In order to increase sales productivity, Immagnify offers a sales prospecting platform. We help our customers capture contact information from public profiles, enrich existing leads on their CRMs, and build accurate prospecting lists. Our database contains verified contact information for over 100 million professionals.‍

GDPR & Immagnify’s Database

What categories of EU personal data are processed and why?

In our database, Immagnify is the custodian of business contacts that our customers can access to conduct B2B outreach. Personal data categories include full name, title, email and phone number, city, and company profile. Our organization does not process any sensitive information. Additionally, Immagnify is a processor for our customers who use our platform to build their prospecting lists.

How does Immagnify obtain the business contact information?

The following sources provide the information to Immagnify:

  1. Compilation of public information from one or more websites.
  2. Licensed information from our partners, who, in turn, obtained the information from public and/or trusted sources.
  3. Our community database, which contains contributions from users.

What is Immagnify’s lawful basis under GDPR for processing this personal data?

Our legitimate interest in processing personal data on our database is to provide our clients with business contact information as part of our B2B support services and to facilitate B2B commerce. It has a minimal impact on individuals’ private lives and rights.

Does Immagnify share personal data with third parties?

As part of our service offerings, Immagnify shares customer data stored in our database with our customers. The customer becomes the controller of this data when it is made available. As part of Immagnify’s processing of personal data, the company uses third-party providers. We have implemented Data Processing Agreements in order to comply with GDPR. Immagnify never shares the personal information of its customers.

Can individuals request access to their personal data?

Yes. Please visit our Privacy Center. You can also contact us at support@Immagnify.com.‍

Do individuals have the right to request the erasure or correction of their personal data, as well as the restriction or objection of such processing?

Yes. Please visit our Privacy Center. You can also contact us at support@Immagnify.com.

For more information about the personal information that Immagnify collects and processes, please see our Privacy Policy.

GDPR & Immagnify’s Customers

When Immagnify’s customers collect and then use the business contact information in order to prospect sales leads, they are bound by the GDPR and the ePrivacy Directive.

Your Rights as an Individual Under GDPR

At Immagnify, we care not only about our customers but also about the individuals in our database. If you believe that our records contain all or part of your private information, please read the information below to better understand your rights.‍

Our digital world is rapidly evolving, and our personal information is everywhere. When we sign up for services on the Internet, we are constantly asked for our name and contact information, and websites track our behavior without our knowledge. With this backdrop, on May 25th, 2018, The General Data Protection Regulation (“GDPR”) entered into force in the EU in order to ensure the protection of personal data, privacy, and data security.

Specifically, GDPR concerns “personal data” – that is, data about an identifiable person, such as name, e-mail, address, identification number, etc. Additionally, less obvious data such as GPS location, IP address, or Cookie-ID can be used to identify an individual. The GDPR regulates how companies, both within and outside of the EU, can lawfully handle EU personal data and provides individuals with certain rights.

The purpose of this article is to explore our rights as individuals under GDPR. The concept of “lawful basis of processing” is helpful for understanding these rights. An individual’s consent or their own legitimate interests are both legal grounds for the processing of personal data by companies. There are six bases, and we recommend reading about them on the UK’s Information Commissioner’s Office (ICO) website.‍

We’ve listed them briefly here:

(a) Consent: the individual has given you their explicit consent to process their personal data.

(b) Contract: you need to process the information because of a contract you have with the individual, or because they asked you to take steps prior to entering into one.

(c) Legal obligation: you must process this information in order to comply with the law (not including contractual obligations).

(d) Vital interests: processing of sensitive personal information is required to safeguard someone’s life.

(e) Public task: performing a task in the public interest or for your official duties requires you to process personal data, and the task or duty has an explicit legal basis.

(1) Legitimate interests: the processing is necessary for the purposes of your legitimate interests or those of a third party unless there are compelling reasons to protect the individual’s privacy that prevail. (This does not apply to public authorities that process data to fulfill their responsibilities.)

Individual Rights under GDPR

There are eight specific rights that individuals have over their personal data under Chapter 3 of the GDPR.

To Be Informed:

What it is

You have the right to know how a company collects personal information about you and how it uses our data, including what the purpose of the collection is, how long our data will be retained, and if/with whom it will be shared. In certain circumstances, the company does not have to inform you if you already know about it or if they deem it would take disproportionate effort to do so.

How it works

When companies collect personal data, they usually inform individuals through a Privacy Policy. Individuals are asked to read and accept the privacy policies of services before submitting personal information to them.

According to GDPR Article 3(2), “this Regulation applies to the processing of personal data relating to Union citizens…”‍


What it is

Individuals are able to request access to their personal data, also known as Data Subject Access Requests (DSARs), and to receive additional information about the processing of their data as part of such requests.

How it works

These requests may be handled by a web contact form or direct contact with some companies. You can submit this request in either written form or in person. The ICO has provided some guidelines on how to submit a request. If you exercise this right, there is no fee unless the request is unfounded or excessive, or multiple copies are requested.

