Prospct is committed to protecting and processing your personal information responsibly. We value the data you share with us and treat it with respect.
This Privacy Notice describes how Prospct collects, uses, and shares your personal information. Additionally, it outlines how you can access and control your personal information. Just click here to access your data and understand its source, or here to remove your data from our service.
Prospct collects personal information related to your profession, similar to the information you would find on a business card or in a business email signature block. We store this information in our database, and make it available to our customers, who use this information to conduct their own business-to-business (B2B) sales, marketing, and recruiting activities.
For additional information about our privacy practices and resources to control your data, visit our Privacy Center.
- What is Prospct and what do we do?
Who we are
Prospct Systems Inc. is an incorporated company established in Delaware, with its registered office at 800 Boylston Street, Suite 1410, Boston, MA 02199 USA. Prospct Systems Inc. and/or its affiliates (“Prospct”, “we”, “us”) are responsible for processing Data as described in this Privacy Notice.
To contact us, and for more information, see below.
What we do
Prospct helps business customers (e.g. HR professionals, B2B professionals, sales professionals) validate, verify and find business contact information of relevant Contacts (as defined below) retained in Prospct’s B2B database (“Prospct B2B Database”, and “Services”).
Prospct may collect, use or otherwise process Data (as defined below) relating to:
- An individual’s business contacts details as defined below (“Contact”) (this information is made available in our Prospct B2B Database);
- an authorized user of a Prospct Licensee pursuant to our Terms of Service (“End User”);
- a visitor of our website and Services (“Visitor”).
This Privacy Notice outlines our practices with respect to processing personal data of Contacts, End Users and Visitors (“Data”). Please read it carefully so that you understand how we collect, use, and process your Data, and how you may opt-out of our Data use, or otherwise access, rectify, and/or erase your Data.
Where Data about you as a Contact is collected and processed by us in the Prospct B2B Database, you may opt-out of the processing here and we will add your Data to our suppression list.
If you do not agree with this Privacy Notice or any part of it, you should not access this website or use our Services.
If you have any questions about this Privacy Notice, please contact our Privacy Team.
- Our approach
Prospct is committed to providing its innovative services while respecting the privacy of everyone involved and complying with any applicable privacy and data protection laws.
We are committed to providing our Licensees and End Users with the most useful and accurate Data possible in our Prospct B2B Database and have implemented internal measures for accuracy and relevancy purposes. In particular, we implement processes to cross-check and verify the accuracy of the Data in the Prospct B2B Database and have adopted procedures to avoid storing non-business (i.e., personal and private) contact details in the Prospct B2B Database to the extent reasonably possible.
Prospct only collects Data to the extent necessary and does not collect sensitive data related to health, religious beliefs, political opinions, or ethnicity.
As part of our ongoing commitment, Prospct’s privacy practices are audited on a yearly basis by an independent third party and maintains ISO 27701 certification.
All processing activities on behalf of our Licensees are framed in a lawful and secure way, pursuant to Prospct’s Data Processing Addendum (“DPA”). If you are a Licensee, you can send us any request relating to the Data we process on your behalf in accordance with our DPA.
- Types of information we collect from or about you
We collect and process Data:
3.1 Data about Contacts
We process business-related Data about Contacts. This Data is limited to what you would normally find on a business card or in a business email signature block, or to what is necessary to contact an individual with a business social network profile or to verify the authenticity of such a profile. We then provide this Data to our Licensees in the Prospct B2B Database.
To learn more about this Data, click on this link to see the Data we process under “Contact Attributes” and “Company Attributes”.
Our Prospct B2B Database relies on Data retrieved or derived from information from the following sources:
- Our Community Program: Our community members may share Data of their professional business network with us, such as email header, and signature blocks from their business email. Please note that community members must opt-in to sharing the Data of their professional business network with us in accordance with the Community Program terms. You can learn more about Prospct’s Community Program here.
- Our email composing features: Where Prospct End Users provide us access to their email account for the purposes of using our email composing features, we obtain Data using Google’s or Microsoft’s APIs. Click here for more information about the protections we implement when we use this Data.
- Our affiliates and group members: We receive Data from affiliates, i.e. subsidiaries, parent companies, joint ventures, and other corporate entities under common ownership or in the same corporate group.
- Publicly available sources: Our proprietary algorithm scans publicly available sources and retrieves public information to understand standard corporate email patterns (e.g. firstname.lastname@company.com). We use this Data only after we have verified it in accordance with our internal processes.
