Privacy Policy

Leadspicker s.r.o. ID No.: 01965409, registered seat at Dlouhá 730/35, Prague 1 - Old Town, 110 00, the Czech Republic, incorporated in the Commercial register maintained by the Municipal Court in Prague, section C, file 293422 (hereinafter referred to as "Leadspicker," "we," or "us") offers a software solution that enriches customer data by providing timely updates and monitoring their contacts for any changes in employer information. When a change is detected, the solution automatically updates the customer database with new contact information and alerts the customer through the website, email, or software integrations. This ensures that the customer's database is always up to date and enables the sales team to identify new prospects for SDRs (hereinafter as “Pipebooster platform”). Leadspicker may provide other services involving data and marketing as well. User's privacy is the most important goal, so the private policy describes the rights that apply to the information clients submit to us or that we collect and use to provide our Services as defined below.

Leadspicker’s Services (hereinafter as “Services”) are defined as services provided to clients based on Terms of Service of Pipebooster platform via website, except that where our Services are provided through a website or app that is owned and operated by a third party. The services and content created by that third party are not part of the “Service.”

By accessing the Services, you acknowledge the collection, use, disclosure and other handling of your information as described below. 

Leadspicker is concluding contracts with its clients based on which the Leadspicker is providing its Services to clients. These contracts are concluded between Leadspicker and each client upon accepting Terms of Service of Pipebooster platform.

Leadspicker is duly fulfilling its obligations arising from Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), (hereinafter as “GDPR“). Since the personal data might be processed in connection with conclusion of the contract, Leadspicker pursuant to GDPR hereby informs clients who are data subjects and other data subjects (hereinafter as “data subjects”) on processing thereof.

We manage and process personal data in accordance with applicable laws. Based on the GDPR, we would like to inform you that we comply with all requirements. The most important information can be found below according to Art. 13 of the GDPR.

According to Article 4 Sec. 7 of the GDPR, clients’ personal data is taken care of by the data controller and processor WEB Project, s.r.o., ID No.: 28596935, registered seat at Dlouhá 730/35, Staré Město, 110 00 Praha 1, the Czech Republic, e-mail address: We are the entity responsible for compliance with the obligations set out in the GDPR. Therefore, if necessary, you can contact us, primarily via above-mentioned e-mail address or also at the above-mentioned postal address.

The subject of this Privacy Policy is also to regulate the mutual rights and obligations of Leadspicker and its clients in the processing of the personal data defined below by Leadspicker for its clients within the meaning of Article 28 of the GDPR, namely in the provision of Services under the Terms of Service of Pipebooster platform.

Processing of personal data within the meaning of this Privacy Policy means, in particular, its retrieval, use, collection, classification, storage on information carriers and transmission to the client, all using manual and automated means to the extent necessary to ensure fulfilment of the contract between Leadspicker and the client pursuant to the Terms of Service of Pipebooster platform.

Personal data will be processed for the duration of the provision of Services under the Terms of Service of Pipebooster platform. The termination of the contract pursuant to the Terms of Service of Pipebooster platform shall not terminate the obligations of Leadspicker regarding the security and protection of personal data, which shall continue until the moment of their complete destruction or transfer to the client, or another processor designated by the client.

I. Opening statements

This Privacy Policy covers handling of non-public, personally identifiable information received through the website or in relation to the Services, including personal data of data subjects.

We process personal data in order to fulfil contracts with clients and on the basis of legitimate interest. We only process it to the extent necessary for the purpose. We process and manage personal data through computer systems and the computer systems of our processors.

Just as any proper contract includes the provision of personal data, we use the data to enter a contract with a client and to properly perform that contract. 

Our legitimate interest is therefore to enter into a contract with a client and to provide the client with Services, and furthermore, after the contract has been fulfilled, it is a legitimate interest to protect our rights arising from our relationship with the client. 

The data provided is an essential element of the contract and must therefore be provided in order to conclude such a contract. The only ramification of non-providing of personal data is inability to conclude and to fulfil the contract and to provide Services.

According to Art. 21 of the GDPR a data subject can express an objection. In case a data subject expresses an objection against processing of personal data for abovementioned purposes the controller shall not process personal data of the data subject for such purposes anymore.

Leadspicker may carry out automated individual decision-making within the meaning of Article 22 of the GDPR.

II. Data collection

Leadspicker may receive the following types of information from its clients:

Enrolment details. Client’s contact details when registering for the Services on webpage such as the first and last name, e-mail addresses, professional title, company name, and password.

