GDPR & UK GDPR

Last reviewed: 2026-06-24

This page is a plain-English summary, reviewed by counsel before relying on it. It explains the basis on which we process business data, and your rights under the EU and UK GDPR.

What we process, and why

Our product is a database of businesses - companies and professionals active in e-commerce - built from public sources. Most of it is company information, but some records (for sole traders and individual merchants) can also be personal data. Where that is the case, the GDPR applies.

Our legal basis: legitimate interest

We rely on legitimate interest (Art. 6.1.f): maintaining an up-to-date business reference for B2B purposes (prospecting, market research, enrichment). We have weighed this against the rights of the people concerned and apply safeguards - data minimisation, exclusion of sensitive data, and a simple, free right to object. The full information for referenced businesses is in the referenced-businesses notice.

The fastest route: object or be removed

If you run a business in our database and don't want to be, you don't need to explain yourself. Use the free self-serve opt-out. We commit to acting on opt-out requests, to removing the record from what we make available, and to excluding sources that refuse collection.

Your rights as a data subject

  • Access - ask what we hold about you.
  • Rectification - have inaccurate data corrected.
  • Erasure - have your record deleted.
  • Restriction - have processing limited in certain cases.
  • Objection (Art. 21) - object to processing based on legitimate interest, including the prospecting purpose.
  • Portability - receive data you provided, where applicable.

How to exercise them

Email data@ecom-lead-database.com or use the opt-out form. We keep it free and simple - no account and no heavy proof required for a basic removal. We respond within the GDPR deadline (one month, extendable for complex requests).

Right to complain

You can lodge a complaint with your supervisory authority - for example the CNIL (France), the ICO (United Kingdom), or your local lead authority in the EU.

A note for clients targeting Germany

Rules differ by country. In particular, Germany requires prior consent (opt-in) for B2B email outreach under the UWG (§7). If you use our data to prospect German businesses, you must comply with that local rule - see the B2B prospecting compliance page.

Questions

For anything not covered here, contact data@ecom-lead-database.com or the contact page.