitimate Interests The processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.)
Source: ico.org.uk, February 2018.
The information relating to the six lawful basis for processing personal data is taken from the ICO website and the GDPR regulation documentation. Further information regarding the lawful basis for processing personal data can be found at ico.org.uk
Legitimate Interest Assessment (LIA) Lead Forensics has carried out a Legitimate Interest Assessment (LIA) as advised by the ICO. Based upon that assessment it is deemed that the rights and freedoms of the data subjects would not be overridden in our processing of the personal data and that in no way would a data subject be caused harm by the Lead Forensics processing. Based upon our segmentation by organisation and by specific job function, coupled with our processing of personal data within the context of a business environment, it is deemed that any processing of data will be limited to business matters, and therefore any risk of personal compromise is extremely unlikely. It is also deemed that direct marketing and sales is necessary in the context of following up with website visitors in order to better serve visitors and to generate business sales.Per the ICO guidance, Lead Forensics can confirm:
We have checked that legitimate interests is the most appropriate basis
- We understand our responsibility to protect the individual’s interests
- We have conducted a legitimate interests assessment (LIA) and kept a record of it, to ensure that we can justify our decision
- We have identified the relevant legitimate interests
- We have checked that the processing is necessary and there is no less intrusive way to achieve the same result
- We have done a balancing test, and are confident that the individual’s interests do not override those legitimate interests
- We only use individuals’ data in ways they would reasonably expect
- We are not using people’s data in ways they would find intrusive or which could cause them harm
- We do not process the data of children
- We have considered safeguards to reduce the impact where possible
- We will always ensure there is an opt-out / ability to object
- Our LIA did not identify a significant privacy impact, and therefore we do not require a DPIA
- We keep our LIA under review every six months, and will repeat it if circumstances change
- We include information about our legitimate interests in our privacy notice
How we Procure Data At Lead Forensics we procure data in a variety of ways, collected in line with the lawful basis of ‘Legitimate Interests’. The following are ways in which we collect and process data:
Business Data Although business data is not relevant under GDPR, Lead Forensics is committed to providing a transparent solution so that customers can effectively assess their own compliance. Lead Forensics collects business data via the following methods:
- Primary research – Lead Forensics has a UK based in-house team who gather data relating to business from publicly available information, using search engines and other online tools to research global businesses.
- Secondary research – Lead Forensics has a UK based in-house team who use existing publicly available sources of data such as Companies House and the WebCheck service to enhance the business data.
- Purchase – Lead Forensics purchases business information from a number of selected third party data vendors who are vetted to ensure the quality and validity of the business data provided.
Personal Data Lead Forensics collection and processing of personal data is limited to: First name, Last name, Email address, LinkedIn profile URL
Lead Forensics procures this personal data in the following ways:
- Primary research – Lead Forensics has a UK based in-house team who gather data relating to key decision makers at organisations from publicly available sources including the website of each business.
- Secondary research – Lead Forensics has a UK based in-house team who use existing publicly available sources to gather the information relating to key decision makers including the Directors’ Register at Companies House, Dun & Bradstreet, Duedil and LinkedIn.
- Purchase – Lead Forensics purchases data from selected third party data vendors with key segmentation criteria to ensure that only decision makers from registered businesses are procured. All third party data vendors have been checked for GDPR compliance and to ensure the validity and accuracy of data.
Lead Forensics also uses automated scripts and algorithms to collect, process and validate both business data as well as the personal data detailed above. These automated processes are subject to the same compliance checks as all manual processes.
How we Ensure Data Validity and Currency
Lead Forensics has a UK based in-house data verification team who are responsible for ensuring the validity and currency of the data contained within the Lead Forensics solution. The team continually cleanse the data held within the Lead Forensics software, completing a full cleanse cycle of both business and personal data at least once every 12 months. Any records found to be out of date are placed into a deletion queue which is securely purged four times in a 12 month period.
The data verification team use both manual methods as well as automated scripts and algorithms via an extensive multi-staged process to ensure the utmost validity and currency of data. Lead Forensics takes data cleansing extremely seriously as this ensures a highly compliant solution as well as a high calibre solution for all of the Lead Forensics customers.
Data Storage and Retention
The data held within the Lead Forensics solution is processed and stored in the UK within a secure environment.
Lead Forensics has a continual cycle of cleansing and refreshing data, all data within the Lead Forensics solution is verified at least once in a 12 month cycle. Any invalid records are placed into a deletion queue, which is then securely purged four times in a 12 month period.
Request to Object Any individual who has been identified as a website visitor by Lead Forensics has the right to object to receiving correspondence from a Lead Forensics customer by contacting them directly and requesting to object, you can find their specific processes for this by visiting their company website and reviewing their privacy policies.