Billing information. When purchasing a subscription of the Services, such as billing name and address, credit card number and other information to validate payment method and identity.

Email communications. When contacting us via a messaging platform (such as LinkedIn), we may retain your message, contact details, and username or email address. It is not possible to opt-out of receiving transactional emails that are related to your account or usage of our services.

User engagement data. As navigating our website, we may gather information using common data collection tools, including Cookies, Web beacons, and Log Data. This information may include basic details from your web browser, such as browser type and language, your Internet Protocol ("IP") address, and your actions on our websites, such as pages viewed and links clicked. This information is processed to monitor your interaction with links within our websites and email messages, as well as links to our websites on other companies’ websites and email messages. Cookies are designed to store information about your browsing activity on the website, such as preferences and login details. You may have the ability to alter your browser or mobile device settings to prevent or limit the acceptance of cookies. Log Data could include your computer's IP address, browser type, or the webpage you were on before visiting our website, pages you view, time spent on those pages, search queries on our website, access times and dates, and other statistics. This Privacy Policy does not cover the use of cookies by any third parties. Cookies are short-term "session cookies", which are stored in your browser only until you close it, and long-term "persistent cookies", which remain stored on your computer for longer (depending on the settings of the cookie itself and the browser) or unless you delete them yourself. Cookies are stored within clients’ devices and therefore with data subjects. The web interface cannot utilize this personal data unless the data subject revisits webpages of the controller. Data subjects can delete cookies from their devices at any time.

Customer client records. Information about client’s business contacts, such as contacts list or customer list; for instance, first and last name, email address, telephone number, professional title, and company name. The use of information provided by the client is governed by Terms of Service of Pipebooster platform.

Information from third party sources, such as trustworthy data providers, or from public sources and methods, such as information available on public APIs and the internet. Public information may include details like social media user profiles, public likes or posts, and the user's followers or those they follow. Because this information is already publicly available, we reserve the right to share or disclose it with anyone for any purpose. 

Do not track. Web browsers, such as Chrome, Internet Explorer, Firefox, and Safari, currently have a "do not track" (DNT) option that sends a signal to websites indicating the user's DNT preference setting. However, we do not modify our behaviour in response to a web browser's DNT signal as we strive to offer you a personalised experience.

III. Data storage

By submitting information to us, you agree to this transfer, storing or processing using Google Cloud Services to host our Services, including parts of the Services we use to store and process information we receive from website visitors, third parties, and individuals with whom we interact through email, other messaging systems, or telephone. The data and information are stored and maintained in accordance with Google Cloud Services’ Privacy notice - Our Privacy Policy does not create any obligation on the part of Google.

We keep personal data for the time we actually need the data. That is, for as long as is strictly necessary to fulfil the purpose of data processing. Furthermore, we keep the personal data for period of 5 years from the fulfilment of the contract in order to exercise potential legal claims and we are also obliged to keep your personal data for 5 years from the end of the accounting period within the accounting system and to archive the tax documents for 10 years.

The client undertakes to:

  • ensure that provided personal data is always processed in accordance with the GDPR, that the data is up-to-date, accurate and true, and that the data is relevant to the stated purpose of the processing;
  • take appropriate measures to provide data subjects with all information, to inform them of their rights and to make any disclosures required by the GDPR in a concise, transparent, comprehensible and easily accessible manner using clear and plain language;
  • comply with any other obligations imposed by the GDPR.

Leadspicker undertakes to:

  • process personal data only on the basis of documented instructions from the client, in particular should the personal data be transferred to a third country or an international organization;
  • ensure that the persons authorized to process personal data undertake to observe confidentiality, unless they are subject to a legal obligation of confidentiality;
  • take all measures required by Article 32 of the GDPR and assist the client in complying with the obligations under Articles 32 to 36 of the GDPR, taking into account the nature of the processing and the information available to Leadspicker;
  • take into account the nature of the processing of personal data and assist the client in complying with the obligation to respond to requests to exercise the data subject's rights as well as other obligations under the GDPR;
  • ensure that the systems for automated processing of personal data are used only by authorized persons who will only have access to personal data corresponding to the authorization of such persons, on the basis of specific user authorizations established exclusively for such persons;
  • ensure that its employees process personal data only under the terms and to the extent specified by the client and consistent with this Privacy Policy;
  • at the request of the client, provide the client at any time with any information necessary to demonstrate that the obligations set out in the GDPR have been complied with and to allow an audit or inspection to be carried out in relation to the processing of personal data;
  • upon termination of the provision of Services under the Terms of Service of Pipebooster platform, in accordance with the client’s decision, either delete all personal data or return it to the client and delete existing copies, unless it is under a legal obligation to store the personal data;
  • comply with any other obligations imposed on it by the GDPR.

