GDPR Compliance statement


Salestack is a service provider, when you engage with our services, we work for you and any data we create is done so exclusively for you. This means that - to put it in perspective with the GDPR - you are the data controller and the data is not sent to any client, company or third party without prior consent. Salestack is the data processor; we work for you.


On what ground do we process personal data?

Under the GDPR data can be processed on several grounds, including for direct marketing purposes on the ground of a legitimate interest. The data that is processed by Salestack on your behalf is carried out on this ground; legitimate interest.

Ensuring Legitimate Interest

To ensure that the activities fall in this category a Legitimate Interest Assessment (LIA) is carried out prior to any campaign. This assessment is essentially a series of questions concerning 3 areas that need to be satisfied in order to assume a legitimate interest:

  • Identify a Legitimate interest
    The legitimate interest can be your own commercial interests or the interests of third parties. The data processing is generally in your interests – whether it be to increase market share or validate your own business model.

  • Legitimate interest.
    Can the same result be achieved differently? The way Salestack does prospecting, targeting businesses and decision makers in a relevant cost-effective way can not be replicated using other methods.

  • Balancing it against the individual’s rights, interests and freedoms.
    Would the individual expect their data to be used in this way? Would an individual who lists publicly their role within a company expect to be contacted about services that may help that company its their department within the company?

By running this assessment we aim to ensure GDPR compliance to the greatest extent possible.


What data do we process?

When we are prospecting for you we gather only the minimum needed contact information to contact someone within a company with a relevant and interesting message. The data that can be processed can include business email addresses, job titles, first and last name, and phone number. The data is only processed for you, is yours and is only for your campaigns; it is not shared with third parties.


What is the data used for?

The data is exclusively used to get in contact with a someone within a company for the first time with a relevant and interesting message.


How long is this data stored?

When this first contact has been made and there is no interest in the message, any personal data will be deleted. In the event where there’s no response, or the personal data has not been used, for 30 days the personal data will be deleted. If there is an interest by the respondent the data will be stored as long as reasonably needed in order to communicate with this lead.


The right to be forgotten

All prospects have the right to be forgotten (i.e. have their data removed). In the event of a request by a prospect invoking this right, some or all data can be deleted. To prevent any accidental contact attempts in the future with this prospect, the email address, and/or any other unique identifier, will be encrypted using a one-way hashing algorithm to ensure this and in the meantime comply with the prospect’s right to be forgotten.