California Consumer Privacy Act

The Lead Forensics Product

The Lead Forensics product is a market-leading B2B sales and marketing enablement tool. SaaS (Software as a Service) provides businesses with insight into website visitors. Lead Forensics works based on reverse business IP tracking. A small tracking code is placed on a business website, enabling it to identify visitors’ business IP addresses. Forensics matches the identified business IP address to a wholly-owned global database of businesses and business information. Lead Forensics customers also can implement a cookie alongside the code to enhance the software’s tracking capabilities.

The Lead Forensics software is almost entirely focused on leveraging business-related information to effectively match a business IP address with broader business data to provide valuable business-related visitor information to our customers. Lead Forensics does not identify any personal IP addresses, mobile devices or any other data than that associated with the business.

Contact Data

An additional feature of Lead Forensics, aside from the primary solution, is to provide customers with the contact information of key decision-makers at the organisations that have proactively visited the company website. As this information contains details including first name, last name, email address and LinkedIn profile, this aspect of Lead Forensics constitutes the processing of personal data and, therefore, is required to comply with the CCPA.

Lead Forensics will only ever collect business IP addresses, which are then matched to a business profile; from there, Lead Forensics offers customers the opportunity to purchase the contact details of relevant decision-makers within the matched business. The data available will only relate to decision-makers at the organisations that have pro-actively visited a customer’s website; in this regard, it is anticipated that the Lead Forensics customer base will leverage this data under the lawful basis of ‘Legitimate Interests’. It is expected that Lead Forensics customers will select the most appropriate point of contact from the data provided by Lead Forensics to convey a highly relevant, targeted message either by email, telephone or by post to the business address and the point of contact. Any correspondence will be based upon their likely interest in the organisation’s product or service following their visit to its website.

Lead Forensics will only process necessary personal data, limited to first name, last name, and email address. Lead Forensics will process further business-related data such as business IP, business name, job function and business telephone numbers. No sensitive personal data will be collected or processed in any way. Lead Forensics customers can use Lead Forensics without leveraging contact data. Lead Forensics customers can also use Lead Forensics, where contact data for any business in California is disabled. Where a customer opts to use the Lead Forensics contact data feature, it is deemed that the customer will be responsible for ensuring the data used is further processed within their business in a compliant method with CCPA. Each customer will be responsible for conducting their due diligence checks and producing the policies applicable to their business.

Lead Forensics has carried out various Assessments such as LIA, DPIA and personal data risk assessments. Based upon these assessments, it is deemed that the rights and freedoms of any data subject would not be overridden in our processing of the personal data and that in no way would a data subject be caused harm by the Lead Forensics processing. Based upon our segmentation by the organisation and by specific job function, coupled with our processing of personal data within the context of a business environment, it is deemed that any data processing will be limited to business matters and, therefore, any risk of personal compromise is improbable. It is also considered that direct marketing and sales are necessary to follow up with website visitors to serve visitors better and generate business sales.

CCPA compliance requirements covered by Lead Forensics

  • Delegate CCPA compliance oversight to a knowledgeable employee or team.
  • Maintain and regularly update a business-wide privacy policy.
  • Implement and maintain reasonable security practices.
  • Maintain procedures to respond to requests for access to personal data and specific pieces of information.
  • Maintain procedures to respond to requests to delete personal information.
  • Maintain procedures to respond to requests to opt-out of the sale of personal information.
  • Update vendor contracts to comply with CCPA and avoid being characterised as “selling” personal information to vendors.
  • Maintain procedures for collection and use of personal information of minors (as applicable).
  • Conduct appropriate privacy training for personnel depending on their job function.
  • Assess affiliates’ need to comply with the CCPA and implement group-wide compliance if necessary.
  • We have identified a legitimate ground for the processing.
  • We understand our responsibility to protect individuals’ interests, rights and freedoms.
  • We have conducted risk assessments and kept a record of them.
  • We will review our processes regularly.
  • We have checked that the processing is necessary, and there is no less intrusive way to achieve the same result.
  • We have done a balancing test and are confident that the individual’s interests are not overridden in the interests of our customers or our own.
  • We only use individuals’ data in ways they would reasonably expect.
  • We are not using people’s data in ways they would find intrusive or which could cause them harm.
  • We do not process the data of children.
  • We have considered safeguards to reduce the impact where possible.
  • We will always ensure there is an opt-out ability for a data subject to object to processing.

