Web Insights | Software Data Compliance Policy

The Web Insights Product

Web Insights delivers engaged opportunities directly to your sales, marketing and account management teams — seamlessly and in real-time. Our intelligent solution plugs directly into your existing systems, facilitating the automated routing of your website visitor information throughout your business — enabling your business to capitalise on highly valuable opportunities when they are most engaged. Web Insights works on the basis of reverse business IP tracking. A small tracking code is placed on a business’ website(s), enabling them to identify the business IP addresses of their website visitors. Web Insights matches the identified business IP address to a wholly owned global database of businesses and business information. Web Insights customers also have the option to implement a cookie alongside the code to enhance the tracking capabilities of the software. The Web Insights software is almost entirely focused on leveraging business-related information to effectively match a business IP address with wider business data, providing valuable business-related visitor information to our customers. Web Insights does not identify any personal IP addresses, mobile devices or any data other than that associated with the business. Business-related data is not applicable under GDPR — which has the intention of protecting personal data. Therefore, the majority of the Web Insights solution and its features are not relevant to GDPR.

Contact Data

An additional feature of Web Insights is its ability to provide customers with the contact information of key decision-makers from the organisations that have proactively visited the company website. As this information contains details including first name, last name, email address and LinkedIn profile, this aspect of Web Insights constitutes the processing of personal data and, therefore, is required to be compliant with GDPR. Web Insights will only ever collect business IP addresses, which are then matched to a business profile. From there, Web Insights offers customers the opportunity to purchase the contact details of relevant decision-makers within the matched business. The data available will only relate to decision-makers at the organisations that have proactively visited a customer’s website, in turn, it is expected that this data will be leveraged by the Web Insights customer base under the lawful basis for processing of ‘Legitimate Interests’. It is anticipated that Web Insights customers will select the most appropriate point of contact from the data provided by Web Insights to convey a highly relevant, targeted message either by email, telephone or by post to the business address and the point of contact. Any correspondence will be based upon their likely interest in the organisation’s product or service following their visit to the organisation’s website. Under GDPR, Web Insights will only ever process necessary personal data, which is limited to first name, last name, LinkedIn profile URL and professional email address. Web Insights will process further business-related data such as business IP address, business name, job function and business telephone numbers. No sensitive, personal data will be collected or processed in any way. Web Insights customers have the option of using the software without leveraging contact data, in which case, the Web Insights solution is unrelated to GDPR on the basis that it will only process business data. If a customer opts to use the contact data feature of Web Insights, it is deemed that this will be leveraged under the lawful basis of ‘Legitimate Interests’, however, the customer will be responsible for ensuring the data used is processed within their business in a method that is compliant with GDPR. Each customer will be responsible for conducting their own due diligence checks and producing their own policies as applicable to their business.

Six Lawful Bases for Processing Personal Data

Under the EU General Data Protection Regulation (GDPR) there are six lawful bases for processing personal data. These are detailed as follows:

Consent

The individual has given clear consent for you to process their personal data for a specific purpose.

Contract

The processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract.

Legal Obligation

The processing is necessary for you to comply with the law (not including contractual obligations).

Vital Interests

The processing is necessary to protect someone’s life.

Public Task

The processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law.

Legitimate Interests

The processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data, which overrides those legitimate interests. (This cannot apply if you are a public authority processing data to perform your official tasks.) Source:ico.org.uk February 2018. The information relating to the six lawful bases for processing personal data is taken from the ICO website and the GDPR regulation documentation. Further information regarding the lawful bases for processing personal data can be found at ico.org.uk.

Legitimate Interest Assessment (LIA)

Web Insights has carried out a Legitimate Interest Assessment (LIA) as advised by the ICO. Based upon that assessment, it is deemed that the rights and freedoms of the data subjects would not be overridden in our processing of the personal data and that in no way would a data subject be caused harm by the Web Insights processing. Based upon our segmentation by organisation and by specific job function, coupled with our processing of personal data within the context of a business environment, it is deemed that any processing of data will be limited to business matters, and therefore any risk of personal compromise is extremely unlikely. It is also deemed that direct marketing and sales is necessary in the context of following up with website visitors in order to better serve visitors and to generate business sales. Per the ICO guidance, Web Insights can confirm:

We have checked that Legitimate Interests is the most appropriate basis
We understand our responsibility to protect the individual’s interests
We have conducted a Legitimate Interests Assessment (LIA) and kept a record of it to ensure that we can justify our decision
We have identified the relevant legitimate interests
We have checked that the processing is necessary and there is no less intrusive way to achieve the same result
We have done a balancing test, and are confident that the individual’s interests do not override those legitimate interests
We only use individuals’ data in ways they would reasonably expect
We are not using people’s data in ways they would find intrusive or which could cause them harm
We do not process the data of children
We have considered safeguards to reduce the impact where possible
We will always ensure there is an option to opt-out/ability to object
Our LIA did not identify a significant privacy impact, and therefore we do not require a DPIA
We keep our LIA under review every six months, and will repeat it if circumstances change
We include information about our legitimate interests in our privacy notice