Should you wish to withdraw from Lead Forensics processing your personal data for use by the Lead Forensics software, please make your request in writing:
- By emailing: email@example.com
- Or by writing to: Data Compliance, Lead Forensics, Building 3000, Lakeside, North Harbour, Portsmouth, PO6 3EN.
All requests will be processed within 30 days. Your details will be added to a suppression file to ensure that your details cannot be processed by the Lead Forensics software in future. Please note that this applies only to the processing of your personally identifiable data, not that of the business data which does not fall under the remit of GDPR.
Request for Deletion
It is important to understand the difference between a right to object and a request for deletion. If you request deletion, we will remove any data we hold about you from the Lead Forensics software. This will also mean that we will remove you from our suppression files. If you are removed from our suppression files, there is a risk that your data may be processed again in the future if your details are re-added to our software by our data procurement team. If you do not wish for Lead Forensics to process your personal data in the future, we would recommend you request to object rather than a request for deletion, as this will ensure that your details are always suppressed from processing.
The option however is yours, and in either case we will process your request within 30 days.
- Please make your request in writing by emailing: firstname.lastname@example.org
- Or by writing to: Data Compliance, Lead Forensics, Building 3000, Lakeside, North Harbour, Portsmouth, PO6 3EN.
Request for Data Held You may request that we send you all of the data we hold that relates to you.
Please make your request in writing;
- By emailing: email@example.com
- Or by writing to: Data Compliance, Lead Forensics, Building 3000, Lakeside, North Harbour, Portsmouth, PO6 3EN.
We will process and respond to your request within 30 days, this service will be free of charge.
This policy was last reviewed and updated on the 4th August 2021. Policies are periodically reviewed to ensure compliance with the current compliance environment.
For questions relating to this policy, please contact firstname.lastname@example.org
- Owner and Data Controller Heatcare Renewable Energy Limited, 93 Rainford Road, Windle, St. Helens, Merseyside, WA10 6DG
- Owner Contact Number : 0800 999 1058
Owner and Data Controller
Heatcare Renewable Energy Limited, 93 Rainford Road, Windle, St. Helens, Merseyside, WA10 6DG
Owner Number : 0800 999 1058
Types of Data collected
Among the types of Personal Data that this Website collects, by itself or through third parties, there are: first name; last name; phone number; email address; Cookies; Usage Data; various types of Data; unique device identifiers for advertising (Google Advertiser ID or IDFA, for example).
Personal Data may be freely provided by the User, or, in case of Usage Data, collected automatically when using this Website.
Unless specified otherwise, all Data requested by this Website is mandatory and failure to provide this Data may make it impossible for this Website to provide its services. In cases where this Website specifically states that some Data is not mandatory, Users are free not to communicate this Data without consequences to the availability or the functioning of the Service.
Users who are uncertain about which Personal Data is mandatory are welcome to contact the Owner.
Users are responsible for any third-party Personal Data obtained, published or shared through this Website and confirm that they have the third party’s consent to provide the Data to the Owner.
Mode and place of processing the Data
Methods of processing
The Owner takes appropriate security measures to prevent unauthorized access, disclosure, modification, or unauthorized destruction of the Data.
The Data processing is carried out using computers and/or IT enabled tools, following organizational procedures and modes strictly related to the purposes indicated. In addition to the Owner, in some cases, the Data may be accessible to certain types of persons in charge, involved with the operation of this Website (administration, sales, marketing, legal, system administration) or external parties (such as third-party technical service providers, mail carriers, hosting providers, IT companies, communications agencies) appointed, if necessary, as Data Processors by the Owner. The updated list of these parties may be requested from the Owner at any time.
Legal basis of processing
The Owner may process Personal Data relating to Users if one of the following applies:
- Users have given their consent for one or more specific purposes. Note: Under some legislations the Owner may be allowed to process Personal Data until the User objects to such processing (“opt-out”), without having to rely on consent or any other of the following legal bases. This, however, does not apply, whenever the processing of Personal Data is subject to European data protection law;
- provision of Data is necessary for the performance of an agreement with the User and/or for any pre-contractual obligations thereof;
- processing is necessary for compliance with a legal obligation to which the Owner is subject;
- processing is related to a task that is carried out in the public interest or in the exercise of official authority vested in the Owner;
- processing is necessary for the purposes of the legitimate interests pursued by the Owner or by a third party.
In any case, the Owner will gladly help to clarify the specific legal basis that applies to the processing, and in particular whether the provision of Personal Data is a statutory or contractual requirement, or a requirement necessary to enter into a contract.
The Data is processed at the Owner’s operating offices and in any other places where the parties involved in the processing are located.
Depending on the User’s location, data transfers may involve transferring the User’s Data to a country other than their own. To find out more about the place of processing of such transferred Data, Users can check the section containing details about the processing of Personal Data.