How we Process Data

The Lead Forensics solution provides businesses with the details of organisations that have visited their website based upon business IP tracking. Lead Forensics matches this data to a database of business contact points, presenting this information to its customers as potential contacts from the visiting organisation interested in the products/services on offer based upon the pro-active business visit. To do this, Lead Forensics will process first name, surname and business email address along with business data to present that information to its customers. The data is presented to customers via secure, unique login access to the Lead Forensics portal. Customers can purchase relevant contact points, including email addresses and names from the visiting organisations. The data limited to email address, name, and supporting business information, including business telephone number, will be transferred to the customer again via the secure portal. Lead Forensics acts as a data processor in this regard; lead Forensics is not liable for the onward processing of the data via each customer, although we strongly advise all customers to ensure compliance with CCPA in all aspects of personal data processing.

How we Procure Data

At Lead Forensics, we procure data in various ways, collected according to the lawful basis of ‘Legitimate Interests’. The following are ways in which we collect and process data:

Business Data
Although business data is not relevant under CCPA, Lead Forensics is committed to providing a transparent solution so customers can effectively assess their compliance. Lead Forensics collects business data via the following methods:
Primary research
Lead Forensics has a UK-based in-house team that gathers business data from publicly available information, using search engines and other online tools to research global companies.
Secondary research
Lead Forensics has an in-house UK-based team that uses publicly available data sources to enhance business data.
Lead Forensics purchases business information from several selected third-party data vendors vetted to ensure the quality and validity of the business data provided. All third-party data vendors have been checked for CCPA compliance and to ensure the validity and accuracy of data.

Personal Data

Lead Forensics collection and processing of personal data is limited to:

  • First name
  • Last name
  • Email address

Lead Forensics also uses automated scripts and algorithms to collect, process, and validate business and personal data. These automated processes are subject to the same compliance checks as all manual processes, and consent is obtained from individual data subjects.

How we Ensure Data Validity and Currency

Lead Forensics has a UK-based in-house data verification team responsible for ensuring the validity and currency of the data contained within the Lead Forensics solution. The team continually cleanse the data held within the Lead Forensics software, completing an entire cleanse cycle of both business and personal data at least once every 12 months. Any out-of-date records are placed into a deletion queue securely purged four times in 12 months.

The data verification team uses manual methods and automated scripts and algorithms via an extensive multi-staged process to ensure the maximum validity and currency of data. Lead Forensics takes data cleansing exceptionally seriously, providing a highly compliant and high calibre solution for all Lead Forensics customers.

Data Storage and Retention

The data held within the Lead Forensics solution is processed and stored in the UK within a secure environment.

The data held within the Lead Forensics solution is processed and stored in the UK within a secure environment. Lead Forensics has a continual cycle of cleansing and refreshing data; all data within the Lead Forensics solution is verified at least once in a 12-month cycle. Any invalid records are placed into a deletion queue and securely purged four times in 12 months.

Consumer Request Procedures

Request to Object

Any individual identified as a website visitor by Lead Forensics has the right to object to receiving correspondence from a Lead Forensics customer by contacting them directly and requesting to object; you can find their specific processes for this by visiting their company website and reviewing their privacy policies.

Should any individual wish to withdraw from Lead Forensics processing your personal data for use by the Lead Forensics software and its customers, please make your request in writing by emailing:
[email protected]

You may also write to us at:

Data Compliance, Lead Forensics, Building 3000, Lakeside, North Harbour, Portsmouth, PO6 3EN.

All requests will be processed within 30 days. Your details will be added to a suppression file to ensure that the Lead Forensics software cannot process your details in future. Please note that this applies only to processing your personally identifiable data, not the business data, which does not fall under the remit of CCPA.

Request for Deletion

Understanding the difference between a right to object and a deletion request is important. If you request deletion, we will remove any data we hold about you from the Lead Forensics software. This will also mean that we will remove you from our suppression files. If you are removed from our suppression files, there is a risk that your data may be processed again in the future if your details are re-added to our software by our data procurement team.

If you do not wish for Lead Forensics to process your personal data in the future, please email:
[email protected]

You may also write to us at:
Data Compliance, Lead Forensics, Building 3000, Lakeside, North Harbour, Portsmouth, PO6 3EN.

Request for Data Held

You may request that we send you all the data we hold that relates to you. Please make your request in writing either by email:
[email protected]

You may also write to us at:

Data Compliance, Lead Forensics, Building 3000, Lakeside, North Harbour, Portsmouth, PO6 3EN. We will process and respond to your request within 30 days; this service will be free.

You can opt-out of the sale of your data by contacting:
[email protected]

You may also write to us at:

Data Compliance, Lead Forensics, Building 3000, Lakeside, North Harbour, Portsmouth, PO6 3EN. We will process and respond to your request within 30 days; this service will be free.

This policy was last reviewed on the 13th of June 2022
Our Ref: DC.002 LF CCPA Privacy Policy v2.0 13.06.22

For questions relating to this policy, please email:
[email protected]