Privacy Policy

Effective: June 11, 2025

Last updated: March 11, 2026

1. Introduction

Genuinelink B.V. ("we," "us," "our," or "Company") is committed to protecting your privacy and personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our LinkedIn outreach platform ("Service").

This policy complies with the General Data Protection Regulation (GDPR) (EU) 2016/679 and the Dutch Implementation Act (Uitvoeringswet AVG).

2. Data Controller

Genuinelink B.V. is the data controller for personal data processed under this Privacy Policy. We are established in the Netherlands. Contact us at [email protected].

3. Information We Collect

3.1 Personal Information You Provide

  • Account Information: Name, email address, company name, job title
  • Payment Information: Billing address, payment method details (processed by third-party payment processors)
  • Profile Information: LinkedIn profile data, professional information
  • Communication Data: Messages, support requests, feedback
  • Content Data: Campaign messages, lead information, analytics data

3.2 Information We Collect Automatically

  • Usage Data: How you interact with our Service, features used, time spent
  • Device Information: IP address, browser type, operating system, device identifiers
  • Log Data: Server logs, error reports, performance data
  • Cookies and Tracking Technologies: As detailed in our Cookie Policy

3.3 Information from Third Parties

  • LinkedIn Data: Profile information, connection data, message history (via authorized API access)
  • Third-Party Integrations: Data from integrated services necessary for Service functionality
  • Public Information: Information available on professional networks and public databases

4. Legal Basis for Processing (GDPR Article 6)

We process your personal data based on the following legal grounds:

4.1 Contract Performance (Article 6(1)(b))

  • Providing the Service and its features
  • Processing payments and subscriptions
  • Customer support and account management

4.2 Legitimate Interest (Article 6(1)(f))

  • Service improvement and development
  • Security and fraud prevention
  • Marketing communications (with opt-out option)
  • Analytics and performance monitoring

4.3 Consent (Article 6(1)(a))

  • Marketing communications (where required)
  • Non-essential cookies and tracking
  • Additional data processing beyond core service

4.4 Legal Obligation (Article 6(1)(c))

  • Compliance with applicable laws and regulations
  • Tax and accounting requirements
  • Legal proceedings and investigations

5. How We Use Your Information

5.1 Service Provision

  • Deliver and maintain the Service
  • Process and personalize LinkedIn outreach campaigns
  • Generate AI-powered content and recommendations
  • Provide analytics and reporting features

5.2 Communication

  • Send service-related notifications and updates
  • Respond to your inquiries and support requests
  • Send marketing communications (with your consent)

5.3 Business Operations

  • Improve and develop our Service
  • Conduct research and analytics
  • Prevent fraud and ensure security
  • Comply with legal obligations

5.4 AI Processing and Profiling

  • AI Model Training: Train and improve our AI models using anonymized and pseudonymized data
  • Content Generation: Generate personalized messages and recommendations using AI algorithms
  • Performance Analysis: Analyze campaign performance and effectiveness through AI-driven insights
  • Profiling Activities: Create user profiles for personalization and service improvement
  • Bias Mitigation: Implement safety filters and bias detection to ensure fair AI processing
  • Human-in-the-Loop: Maintain human oversight for critical AI decisions affecting data subjects

6. Data Sharing and Disclosure

6.1 Third-Party Service Providers

We share data with trusted third-party providers who assist in Service delivery:

  • Cloud Infrastructure Providers: For hosting and data storage
  • Payment Processors: For billing and payment processing
  • Analytics Providers: For usage analysis and improvement
  • Communication Services: For email and notification delivery
  • LinkedIn Integration Partners: For authorized data access

Sub-Processor List: For a current list of our sub-processors, visit: [SUB_PROCESSOR_LIST_URL]

6.2 Sub-Processor Changes

We will notify you of any changes to our sub-processors via email at least 30 days in advance. You may object to new sub-processors within 30 days of notification. If you object and we cannot provide a reasonable alternative, you may terminate the affected service.

6.2 Business Transfers

We may share data in connection with mergers, acquisitions, or asset sales, with appropriate safeguards.

6.3 Legal Requirements

We may disclose data when required by law, court order, or to protect our rights and safety.

6.4 Law Enforcement Requests

We may receive requests from law enforcement or government agencies for user data. Our policy is to:

  • Verify Legality: Ensure requests are legally valid and properly authorized
  • Minimize Disclosure: Provide only the minimum data necessary to comply
  • Notify Users: Inform affected users when legally permitted (unless prohibited by gag order)
  • Challenge Invalid Requests: Contest requests that appear overbroad or invalid
  • Transparency Reporting: Publish annual transparency reports on government requests

6.5 Consent-Based Sharing

We may share data with your explicit consent for specific purposes.

7. Data Security

7.1 Technical Safeguards

  • Encryption: Data encrypted in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access with multi-factor authentication
  • Network Security: Firewalls, intrusion detection, and monitoring
  • Regular Updates: Security patches and system updates

7.2 Organizational Safeguards

  • Staff Training: Regular privacy and security training
  • Data Minimization: Collecting only necessary data
  • Retention Policies: Automatic deletion of expired data
  • Incident Response: Procedures for security breaches

7.3 Third-Party Security

We ensure all third-party providers maintain appropriate security standards and sign data processing agreements.