Users are also entitled to learn about the legal basis of Data transfers to a country outside the European Union or to any international organization governed by public international law or set up by two or more countries, such as the UN, and about the security measures taken by the Owner to safeguard their Data.
If any such transfer takes place, Users can find out more by checking the relevant sections of this document or inquire with the Owner using the information provided in the contact section.
Personal Data shall be processed and stored for as long as required by the purpose they have been collected for.
- Personal Data collected for purposes related to the performance of a contract between the Owner and the User shall be retained until such contract has been fully performed.
- Personal Data collected for the purposes of the Owner’s legitimate interests shall be retained as long as needed to fulfill such purposes. Users may find specific information regarding the legitimate interests pursued by the Owner within the relevant sections of this document or by contacting the Owner.
The Owner may be allowed to retain Personal Data for a longer period whenever the User has given consent to such processing, as long as such consent is not withdrawn. Furthermore, the Owner may be obliged to retain Personal Data for a longer period whenever required to do so for the performance of a legal obligation or upon order of an authority.
Once the retention period expires, Personal Data shall be deleted. Therefore, the right to access, the right to erasure, the right to rectification and the right to data portability cannot be enforced after expiration of the retention period.
The purposes of processing
The Data concerning the User is collected to allow the Owner to provide its Service, comply with its legal obligations, respond to enforcement requests, protect its rights and interests (or those of its Users or third parties), detect any malicious or fraudulent activity, as well as the following: Contacting the User, Infrastructure monitoring, Heat mapping and session recording, Analytics, Interaction with data collection platforms and other third parties, Interaction with online survey platforms, Platform services and hosting, Registration and authentication, Advertising, Tag Management and Displaying content from external platforms.
For specific information about the Personal Data used for each purpose, the User may refer to the section “Detailed information on the processing of Personal Data”.
Detailed information on the processing of Personal Data
Personal Data is collected for the following purposes and using the following services:
This type of service allows User Data to be utilized for advertising communication purposes displayed in the form of banners and other advertisements on this Website, possibly based on User interests.
This does not mean that all Personal Data are used for this purpose. Information and conditions of use are shown below.
The services contained in this section enable the Owner to monitor and analyze web traffic and can be used to keep track of User behavior.Google Analytics with anonymized IP (Google LLC)Google Analytics is a web analysis service provided by Google LLC (“Google”). Google utilizes the Data collected to track and examine the use of this Website, to prepare reports on its activities and share them with other Google services.
Google may use the Data collected to contextualize and personalize the ads of its own advertising network.
Contacting the User
Contact form (this Website) by filling in the contact form with their Data, the User authorizes this Website to use these details to reply to requests for information, quotes or any other kind of request as indicated by the form’s header.
Personal Data processed: email address; first name; last name; phone number.
Mailing list or newsletter (this Website)
By registering on the mailing list or for the newsletter, the User’s email address will be added to the contact list of those who may receive email messages containing information of commercial or promotional nature concerning this Website. Your email address might also be added to this list as a result of signing up to this Website or after making a purchase. Personal Data processed: email address.
Phone contact (this Website)
Users that provided their phone number might be contacted for commercial or promotional purposes related to this Website, as well as for fulfilling support requests. Personal Data processed: phone number.
Displaying content from external platforms
This type of service allows you to view content hosted on external platforms directly from the pages of this Website and interact with them.
Heat mapping and session recording
Heat mapping services are used to display the areas of a page where Users most frequently move the mouse or click. This shows where the points of interest are. These services make it possible to monitor and analyze web traffic and keep track of User behavior.
Some of these services may record sessions and make them available for later visual playback.Hotjar Heat Maps & Recordings (Hotjar Ltd.)Hotjar is a session recording and heat mapping service provided by Hotjar Ltd.
This type of service allows this Website to monitor the use and behavior of its components so its performance, operation, maintenance and troubleshooting can be improved.
Interaction with data collection platforms and other third partiesThis type of service allows Users to interact with data collection platforms or other services directly from the pages of this Website for the purpose of saving and reusing data.
If one of these services is installed, it may collect browsing and Usage Data in the pages where it is installed, even if the Users do not actively use the service.Hotjar Recruit User Testers (Hotjar Ltd.) The Hotjar Recruit User Testers widget is a service for interacting with the Hotjar data collection platform provided by Hotjar Ltd.
Interaction with online survey platformsThis type of service allows Users to interact with third-party online survey platforms directly from the pages of this Website.
If one of these services is installed, it may collect browsing and Usage Data in the pages where it is installed, even if the Users do not actively use the service.Hotjar Poll & Survey widgets (Hotjar Ltd.) The Hotjar Poll & Survey widgets are services that enable interaction with the Hotjar platform provided by Hotjar Ltd.
Platform services and hostingThese services have the purpose of hosting and running key components of this Website, therefore allowing the provision of this Website from within a unified platform. Such platforms provide a wide range of tools to the Owner – e.g. analytics, user registration, commenting, database management, e-commerce, payment processing – that imply the collection and handling of Personal Data.
