Data Protection Policy

Last Updated 27 February 2025

1.    Introduction

1.1 Automata Leads is committed to upholding the highest standards of data protection and privacy compliance across all jurisdictions in which it operates. This Data Protection Policy outlines the principles and procedures governing the collection, processing, storage, transfer, and protection of personal data in accordance with the following applicable laws:

(a) United Arab Emirates (UAE) – Abu Dhabi Global Market (ADGM) Data Protection Regulations.
(b) United Kingdom (UK) – UK General Data Protection Regulation (UK GDPR) and the UK Data Protection Act 2018.
(c) European Union (EU) – General Data Protection Regulation (EU GDPR).
(d) United States (US) – California Consumer Privacy Act (CCPA) and other relevant state and federal laws.

1.2 This policy applies to all personal data processed by Automata Leads, including but not limited to data collected from clients, users, and business partners worldwide. It establishes the legal basis for data processing, ensures compliance with global data protection regulations, and safeguards the rights of individuals interacting with Automata Leads.

.

2.    Scope and Applicability

2.1 This Data Protection Policy applies to all personal data collected, processed, stored, or transferred by Automata Leads in the course of its business operations. It governs the handling of personal data relating to the following categories of individuals:

(a) Clients and prospective customers.
(b) Website visitors and users of Automata Leads’ platforms.
(c) Business partners, suppliers, and third-party service providers.
(d) Employees, contractors, and other individuals whose data is processed in connection with Automata Leads’ activities.

2.2 This policy applies to personal data collected through digital and automated systems, including but not limited to:

(a) Automata Leads’ proprietary lead generation and prospecting tools.
(b) Client relationship management (CRM) systems.
(c) Marketing automation platforms and analytics software.
(d) Company websites, online platforms, and mobile applications.
(e) Email communications, messaging applications, and contractual agreements.
(f) Lawful third-party data sources and integrations.

2.3 Automata Leads is committed to processing personal data lawfully, fairly, and transparently in compliance with applicable data protection laws. This policy ensures alignment with the highest standards of security, accountability, and user rights while enabling the effective operation of Automata Leads’ AI-driven services.

2.4 All individuals and entities interacting with Automata Leads, whether as customers, suppliers, employees, or business partners, must adhere to the principles outlined in this policy. Any third-party service provider or contractor processing personal data on behalf of Automata Leads must comply with this policy and applicable legal requirements.

 

3.    Legal Basis for Processing

3.1. Automata Leads processes personal data in accordance with the General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, the California Consumer Privacy Act (CCPA), the Abu Dhabi Global Market (ADGM) Data Protection Regulations, and all other applicable data protection laws governing its operations.

3.2. All personal data processing conducted by Automata Leads is carried out lawfully, fairly, and transparently, relying on one or more of the following legal bases:

(a) Consent – Where required by applicable law, Automata Leads obtains explicit and informed consent from data subjects before processing their personal data. Consent may be requested for marketing communications, personalised outreach, automated decision-making, and other non-essential processing activities. Data subjects have the right to withdraw their consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal.

(b) Contractual Necessity – Automata Leads processes personal data where it is necessary to perform contractual obligations entered into with clients, customers, service providers, or employees. Such processing includes, but is not limited to, providing AI-powered lead generation services, managing customer relationships, fulfilling agreements, processing transactions, and ensuring the continued functionality of Automata Leads’ platform and services.

(c) Legitimate Interests – Personal data may be processed where necessary to pursue legitimate business interests, provided that such interests do not override the fundamental rights and freedoms of data subjects. This includes, but is not limited to: (i) Conducting fraud prevention, business analytics, product development, and security monitoring;
(ii) Using anonymised and aggregated data for AI-driven industry insights, sales automation benchmarks, and outreach optimisation analytics;
(iii) Training AI models for improved lead scoring, engagement tracking, and predictive analytics, ensuring that all data used for these purposes is fully anonymised and does not contain any personally identifiable information (PII).

(d) Regulatory & Legal Compliance – Automata Leads processes personal data where necessary to comply with its legal and regulatory obligations under applicable laws. This includes:

(i) Compliance with data retention and financial record-keeping requirements;

(ii) Adhering to anti-money laundering (AML) laws, fraud detection protocols, and other regulatory obligations;

(iii) Responding to law enforcement requests, regulatory inquiries, and subpoenas where legally required;

(iv) Facilitating consumer data rights enforcement under GDPR, CCPA, ADGM, and other relevant regulations.

3.3. Automata Leads ensures that all processing activities are conducted in accordance with the principles of purpose limitation, data minimisation, transparency, and accountability, ensuring compliance while enabling the company to operate a scalable, AI-powered lead generation service.

 

4.    Categories of Personal Data

4.1 Automata Leads collects and processes personal data strictly for lawful business purposes, ensuring compliance with applicable data protection regulations, including the General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, the California Consumer Privacy Act (CCPA), and the Abu Dhabi Global Market (ADGM) Data Protection Regulations.

4.2 The categories of personal data processed by Automata Leads include the following:

(a) Identity Data – Includes full name, job title, company name, job role, and professional credentials. This data is processed to facilitate business communications, verify identities, and support lead generation activities.

(b) Contact Data – Comprises email addresses, phone numbers, and mailing addresses collected through website interactions, business inquiries, or contractual engagements. This data is necessary for maintaining client relationships, responding to inquiries, and delivering services.

(c) Technical Data – Encompasses IP addresses, device identifiers, browser types, operating systems, and metadata collected through website visits and platform interactions. This data is processed to enhance security, optimise platform functionality, and prevent fraudulent activities.

(d) Usage Data – Includes records of interactions with Automata Leads’ website, login credentials, behavioural analytics, and engagement metrics. This data enables Automata Leads to improve user experience, assess service performance, and refine AI-driven automation processes.

(e) Marketing and Communication Preferences – Consists of records of user preferences regarding marketing communications, promotional content, and customer engagement. Automata Leads processes this data in compliance with consent-based marketing regulations and provides opt-out mechanisms where required.

(f) Transactional Data – Refers to records of client purchases, invoices, payment details, and other financial information necessary for contract fulfilment and billing purposes. Automata Leads does not store or process payment card details directly but may rely on third-party payment processors compliant with PCI-DSS security standards.

(g) Lead Generation and Business Information – Includes publicly available business data, industry-related insights, and prospecting information sourced from business directories, LinkedIn, or authorised third-party data providers. This data is processed solely for B2B engagement and in accordance with applicable data protection laws.