- Business social network profiles: When an End User uses our browser extension while using LinkedIn, we read the minimum Data presented on the LinkedIn profile pages that the End User is browsing for providing the Service( e.g. name, position, company, contact details if public)
- Third parties (for information about companies): We rely on business partners to collect company information about and maintain a verified list of existing companies. We use this information to ensure that the Data we process relates to business details obtained from the above is only added to the Prospct B2B Database if it relates to business details (as opposed to personal contact details). If we detect personal contact details, we will not add this to the Prospct B2B Database.
Learn more about Our Data Sources
All of the Data collected from our sources described above is analyzed by Prospct’s proprietary algorithm to organize, scan, and merge certain Data attributes into a unique identifiable “Business Contact Card” which is published on the Prospct B2B Database. [We suppress any Data that our algorithms detect as non-business Data.]
We are focused on providing business Data only in the Prospct B2B Database, so we have implemented measures to exclude contacts who are public servants or otherwise public figures. If you opt-out, we will also remove your Data from the Prospct B2B Database and hold it on our suppression list.
3.2 Information we collect about and from End Users
Data we process about End Users
We collect Data directly from End Users where they interact with us. For example, this is the case when End Users create an account, use our Services, contact us via our website or support channels. The Data includes:
- name
- professional email address
- professional phone number
- professional mailing address
- location
- user activity
- referred friend’s professional email address and name (only if you use our referral service)
- any other information you provide us voluntarily when you communicate with us.
We do not sell any Data or information shared with us by our paying Licensees, End Users, or customers unless they decide to join our Community Program.
Data we collect through Prospct Integrations
As part of the Services, End Users or Licensees may integrate Prospct with certain platforms (“Integrations”). When using Prospct’s Integrations, Data from End Users’ or Licensee’s CRM tools, email, browser extension (such as Chrome add-on) or other software will be transmitted to Prospct, so Prospct can match or cleanse this data against Data held in the Prospct B2B Database.
For example, End Users can use our Integration browser extension while browsing the profile pages of Contacts on business social networks, such as LinkedIn. When an End User does this, our browser extension collects the Data about Contacts presented on the profile pages that you are browsing.
Through these Integrations, Prospct may also collect Data about Contacts and Prospct may run these through its proprietary algorithm to organize, scan, merge and update certain Data into an existing “Business Contact Card” on the Prospct B2B Database, or otherwise improve Prospct’s research processes and the content provided by its Services.
By connecting your email account as an Integration, Prospct may scan and/or extract business contact details from the inbox and may use it to improve its services.
Data our Payment Partner collects
For End Users and Licensees that pay for the Services by credit cards, our service provider Stripe Inc. processes your payment information, while Prospct does not have direct access to it. We have an agreement with Stripe to ensure that your payment information is processed in a secure and confidential way.
3.3 Information we process about End Users and Visitors alike
If you are an End User using our Services as an authorized user of a Prospct Licensee or a Visitor that visits our website or Service, we automatically collect information sent to us by your computer, mobile phone, or other access devices. This information includes:
- Your device information (for example, the type of browser and operating system your device uses, your language preference, your domain name, and the time you accessed the website)
- Your mobile network information
- Your IP address
- Alerts for troubleshooting errors and bugs
Where you are not logged into your account, this information is unidentified to you and we are not aware of the identity of the user from which this information is collected.
We use cookies and other similar technologies (e.g. web beacons, log files, scripts and eTags) (“Cookies”) to enhance your experience using the Service. Cookies are small files which, when placed on your device, enable us to provide certain features and functionality. For more information, please read our cookie policy.
- How and why do we use your Data?
