Notice to businesses referenced in our database

Last reviewed: 2026-06-24 · Plain-English summary, reviewed by counsel before relied upon.

You are a business or professional listed in our database and you are not our customer. This page tells you - in line with Article 14 of the GDPR - how we handle data about you and the rights you have, including the right to object and to have your record removed.

This information is published under Article 14.5.b of the GDPR: we collect data about a very large number of businesses without obtaining it directly from each one, which makes individual notice impossible or disproportionate. This page stands as notice to all referenced businesses.

1. Who is responsible

  • Controller: [Legal entity - to be completed]
  • Registration: [Form, registration number - to be completed]
  • Address: [Registered address - to be completed]
  • Rights & opt-out: data@ecom-lead-database.com, or the free self-serve opt-out.

2. Why we process this data

We build and maintain a database of businesses operating online commerce (and, more broadly, professional establishments) and make it available to our clients for:

  • B2B commercial prospecting (identifying potential suppliers, partners, vendors);
  • market research and competitive analysis (technologies used, assortment, activity indicators);
  • enrichment and qualification of business files.

3. Legal basis

Our processing relies on legitimate interest (Article 6.1.f GDPR): offering an up-to-date business reference for professional B2B uses. This interest is balanced against your rights and freedoms. The safeguards we operate toward are described in section 8. Where a record concerns a person who could not reasonably expect this reuse, we work to exclude it from the dataset made available.

4. Categories of data

Depending on what is publicly available, a record may contain:

  • Business identity: trade or company name, website domain, country, activity category.
  • Published professional contact details: business postal address, professional phone, professional email (preferably generic, e.g. contact@), links to professional social pages.
  • Public technical data of the site: e-commerce platform, theme, detectable apps and payment/shipping methods, metadata (languages, currencies).
  • Public activity indicators: traffic estimate, visibility, and where applicable the rating and review count shown on publicly accessible business listings.

We do not seek to collect special-category data (Article 9). Any such data captured in error is deleted on detection.

5. Where the data comes from

The data is not collected from you directly. It comes from publicly accessible online sources: the public pages of your website, publicly accessible professional directories and business listings, and public activity indicators about your site. Collection is automated.

We commit to respecting the access and use restrictions of source sites, including robots.txt and terms that object to extraction; sources that object are excluded from collection. We describe this as a commitment we operate toward - a condition of the legitimate-interest balance - not a marketing guarantee.

6. Who receives the data

Data may be made available to our professional clients (agencies, software vendors, sales teams, investors) for the purposes in section 2. These recipients act as separate controllers for their own use and are bound, on their side, to comply with applicable law (notice, opt-out, retention) when they contact you. We require our clients by contract to respect these obligations and to act on objections we pass to them. Our technical providers (hosting, payment, email) act as processors under Article 28 contracts.

7. Transfers outside the EU

Our technical providers (hosting, payment, email) may process data inside or outside the EU. Where a transfer outside the EU or UK takes place, it is covered by an appropriate safeguard, such as the European Commission's standard contractual clauses or an adequacy decision. The specific providers and the mechanism applied to each are confirmed before this notice is relied upon.

8. Retention & safeguards

  • Records are kept while they remain relevant (the business is active). Records that become inactive (domain down, establishment closed) are removed on revalidation.
  • If you object (see section 9), we work to remove the record from the active dataset promptly and to pass the objection to our clients as a suppression entry. We are still building parts of this propagation; we state it as a commitment, and we act on every request received.
  • Safeguards we operate toward: collection criteria defined upfront (minimisation), exclusion of sites that object, exclusion of special-category data, a simple free opt-out, and traceability of source.

9. Your rights

On data concerning you, you have the rights to:

  • object (Article 21 GDPR) at any time, on grounds relating to your situation, to this legitimate-interest processing;
  • access, rectification, erasure and restriction;
  • portability where it applies.

To exercise these rights or request removal of your record: use the free self-serve opt-out or write to data@ecom-lead-database.com. You may also lodge a complaint with your supervisory authority (e.g. the CNIL in France, the ICO in the UK).

10. Aggregation and derived indicators

To qualify businesses (size, growth, e-commerce maturity) we may cross-reference and aggregate the data above into indicators. These do not produce any automated decision with legal effect about you; they serve to classify and filter the reference dataset.