4.3 Automata Leads ensures that all data collection and processing activities adhere to the principles of purpose limitation, data minimisation, and proportionality, ensuring that no excessive or unnecessary personal data is collected beyond what is required for legitimate business purposes.

 

5.    Data Collection

5.1.             Methods of Data Collection

5.1.1 Automata Leads collects personal data through various lawful and transparent means in the course of its business operations. The collection methods include direct interactions, automated tracking technologies, third-party integrations, business networking, and communication channels. All data collection is conducted in compliance with applicable data protection regulations, including but not limited to the General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, the California Consumer Privacy Act (CCPA), and the Abu Dhabi Global Market (ADGM) Data Protection Regulations.

5.1.2 Personal data may be collected through direct interactions with individuals who voluntarily provide their information when completing online forms, subscribing to services, requesting information, registering for events, participating in surveys, or engaging in contractual agreements. Such data may include contact details, professional information, and preferences for communication. Individuals are provided with appropriate notice at the point of collection and may withdraw consent where applicable.

5.1.3 Automata Leads employs automated tracking technologies, including cookies, web beacons, log files, and analytics tools, to collect technical and usage data when individuals interact with its website and digital platforms. Cookies and similar technologies are used to facilitate website functionality, improve user experience, and monitor engagement. Non-essential cookies are only deployed where legally required with explicit user consent. Individuals may manage their cookie preferences in accordance with the Automata Leads Cookie Policy.

5.1.4 Third-party integrations with customer relationship management (CRM) platforms, marketing automation tools, lead enrichment services, and artificial intelligence (AI) communication platforms may facilitate data collection through synchronised business applications. Data may be processed through integrated third-party service providers, including but not limited to HubSpot, Zapier, Apollo.io, PhantomBuster, OpenAI, and Twilio. Automata Leads ensures that all third-party integrations comply with data protection laws and are governed by legally binding data processing agreements (DPAs).

5.1.5 Business networking and lead generation activities involve the collection of publicly available professional data from industry directories, LinkedIn, company websites, and relevant third-party sources. Such data is acquired strictly for business-to-business (B2B) marketing and lead generation purposes. Where applicable, Automata Leads implements opt-out mechanisms in compliance with direct marketing regulations.

5.1.6 Personal data may also be collected through direct communication channels, including email correspondence, telephone interactions, VoIP calls, live chat support, and messaging applications. Communications conducted via these channels may involve the collection of identifying and transactional information necessary for business inquiries, customer support, and contractual engagement.

5.1.7 Automata Leads is committed to data minimisation and transparency, ensuring that only necessary personal data is collected for the intended business purposes. All data collection activities are conducted lawfully, fairly, and with appropriate security measures in place to safeguard the rights and privacy of individuals.

 

5.2 Data Hosting and Processing

5.2.1 Automata Leads operates as a fully digital, AI-powered platform and does not maintain proprietary servers or on-premises infrastructure for data storage or processing. All data collected and processed by Automata Leads is hosted and managed through third-party Software-as-a-Service (SaaS) providers and cloud-based platforms. These providers are selected based on their adherence to internationally recognised data security and compliance standards.

5.2.2 Personal data is stored and processed across multiple cloud service providers, including Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure, depending on the specific function within the Automata Leads ecosystem. The location of data hosting and processing varies based on the operational requirements of the integrated third-party service providers.

5.2.3 The primary data hosting and processing locations include but are not limited to:
(a) Lead Scraping and Verification – Data processed via Apollo.io, PhantomBuster, and Clay.run, primarily hosted on AWS and Google Cloud in the United States.
(b) AI Outreach and Communication – Data handled through Twilio, Instantly.ai, and OpenAI, hosted on Azure, AWS, and Google Cloud, with selected services offering EU data residency.
(c) AI Scheduling and CRM Synchronisation – Data processed through Reclaim.ai and HubSpot, with hosting on Google Cloud and AWS.
(d) AI Reporting and Workflow Orchestration – Data handled via LangGraph and Airtable, hosted on AWS and Google Cloud.
(e) Payments and Accounting – Financial transactions and invoicing data managed through Stripe and Xero, with data hosted on AWS and Google Cloud.

5.2.4 Automata Leads ensures that all third-party service providers maintain compliance with applicable data protection laws, including but not limited to the General Data Protection Regulation (GDPR), the UK Data Protection Act 2018, the California Consumer Privacy Act (CCPA), the Abu Dhabi Global Market (ADGM) Data Protection Regulations, and the Payment Card Industry Data Security Standard (PCI-DSS) for financial transactions.

5.2.5 Where required, Automata Leads enters into legally binding Data Processing Agreements (DPAs) with third-party service providers to ensure that data processing activities adhere to strict security, confidentiality, and regulatory compliance measures. These agreements impose obligations on service providers to implement appropriate safeguards, limit data retention periods, and process data only for authorised purposes.

5.2.6 Automata Leads does not engage in data hosting, processing, or storage in jurisdictions that lack adequate data protection laws unless appropriate safeguards, such as Standard Contractual Clauses (SCCs), Binding Corporate Rules (BCRs), or equivalent legal mechanisms, are implemented.

5.2.7 Data subjects may request further details regarding the specific hosting locations of their data by contacting Automata Leads through the designated privacy contact.

 

5.3 Cross-Border Data Transfers

5.3.1 Automata Leads operates as a global AI-powered platform, and as such, personal data may be transferred, stored, and processed across multiple jurisdictions. Due to the nature of cloud-based services and international business operations, data may be hosted in various geographic locations where Automata Leads’ third-party service providers maintain infrastructure.

5.3.2 Automata Leads ensures that all cross-border data transfers comply with applicable data protection laws, including but not limited to:
(a) The General Data Protection Regulation (EU GDPR) and the UK GDPR, requiring appropriate safeguards for transfers outside the European Economic Area (EEA) and the UK.
(b) The California Consumer Privacy Act (CCPA), mandating transparency and consumer rights in relation to international data processing.
(c) The Abu Dhabi Global Market (ADGM) Data Protection Regulations, requiring lawful mechanisms for data transfers outside the UAE.

5.3.3 Where personal data is transferred outside jurisdictions with recognised data protection frameworks, Automata Leads implements legally recognised safeguards, which may include:
(a) Standard Contractual Clauses (SCCs) approved by the European Commission for data transfers outside the EEA and the UK.
(b) Binding Corporate Rules (BCRs) where applicable to ensure a consistent level of data protection across Automata Leads’ global operations.
(c) The EU-U.S. Data Privacy Framework and UK-U.S. Data Bridge, where applicable, for transfers to certified organisations in the United States.
(d) Contractual agreements with third-party service providers imposing strict data protection obligations in line with international regulatory requirements.