Registration and authentication
By registering or authenticating, Users allow this Website to identify them and give them access to dedicated services.
This type of service helps the Owner to manage the tags or scripts needed on this Website in a centralized fashion.
The rights of Users
Users may exercise certain rights regarding their Data processed by the Owner.
In particular, Users have the right to do the following:
- Withdraw their consent at any time. Users have the right to withdraw consent where they have previously given their consent to the processing of their Personal Data.
- Object to processing of their Data. Users have the right to object to the processing of their Data if the processing is carried out on a legal basis other than consent. Further details are provided in the dedicated section below.
- Access their Data. Users have the right to learn if Data is being processed by the Owner, obtain disclosure regarding certain aspects of the processing and obtain a copy of the Data undergoing processing.
- Verify and seek rectification. Users have the right to verify the accuracy of their Data and ask for it to be updated or corrected.
- Restrict the processing of their Data. Users have the right, under certain circumstances, to restrict the processing of their Data. In this case, the Owner will not process their Data for any purpose other than storing it.
- Have their Personal Data deleted or otherwise removed. Users have the right, under certain circumstances, to obtain the erasure of their Data from the Owner.
- Receive their Data and have it transferred to another controller. Users have the right to receive their Data in a structured, commonly used and machine readable format and, if technically feasible, to have it transmitted to another controller without any hindrance. This provision is applicable provided that the Data is processed by automated means and that the processing is based on the User’s consent, on a contract which the User is part of or on pre-contractual obligations thereof.
- Lodge a complaint. Users have the right to bring a claim before their competent data protection authority.
Details about the right to object to processing
Where Personal Data is processed for a public interest, in the exercise of an official authority vested in the Owner or for the purposes of the legitimate interests pursued by the Owner, Users may object to such processing by providing a ground related to their particular situation to justify the objection.
Users must know that, however, should their Personal Data be processed for direct marketing purposes, they can object to that processing at any time without providing any justification. To learn, whether the Owner is processing Personal Data for direct marketing purposes, Users may refer to the relevant sections of this document.
How to exercise these rights
Any requests to exercise User rights can be directed to the Owner through the contact details provided in this document. These requests can be exercised free of charge and will be addressed by the Owner as early as possible and always within one month.
Additional information about Data collection and processing
The User’s Personal Data may be used for legal purposes by the Owner in Court or in the stages leading to possible legal action arising from improper use of this Website or the related Services.
The User declares to be aware that the Owner may be required to reveal personal data upon request of public authorities.
Additional information about User’s Personal Data
System logs and maintenance
For operation and maintenance purposes, this Website and any third-party services may collect files that record interaction with this Website (System logs) use other Personal Data (such as the IP Address) for this purpose.
Information not contained in this policy
More details concerning the collection or processing of Personal Data may be requested from the Owner at any time. Please see the contact information at the beginning of this document.
How “Do Not Track” requests are handled
This Website does not support “Do Not Track” requests.
To determine whether any of the third-party services it uses honor the “Do Not Track” requests, please read their privacy policies.
Should the changes affect processing activities performed on the basis of the User’s consent, the Owner shall collect new consent from the User, where required.
Definitions and legal references
Personal Data (or Data)
Any information that directly, indirectly, or in connection with other information — including a personal identification number — allows for the identification or identifiability of a natural person.
Information collected automatically through this Website (or third-party services employed in this Website), which can include: the IP addresses or domain names of the computers utilized by the Users who use this Website, the URI addresses (Uniform Resource Identifier), the time of the request, the method utilized to submit the request to the server, the size of the file received in response, the numerical code indicating the status of the server’s answer (successful outcome, error, etc.), the country of origin, the features of the browser and the operating system utilized by the User, the various time details per visit (e.g., the time spent on each page within the Application) and the details about the path followed within the Application with special reference to the sequence of pages visited, and other parameters about the device operating system and/or the User’s IT environment.
The individual using this Website who, unless otherwise specified, coincides with the Data Subject.
The natural person to whom the Personal Data refers.
Data Processor (or Data Supervisor)
Data Controller (or Owner)
The natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data, including the security measures concerning the operation and use of this Website. The Data Controller, unless otherwise specified, is the Owner of this Website.
This Website (or this Application)
The means by which the Personal Data of the User is collected and processed.
The service provided by this Website as described in the relative terms (if available) and on this site/application.
European Union (or EU)
Unless otherwise specified, all references made within this document to the European Union include all current member states to the European Union and the European Economic Area.
Small sets of data stored in the User’s device.
This privacy statement has been prepared based on provisions of multiple legislations, including Art. 13/14 of Regulation (EU) 2016/679 (General Data Protection Regulation).
Latest update: 4th August, 2021