B2B Lead Supplier Due Diligence
B2B Lead Supplier Due Diligence
Internal Use
As part of our due diligence, we require companies that list manage data to supply Leadscale
campaigns to complete this questionnaire and provide the requested evidence. Thank you in
advance for taking the time to complete it. In this agreement, references to “I” and “my”
mean you and your company (if a sole-trader) or the business you work for (if completing on
behalf of a business).
Please note: this is a dynamic questionnaire, so if fields do not appear it will be because of
answers that you have previously given, and the questions are therefore not applicable to you.
YOUR DETAILS
Your Name: [email protected]
Both
LEADSCALE IS THE PARENT OF LEADSCALE ENGINE, LEADSCALE LABS, LEADSCALE SERVICES AND LEADSCALE HOLDINGS
REGISTERED OFFICE: UNIT 1, 6 OWEN STREET, LONDON, EC1V 7JX
REGISTERED IN ENGLAND AND WALES
LEADSCALE LIMITED | COMPANY NUMBER: 08650664 | VAT NUMBER: GB187 730083
DocuSign Envelope ID: 9B4E9AE1-F950-4F63-BE7C-F5337196D98B
Internal Use
a. Please provide full list of capture points where you capture data for use in marketing
(landing pages, LinkedIn etc)
(https://www.exellius.com),(https://www.humanresources-tech.online),(
https://www.manufact-tech.online),(https://www.info-tech.online),(htt
ps://www.channel-tech.online),(https://www.finance-tech.online),(http
s://www.healthcare-tech.online),(https://www.transport-tech.online),(
https://www.engineering-tech.online),(https://www.entertainment-tech.
online),(https://www.nonprofit-tech.online)
5. Do you conduct Legitimate Interest Assessments (LIAs) to ensure that your processing is
lawful?
Yes
b. Please provide evidence of a legitimate interest assessment for the work you are
going to be carrying out for the company/ies identified on the first page
6. Do you specifically name the third party(ies) who you will be marketing on behalf of?
Yes
7. Do you specifically name the category of companies who you will be marketing on behalf of?
Yes
8. Do your capture points clearly highlight your Privacy Policy/Data Protection statements?
Yes
9. Where are they placed on your data capture points? At what point are they stated/referred
to during a telemarketing call?
Our privacy policy and data protection statements are prominently
displayed on our websites, in the footer of our emails, and at the
point of data capture on any online forms (often above the final
submission CTA). During a telemarketing call, the privacy policy and
data protection statements will be stated and referred to at the
beginning of the call, with a callback during the closure.
a. If so, do you make a clear link back to the main organisational trading name/brand?
Yes
11. At the point of data capture, do you clearly identify yourself and/or the organisation on
whose behalf you are obtaining personal data, the purpose for the data capture, together
with other information so to guarantee fair processing?
Yes
DocuSign Envelope ID: 9B4E9AE1-F950-4F63-BE7C-F5337196D98B
Internal Use
TELEMARKETING
1. Do you do telemarketing?
Yes
2. Do you clean telephone data against TPS and CTPS before calling?
Yes
3. Do you call telephone numbers which have been registered on TPS and CTPS for more than
28 days?
No
4. Do you specifically name third parties for future marketing consent purposes?
Yes
5. How do you document consent provided by the user over the phone?
We thoroughly document conversations with data subjects over
the phone and take detailed notes. With consent from the
subjects, we record accurate timestamps and the full content
of the discussion by employing automated call audio
recording and transcription services. We inform them of
their rights to opt-out, and the best channels to do so -
and how their information will be used, for what, and how it
will be stored. These records are then stored in secured
servers, and updated in realtime as preferred by subjects.
DATA SCREENING
1. Do you have the ability to suppress individual contact details, from email addresses to
telephone numbers and postal addresses, where an individual has asked not to be
contacted?
Yes
2. Are telephone numbers, mobile numbers, email addresses and postal addresses cleansed
against your suppression file before use?
Yes
3. Is postal address data cleansed against industry standard files before sending out direct
marketing material?
Yes
4. How do you process suppression files you receive from clients you are marketing on behalf
of?
At Exellius, client suppression files are processed in 4 consecutive
steps - (1) We start by thoroughly reviewing the included data points
to ensure that the required map fields are present. (2) We run
deduplication filters, remove invalid formats, and obsolete profile
information to further clean the list and make it 100% churnable. (3)
Cleaned suppression files are then cross-referenced against the
relevant targeted contact lists from our database, and any matching
profiles are excluded from the outreach initiatives. (4) Final
validation ensuring programs are compliant to suppression.
SUPPRESSIONS
1. Do you have automatic unsubscribe links in the body of every marketing email you send?
Yes
4. If relying on legitimate interests, do you give the opportunity to opt out of marketing when
collecting the data?
Yes
5. If received from a source other than the data subject, do you give them the opportunity to
opt out of their data being processed within a month of collecting the data?
Yes
DocuSign Envelope ID: 9B4E9AE1-F950-4F63-BE7C-F5337196D98B
Internal Use
1. Do you have a regular database validation process to ensure your data is accurate and up to
date?