5.3.4 Where required by law, Automata Leads provides data subjects with notice regarding cross-border transfers and the mechanisms used to safeguard their personal data. Data subjects may request further details regarding the applicable safeguards in place for international data transfers by contacting Automata Leads through the designated privacy contact.

5.3.5 Automata Leads continuously monitors legal developments related to cross-border data transfers and updates its compliance framework to reflect changes in applicable laws, regulatory guidance, and international data transfer mechanisms.

5.4 Third-Party Service Providers' Compliance and Data Storage

5.4.1 Automata Leads engages reputable third-party service providers to support its AI-powered platform, including cloud computing, data processing, CRM integration, payment processing, and marketing automation. Automata Leads ensures that all third-party service providers adhere to applicable data protection regulations and implement appropriate security measures to safeguard personal data.

5.4.2 Automata Leads exercises due diligence in selecting third-party service providers and requires that such providers comply with:
(a) The General Data Protection Regulation (EU GDPR) and UK GDPR for data processing within and outside the EEA and UK.
(b) The California Consumer Privacy Act (CCPA) for personal data collected from California residents.
(c) The Abu Dhabi Global Market (ADGM) Data Protection Regulations for data transfers and processing within the UAE.
(d) Other applicable regulatory requirements based on the jurisdiction of the data subjects and service providers.

5.4.3 The table below provides an overview of Automata Leads’ key third-party service providers, their compliance certifications, and data storage locations:

 

Table 1: 3rd Party Compliance and Hosting

Service

Compliance Certifications

Data Storage Locations

Apollo.io

ISO/IEC 27001 certified; SOC 2 (Type II) audited

 

GDPR compliant (Data Processor & Controller)

Hosted on AWS in the United States. No dedicated EU data center (EU personal data handled via GDPR safeguards like SCCs/DPF).

PhantomBuster

GDPR compliant (meets EU data protection requirements. Uses Standard Contractual Clauses for EU-to-US transfers. (No formal SOC2/ISO certs published.)

Data stored and processed in the EU/EEA by default. If transferred outside EEA, only to adequate countries or under SCC agreements.

Clay.run

SOC 2 Type II compliant (independently audited).

GDPR/CCPA compliant data practices. (No ISO 27001 cert yet publicly.)

Hosted on US-based cloud servers (all data stored in the U.S.) No EU data center available (all operations currently U.S.-hosted).

Instantly.ai

Implements SOC 2 controls (Type II audit in progress).

Aligns with ISO 27001 security standards.

GDPR compliant and offers Data Processing Addendum.

Primarily hosted on AWS/GCP in the USA (infrastructure in U.S.

Also utilizes EU-based hosting (Hetzner in EU) for certain services.

OpenAI Operator (OpenAI)

SOC 2 Type II audited (security & confidentiality.

Complies with GDPR and CCPA (supports DPA and EU-US DPF.

CSA STAR Level 1 registered.

Default data processing in U.S. data centers. Offers European data residency for API/ChatGPT Enterprise (EU content stored in EU).

Twilio

ISO/IEC 27001:2013, 27017:2015, 27018:2019 certified.

PCI DSS Level 1 compliant. SOC 2 Type II and SOC 3 audited (for core services).

Global infrastructure with regional data centers. Supports regional data storage in the US and EU (e.g. “US1” and “IE1” isolated regions for data residency compliance.

ChatGPT API (OpenAI)

Covered by OpenAI’s SOC 2 Type II report.

OpenAI adheres to GDPR/CCPA (offers DPA and SCCs for API users.

Hosted on OpenAI’s global cloud (primarily US). Enterprise API customers can opt for EU regional processing (requests handled and stored in Europe.

Zapier

SOC 2 Type II certified; SOC 3 report available.

Committed to GDPR, UK GDPR, CCPA compliance.

(No ISO 27001 or PCI certification published – leverages AWS’s compliant infrastructure.)

Hosted on Amazon Web Services cloud.

Data is stored globally in AWS (primarily U.S. regions) – no separate EU data residency (Zapier’s storage is global.

Reclaim.ai

SOC 2 Type II certified (as of Sept 2023.

GDPR compliant (supports world‑class GDPR practices.

Participates in EU-U.S. Data Privacy Framework.

Multi-region data centres: operates across regions including the US and Europe to ensure data locality. (Provides EU data residency for enterprise accounts.)

HubSpot

SOC 2 Type II (and SOC3) audits conducted annually.

ISO/IEC 27001 certified; also aligns with ISO 27017/27018 standards.

GDPR compliant (approved Binding Corporate Rules.

Hosted on AWS (primary infrastructure in USA East region .

Offers EU data storage in Frankfurt, Germany for new customers (with migration available for existing.

Additional regional hosting (Canada, Australia) supported for applicable accounts.

LangGraph

No formal certifications published. (Not SOC 2 or ISO certified as of 2024 – open-source cloud offering still in beta).

Focuses on cloud provider security for data protection.

Hosted on cloud infrastructure (likely in U.S. region by default).

No dedicated data residency options yet (all data handled in the default cloud region).

Airtable

SOC 2 Type II audited.

ISO/IEC 27001:2022 certified;

ISO/IEC 27701:2019 (privacy) certified.

Supports HIPAA compliance (Enterprise BAA available.

TX-RAMP Level 1 certified for Texas agencies.

GDPR and CCPA compliant by design.

Data centers in USA (default hosting) and EU. European data residency stores data in AWS Frankfurt, Germany (with backups in AWS Ireland).

Customers can choose US or EU storage locale.

Stripe

PCI DSS Level 1 Service Provider (most stringent certification).

SOC 1 Type II and SOC 2 Type II audits performed annually. (SOC 3 available publicly).

Adheres to ISO 27001 controls (infrastructure and processes meet ISO standards).

Complies with GDPR (supports SCCs and strict data privacy program.

  and processed in multiple regions for redundancy and performance. (Stripe ensures local data handling to meet regional compliance needs.)

Xero

ISO/IEC 27001:2022 certified (information security ISMS).

SOC 2 Type II audits completed for cloud accounting system.

PCI DSS v4.0 compliant (Level 2 merchant, card processing outsourced to Level 1 PCI providers.

Hosted across multiple cloud providers. Primarily on AWS (after migrating from Rackspace, with some services on Microsoft Azure.

Previously utilized Rackspace data centers (fully moved to public cloud). Data is replicated across these platforms for resilience.

