The General Data Protection Regulation (“GDPR”; effective May 25, 2018) is a set of laws adopted by the European Union (“EU”) to define and safeguard against online violation of the data protection and privacy rights of individuals within the EU, as well as to ensure better control over the digital footprint of one’s personal data.
As an online business based exclusively in the United States, RocketReach is subject to GDPR regulations with regard to any RocketReach-processed or controlled data that qualifies for the GDPR protections afforded to personal data originating within the EU and to the individuals having rights to that personal data. Because RocketReach’s business centers on the tailored collection and dissemination of publicly available data to registered Users having valid, active accounts on this Site, RocketReach necessarily manages two classes of personal data that are distinct in their practical handling, as well as their handling under the specific terms of the GDPR.
Subject Data. The first class of personal data, which we refer to as ‘Subject Data,’ includes the public data that is processed as part of RocketReach’s Services. Subject Data is obtained by RocketReach from third-party sources to whom Subjects voluntarily provided their personal data and through whom the Subjects have made their personal data publicly available on the internet. To the best of RocketReach’s determination, Subject Data originates from Subjects all over the world and is transferred to a third-party U.S. source, such as LinkedIn, Facebook, Google, Twitter at the Subject’s direction and for the Subject’s own purpose, such as for social or professional networking. When RocketReach obtains Subject Data, said data is located outside of the EU and is not believed to qualify for GDPR protections based on the data’s geographical and other relevant characteristics. In any case, RocketReach does not monitor or track the activities of Subjects in the EU or elsewhere, and, thus, Subject Data that is processed not monitor or track the activities of Subjects in the EU or elsewhere, and, thus, Subject Data that is processed or controlled by RocketReach is never processed or controlled in any manner related to monitoring, tracking, or obtaining data directly from Subjects located in the EU. Likewise, RocketReach’s data processing activities related to Subject Data and the provision of RocketReach’s Services is never used by RocketReach for marketing or communications directed at Subjects in the EU or anywhere else. As such, we do not believe that any ‘Subject Data’ processed or controlled by RocketReach under RocketReach’s current practices and Terms of Service is subject to GDPR regulations.
User Data. The second class of personal data, which we refer to as ‘User Data,’ is specific to data collected with the informed consent of Users who register user accounts through our Website, www.RocketReach.co. Informed consent is obtained through the Users’ express acceptance of the terms of our Privacy Policy and Terms of Service, in which we make every attempt to inform our Users of the full scope of the data we collect from them, how we collect it, what we do with it, and how we protect it. As the personal data we collect from Users is limited to that which is necessary to maintain the Users’ accounts, improve the Users’ experiences while they are using our Services, and provide the services requested by the Users either expressly or impliedly through the authorized use of RocketReach’s Services, we do not use any personal User Data to target marketing or other offers of our Services to Users in the EU, nor do we use personal User Data in any way as to ‘profile’ individuals in the EU. Given this restricted scope of processing and use of personal User Data obtained from Users in the EU, we do not believe that any of our User Data qualifies for the protections of the GDPR. We should also note that while we do collect some activity data from visitors of our Website before the visitor logs into or creates a User account, such data is collected entirely anonymously and is not considered ‘personal data’ under the GDPR. Even though we do not believe this anonymous data or any of our Subject or User Data is subject to governance under the GDPR, we treat this data with the same care and attention to security and privacy protections that we have implemented for treated of GDPR-regulated data. These implementations are described below.
While RocketReach does not specifically target EU residents or EU data in its limited ‘tracking’ or its marketing-related activities, we respect the purpose and goals of the GDPR and actively strive to maintain compliance with respect to all data that we process or control irrespective of whether that data is subject to GDPR governance. With regard to personal data and associated activities that are determined to be subject to GDPR regulations, we have made provisions to ensure such data is safely maintained and readily modifiable or removable at the discretion of a bona fide data Subject. With respect to all applicable data, we believe RocketReach is presently in compliance with the new GDPR requirements, and we will continue to monitor the development and enforcement of these regulations in order to adjust our practices as necessary to maintain compliance.
Provisions for ‘User Data’ Subject to GDPR Protections. In anticipation of the GDPR rollout, we recently made
dedicated efforts toward ensuring data security, including, for example, implementation of security protocols
necessary to ensure the pseudonymization and/or encryption of all User data and integration of automated safeguards
at the application and infrastructure level as a proactive means of keeping user data safe and ensuring compliance.
In addition, we stand ready to support all personal inquiries and requests specific to the following rights:
Provisions for ‘Subject Data’ Subject to GDPR Protections. Since RocketReach does not store Subject Data, we do not have the ability to modify or remove your personal data from the data’s source. As an EU Subject, we will, however, do whatever we can to facilitate your access and control over your personal data, including the following:
All inquiries and requests regarding Subject Data may be submitted using our self serve tool which can be found here at:
View, Update, Download or Remove your data: https://rocketreach.co/claim-profile/
or by emailing us at privacy@rocketreach.co.
At RocketReach, we understand that the terms of the new GDPR are largely novel in their application and will evolve
as the new regulations are applied and enforced in real-world data transactions in the EU and around the world.
As such, our legal team will continue to monitor the progress of the GDPR rollout and implementation, and we will
update our policies and procedures as necessary as we identify developments relevant to RocketReach’s actual or
potential control and processing of GDPR-governed personal data. In addition to inquiries and requests specific
to data privacy and security, we welcome all constructive comments and suggestions to help us in our ongoing GDPR
compliance efforts. Please direct all GDPR and privacy-related communications to our designated ‘Privacy Officer’ at privacy@rocketreach.co.