Leadspicker and the client further undertake:

  • to implement such technical, organizational, personnel and other appropriate measures within the meaning of the GDPR to ensure and be able to demonstrate at any time that the processing of personal data is carried out in accordance with the GDPR so as to prevent accidental or unauthorized access to, alteration, destruction or loss of, unauthorized transmission of, or other unauthorized processing of, personal data and data media containing such data, as well as other misuse of such data, and to review and update such measures as necessary;
  • keep and review and update records of the processing of personal data in accordance with the GDPR;
  • report any personal data breaches to the data protection authority in a proper and timely manner and cooperate with the data protection authority to the extent necessary;
  • keep each other informed of all circumstances relevant to the performance of its obligations under this article;
  • maintain the confidentiality of personal data and security measures, the disclosure of which would compromise the security of personal data, even after the termination of the contract according to the Terms of Service of Pipebooster platform.

The client grants Leadspicker general permission to engage other processors to process personal data. If we engage such additional processor to process personal data, the additional processor shall be contractually bound to the same obligations to protect personal data as set out in this Privacy Policy. In addition, we are obliged to inform the client of any intended changes regarding the engagement of additional processors or their replacement and to provide the client with an opportunity to object to such changes.

IV. Data sharing

We may share the service information with the following parties:

  • Trusted third parties that perform services for us, with us, or on our behalf, including without limitation advertising and data platforms and companies, providers of technical infrastructure and technical and customer support, hosting providers, billing support and payment providers, and data enhancement platforms.
  • Business and data partners, in the course of creating new data services and solutions,
  • Without restriction when the information is aggregated, anonymized or de-identified.
  • In connection with efforts to detect and address fraud, credit risk, security or technical issues.
  • In connection with significant events. We may sell or transfer all or a portion of our business or assets, such as in connection with a merger, acquisition, reorganisation, bankruptcy, dissolution or liquidation or take steps such as due diligence in anticipation of any such event.
  • When we believe in good faith that such sharing is reasonably necessary in order to investigate, prevent, or take action regarding possible unlawful activities or to comply with legal process or other legal requirements; when we deem disclosure appropriate in situations involving potential threats to the physical safety of any person, potential violations of our terms (such as our Terms of Service), or claims of violation of the rights of third parties; or when we deem disclosure appropriate to protect the rights, property and safety of us, our employees, users, or another person or entity (the disclosures described here may involve the good faith sharing of your information with, for example, law enforcement, government agencies, courts, or other parties); and
  • In any other circumstance where we have appropriate consents or are otherwise permitted by law to share it.

The persons to whom the data is transferred are not authorised to process the data for any other purpose or to transfer it to any other person without the consent or instruction of Leadspicker unless they have a lawful reason to do so.

We do not transfer your personal data to any other country, except as stated above if they are foreign persons.

V. Data security

We strive to safeguard the confidentiality of your account and other personally identifiable information maintained in our records. Nevertheless, we are unable to provide an absolute assurance of complete security. While we employ transport layer security (TLS) to encrypt the transmission of information when it is submitted on our website, it is important to note that transmitting information over the Internet carries inherent risks. Factors such as unauthorised access or use, hardware or software malfunction, and other unforeseeable circumstances may compromise the security of user information at any given moment.

In accordance with the applicable legal standard, we ensure the protection of the personal data we process and store through appropriate technical and organizational measures. In addition to our authorized personnel, third parties who provide us with services (e.g. processors - IT service providers, carriers) also have access to the data.

VI. Rights of data subjects

Right of access by the data subject

In accordance with Article 15 of the GDPR, the data subject is entitled to obtain confirmation from the data controller as to whether or not personal data pertaining to them is being processed. If such processing is taking place, the data subject has the right to access the personal data and obtain the following information:

  • The purposes for which the personal data is being processed;
  • The categories of personal data concerned;
  • The recipients or categories of recipients to whom the personal data has been or will be disclosed, including any recipients in third countries or international organisations;
  • Where feasible, the envisaged timeframe for which the personal data will be retained, or if this is not possible, the criteria utilised to determine such a period;
  • The existence of the right to request rectification or erasure of personal data, or the restriction of processing of personal data pertaining to the data subject, as well as the right to object to such processing;
  • The right to lodge a complaint with a supervisory authority;
  • If the personal data has not been obtained from the data subject, any available information regarding its source;
  • The existence of automated decision-making, including profiling, as referred to in Article 22(1) and (4) of the GDPR, and at least in these cases, meaningful details about the logic employed, as well as the significance and the anticipated consequences of such processing for the data subject.