 

5.4.4 Automata Leads ensures that all third-party service providers are contractually required to implement robust data protection measures and maintain compliance with applicable data protection laws. Where necessary, Automata Leads enters into Data Processing Agreements (DPAs) with service providers to formalise data protection obligations.

5.4.5 While Automata Leads takes reasonable steps to ensure the accuracy of third-party compliance certifications and data storage locations, Automata Leads does not assume responsibility for changes in third-party service providers' security frameworks, compliance status, or operational practices. Individuals and organisations are encouraged to review the respective privacy policies and compliance statements of these third-party providers for up-to-date information.

5.4.6 Automata Leads reserves the right to update, modify, or change its selection of third-party service providers to ensure continued operational efficiency, security, and regulatory compliance. Changes to third-party service providers will be reflected in the latest version of this policy, available on the Automata Leads website.

 

 

Employee Training and Awareness

6.1 Automata Leads is committed to ensuring that all employees, contractors, and relevant personnel understand their responsibilities concerning data protection and privacy. To achieve this, Automata Leads implements a structured data protection training and awareness programme that aligns with applicable legal and regulatory frameworks, including the General Data Protection Regulation (EU GDPR and UK GDPR), the California Consumer Privacy Act (CCPA), and the Abu Dhabi Global Market (ADGM) Data Protection Regulations.

6.2 All employees who handle personal data are required to complete mandatory data protection training upon onboarding and at regular intervals thereafter. The training programme covers, but is not limited to, the following key areas:
(a) Principles of data protection and privacy laws applicable to Automata Leads’ operations;
(b) Best practices for the secure handling, processing, and storage of personal data;
(c) Responsibilities regarding data minimisation, purpose limitation, and lawful data processing;
(d) Recognising and responding to data subject rights requests, including access, rectification, and erasure;
(e) Identifying and mitigating potential data breaches or unauthorised data access incidents; and
(f) Security protocols and compliance obligations related to Automata Leads' AI-driven lead generation platform.

6.3 Automata Leads conducts periodic assessments to evaluate employee knowledge and ensure continued compliance with internal data protection policies and external legal requirements. Employees who fail to complete the required training or who demonstrate non-compliance with data protection obligations may be subject to corrective measures, including additional training or disciplinary action where necessary.

6.4 Training content is reviewed and updated regularly to reflect changes in regulatory requirements, industry best practices, and organisational needs. Any revisions to Automata Leads’ data protection policies or procedures are communicated promptly to all relevant personnel, and additional training sessions are provided as required.

6.5 Automata Leads maintains records of all training sessions completed by employees to demonstrate compliance with legal obligations and internal accountability requirements. These records are retained in accordance with Automata Leads’ data retention policies and may be subject to review by regulatory authorities where necessary.

6.6 In addition to structured training programmes, Automata Leads promotes ongoing awareness of data protection principles through internal communications, policy updates, and guidance materials. Employees are encouraged to seek clarification on data protection matters and report any concerns regarding data security or compliance to the designated Data Protection Officer.

 

7.    Third-Party Risk Management

7.1 Automata Leads is committed to ensuring that all third-party service providers, contractors, and vendors engaged in processing personal data on its behalf comply with applicable data protection laws, including the General Data Protection Regulation (EU GDPR and UK GDPR), the California Consumer Privacy Act (CCPA), and the Abu Dhabi Global Market (ADGM) Data Protection Regulations.

7.2 To mitigate risks associated with third-party data processing, Automata Leads implements a structured third-party risk management framework, which includes the following key measures:

(a) Conducting thorough due diligence on all prospective third-party service providers before engagement, assessing their security controls, compliance certifications, and data handling practices;

(b) Ensuring that all third-party engagements involving personal data processing are governed by legally binding agreements, including Data Processing Agreements (DPAs) and Standard Contractual Clauses (SCCs) where required;

(c) Implementing contractual safeguards that define the rights and obligations of third parties concerning data security, confidentiality, access restrictions, and compliance with applicable regulations;

(d) Conducting periodic audits and assessments of third-party service providers to verify compliance with contractual obligations and regulatory requirements, including review of security certifications (e.g., ISO 27001, SOC 2) and adherence to Automata Leads’ data protection policies;

(e) Requiring third-party providers to notify Automata Leads promptly of any security incidents, data breaches, or changes in their compliance posture that may impact the integrity, confidentiality, or availability of personal data;

(f) Restricting third-party data access to the minimum necessary scope required for service delivery, ensuring that appropriate role-based access controls (RBAC) and encryption measures are in place to prevent unauthorised access or misuse of personal data; and

(g) Establishing mechanisms for the termination of third-party contracts where compliance failures or security risks are identified, including obligations for secure data deletion or return of personal data upon contract termination.

7.3 Automata Leads maintains an ongoing third-party monitoring programme, ensuring that all external entities handling personal data operate in full compliance with applicable data protection laws and industry best practices. Third-party service providers are required to provide evidence of continued compliance upon request, including security audit reports, regulatory assessments, and data protection certifications.

7.4 In cases where Automata Leads transfers personal data to third-party service providers located outside jurisdictions with adequate data protection laws, appropriate legal safeguards, such as Binding Corporate Rules (BCRs) or Standard Contractual Clauses (SCCs), are implemented to ensure lawful and secure data transfers.

7.5 Automata Leads reserves the right to review, modify, or terminate third-party relationships where ongoing assessments reveal non-compliance, security vulnerabilities, or other risks that may compromise the privacy and security of personal data.

 

8.    Data Processing and Usage

8.1 Automata Leads processes personal data in a lawful, fair, and transparent manner, ensuring compliance with global data protection regulations, including the General Data Protection Regulation (EU GDPR and UK GDPR), the California Consumer Privacy Act (CCPA), and the Abu Dhabi Global Market (ADGM) Data Protection Regulations. Personal data is processed solely for legitimate business purposes and in alignment with the principles of purpose limitation, data minimisation, and accountability.

8.2 Automata Leads processes personal data to facilitate, maintain, and enhance its AI-powered lead generation services. This includes analysing data to identify potential business prospects, executing automated outreach campaigns, personalising engagement strategies, and improving conversion rates for business clients.

8.3 For customer relationship management and service delivery, Automata Leads processes personal data to maintain accurate client records, manage service agreements, and facilitate communication with users of its platform and services.

8.4 Automata Leads processes personal data for marketing and prospecting purposes, ensuring that outreach efforts are timely, relevant, and aligned with user preferences. This includes data-driven audience segmentation, personalised messaging, and campaign performance analysis. Where legally required, explicit consent is obtained before processing personal data for direct marketing.

