General Data Protection Regulation Notice

What is GDPR?

The General Data Protection Regulation (“GDPR”; effective May 25, 2018) is a set of laws adopted by the European Union (“EU”) to define and safeguard against online violation of the data protection and privacy rights of individuals within the EU, as well as to ensure better control over the digital footprint of one’s personal data.

What does GDPR mean for RocketReach?

As an online business based exclusively in the United States, RocketReach is subject to GDPR regulations with regard to any RocketReach-processed or controlled data that qualifies for the GDPR protections afforded to personal data originating within the EU and to the individuals having rights to that personal data. Because RocketReach’s business centers on the tailored collection and dissemination of publicly available data to registered Users having valid, active accounts on this Site, RocketReach necessarily manages two classes of personal data that are distinct in their practical handling, as well as their handling under the specific terms of the GDPR.

Subject Data. The first class of personal data, which we refer to as ‘Subject Data,’ includes the public data that is processed as part of RocketReach’s Services. Subject Data is obtained by RocketReach from third-party sources to whom Subjects voluntarily provided their personal data and through whom the Subjects have made their personal data publicly available on the internet. To the best of RocketReach’s determination, Subject Data originates from Subjects all over the world and is transferred to a third-party U.S. source, such as LinkedIn, Facebook, Google, Twitter at the Subject’s direction and for the Subject’s own purpose, such as for social or professional networking. When RocketReach obtains Subject Data, said data is located outside of the EU and is not believed to qualify for GDPR protections based on the data’s geographical and other relevant characteristics. In any case, RocketReach does not monitor or track the activities of Subjects in the EU or elsewhere, and, thus, Subject Data that is processed not monitor or track the activities of Subjects in the EU or elsewhere, and, thus, Subject Data that is processed or controlled by RocketReach is never processed or controlled in any manner related to monitoring, tracking, or obtaining data directly from Subjects located in the EU. Likewise, RocketReach’s data processing activities related to Subject Data and the provision of RocketReach’s Services is never used by RocketReach for marketing or communications directed at Subjects in the EU or anywhere else. As such, we do not believe that any ‘Subject Data’ processed or controlled by RocketReach under RocketReach’s current practices and Terms of Service is subject to GDPR regulations.

User Data. The second class of personal data, which we refer to as ‘User Data,’ is specific to data collected with the informed consent of Users who register user accounts through our Website, www.RocketReach.co. Informed consent is obtained through the Users’ express acceptance of the terms of our Privacy Policy and Terms of Service, in which we make every attempt to inform our Users of the full scope of the data we collect from them, how we collect it, what we do with it, and how we protect it. As the personal data we collect from Users is limited to that which is necessary to maintain the Users’ accounts, improve the Users’ experiences while they are using our Services, and provide the services requested by the Users either expressly or impliedly through the authorized use of RocketReach’s Services, we do not use any personal User Data to target marketing or other offers of our Services to Users in the EU, nor do we use personal User Data in any way as to ‘profile’ individuals in the EU. Given this restricted scope of processing and use of personal User Data obtained from Users in the EU, we do not believe that any of our User Data qualifies for the protections of the GDPR. We should also note that while we do collect some activity data from visitors of our Website before the visitor logs into or creates a User account, such data is collected entirely anonymously and is not considered ‘personal data’ under the GDPR. Even though we do not believe this anonymous data or any of our Subject or User Data is subject to governance under the GDPR, we treat this data with the same care and attention to security and privacy protections that we have implemented for treated of GDPR-regulated data. These implementations are described below.

What is RocketReach doing to achieve GDPR compliance for applicable data?

While RocketReach does not specifically target EU residents or EU data in its limited ‘tracking’ or its marketing-related activities, we respect the purpose and goals of the GDPR and actively strive to maintain compliance with respect to all data that we process or control irrespective of whether that data is subject to GDPR governance. With regard to personal data and associated activities that are determined to be subject to GDPR regulations, we have made provisions to ensure such data is safely maintained and readily modifiable or removable at the discretion of a bona fide data Subject. With respect to all applicable data, we believe RocketReach is presently in compliance with the new GDPR requirements, and we will continue to monitor the development and enforcement of these regulations in order to adjust our practices as necessary to maintain compliance.

Provisions for ‘User Data’ Subject to GDPR Protections. In anticipation of the GDPR rollout, we recently made dedicated efforts toward ensuring data security, including, for example, implementation of security protocols necessary to ensure the pseudonymization and/or encryption of all User data and integration of automated safeguards at the application and infrastructure level as a proactive means of keeping user data safe and ensuring compliance. In addition, we stand ready to support all personal inquiries and requests specific to the following rights:

  • The Right to Be Forgotten: As a registered User of RocketReach’s Services, you are able to edit or remove any personal data you previously entered into your account or terminate your RocketReach account at any time. As a User with an active account, you may submit a request for removal of any personal information collected by RocketReach other than the information necessary to maintain your account, which is held securely and privately by RocketReach. Any such request may be submitted us at privacy@rocketreach.co. Upon account termination, all non-billing information will automatically be removed from your User account, and we will gladly provide confirmation of removal upon request.
  • Rectification: You have the right to access and update your RocketReach account settings at any time in order to correct or complete your account information. Alternatively, you can contact us at privacy@rocketreach.co to request your data to be corrected, amended, or deleted.
  • Access: What data we collect and how we use it is clearly specified in our Privacy Policy. If you have any questions about particular data or would like to receive a copy of your personal data, please contact privacy@rocketreach.co.
  • Portability: Upon a User’s request, we will provide a comprehensive copy of your personal data to you or a third party of your choosing. Requests for data portability can be sent to us at privacy@rocketreach.co.

Provisions for ‘Subject Data’ Subject to GDPR Protections. Since RocketReach does not store Subject Data, we do not have the ability to modify or remove your personal data from the data’s source. As an EU Subject, we will, however, do whatever we can to facilitate your access and control over your personal data, including the following:

  • Subject Confirmation. Upon an EU Subject’s request regarding their personal data, we will first make every reasonable effort to confirm the Subject’s identity.
  • Personal Data Check. If we are able to confirm the EU Subject’s identity, we will promptly provide a copy of any personal data we have on the Subject or confirm that we do not have any of the confirmed Subject’s personal data.
  • Data Source Report. Upon request by an EU Subject, we will gladly provide a report containing the personal data that might appear in a RocketReach User’s search results, along with identification of the data’s source so the Subject can approach the appropriate data source for effective modification or removal of their Personal Data.
  • RocketReach Search Exclusion. In the event an EU Subject wishes to have their personal data excluded from a User’s use of RocketReach’s Services, we will gladly comply with such request.

All inquiries and requests regarding Subject Data may be submitted to privacy@rocketreach.co. At RocketReach, we understand that the terms of the new GDPR are largely novel in their application and will evolve as the new regulations are applied and enforced in real-world data transactions in the EU and around the world. As such, our legal team will continue to monitor the progress of the GDPR rollout and implementation, and we will update our policies and procedures as necessary as we identify developments relevant to RocketReach’s actual or potential control and processing of GDPR-governed personal data. In addition to inquiries and requests specific to data privacy and security, we welcome all constructive comments and suggestions to help us in our ongoing GDPR compliance efforts. Please direct all GDPR and privacy-related communications to our designated ‘Privacy Officer’ at privacy@rocketreach.co.