Right to rectification

‍In accordance with Article 16 of the GDPR, the data subject has the right to request the rectification of any inaccurate personal data pertaining to them from the controller without undue delay. Considering the purposes for which the personal data is being processed, the data subject also has the right to have incomplete personal data supplemented by providing a supplementary statement.

Right to erasure

In accordance with Article 17 of the GDPR, the data subject is entitled to request the controller to erase personal data concerning them without undue delay, and the controller has an obligation to do so where one of the following grounds apply:

  • The personal data is no longer required for the purposes for which it was collected or otherwise processed;
  • The data subject withdraws their consent to the processing of personal data based on Article 6(1)(a) or Article 9(2)(a) of the GDPR, and there is no other legal basis for the processing;
  • The data subject objects to the processing pursuant to Article 21(1) of the GDPR, and there are no overriding legitimate grounds for the processing, or the data subject objects to the processing pursuant to Article 21(2) of the GDPR;
  • The personal data has been unlawfully processed;
  • The personal data must be erased to comply with a legal obligation under the laws of the European Union or Member State to which the controller is subject;
  • The personal data has been collected in relation to the provision of information society services as referred to in Article 8(1) of the GDPR.

Right to restriction of processing

In accordance with Article 18 of the GDPR the data subject has the right to request the controller to restrict the processing of their personal data in certain circumstances. These circumstances include situations where the accuracy of the personal data is contested by the data subject, and the controller needs time to verify the accuracy of the data. Another situation is where the processing of personal data is unlawful, and the data subject opposes the erasure of the personal data and requests the restriction of their use instead. Additionally, if the controller no longer needs the personal data for processing purposes, but the data subject requires them for legal claims, they can request the restriction of processing. Lastly, the data subject can object to the processing of their personal data while the verification of the legitimate grounds of the controller is pending.

Right to object

In accordance with Article 21 of the GDPR, the data subject is entitled to object, on grounds related to their particular situation, to the processing of personal data concerning them which is based on the legitimate interests pursued by the controller. In the present scenario, the legitimate interest solely involves processing personal data for the purpose of sending information and advertisements to clients. If a data subject objects to the processing of their personal data for the purpose of direct marketing, the controller must cease processing their personal data for such purposes, unless the data subject gives unrestricted and informed consent to the processing.

The right to lodge a complaint with a supervisory authority

In accordance with Article 77 of the GDPR, it is within the rights of every data subject to file a complaint with a supervisory authority. In the Czech Republic, the designated supervisory authority is the Úřad pro ochranu osobních údajů. The webpage of this supervisory authority is provided for reference purposes:

VII. Private policy changes

It is within our right to modify this Privacy Policy. Any information we currently collect is subject to the Privacy Policy that is currently in effect at the time of collection. New version of this Privacy Policy comes into effect by its publishing on the website Data subjects are advised to check this website occasionally. In the event that we make significant revisions or alter the manner in which personal information is utilised, we may also provide notice to you by either posting an announcement on our website or transmitting an email prior to the amendment taking effect.

VIII. Policy Towards Children

Our Services are not intended for individuals under the age of 18, and we do not intentionally gather personal information of children under the age of 18. Should we become aware that a client has furnished us with personal information of a child under the age of 18 or that a client is a child under the age of 18, we will take appropriate measures to delete said information and terminate the child's account. In the event that you discover that your child has disclosed personal information to us without your authorization, please contact us at

IX. Final Statements

If you have any questions or concerns regarding our privacy policies, if you wish to be provided with more detailed information on any of the points, request deletion or redaction of incorrect data, please send us a detailed message by email to

You can contact us at any time to request details of the processing of your personal data and we will provide you with detailed information free of charge or provide you with a copy of the data processed. This is your right to access your personal data. However, we must advise you that in the event of repeated or unreasonable requests, we are entitled to charge you for the cost of providing the information or to refuse to provide the information.

Leadspicker does not fulfil the characteristics of Article 37(1) of the GDPR and is therefore not obliged to appoint a data protection officer in this sense.

No automated profiling shall take place.