8.5 Personal data is processed for research, analytics, and business improvement purposes, allowing Automata Leads to assess operational efficiency, measure outreach effectiveness, refine AI-driven prospecting models, and develop enhanced service offerings. Wherever possible, data is aggregated or anonymised to eliminate personally identifiable information while preserving analytical value.

8.6 Automata Leads processes personal data to comply with applicable legal and regulatory obligations, including but not limited to consumer protection laws, tax compliance, fraud prevention measures, and record-keeping requirements.

8.7 Personal data is processed to ensure security, prevent fraud, and detect unauthorised activities. Security-related processing activities include monitoring website interactions, safeguarding platform integrity, implementing access controls, and deploying protective measures to mitigate unauthorised access or data breaches.

8.8 For contractual fulfilment and billing purposes, Automata Leads processes personal data to facilitate transactions, generate invoices, manage subscriptions, and fulfil financial obligations related to service delivery. Payment data is processed in compliance with PCI-DSS standards, ensuring the secure handling of financial transactions.

8.9 Automata Leads is committed to ensuring that all personal data processing activities adhere to applicable data protection principles and regulatory standards. Data subjects are provided with appropriate rights and mechanisms to control the processing of their personal data, as outlined in this policy.

 

9.    Data Monetisation & Insights Sharing

9.1 Purpose and Scope
Automata Leads leverages aggregated and anonymised data to generate commercial insights, industry benchmarks, and AI-driven analytics. This process ensures that no personally identifiable information (PII) is shared, sold, or exposed while enabling business intelligence, market research, and lead generation optimisation.

9.2 Anonymisation and Aggregation

(a) Personal data is fully anonymised before any monetisation, ensuring that no individual or entity can be identified, traced, or re-associated with the processed data.

(b) Anonymised data sets are combined across multiple sources, producing generalised, non-personal insights that cannot be reversed into identifiable records.

(c) Automata Leads employs industry-standard encryption, hashing techniques, and privacy-enhancing technologies (PETs) to maintain data integrity, confidentiality, and regulatory compliance.

9.3 Use Cases and Commercial Insights

Automata Leads may monetise anonymised data in the following ways:

(a) AI-Driven Market Trends & Performance Analytics – Providing aggregated conversion rates, outreach effectiveness benchmarks, and industry-specific lead generation insights.

(b) Predictive Intelligence & Scoring Models – Enhancing AI-powered lead scoring, targeting efficiency, and engagement probability for improved campaign performance.

(c) Benchmarking Reports & Whitepapers – Publishing anonymised findings to inform businesses about trends in AI-driven outreach, automation effectiveness, and lead conversion optimisation.

(d) Strategic Partnerships & Research Collaborations – Sharing anonymised trend insights with trusted partners, technology providers, and AI research initiatives, strictly under data-sharing agreements (DSAs) and compliance frameworks.

9.4 Third-Party Data Sharing & Compliance

(a) No Sale of Personal Data – Automata Leads does not sell personally identifiable data to third parties. Any data shared externally is fully anonymised, aggregated, and stripped of PII.

(b) Data Sharing Agreements (DSAs) – Where anonymised insights are shared with partners, they are governed by strict contractual terms, ensuring that recipients comply with GDPR, CCPA, and ADGM privacy laws.

(c) Customer Opt-Out Mechanisms – Clients may opt out of anonymised data processing upon request, ensuring their data is excluded from commercial insights models.

 

9.5 Regulatory & Ethical Safeguards

(a) Automata Leads ensures compliance with global data protection laws, including GDPR’s data anonymisation standards, CCPA’s opt-out rights, and ADGM’s privacy regulations.

(b) Transparency commitments include periodic reviews, external audits, and compliance certifications, ensuring data monetisation practices align with industry best practices and regulatory expectations.

(c) No personal data will be used for automated decision-making or AI training without explicit regulatory alignment and disclosure to users.

 

9.6 Customer Rights & Queries

Clients and users may request clarification regarding anonymised data usage, opt out of anonymised analytics, or raise privacy-related concerns by contacting privacy@automataleads.com.

 

10. Automated Processing and Profiling

10.1 Automata Leads utilises artificial intelligence and automated decision-making processes to enhance lead generation, outreach, and business development. These automated processes involve the analysis and classification of individuals based on predefined criteria to optimise prospecting strategies and engagement methodologies.

10.2 Automated decision-making refers to the use of algorithmic models to evaluate and classify prospects based on various data points, including job roles, industry relevance, engagement history, and conversion likelihood. Profiling involves the application of AI-driven analytics to assess potential customer interests and predict behavioural responses based on historical data patterns.

10.3 The purpose of these automated processes is to improve operational efficiency, personalise outreach strategies, and enhance the accuracy of lead targeting. These technologies assist in streamlining workflows and ensuring that interactions are relevant to business prospects.

10.4 Automata Leads does not make legally binding decisions solely through automated processing without human intervention. Where significant decisions are influenced by AI, appropriate safeguards are implemented to ensure fairness, transparency, and compliance with applicable data protection laws. These safeguards include human oversight, the ability for individuals to request manual review of decisions, and the right to contest profiling outcomes.

10.5 Under the General Data Protection Regulation (EU GDPR and UK GDPR), the United Kingdom Data Protection Act 2018, and the California Consumer Privacy Act (CCPA), individuals have the right to request human intervention regarding automated decisions, object to profiling where legally applicable, and opt out of non-essential profiling activities. Requests to exercise these rights can be submitted through Automata Leads’ designated privacy contact channels.

10.6 Where applicable, Automata Leads provides transparency regarding the logic used in AI-driven decision-making, the potential consequences for individuals, and mechanisms for users to manage their preferences regarding automated processing.

 

11. Data Retention Policy

11.1 Automata Leads retains personal data only for as long as necessary to fulfil contractual obligations, comply with legal and regulatory requirements, and support legitimate business operations. Retention periods are determined based on applicable laws, industry standards, and operational needs.

11.2 The retention periods for different categories of personal data are as follows:

(a) Marketing Data is retained for a period of twelve (12) months or until the individual withdraws consent, whichever occurs first.

(b) Client Contracts and Billing Records are retained for seven (7) years to comply with tax, audit, and financial reporting obligations.

(c) Employee Records are retained for five (5) years post-employment in compliance with labour regulations and statutory requirements.

(d) Website Visitor Data (Cookies and Analytics) is retained for a period between six (6) to twelve (12) months, depending on the nature of the cookie or analytics data, in accordance with applicable privacy laws.