4.1 Data about Contacts
|
Context of processing |
Purpose of processing |
Legal basis |
|
Purposes related to the provision of our Services |
|
|
|
Purposes related to the analysis and improvement of our Services |
|
|
|
Purposes related to compliance with regulations and the fight against fraud |
|
|
4.2 Data about End Users
|
Context of processing |
Purpose of processing |
Legal basis |
|
Purposes related to the provision of our Services |
|
|
|
Purposes related to the use of the Services, the creation and management of your account |
|
|
|
Purposes related to the analysis and improvement of our Services |
|
|
|
Purposes related to the promotion of our Services |
|
|
|
Purposes related to compliance with regulations and the fight against fraud |
|
|
4.3 Information about End Users and Visitors
|
Context of processing |
Purpose of processing |
Legal basis |
|
Purposes related to the analysis and improvement of our Services |
|
|
- Additional restrictions
Notwithstanding anything else in this Privacy Notice, if you provide Prospct access to your email account, for the purpose of using our email composing features, the following types of your Google data or Microsoft data will be subject to these additional restrictions:
Prospct will only use access to read, write, modify, or control email message bodies, metadata, headers, and settings to enable End Users to compose and process emails and will not transfer this data to others unless doing so is necessary to provide and improve these features, comply with applicable law, or as part of a merger, acquisition, or sale of assets. We will not use this data for serving advertisements, selling data, or any other purpose except as set hereinabove or as otherwise permitted in line with Customer-/End User-specific consent.
Prospct’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.
Further, Prospct’s use of the Microsoft API is subject to Microsoft’s privacy policies, you can edit your settings and revoke consents provided to Microsoft at any time by following the instructions in the following links: https://account.live.com/consent/Manage and/or https://myapps.microsoft.com.
- How we share your information
We may share information with third parties in the ways and for the purposes described above.
- With our End Users and Licensees (Contacts only): We share Contacts stored in the Prospct B2B Database with our End Users and Licensees, for the purpose of providing our Services and allowing access to authentic, current, and up to date business contact information.
- Within Prospct or our Payment Partner: We may share your information within Prospct. To the extent permitted by law and taking into account the protection of your rights and freedoms with respect to the processing of your Data, and the consent you have given (if any), your Data will only be accessible by a limited and defined number of recipients within Prospct (such as employees) or our Payment Partner.
Please be assured that such access to your Data will be strictly on a “need to know” basis and will be subject to our internal privacy policy and an obligation of confidentiality.
- With our service providers: Your Data will generally not be disclosed to recipients outside Prospct or our Payment Partner. In some cases, however, Prospct uses third-party sub-processors acting on its behalf under contracts that will include strict data protection obligations. A full list of sub-processors, including their purpose, locations, and transfer method can be found here.
In particular, we will provide your Data to service providers or suppliers as part of our normal business operations. Such service providers include (i) hosting services providers, (ii) data analytics providers, (iii) payment processors, and (iv) security services providers.
When you are joining the Prospct group or fan page on Facebook, Facebook and We are acting as joint controllers. The same goes when you are visiting our LinkedIn Page.
- Facebook Inc., headquartered at 1 Hacker Way, Menlo Park, CA 94025, United States of America. The joint controller addendum can be found here.
- LinkedIn Corporation is headquartered at 1000 W. Maude Avenue, Sunnyvale, CA 94085 USA. The joint controller addendum can be found here.
Please note that when it comes to connecting your CRM, Google, or Microsoft accounts to our Service (via Google connect, Office 365 Login, etc.) Prospct acts as an independent controller.
- In connection with an asset sale, merger, bankruptcy, or other business transaction: We may share Data while negotiating or in relation to a change of corporate control such as a restructuring, merger, or sale of our assets.
- With other third parties and with public authorities: In certain circumstances, we may also share and disclose such your information, if we believe in good faith that such disclosure is necessary or required: (i) to comply with a law, regulation, governmental or securities exchange requirement, court order, judicial proceeding, or legal process, such as a subpoena or a search warrant; (ii) to address a violation of the law; (iii) to investigate fraud or criminal activity, and to protect our rights or those of our affiliates, vendors and users, or as part of legal proceedings affecting or may affect us or our affiliates, vendors or users; and (iv) to allow Prospct to exercise its legal rights or respond to a legal claim.
- How long do we keep your Data?
Prospct has implemented a retention policy, setting retention periods taking into account the type of information that is collected and the purpose for which it was collected, bearing in mind the requirements applicable to the situation and the need to destroy outdated, unused information at the earliest reasonable time.
We only keep your Data for the time necessary for the purposes described above.
- Contacts: We retain your Data for the duration necessary to provide our Services and, thereafter in archives, to comply with our legal obligations, resolve disputes and enforce our policies.
- Prospct End Users: We retain your Data for the duration of your active account on Prospct. We may keep your Data for 3 years following the last activity in your account in order to comply with our legal and contractual obligations or to protect ourselves from any potential disputes (as required by laws applicable to record-keeping and to have proof and evidence concerning our relationship, should any legal issues arise following the termination of your account), all in accordance with our Data Retention Policy.
