Your rights under the GDPR
This page describes the rights available to data subjects in the European Union, the European Economic Area, the United Kingdom, and Switzerland under the General Data Protection Regulation, and how those rights may be exercised with Deal Intelligence.
The GDPR (Regulation (EU) 2016/679) governs the processing of personal data relating to individuals in the EU and EEA. The UK GDPR establishes equivalent provisions for the United Kingdom. This page is a companion to the Privacy Policy, which is the authoritative document; this page summarizes GDPR rights and the request process.
When the GDPR applies
The GDPR applies to Deal Intelligence's processing of personal data relating to individuals who are in the European Union, the European Economic Area, or the United Kingdom, regardless of where Deal Intelligence is located. In practice, this covers three groups:
- Customer employees based in the EU, EEA, or UK who use the Services.
- Buyers who appear in Event Data and who are located in the EU, EEA, or UK at the time of the event.
- Individuals who contact Deal Intelligence from the EU, EEA, or UK for support, sales, or to exercise their rights.
Our role under the GDPR
Deal Intelligence acts in two roles, depending on the data involved:
| Data | Role | Meaning |
|---|---|---|
| Account and identity data of Customers | Controller | Deal Intelligence determines the purposes and means of processing. |
| Event Data | Controller | Deal Intelligence independently generates this data and determines the means of processing. |
| Customer-provided data (target accounts, competitor lists, OAuth credentials) | Processor | Deal Intelligence processes the data on behalf of, and under the instructions of, the Customer. CRM records accessed from a connected CRM are processed only at the time of a request and are not retained. |
An individual who appears in Event Data may contact Deal Intelligence directly, as Deal Intelligence is the controller for that data. For an employee of a Customer, the Customer is typically the controller for data it submits to the Services.
How to exercise your rights
Submit the request
Send a request to privacy@dealintelligence.io from the email address associated with the data, or from any address where the request is made by a buyer who appears in Event Data. State the right being exercised and, where relevant, the data the request concerns.
Verification of identity
Deal Intelligence takes reasonable steps to verify that a request originates from the data subject. For most requests this is a confirmation from the email address on record. For requests involving Event Data, additional information (such as a LinkedIn profile URL) may be required to locate the relevant records.
Response
Deal Intelligence responds within one calendar month of a verified request, as required by Article 12, with an operational target of 10 business days. Where a request is complex, the period may be extended by two months, with prior notice.
Action
For an access request, a copy of the data is provided. For rectification, the data is corrected. For erasure or objection, the data is deleted or the processing is stopped where no overriding legal grounds apply, and the outcome is confirmed in writing.
To submit a GDPR request, contact privacy@dealintelligence.io, stating the right being exercised and any information that assists in locating the relevant data.
If you appear in Event Data
Deal Intelligence detects verified competitor activity at its Customers' accounts. A buyer in the EU, EEA, or UK who has engaged with sellers at vendors in their category may appear in Event Data, comprising name, job title, employer, LinkedIn URL, and related event metadata.
The same rights are available to such individuals as to any other data subject, including the rights to access, correct, delete, and object to the processing of their personal data. It is not necessary to be a Customer of Deal Intelligence to make a request. Requests may be submitted to privacy@dealintelligence.io.
The legal basis for this processing is legitimate interests under Article 6(1)(f). Deal Intelligence has assessed that the processing of business-contact information relating to individuals acting in a professional capacity, for the purpose of B2B sales intelligence, is necessary for and proportionate to the legitimate interests pursued, and is not overridden by the fundamental rights and freedoms of data subjects.
Where an individual objects to this processing under Article 21, Deal Intelligence assesses whether compelling legitimate grounds override the individual's interests, rights, and freedoms. Where no such grounds exist, the processing is stopped and the data is removed.
Legal bases for processing
Article 6 requires a lawful basis for each processing activity. Deal Intelligence relies on the following:
| Activity | Lawful basis (Art. 6 GDPR) |
|---|---|
| B2B competitor-activity intelligence | Article 6(1)(f) — Legitimate interests |
| Administration of a Customer account | Article 6(1)(b) — Performance of a contract |
| Security and access logging | Article 6(1)(c) — Compliance with a legal obligation |
| Marketing communications to non-customers | Article 6(1)(a) — Consent |
Deal Intelligence does not process special categories of personal data within the meaning of Article 9, and does not engage in automated decision-making producing legal or similarly significant effects within the meaning of Article 22.
International transfers
Deal Intelligence's infrastructure is located in the United States (us-east-1). For transfers of personal data from the EU, EEA, or UK to the United States, Deal Intelligence relies on:
- the Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914) for transfers from the EU and EEA;
- the UK International Data Transfer Addendum for transfers from the United Kingdom; and
- the supplementary technical and organizational measures described in Section 5 of the Privacy Policy.
A copy of the Standard Contractual Clauses applicable to a transfer is available on request to privacy@dealintelligence.io.
Supervisory authority
A data subject who considers that Deal Intelligence's processing of their personal data infringes the GDPR has the right, under Article 77, to lodge a complaint with a supervisory authority in the EU or EEA member state of their habitual residence, place of work, or place of the alleged infringement.
For UK data subjects, the supervisory authority is the Information Commissioner's Office (ico.org.uk). For EU and EEA data subjects, a list of national supervisory authorities is maintained by the European Data Protection Board (edpb.europa.eu).
There is no requirement to contact Deal Intelligence before filing a complaint, though Deal Intelligence welcomes the opportunity to address any concerns directly.
Contact
Deal Intelligence LLC
Data protection inquiries: privacy@dealintelligence.io
Security and compliance: trust.dealintelligence.io
Full policy: Privacy Policy
Last updated June 3, 2026.