11.3 Upon expiration of the relevant retention period, personal data is securely deleted, anonymised, or archived in compliance with regulatory requirements and security best practices. Data deletion procedures ensure that personal data is permanently erased without the possibility of reconstruction or misuse.

 

12. Data Deletion Policy

12.1 Automata Leads implements strict data deletion protocols to ensure that personal data is removed securely and in accordance with regulatory requirements, contractual obligations, and industry best practices.

12.2 The data deletion process is conducted as follows:

(a) Automated and Manual Deletion Procedures

(i) Where feasible, data deletion is automated using secure workflows that remove expired data in accordance with the established retention policies.

(ii) Data requiring manual deletion is reviewed on a quarterly basis to ensure compliance with legal and contractual obligations.

(b) Secure Erasure of Digital Data

(i) Active data stored in databases, CRM systems, and AI processing tools is permanently erased using cryptographic wiping techniques, such as those defined in the NIST 800-88 standard.
(ii) Backup data is securely purged at the end of its lifecycle in compliance with ISO 27001 and SOC 2 security frameworks.

(c) Anonymisation and Aggregation

(i) Where applicable, Automata Leads anonymises personal data rather than deleting it outright, enabling continued use for analytical and statistical purposes without identifying individuals.

(ii) The anonymisation process is irreversible and follows regulatory guidelines to prevent data re-identification.

(d) Paper-Based Records and Physical Storage

(i) Automata Leads operates as a fully digital business; however, where legally required, paper-based documents (e.g., contracts, regulatory filings) are securely shredded using DIN 66399 P-4 standard shredders after the retention period expires.

(e) Client and User-Requested Data Deletion

(i) Individuals have the right to request the deletion of their personal data at any time, subject to legal and contractual constraints.

(ii) Deletion requests are processed within thirty (30) days unless an extension is required due to technical or legal considerations, in which case the individual will be notified accordingly.

(f) Audit and Compliance Verification

(i) Regular internal audits are conducted to verify compliance with data retention and deletion policies.

(ii) External audits may be performed to ensure adherence to GDPR, CCPA, and ADGM requirements.

12.3 Automata Leads is committed to ensuring that all expired, unnecessary, or redundant personal data is securely erased to protect user privacy and maintain compliance with global data protection laws.

 

13. Data Storage and Security

13.1. Security Standards and Compliance

13.1.1. Automata Leads employs comprehensive security measures to protect personal data against unauthorised access, loss, misuse, and disclosure. These measures align with globally recognised security and data protection regulations, including:
(a) The General Data Protection Regulation (GDPR) (EU & UK).
(b) The UK Data Protection Act 2018.
(c) The California Consumer Privacy Act (CCPA).
(d) The Abu Dhabi Global Market (ADGM) Data Protection Regulations.

13.1.2. Security policies are regularly updated to reflect regulatory developments, emerging threats, and industry best practices.

13.2. Data Encryption and Transmission Security

13.2.1. All data transmissions and storage are encrypted using advanced cryptographic protocols to maintain confidentiality and integrity:
(a) Data at Rest: Encrypted using AES-256 encryption.
(b) Data in Transit: Encrypted using TLS 1.3 to protect against interception and unauthorised access.

13.2.2. Data access and processing activities are logged and monitored to detect anomalies, unauthorised access attempts, and security breaches.

13.3. Data Retention and Minimisation Policy

13.3.1. Automata Leads enforces a strict data minimisation and retention policy, ensuring that personal data is retained only for as long as necessary to fulfil its lawful purpose.

13.3.2. Data retention periods are determined based on:
(a) Contractual obligations with clients.
(b) Legal and regulatory requirements (e.g., tax, audit, compliance records).
(c) Operational necessity for service delivery.

13.3.3. Upon expiration of the applicable retention period, personal data is securely:
(a) Erased using cryptographic wiping techniques (e.g., NIST 800-88 standard).
(b) Anonymised, where applicable, in compliance with regulatory standards to prevent re-identification.

13.4. Access Controls and Internal Security

13.4.1. Access to personal data within Automata Leads is strictly controlled and granted on a need-to-know basis.

13.4.2. The following security mechanisms are enforced:
(a) Role-Based Access Controls (RBAC) – Ensures employees and contractors only access data necessary for their role.
(b) Multi-Factor Authentication (MFA) – Required for all privileged accounts handling personal data.
(c) Access Logging and Monitoring – Continuous logging and monitoring of access events to detect unauthorised activity.

13.4.3. Regular audits are conducted to verify compliance with access control policies, with alerts configured for suspicious activity.

13.4.4. Automata Leads requires all employees, contractors, and third-party service providers handling personal data to enter into strict confidentiality agreements (NDAs).

13.5. Data Hosting and Security Infrastructure

13.5.1. Automata Leads’ infrastructure is hosted on ISO 27001 and SOC 2-compliant cloud platforms, ensuring compliance with internationally recognised data protection standards.

13.5.2. Cloud-based data hosting provides:
(a) Advanced threat detection and automated security monitoring.
(b) Data redundancy to protect against data loss.
(c) High-availability architecture to ensure uninterrupted service.

13.6. Security Audits, Monitoring, and Compliance Verification

13.6.1. Automata Leads maintains ongoing security audits, compliance assessments, and monitoring processes to ensure adherence to best practices. This includes:
(a) Routine penetration testing and vulnerability scans to identify and mitigate security risks.
(b) Continuous security monitoring to detect cyber threats, insider risks, and suspicious activities.
(c) Third-party compliance reviews conducted by independent auditors to uphold industry security benchmarks.

13.7. Incident Response and Breach Handling

13.7.1. In the event of a security breach involving personal data, Automata Leads will:
(a) Investigate the incident immediately and assess the impact.
(b) Contain and mitigate the breach to prevent further unauthorised access.
(c) Notify regulatory authorities and affected individuals in accordance with legal timelines.

 

14. Data Breach Response Plan

14.1 Automata Leads has implemented a structured and comprehensive Data Breach Response Plan to address any incidents involving unauthorised access, loss, or compromise of personal data. This plan ensures prompt detection, mitigation, and regulatory compliance in handling data breaches.

14.2 In the event of a data breach, Automata Leads follows a five-step response protocol:

(a) Identification and Containment
(i) Immediate identification of the breach to determine the affected systems and data.
(ii) Containment measures implemented to prevent further data loss, including isolating compromised systems and restricting access.

(b) Assessment and Investigation
(i) A detailed investigation conducted to determine the scope, severity, and impact of the breach.
(ii) Root cause analysis performed to identify vulnerabilities and assess regulatory reporting obligations.

