BizzContacts is a GDPR-compliant data processor and controller. This page explains exactly how our service handles personal data of EU residents — what legal basis we rely on, what your rights are, and how to exercise them.
1. Legal basis for processing
We rely on Article 6(1)(f) GDPR — legitimate interest — for processing EU contacts in our verified business graph. Our legitimate interest is providing a verified B2B contact data service to other businesses. We've conducted a documented Legitimate Interest Assessment (LIA) and balance test. Every EU contact has a clear opt-out path documented in our suppression list.
2. Data subject rights
If you're an EU resident, you have the right to: access the data we hold (Article 15), correct it (16), delete it (17), restrict its processing (18), port it (20), object to its use (21), and lodge a complaint with your supervisory authority (77). Exercise any of these by emailing gdpr@bizzcontacts.com.
3. Opt-out and suppression
Any individual can opt out at any time by emailing optout@bizzcontacts.com from their work email. Removal happens within 48 hours and is permanent. We maintain a hashed suppression list to prevent re-addition even if a record returns to a public source.
4. Sub-processors
We use Cloudflare (US/EU) for hosting, Brevo (FR) for transactional email, AWS (US) for backup storage. All sub-processors are GDPR-compliant and bound by Data Processing Agreements with appropriate Standard Contractual Clauses.
5. International data transfers
For transfers of EU data outside the EEA, we rely on Standard Contractual Clauses (Module Two, June 2021 update). Our Indian operations are bound by the same processing standards as our EU sub-processors.
6. Data breach notification
If we suffer a data breach involving EU personal data, we notify our supervisory authority within 72 hours and affected individuals without undue delay. Our incident response runbook is documented and regularly tested.
7. Data Protection Officer
DPO contact: dpo@bizzcontacts.com. Our DPO is independent from operations and reports directly to the founder. The DPO handles all GDPR-related correspondence and supervisory-authority interactions.