Upon receiving a request, the company may need more information to verify your identity, and they have up to one month to provide the requested information. Depending on the complexity of the request, the response may be delayed. If this is the case, you will be informed.


What it is

Individuals have the right to correct inaccurate personal data and, where necessary, have incomplete data completed.

How it works

The method of making this request is not prescribed; it can be verbally or in writing. If possible, provide evidence of the inaccuracy, and explain how the organization should rectify it, as recommended by the ICO. You can also request restrictions (see below) on the data while it is being corrected. For a DSAR, the same timeline applies.


What it is

Additionally, this is referred to as “the right to be forgotten”. There are only certain circumstances in which individuals can exercise this right to have their personal data deleted:

  1. Your original purpose for processing data has been fulfilled, and it is no longer necessary to continue processing it.

  2. You revoke the consent that was the legal basis for the processing by the company.
  3. There is no overriding legitimate interest for the company to continue processing your data, and you object to this.
  4. You object to the processing of your data for marketing purposes. Unlawful processing of your data has taken place.
  5. To comply with a legal requirement, the company must erase the data. The process of offering information society services to a child.

How it works

To exercise the right to request erasure, follow the same steps as above, and there is no fee to pay. The same timeline applies to receiving a response. Here are some examples of when you can exercise your right to be forgotten:
Your personal information does not need to be kept by a company once you cancel a service that you’re not going to use anymore.
You object to a company that tracks your online behavior when that is not the company’s primary business.
Unlawful processing occurs when a company sends you marketing emails without giving you the option to unsubscribe


What it is

Personal data can be restricted by individuals, usually temporarily rather than permanently. The following conditions apply to individuals exercising this right:
The time it takes for a company to verify the accuracy of the personal data they have for you is due to a challenge you made.
The period that a company spends deciding whether they have a legitimate interest that overrides your right to object to the processing of your personal data.
There has been unlawful processing of data (i.e. no legal basis for processing) but you do not want your data to be deleted.
You need the company to hold the data, even if they no longer need it because you are involved in a legal claim.

How it works

Similarly, this right can be exercised in the same way as the other rights without paying any fees. The same timeline applies to receiving a response.
A person who exercises this right usually also exercises the right to rectification or to object. It could also serve as an alternative to the right to erasure. If any restriction is subsequently lifted, you should be informed.

Data Portability:

What it is

Data that has been previously provided to a service provider may be obtained by individuals and reused for other services. In addition to this, individuals may request that their personal data be transferred directly to another service provider. Only data that has been processed with automated means can be subject to this right, and they must have been processed under the lawful basis of consent or contract performance.

Data about an individual’s activities can be collected in this context, such as information about a user’s website visit history, their location data, or the data generated by wearables, but data that has been derived from the observed activity cannot be collected.

How it works

As with the other rights, no fee is required to exercise this right. The same timeline applies to receiving a response.
This right has the benefit of making switching between providers easier.

What it is

In the event of an objection, the processing of personal data will stop or be prevented. The following circumstances apply to the exercise of this right:
Individuals have the right to stop all marketing-related data processing at any time.
The use of your personal data is lawful either for legitimate interest or to perform a “public task” in the interests of the public or in the exercise of official authority.
A company, however, may override the individual’s right to object if it can demonstrate a compelling and overriding legitimate interest, or if it is necessary for legal enforcement.

How it works

With one qualification, this right is exercised in the same manner as the other rights. A request to object to data processing undertaken in the public interest or for a legitimate purpose must be accompanied by specific reasons.

Automate decision making and profiling:

What it is

The automated decision-making is the process of making a decision exclusively using automated means without any human input. Profiling refers to the automated use of personal data to evaluate a number of factors about an individual (e.g. preferences, health, predicting behavior).
Companies are prohibited from making solely automated decisions, such as profiling-based ones, which negatively affect people under GDPR individuals. The automated decision-making is only permitted in certain situations, such as when it is required for the performance of a contract, when it is permitted by law, or when the individual has given explicit consent.

How it works

You can request that a company do not subject you to automated decision-making if you believe it should not. As with the other rights, no fee is required to exercise this right. The same timeline applies to receiving a response.

An example of automated decision-making would be the refusal of an online credit application or the rejection of an online job application without any human intervention.

Whether or not a company allows automation of decision-making, they should provide you with ways to express what you think, ask for an explanation of the decision, and question the decision.

Besides protecting an individual’s privacy, GDPR also provides many other benefits. You have the right to complain to the company that processes your personal data if your information:

  1. There has been a data breach or data is not being kept securely;
  2. Disclosures have been made;
  3. The item has been used for purposes other than those intended;
  4. It is being kept longer than necessary; it is being processed without a legal basis.

To ensure that we give you the best experience on our website we use cookies.