How we Process Data

The Web Insights solution provides businesses with the details of organisations that have visited their website based upon business IP tracking. Web Insights matches this data to a database of business points of contact, presenting this information to its customers as potential contacts from the visiting organisation — that based upon the proactive business visit, could be interested in the products/services on offer. In order to do this, Web Insights will process first name, surname, LinkedIn profile URL and email address along with business data in order to present that information to its customers. The data is presented to customers via a secure, unique log in access to the Web Insights portal. Customers have the option to purchase relevant points of contact, including email addresses and names from the visiting organisations. From that point, the data limited to email address, name, LinkedIn profile URL and supporting business information including business telephone number will be transferred to the customer, again via the secure portal. Web Insights acts as a data processor in this regard and is not liable for the onward processing of the data via each customer, although we strongly advise all customers to ensure compliance with GDPR in all aspects of personal data processing.

How we Procure Data

At Web Insights we procure data in a variety of ways, collected in line with the lawful basis of ‘Legitimate Interests’. The following are ways in which we collect and process data:

Business Data

Although business data is not relevant under GDPR, Web Insights is committed to providing a transparent solution so that customers can effectively assess their own compliance. Web Insights collects business data via the following methods:

Primary research – Web Insights has a UK based in-house team that gathers data relating to business from publicly available information, using search engines and other online tools to research global businesses.
Secondary research – Web Insights has a UK based in-house team that uses existing, publicly-available sources of data such as Companies House and the WebCheck service to enhance the business data.
Purchase – Web Insights purchases business information from a number of selected third-party data vendors that are vetted to ensure the quality and validity of the business data provided.

Personal Data

Web Insights collection and processing of personal data is limited to:

First name
Last name
Professional email address
LinkedIn profile URL

Web Insights procures this personal data in the following ways:

Primary research – Web Insights has a UK based in-house team that gathers data relating to key decision-makers at organisations from publicly available sources including the website of each business.
Secondary research – Web Insights has a UK based in-house team that uses existing, publicly-available sources to gather the information relating to key decision-makers, including the Directors’ Register at Companies House, Dun & Bradstreet, Duedil and LinkedIn.
Purchase – Web Insights purchases data from selected third party data vendors with key segmentation criteria to ensure that only decision-makers from registered businesses are procured. All third-party data vendors have been checked for GDPR compliance and to ensure the validity and accuracy of data.

Web Insights also uses automated scripts and algorithms to collect, process and validate both business data and the personal data detailed above. These automated processes are subject to the same compliance checks as all manual processes.

How we Ensure Data Validity and Currency

Web Insights has a UK based in-house data verification team that is responsible for ensuring the validity and currency of the data contained within the Web Insights solution. The team continually cleanse the data held within the Web Insights software, completing a full cleanse cycle of both business and personal data at least once every 12 months. Any records found to be out of date are placed into a deletion queue, which is securely purged four times in a 12-month period. The data verification team uses manual methods as well as automated scripts and algorithms via an extensive multi-staged process to ensure the utmost validity and currency of data. Web Insights takes data cleansing extremely seriously as this ensures a highly compliant solution, as well as a high-calibre solution for all of the Web Insights customers.

Data Storage and Retention

The data held within the Web Insights solution is processed and stored in the UK within a secure environment. Web Insights has a continual cycle of cleansing and refreshing data — all data within the Web Insights solution is verified at least once in a 12-month cycle. Any invalid records are placed into a deletion queue, which is then securely purged four times in a 12-month period.

Call Recordings

In the interest of our employees, customers, and prospective customers, all calls are recorded for training and monitoring purposes. Please see our Call Recording Policy for more information.

Your Rights as a Data Subject

Subject Access Request

If you wish to make a Subject Access Request in order to enact any of your below listed rights, you can do so by: Emailing: data-compliance@webinsights.com Or by writing to: Data Compliance, Web Insights, Building 3000, Lakeside, North Harbour, Portsmouth, PO6 3EN. Or by calling: 02039 932 497 and ask to speak with the Data Compliance team. Further proof of identification may be requested in writing to verify your identity before personal data is disclosed. We will process and respond to your request within 30 days; this service will be free of charge.

