How to prospect compliantly with this data

Last reviewed: 2026-06-24

Buying a list is the easy part. Using it lawfully is what keeps your domain out of spam folders and your company out of trouble. This is a practical guide - not legal advice - to prospecting businesses responsibly with our data.

You are a separate controller

The moment you load our data into your own systems and start sending outreach, you become an independent data controller for that activity. That means your own legal basis, your own records, your own opt-out handling. We are the source; the campaign is yours. Our terms require you to respect applicable law and to act on suppression information we make available.

Have a legal basis before you send

In the EU and UK, B2B prospecting typically rests on legitimate interest (GDPR Art. 6.1.f), combined with the ePrivacy rules on electronic marketing. That basis only holds if the contact is relevant to the recipient's business, the message is proportionate, and you make objecting easy. Document your own balancing test - don't borrow ours.

Put an opt-out in every email

Every outbound message should carry a clear, working way to opt out, and you must honour it promptly and permanently. Keep a suppression list and check it before each send. This is both a legal requirement and the single best way to protect your sender reputation.

Mind retention

Don't keep prospect data forever. Set a retention period appropriate to the purpose, delete or refresh stale records, and re-pull from the source rather than sitting on an ageing export. A common practice is a defined window (for example, the lifetime of a campaign plus a short follow-up period) after which non-converting contacts are purged.

Phone outreach needs extra care

If you call businesses, screen against the relevant do-not-call / suppression registries for the country you target (for example BLOCTEL in France, the TPS in the UK, or the Robinson lists elsewhere). Telephone prospecting has its own consent and suppression rules on top of email.

The rules differ by jurisdiction

  • United States (CAN-SPAM): commercial email must be truthful, identify itself as an ad where relevant, include a physical postal address, and honour opt-outs quickly. State laws (e.g. California) add privacy rights - see our CCPA page.
  • EU & UK (GDPR + ePrivacy): legitimate interest for B2B is generally workable for individual business contacts, with a clear right to object - see our GDPR page.
  • Germany (UWG §7): stricter - prior consent (opt-in) is generally required even for B2B email. If your campaign reaches German businesses, plan for opt-in.
  • Canada (CASL) & Australia (Spam Act): consent-based regimes with their own rules; check them before sending.

Use generic over personal where you can

Targeting a generic business inbox (contact@, info@) is lower-risk than a named individual's address. Our records favour generic business contacts, and we encourage you to do the same in your outreach.

Respect the people who opt out - including ours

If a business has opted out via our opt-out form, we remove it from what we make available and we expect you to drop it from your own systems too. Treat suppression as permanent across both sides.

The short version

Relevant targets, a documented basis, an opt-out in every message that you actually honour, sensible retention, registry screening for phone, and respect for local rules. Do that, and the data does what it should - find you the right businesses without burning your reputation.

Questions

This guide is general information, not legal advice; check your own situation with counsel. For anything about the data itself, contact contact@ecom-lead-database.com or the contact page.