The General Data Protection Regulation (GDPR) is a comprehensive European Union law on data privacy. It took effect on May 25, 2018, creating new obligations for businesses and new rights for individuals in the EU.
The data we process has been made 'manifestly public' (GDPR Article 9.2(e)) by the data subject. We only crawl and index publicly available email addresses and phone numbers, such as those that are accessible from websites and social media. ContactOut has a 'legitimate interest' (GDPR Article 6.1(f)) in empowering recruiters to process employee data for operational, adminstrative and HR purposes.
You may request access to a copy of your personal information including: purposes of processing; categories of data processed; recipient(s) of data; length of time data is stored; and information on data transfers.
Since we only deal with public data, information that is removed from a website will also be removed from our database. You may at any time request the removal of your personal information from our database.
The GDPR gives users the right to download data that they have provided to a service.
You may request that we change, update or complete any of your personal information.
Our services run on Amazon Web Services (AWS), a provider with the highest levels of security. The physical safety of datacenters is guaranteed by 24/7 surveillance teams while state-of-the-art software security techniques protect your data from unwanted access. AWS infrastructure is highly resilient, constantly available and thoroughly monitored. It satisfies many global security standards including ISO27001, SOC, PCI and FedRAMP.
ContactOut systematically uses HTTPS on contactout.com and any of our subdomains. Any connection in HTTP gets redirected to its HTTPS counterpart. We also use the Key Management Service (KMS) through AWS, which employs industry best practices to ensure the safety of the keys used to encrypt your data. The bottom line is that you can be sure of your information's safety.
ContactOut does not store any card information that can compromise your security. Stripe -the provider who handles all your card details- is PCI Service Provider Level 1 Certified, the highest security standard available in the payments industry.
We have implemented a Web Application Firewall to prevent unwanted intrusions from incoming requests. We also have a server firewall to prevent access from non-approved IPs.
We don't store passwords- we don't even see them. We store a cryptographic hash.