(c) Notification
(i) Affected individuals are notified in accordance with applicable data protection laws, including GDPR, CCPA, and ADGM regulations.
(ii) Where legally required, regulatory authorities and other relevant stakeholders are informed within statutory timeframes.

(d) Mitigation and Remediation
(i) Immediate corrective actions are taken to mitigate risks and prevent further exploitation of vulnerabilities.
(ii) Security protocols and technical measures are enhanced to strengthen system integrity and resilience.

(e) Documentation and Reporting
(i) A detailed incident report is prepared, documenting the breach, response measures taken, and lessons learned.
(ii) Internal review processes are conducted to refine policies and procedures, ensuring continuous improvement in breach response handling.

14.3 Automata Leads remains committed to maintaining transparency, compliance, and proactive security measures to safeguard personal data. The Data Breach Response Plan is regularly reviewed and updated to align with evolving regulatory requirements and industry best practices.

14.4. Notification Obligations

14.4.1. Automata Leads shall notify the relevant data protection authorities and, where applicable, affected individuals of a confirmed personal data breach without undue delay, and in accordance with applicable legal requirements.

14.4.2. Where the breach falls within the scope of the General Data Protection Regulation (GDPR), Automata Leads shall notify the relevant supervisory authority within 72 hours of becoming aware of the breach, unless it can be demonstrated that the breach is unlikely to result in a risk to the rights and freedoms of individuals. If notification is delayed beyond this period, Automata Leads shall provide justification for the delay in accordance with regulatory requirements.

14.4.3. Where the breach falls within the scope of the California Consumer Privacy Act (CCPA), Automata Leads shall notify affected consumers and the California Attorney General’s Office where required, within 30 days of confirming that a data breach has occurred.

14.4.4. Where applicable under Abu Dhabi Global Market (ADGM) Data Protection Regulations, Automata Leads shall notify the Office of Data Protection (ODP) in accordance with the specific reporting timelines prescribed by ADGM regulations.

14.4.5. If the breach involves third-party data processors, Automata Leads shall ensure that the responsible processor notifies Automata Leads without undue delay following the discovery of a security incident that may impact personal data.

14.4.6. Where individual notification is required by law, Automata Leads shall provide affected individuals with clear and transparent information regarding:
(a) The nature and scope of the data breach.
(b) The categories of personal data affected.
(c) The steps taken to mitigate the impact of the breach.
(d) Recommendations for affected individuals to protect their data.
(e) Contact details for further inquiries or assistance.

14.4.7. Automata Leads shall maintain a data breach register, documenting all breaches, their impact assessments, and remediation actions taken, in compliance with applicable data protection laws.

 

 

15. International Data Transfers

15.1 Automata Leads operates as a global entity and, in the course of its business activities, may transfer personal data across international borders. All cross-border data transfers are conducted in compliance with applicable legal frameworks and regulatory requirements to ensure the highest standards of privacy and data protection.

15.2 Data Transfers to the European Union (EU) and the United Kingdom (UK)
(a) Where personal data is transferred outside the EU or UK, Automata Leads relies on Standard Contractual Clauses (SCCs) as approved by the European Commission and the UK Information Commissioner’s Office (ICO). These legally binding agreements ensure that the fundamental rights of data subjects are upheld in accordance with EU GDPR and UK GDPR.
(b) Where applicable, Binding Corporate Rules (BCRs) may be implemented to regulate intra-group transfers, providing a standardised and compliant data protection framework across all global operations.

15.3 Data Transfers to the United Arab Emirates (UAE) and Abu Dhabi Global Market (ADGM)
(a) Automata Leads complies with the ADGM Data Protection Regulations and other relevant UAE data protection laws for cross-border transfers.
(b) Data processed and stored outside the UAE remains subject to equivalent security and compliance standards, ensuring that personal data is safeguarded irrespective of its location.

15.4 Data Transfers to the United States (US)
(a) Automata Leads complies with applicable federal and state-level data protection laws, including the California Consumer Privacy Act (CCPA) and other relevant regulations governing data transfers.
(b) Given that the EU-US Privacy Shield has been invalidated, Automata Leads relies on alternative compliance mechanisms, such as SCCs, to ensure lawful and transparent data transfers.

15.5 Automata Leads continuously monitors evolving global data protection regulations and adapts its international data transfer policies accordingly. By implementing legal, technical, and organisational safeguards, Automata Leads ensures that personal data remains secure, private, and compliant—regardless of the jurisdiction in which it is processed.

 

16. Data Subject Rights

16.1 Automata Leads recognises and upholds the fundamental rights of individuals regarding their personal data. In accordance with the General Data Protection Regulation (GDPR) (EU & UK), the Abu Dhabi Global Market (ADGM) Data Protection Regulations, the California Consumer Privacy Act (CCPA) (US), and other applicable laws, individuals whose data is processed by Automata Leads are entitled to the following rights:

16.2 Right to Access
(a) Individuals have the right to request confirmation as to whether Automata Leads processes their personal data.
(b) Upon request, Automata Leads will provide a copy of the personal data held, along with details on how it is being processed, the legal basis for processing, and any relevant data retention policies.

16.3 Right to Rectification
(a) If personal data is inaccurate, incomplete, or outdated, individuals may request corrections or updates.
(b) Automata Leads will rectify any inaccurate information promptly to ensure data accuracy.

16.4 Right to Erasure ("Right to be Forgotten")
(a) Where legally applicable, individuals may request the deletion of their personal data.
(b) This right applies in circumstances where:
(i) the data is no longer necessary for processing;
(ii) consent has been withdrawn; or
(iii) processing is unlawful.
(c) However, legal and contractual obligations may require Automata Leads to retain certain data for compliance purposes.

16.5 Right to Restrict Processing
(a) Under specific conditions, individuals may request a restriction on how their personal data is processed.
(b) This right may apply where:
(i) the accuracy of the data is contested;
(ii) processing is unlawful, but the individual does not wish for the data to be deleted; or
(iii) the data subject has objected to processing.
(c) During the restriction period, Automata Leads will not process the data except for legally permitted reasons.

16.6 Right to Data Portability
(a) Where technically feasible, individuals may request that their personal data be provided in a structured, commonly used, and machine-readable format.
(b) Individuals may also request that Automata Leads transfer their data directly to another data controller, where applicable.

16.7 Right to Object to Processing
(a) Individuals may object to the processing of their personal data for:
(i) direct marketing;
(ii) automated decision-making; or
(iii) profiling purposes.
(b) If an objection is raised, Automata Leads will cease processing unless compelling legitimate grounds override the individual’s rights.