Right of access to data held

Under Article 15 of the GDPR, you have a right of access to the personal data we hold on you. If you believe that we are processing your personal data, you can make a Subject Access Request to request the following:

The purposes of our processing.
The categories of personal data concerned.
The categories of recipient to whom the personal data have been or will be disclosed.
The envisaged period for which the personal data will be stored.
The existence of the right to request from the controller rectification or erasure of your personal data, or the restriction of processing of your personal data, or the objection to processing of your personal data.
The right to lodge a complaint with a supervisory authority.
Where the personal data was not collected directly from you, any available information as to the source of the data.
The existence of automated decision-making, including profiling, and any meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for you.
Information on the appropriate safeguards that have been put in place in the instance that your personal data has been transferred to an international organisation or third country.
A copy of the personal data that we process (as long as doing so does not adversely affect the rights and freedoms of others)

Right to rectification Under Article 16 of the GDPR, Web Insights has the obligation to rectify, without undue delay, any inaccurate personal data. If you believe that the personal data we hold on you is inaccurate or incomplete, you can make a Subject Access Request to inform us of this inaccuracy and provide us with the necessary data to correct/complete our data files.

Right to erasure (‘right to be forgotten’)

Under Article 17 of the GDPR, you have the ‘right to be forgotten’. In the event that you make a request for erasure, a minimal amount of your personal data will be kept in our suppression files. This enables Web Insights to fulfil our legal obligation under Article 6(1)(c) of the GDPR to ensure that you are not contacted again. If you are not added to our suppression file, there is a risk that your data may be processed again in the future if your details are re-added to our software by out data procurement team. Therefore, we will keep a minimal amount of data (where applicable, name, business phone number, business email and/or LinkedIn URL) in a suppression file.

Right to restriction of processing

Under Article 18 of the GDPR you have the right to request that Web Insights does not further process your personal data beyond storing it. This can be a useful alternative to requesting erasure. For example, you can make this request to ensure that your entire data record is kept in our suppression files but will not be processed for any other purposes.

Right to Lodge a Complaint to a Supervisory Authority

Under Article 77 of the GDPR you have the right to lodge a complaint with a supervisory authority if you believe the processing of your personal data infringes your rights. In the UK, the supervisory authority is the Information Commissioner’s Office (ICO). If you wish to lodge a complaint with the ICO you can do so here: https://ico.org.uk/make-acomplaint/ Or by calling their helpline on 0303 123 1113 This policy was last reviewed and updated on 29^th September 2020. Policies are periodically reviewed to ensure compliance with the current compliance environment. For questions relating to this policy, please contact data-compliance@webinsights.com

Cookie	Duration	Description
__cfruid	session	This cookie is set by the provider Cloudflare. This cookie is used for load balancing and for identifying trusted web traffic.
AWSALBCORS	7 days	This cookie is used for load balancing services provded by Amazon inorder to optimize the user experience. Amazon has updated the ALB and CLB so that customers can continue to use the CORS request with stickness.
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie is set by CloudFlare. The cookie is used to support Cloudflare Bot Management.
__zlcmid	1 year	This cookie is used by Zendesk live chat and is used to store the live chat ID.
bcookie	2 years	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	This cookie is set by LinkedIn and used for routing.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_ga_BFPV4GXZRY	2 years	This cookie is installed by Google Analytics.
_gat_gtag_UA_171396564_1	1 minute	This cookie is set by Google and is used to distinguish users.
_gcl_au	3 months	This cookie is used by Google Analytics to understand user interaction with the website.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
_session_id	14 days	The cookie is used for storing information about the user session with a unique session ID. It stores the information like referrer, landing page etc.
iutk	5 months 27 days	This cookie is used by Issuu analytic system. The cookies is used to gather information regarding visitor activity on Issuu products.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook to deliver advertisement when they are on Facebook or a digital platform powered by Facebook advertising after visiting this website.
bscookie	2 years	This cookie is a browser ID cookie set by Linked share Buttons and ad tags.
fr	3 months	The cookie is set by Facebook to show relevant advertisments to the users and measure and improve the advertisements. The cookie also tracks the behavior of the user across the web on sites that have Facebook pixel or Facebook social plugin.
mc	1 year 1 month	This cookie is associated with Quantserve to track anonymously how a user interact with the website.
personalization_id	2 years	This cookie is set by twitter.com. It is used integrate the sharing features of this social media. It also stores information about how the user uses the website for tracking and targeting.

Cookie	Duration	Description
AnalyticsSyncHistory	1 month	Used to store information about the time a sync with the lms_analytics cookie took place for users in the Designated Countries.
li_gc	2 years	Used to store consent of guests regarding the use of cookies for non-essential purposes.
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.
zte2095	session	Used to identify the domain/subdomain the Chat Widget is located on.

Software Data Compliance Policy