8. Data Retention

8.1 Retention Periods

The following table details our data retention periods:

| Data Category | Retention Period | Legal Basis | Deletion Method | |---------------|------------------|-------------|-----------------| | Account Data | Active + 2 years | Contract performance | Automated + manual | | Campaign Data | 3 years | Analytics/legitimate interest | Automated | | Payment Data | 7 years | Tax law compliance | Automated | | Support Data | 2 years after resolution | Legitimate interest | Automated | | Log Data | 1 year | Security/legitimate interest | Automated | | Marketing Data | Until consent withdrawn | Consent | Manual | | AI Training Data | Anonymized indefinitely | Legitimate interest | Pseudonymization | | Backup Data | 30 days after primary deletion | Technical necessity | Automated |

8.2 Deletion Process

  • Automatic Deletion: Based on retention schedules and technical triggers
  • Manual Deletion: Upon account closure or data subject request
  • Secure Deletion: Using industry-standard methods (NIST 800-88)
  • Backup Cleanup: Backup data deleted within 30 days of primary deletion
  • Verification: Deletion verified and documented

9. Your Rights (GDPR Chapter III)

9.1 Right of Access (Article 15)

You can request a copy of your personal data and information about how it's processed.

9.2 Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data.

9.3 Right to Erasure (Article 17)

You can request deletion of your personal data in certain circumstances.

9.4 Right to Restrict Processing (Article 18)

You can request limitation of processing in certain circumstances.

9.5 Right to Data Portability (Article 20)

You can request a copy of your data in a structured, machine-readable format.

9.6 Right to Object (Article 21)

You can object to processing based on legitimate interests or for marketing purposes.

9.7 Rights Related to Automated Decision-Making (Article 22)

You have rights regarding automated decision-making and profiling.

9.8 How to Exercise Your Rights

Contact us at [email protected] with your request. We will respond within 30 days.

10. International Data Transfers

10.1 Adequacy Decisions

We transfer data to countries with adequate data protection as determined by the European Commission.

10.2 Appropriate Safeguards

For transfers to countries without adequacy decisions, we use:

  • Standard Contractual Clauses (SCCs)
  • Binding Corporate Rules
  • Certification schemes

10.3 Specific Safeguards

  • Data Processing Agreements with all processors
  • Regular security assessments
  • Data localization where required

11. Cookies and Tracking Technologies

11.1 Types of Cookies We Use

  • Essential Cookies: Required for Service functionality
  • Analytics Cookies: For usage analysis and improvement
  • Marketing Cookies: For personalized advertising (with consent)
  • Preference Cookies: For user settings and preferences

11.2 Cookie Management

You can control cookies through your browser settings or our cookie consent banner.

11.3 Third-Party Cookies

We use third-party services that may set their own cookies. See our Cookie Policy for details.

12. Children's Privacy

Our Service is not intended for children under 16. We do not knowingly collect personal data from children under 16. If we become aware of such collection, we will delete the data immediately.

13. Data Breach Notification

In case of a data breach that poses a risk to your rights and freedoms, we will:

  • Notify the supervisory authority within 72 hours
  • Notify affected individuals without undue delay
  • Provide information about the breach and protective measures

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically. We will:

  • Notify you of material changes via email or Service notification
  • Post the updated policy on our website
  • Update the "Last Updated" date

15. Supervisory Authority

You have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens):

Autoriteit Persoonsgegevens
Bezuidenhoutseweg 30
2594 AV Den Haag
Netherlands
Website: https://autoriteitpersoonsgegevens.nl

16. International Add-Ons

16.1 California Consumer Privacy Act (CCPA/CPRA)

If you are a California resident, you have additional rights under the CCPA/CPRA:

16.1.1 Categories of Personal Information

We collect the following categories of personal information:

  • Identifiers: Name, email, IP address, device identifiers
  • Commercial Information: Purchase history, service usage, preferences
  • Internet Activity: Browsing history, interactions with our Service
  • Professional Information: Job title, company, LinkedIn profile data
  • Inferences: AI-generated profiles and preferences

16.1.2 Purposes of Collection

  • Provide and improve our Service
  • Personalize content and recommendations
  • Process payments and transactions
  • Communicate with you
  • Comply with legal obligations

16.1.3 Your Rights

  • Right to Know: Request information about personal information collected
  • Right to Delete: Request deletion of personal information
  • Right to Correct: Request correction of inaccurate information
  • Right to Opt-Out: Opt out of sale or sharing of personal information
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights

16.1.4 Do Not Sell/Share

We do not sell personal information. We may share information with service providers for business purposes.

16.1.5 Opt-Out Rights

To opt out of the sale or sharing of personal information, visit: [OPT_OUT_LINK]

16.2 UK GDPR Addendum

For UK residents, the following additional provisions apply:

16.2.1 UK Data Protection Authority

The UK supervisory authority is the Information Commissioner's Office (ICO):

  • Website: https://ico.org.uk
  • Phone: 0303 123 1113
  • Address: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire SK9 5AF

16.2.2 International Transfers

For transfers from the UK, we use:

  • UK International Data Transfer Agreement (IDTA)
  • UK Addendum to EU Standard Contractual Clauses
  • Adequacy decisions where applicable

16.2.3 UK-Specific Rights

UK residents have the same rights as EU residents under UK GDPR, including:

  • Right of access, rectification, erasure
  • Right to restrict processing and data portability
  • Right to object to processing
  • Rights related to automated decision-making

17. Chrome Browser Extension

If you use the GenuineLink Chrome browser extension (Manifest V3) to connect your LinkedIn account to your GenuineLink company workspace, additional processing applies that is specific to that Extension. The Extension reads LinkedIn session cookies and your logged-in profile only when you initiate account linking; it does not collect LinkedIn passwords, messages, or third-party profile data.

For full details — including Chrome permissions, data collected, retention, and your choices — see our Chrome Extension Privacy Policy.

18. Contact Information

For privacy-related questions or requests, contact us at [email protected].


This Privacy Policy is effective as of June 11, 2025 and was last updated on March 11, 2026.