16.8 Right to Withdraw Consent
(a) Where processing is based on consent (e.g., marketing communications), individuals have the right to withdraw their consent at any time.
(b) Upon withdrawal, Automata Leads will cease further processing for that specific purpose.

16.9 Exercising Data Subject Rights
(a) To exercise any of the rights set out in this section, individuals may submit a request to Automata Leads via the designated privacy contact channels outlined in this policy.
(b) Requests will be handled in compliance with applicable legal timelines, and identity verification may be required to process requests securely.

16.10 Automata Leads is committed to ensuring that all data subject rights are respected and processed transparently, in full compliance with global data protection laws.

 

 

17. User Choice & Opt-Out Mechanism

17.1 Right to Object to Data Processing
Individuals have the right to object to the processing of their personal data where such processing is conducted on the basis of legitimate interests, including but not limited to automated decision-making, profiling, or analytics used for targeted marketing purposes.

17.2 Opting Out of Marketing Communications
Automata Leads provides individuals with the ability to opt out of direct marketing communications at any time. Opt-out requests can be made by:

  • Using the unsubscribe link provided in marketing emails
  • Adjusting communication preferences within their account settings (where applicable)
  • Sending a request to privacy@automataleads.com with the subject line “Opt-Out Request”

Once an opt-out request is received, Automata Leads will cease sending marketing communications to the individual, except where required for contractual or legal obligations.

17.3 Opting Out of Automated Processing & Analytics
Where legally required, individuals may opt out of non-essential automated data processing, including:

  • AI-driven lead scoring and profiling
  • Personalised recommendations and prospecting
  • Data analytics for advertising and behavioural tracking

Requests to opt out of these processing activities can be submitted via privacy@automataleads.com. Opting out may limit the individual’s ability to receive personalised services and recommendations.

17.4 Opting Out of Data Monetisation & Insights Sharing
Where Automata Leads engages in non-personal data monetisation (e.g., sharing aggregated insights with industry partners), individuals may request exclusion from any datasets containing their de-identified or anonymised data by submitting a formal request.

Requests related to data monetisation must be directed to privacy@automataleads.com, specifying the nature of the opt-out. Due to the nature of aggregated data, Automata Leads may not always be able to fulfil opt-out requests if the data is already anonymised beyond re-identification.

17.5 Legal Exceptions & Regulatory Compliance
Opting out of data processing does not apply where Automata Leads is legally obligated to retain or process personal data for:

  • Regulatory compliance (e.g., fraud prevention, AML, tax reporting)
  • Contractual fulfilment (e.g., service provision, billing)
  • Security & risk management (e.g., threat detection, platform integrity)

Opt-out requests will be reviewed in accordance with GDPR (EU/UK), CCPA (US), ADGM (UAE), and other applicable legal frameworks.

17.6 Timeframe for Processing Opt-Out Requests
Automata Leads will process opt-out requests within 30 days of receipt, in compliance with relevant data protection laws. In cases requiring verification of identity, additional documentation may be requested.

 

18. Compliance with Regional Laws

18.1 Automata Leads operates as a global business and ensures strict compliance with applicable data protection regulations in all jurisdictions where it processes personal data.

18.2 United Kingdom & European Union (GDPR)
(a) Automata Leads adheres to the General Data Protection Regulation (GDPR) in the United Kingdom (UK) and the European Union (EU).
(b) All processing activities are governed by the principles of lawfulness, fairness, and transparency.
(c) Personal data is processed only when a valid legal basis exists, and individuals' rights under GDPR are fully respected.
(d) Automata Leads implements stringent data security, access controls, and accountability measures to ensure ongoing compliance.

18.3 United States (CCPA & Other US Laws)
(a) For individuals residing in California, Automata Leads complies with the California Consumer Privacy Act (CCPA) and other relevant US privacy laws.
(b) This includes providing clear opt-out mechanisms and ensuring that users have the right to access, delete, or restrict the processing of their personal data.
(c) Automata Leads does not sell personal data and upholds transparency regarding data collection, storage, and usage.
(d) Compliance extends to federal and state-level regulations, including the US Privacy Shield Framework where applicable.

18.4 United Arab Emirates (ADGM Data Protection Regulations)
(a) Within the United Arab Emirates (UAE), Automata Leads ensures full compliance with the Abu Dhabi Global Market (ADGM) Data Protection Regulations.
(b) These regulations align closely with international standards such as GDPR, ensuring lawful processing, data minimisation, and strict security safeguards.
(c) Cross-border data transfers comply with ADGM-approved mechanisms and international data protection frameworks.

18.5 Automata Leads monitors regulatory developments across these regions and updates its policies and practices accordingly.
18.6 Compliance is a continuous priority, ensuring that users’ privacy rights are respected and all data processing activities remain lawful and transparent.

 

19. Contact and Complaints Handling

19.1 Automata Leads is committed to ensuring that all personal data is processed in compliance with applicable data protection laws and best practices.

19.2 If you have any questions, concerns, or requests regarding this Data Protection Policy, you may contact our Data Protection Officer (DPO) at:

Email: privacy@automataleads.com

19.3 Individuals who wish to exercise their data protection rights under GDPR, CCPA, ADGM regulations, or other applicable laws may submit a request via email.

19.4 If you believe that your data protection rights have been violated, you have the right to lodge a formal complaint with the appropriate data protection authority in your jurisdiction:
(a) United Kingdom & EU: Contact the UK Information Commissioner’s Office (ICO) or the relevant Data Protection Authority (DPA) in your EU member state.
(b) United States (CCPA): File a complaint with the California Attorney General’s Office or the relevant state-level privacy regulator.
(c) United Arab Emirates (ADGM): Submit a complaint to the Office of Data Protection at the Abu Dhabi Global Market (ADGM).

19.5 Automata Leads takes all complaints seriously and will promptly investigate and respond in accordance with applicable laws and regulatory requirements.

 

20. Policy Updates and Regular Review

20.1 Automata Leads reserves the right to update or amend this Data Protection Policy at any time to reflect changes in legal, regulatory, operational, or business requirements.

20.2 The policy will be reviewed and updated annually, or as needed, to ensure it remains current and effective in addressing data protection challenges.

20.3 Updates will be made in compliance with relevant data protection laws, and the latest version will always be available on the official Automata Leads website.

20.4 Any significant updates will be communicated to all stakeholders through appropriate channels, such as:
(a) Email notifications,
(b) Platform notifications, or
(c) Other legally required communication methods.

20.5 By continuing to use Automata Leads’ services after updates are published, users agree to be bound by the latest version of this Data Protection Policy.