Yes
a. Please describe
Yes, we do have a regular database validation process to ensure
our data is accurate and up to date. Our process includes
periodic checks for any outdated information, such as contact
information, job titles, etc. and confirms accuracy against
publicly available sources, and web channels. We also use
predictive analytics to identify trends in data and make
adjustments if needed. According to Exellius' data cleaning and
validation SOPs, every contact profile in our database is
manually validated at least once every 60 days. Any identified
AoIs, updates, or ambiguity is rectified in realtime.
2. Do you have a regular database validation process to ensure your data reflects the current
marketing preferences for each contact?
Yes
a. Please describe.
We regularly review our databases and contact data subjects at
fixed time intervals to confirm that their contact information
and preferences are up to date. Along with the software stacks
and tools that support us while validating preferences and other
contact data points, at every campaign initiation - we manually
review and validate each included profile from the targeted
lists, to ensure preferences are in line.Additionally, our
databases are thoroughly laid out with multi-level customer
marketing preference distinctions, automated in real-time from
the data subject's feedback, and are managed centrally.
3. How do you allow your database to update their preferences and ensure the information
you hold about them is accurate and up to date?
We provide 'Update Preferences' & 'Opt-Out' links over every marketing
communication, email copy, and brand landing page. Privacy Statements
and links to data security policies are included at every marketing
touch-point which states the data subject's rights to privacy, and
explicit instructions on how individuals can unsubscribe from our
mailing lists or database if they wish to do so in the future. Using the
'Update Preferences' links on our digital communications, data subjects
are enabled to update their marketing preferences in real-time, as,
users get access to a simple web form with clear instructions on how to
complete the form, and explanations around what information is needed.
With such web forms, data subjects use simple checkboxes to update their
marketing preferences, and opt-out requests, which we honor in
real-time. We also send out periodic reminder emails to your data
subjects, offering them the chance to review and update preference
DocuSign Envelope ID: 9B4E9AE1-F950-4F63-BE7C-F5337196D98B
Internal Use
JOINT-CONTROLLER ARRANGEMENT
Yes
Yes
a. How?
4. Do you have list/data rental agreements in place with all of them which cover unacceptable
use and GDPR Provisions?
DocuSign Envelope ID: 9B4E9AE1-F950-4F63-BE7C-F5337196D98B
Internal Use
5. What legal basis are they relying on for providing the data to you?
7. Do you test the validity of the consent provided? (E.g. by testing the capture form)
11. Manage and deliver direct mail marketing campaigns on your behalf?
13. How they should carry out the services you have agreed to?
17. Do you pass details of any opt-out requests or data corrections back to them?
DocuSign Envelope ID: 9B4E9AE1-F950-4F63-BE7C-F5337196D98B
Internal Use
1. What Data Protection training do you offer staff and how often?
We offer data protection training to our staff on an annual basis.
This training is designed to ensure that our staff have a full
understanding of their responsibilities as an employee and how to
handle data properly and securely. We also run refresher courses for
staff who have been trained previously, to ensure that all staff are
aware of the latest changes to the data protection laws and
practices.
2. How do you ensure your staff know where the individual’s data has come from when data
subjects ask?
We maintain detailed technographic records while acquiring every
piece of data in our systems. They include but are not limited to
timestamps, sources, IP information, etc. Using a combination of
diverse CRM systems and thoroughly labeled data sets - we ensure
that all information about data sources is easily accessible and up
to date, so that relevant staff can quickly answer questions if
they arise. We have developed clear processes for handling requests
for information about data sources, and ensure that all staff are
trained on data protection and privacy policies.
3. Do you train staff with data management responsibility on CTPS requirements?
Yes
Yes
5. Do you retain UK personal data for longer than the purpose for which it was initially
collected?
No
a. If so, what are your reasons for justifying the retention of personal data post a
marketing campaign?
7. Who is the person responsible for data protection in your organisation? Please provide their:
a. Name [email protected]
[email protected]
c. Email
I confirm that the information I have provided in this document is true and correct to the best of my
knowledge. I understand that any information that is found to be untrue or misleading will give
Leadscale the right to terminate my contract for services, and take any action required to comply
with Data Protection rules, safeguard personal data or prevent damage to Leadscale.
I confirm that Leadscale (and any of its subsidiaries) reserve the right to audit me to verify
compliance with the above terms.
I give Leadscale the right to retain a copy of this document and the contact information contained
for administrative purposes and for future reference.
In the event that Leadscale has a claim for non-compliance or damage, it may withhold any money
due to you, in whole or part, and require reasonable security for damage, legal costs and expenses
of defending any claim against Leadscale resulting from your non-compliance. You agree to
indemnify Leadscale for any costs, damage or expenses Leadscale incurs through your
noncompliance.
Any non-compliance under this agreement shall be deemed to be a breach of warranty
DocuSign Envelope ID: 9B4E9AE1-F950-4F63-BE7C-F5337196D98B
Internal Use