We retain this Data strictly on your behalf, in accordance with reasonable instructions and as further stipulated in our Data Processing Addendum and other commercial agreements with Licensees or other relevant customers.
Lastly, we retain Data in our suppression list for the duration necessary to provide our Services, which includes ensuring that any Contacts who are public figures or who have exercised their right to opt-out remain excluded from the Prospct B2B Database.
Once the retention period has passed, Prospct takes the appropriate and adequate measures to dispose of all and any Data in a secure and lawful manner in accordance with NIST 800-88 guidelines for media sanitization.
- How to opt-out or access, rectify, and/or erase your Data
Prospct allows you to access your Data, edit or obtain Data collected about you by contacting our Privacy Team.
Note that we maintain a suppression list which may include personal data, for the sole purpose of ensuring that opt-out requests are respected and that your contact information no longer appears in the Prospct B2B Database in the future if you have opted-out.
For any request relating to your Data, contact our Privacy Team. In particular, you may request:
- Information and access to a copy of your Data: you may obtain confirmation as to whether or not your Data is processed by Prospct. As applicable you may get more information on the Data we hold and how your Data is processed, and get a copy of your Data.
- Rectification of your Data: you may rectify your Data if it is inaccurate or incorrect or out-of-date. You may also have incomplete Data completed.
- Erasure of your Data: you may request the erasure of your Data, e.g. if you object to the processing of your Data (see below). However, we may have legal or legitimate reasons for retaining the Data depending on the context. Upon complying with your request, we shall also inform the customers that purchased your data, for more information see here.
- Limitation of processing: you may request a limitation of your Data, e.g. in case of issue or audit. We will mark your Data to limit their future processing.
- Data portability: you may receive the Data that you have provided to Prospct, in a structured, commonly used and machine-readable format, and you have the right to transmit this Data to another data controller without hindrance from us. This right only applies where the processing of your Data is based on your consent or is Data you have provided to us for the performance of the Prospct Terms of Service.
You may also object to the processing of your Data for certain purposes.
- To stop receiving marketing communications from us: you may demand that we stop any direct marketing to you, at any time. You will find a link or instructions to unsubscribe in any such communications from us.
- For other purposes: you may object to the processing of your Data where such processing is based on legitimate interest as described above. Please describe the reasons relating to your particular situation to justify your request. If applicable, we will stop the processing unless we have compelling legitimate grounds.
Before completing your request, we will need to verify your identity. We will send you a link to verify your email address and may request additional information solely for the purpose of verifying your identity. Making a verifiable request does not require you to create an account with us. We will only use personal information provided in a verifiable request to verify the requestor’s identity or authority to make the request.
If you have given us your consent, you may withdraw that consent at any time for future processing. This will not affect the lawfulness of the processing prior to the withdrawal of consent.
Minors
The products and services of Prospct are not targeted to or intended for children under the age of 18. In the event that we become aware that a Contact or End User is under the age of 18, we will discard such information. If you have any reasons to believe that a minor has shared any information with us, please contact us at support@Prospct.io.
- How do we safeguard and transfer your Data?
We will take all steps reasonably necessary to ensure your information is treated securely and in accordance with this Privacy Notice.
Once we receive your information, we take all appropriate technical and organizational measures, reasonable precautions, and follow industry best practices to safeguard your information against loss, theft, unauthorized use, access, or modification.
We are headquartered in the United States of America and, while our Data is stored on Amazon Web Services in the United States of America, many of our Data processing activities are carried out from other countries including by staff operating outside the European Economic Area who work for us or for one of our service providers or partners.
Our affiliate Prospct Systems Ltd. and some of our staff are located in Israel, where there is an adequate level of protection of personal data according to the European Commission (2011/61/EU: Commission Decision of 31 January 2011) and the competent authority of the United Kingdom (see Information Commissioner’s Office).
Where applicable, e.g. when our customers are subject to the GDPR and export data to us, we have signed contracts based on the Standard Contractual Clauses approved by the European Commission or the United Kingdom International Data Transfer Agreement or Addendum (as applicable) or similar contracts ensuring essentially the same level of protection for further transfers.
For a list of our subprocessors and means of transfer visit our subprocessors page.
- California Privacy Rights
This notice to California residents supplements the information contained in this Privacy Notice and addresses the requirements under the California Consumer Privacy Act of 2018 (Cal. Civ. §§ 1789.100–1798.199) and the California Consumer Privacy Act Regulations by the Attorney General (the “CCPA“).
It applies to Contacts and individuals (as defined in this Privacy Policy), who reside in the State of California (“consumer”, “you” or “your”), and explains your rights and provides certain mandated disclosures about our treatment of California residents’ information.
You have the right, at any time, to direct us not to sell or share your personal information to third parties, as defined under the CCPA. This is also referred to as your right to opt-out.
You have the right to opt-out of sales, within the meaning of the CCPA, of certain information subject to the CCPA. You are not required to have an account with us to exercise your right to opt-out of the sale of your personal information to third parties.
If you are a California resident and would like to exercise your rights, you may:
- Call us toll-free at 1-866-I-OPT-OUT (1-866-467-8688) / Service Code 2001#
- Submit a verifiable consumer request here
- Email our Privacy Team at privacy@Prospct.io
Only you or a person authorized to act on your behalf may make a consumer request related to your personal information.
The request must:
- Provide sufficient information to allow us to reasonably verify you are the person about whom we collected personal information or an authorized representative
- Describe your request with sufficient details to allow us to properly understand, evaluate, and respond to it
You may only request a copy of your data twice within a 12-month period. If you have any general questions about the personal information that we collect about you and how we use it, please contact our Privacy Team.
Requests may be denied in whole or in part due to various factors; for example, if a request was not verifiable, was not made by a consumer, was made multiple times, or called for information exempt from disclosure.
|
Received |
Complied with |
Denied* |
Mean No. Days to Respond |
|
|
Requests to know |
8 |
7 |
1 |
< 1 day |
|
Requests to delete / opt out |
3,788 |
3,289 |
499 |
< 4 day |
|
Requests via email |
2356 |
2356 |
0 |
< 45 day |
|
* Not verifiable consumer request |
||||
- Changes to this policy
Prospct may modify this Privacy Notice from time to time, to reflect eventual changes in the way we process Data. If we make material changes to this policy (such as a change in our processing purposes, a change in the identity of the controller, or even a change regarding the way you can exercise your rights in relation to our processing activities), we will notify you, as appropriate, depending on the substance of the change, by email or by means of a notice on our website’s homepage, prior to the changes becoming effective.
- Contact us
Should you have any queries regarding this Privacy Notice or about how Prospct uses your data that are not answered here, please contact our Data Protection Officer, Assaf Gilad, by email.
If you are a Contact or Visitor, Prospct Systems Inc. and Prospct Systems Ltd. (a company incorporated in Israel with registered address at 132 Derech Menachem Begin,Tel Aviv 6701101) are joint controllers of your Data. You can exercise your rights here, and find out more information about the joint controller arrangement by contacting our Data Protection Officer by email.
If you are an End User, the relevant data controller is the Prospct entity that your company contracts with, as set out in the Agreement.
Prospct has appointed DP-Dock GmbH as a contact point in the European Union and the United Kingdom. We hope that in the first instance, you can raise any questions and concerns with our Data Protection Officer by email, but you can also contact DP-Dock GmbH at Prospctsystems@gdpr-rep.com or write to them:
In the EU:
DP-Dock GmbH
Attn: Prospct Systems, Inc.
Ballindamm 39
20095 Hamburg
Germany
In the UK:
DP-Data Protection Services UK
Attn.: Prospct Systems, Inc.
16 Great Queen Street
London WC2B 5AH
United Kingdom
- Complaints
If you feel that your data has not been handled correctly, or you are unhappy with our response to any requests you have made to us regarding the use of your personal data, you have the right to lodge a complaint. Please email the details of your complaint to:
- In the United Kingdom, the Information Commissioner’s Office https://ico.org.uk/;
- Anywhere else, you have the right to lodge your complaint with the relevant data protection regulator in your country of residence.
Alternatively, if you have an unresolved privacy or Data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider at https://feedback-form.truste.com/watchdog/request.
|
Version |
Updated |
Status |
|
V6 |
June 10, 2024 |
Current |
|
V5 |
March 22, 2023 |
Obsolete |
|
V4 |
Sep 16, 2022 |
Obsolete |
|
V3 |
July 24, 2022 |
Obsolete |
|
V2 |
June 1, 2022 |
Obsolete |
|
V1 |
June 20, 2021 |
Obsolete |
