Effective as of November 13, 2024
Masterlead Ltd ("Masterlead", "we", "us", or "our") acts as a Data Processor for its Clients. This Processor Privacy Policy outlines how we process personal data on behalf of our Clients, safeguard data, and comply with the General Data Protection Regulation (EU 2016/679, "GDPR"), the UK Data Protection Act 2018, and applicable Dutch data protection laws
This policy formalises the terms under which Masterlead processes personal data on behalf of Clients and aligns with Masterlead's agreements, including the Master Service Agreement (MSA), Data Processing Agreement (DPA), and related Supporting Agreements
Masterlead Ltd is a UK-registered company (Reg No: 15782862) with its principal office at Bayham Abbey East, Tunbridge Wells, TN3 8BG, UK. We provide sustainability-focused software solutions, including proprietary AI-powered agents such as Alex AI, Emma, Tom, and others.
For inquiries about this policy or data privacy concerns, contact us at:
1.1 Email: privacy@masterlead.ai
1.2 Address: Bayham Abbey East, Tunbridge Wells, TN3 8BG, UK
This Processor Privacy Policy applies to personal data processed by Masterlead in its capacity as a Data Processor for its Clients. It does not cover personal data processed by Masterlead in its capacity as a Data Controller (e.g., data relating to Masterlead employees or business operations).
We process personal data strictly based on documented instructions provided by our Clients (Data Controllers).
The Client determines the purposes and means of processing, ensures compliance with GDPR and Dutch data protection laws, and provides the necessary privacy notices to data subjects.
Masterlead will not process personal data for its own purposes or make independent decisions about the processing of data
Masterlead processes the following categories of personal data on behalf of its Clients:
4.1.1 Contact details (e.g., names, phone numbers, email addresses).
4.1.2 Transactional data (e.g., quotes, invoices, payment statuses).
4.1.3 Communication data (e.g., call recordings, emails, WhatsApp messages).
4.1.4 Sustainability-specific data (e.g., energy usage, property details).
Logs of interactions with Masterlead systems, including timestamps, IP addresses, and device information.
Data generated by AI Agents (e.g., Alex AI, Emma, Tom) during client communications, lead interactions, or sustainability calculations.
Masterlead processes personal data for the following purposes:
5.1 Facilitating and supporting Client operations.
5.2 Providing AI-driven solutions, including customer engagement, lead management, and sustainability assessments.
5.3 Conducting analytics, system improvements, and operational insights
5.4 Supporting Clients' regulatory compliance (e.g., GDPR, Dutch laws).
Masterlead engages third-party Sub-Processors, including:
6.1.1 BTI Ltd (Pakistan): Software development and maintenance.
6.1.2 AWS (USA): Cloud hosting services
6.1.3 ElevenLabs: AI-powered transcription and voice solutions.
All international transfers comply with GDPR Chapter V requirements and are safeguarded by:
6.2.1 Standard Contractual Clauses (SCCs).
6.2.2 Transfer Impact Assessments (TIAs).
Clients are informed of all Sub-Processors and have the right to object to their use as outlined in the DPA.
We implement robust technical and organisational measures to protect personal data, including:
7.1 Encryption of data in transit and at rest.
7.2 Role-based access controls and regular reviews.
7.3 Ongoing penetration testing and vulnerability assessments
As a Data Processor, Masterlead assists its Clients in fulfilling their obligations to data subjects, including:
8.1 Accessing, rectifying, or erasing personal data.
8.2 Restricting processing or enabling data portability.
8.3 Objecting to automated decision-makings.
All data subject requests must be directed to the relevant Client (Data Controller).
9.1 Retention: Masterlead retains personal data only for the duration agreed with the Client or as required by law.
9.2 Deletion: Upon termination of the MSA or at the Client's request, we securely delete or return all personal data.
In the event of a data breach, Masterlead will:
10.1.1 Notify the Client within 24 hours of discovery.
10.1.2 Provide details of the breach, containment measures, and a remediation plan.
Masterlead will assist the Client in meeting their legal obligations for breach notification to regulators or data subjects.
Clients must:
11.1 Ensure personal data shared with Masterlead is lawfully obtained.
11.2 Obtain any necessary consents or provide notices to data subjects.
11.3 Maintain compliance with GDPR and other applicable laws.
This Processor Privacy Policy is governed by the laws of the United Kingdom. Any disputes shall be resolved under the exclusive jurisdiction of the courts of England and Wales.
For questions or concerns, contact:
Masterlead Ltd
Email: privacy@masterlead.ai
Address: Bayham Abbey East, Tunbridge Wells, TN3 8BG, UK
We may update this Privacy Policy from time to time. Changes will be posted on our website with the effective date clearly indicated.
This Privacy Policy is effective as of 13th November 2024.
15.1 Training Assurance: Masterlead confirms that all employees handling personal data receive regular GDPR training.
15.2 Incident Reporting: Clients will be informed of non-compliance incidents involving Sub-Processors.
15.3 Cooperation Clause: Masterlead will cooperate fully with any Data Protection Authority inquiry involving its processing activities
16.1 Purpose of Gmail Integration: Masterlead provides an email integration feature within its software, allowing Client staff to access and use their Gmail accounts within the Masterlead Software. This integration is designed to improve communication efficiency and streamline business workflows
16.2 Data Access and Processing: By enabling Gmail integration, the Client consents to Masterlead accessing and processing the following Gmail data strictly for functional purposes:
16.2.1 Email metadata (e.g., sender, recipient, timestamps).
16.2.2 Email body content (only when composing, sending, or retrieving emails via the integration).
16.2.3 Attachments (if explicitly accessed for sending or receiving).
16.2.4 Masterlead will only access Gmail data after obtaining explicit consent from the Client's authorised users. Users can revoke this access at any time via Google Account Security Settings.
16.3 Restrictions on Data Use:Masterlead will:
16.3.1 Not use Gmail data for advertising or marketing purposes.
16.3.2 Not store Gmail emails beyond what is necessary for functionality.
16.3.3 Not share Gmail data with third parties except as required by law or with the Client's consent.
16.3.4 Not allow human access to Gmail content except when required for security, compliance, or user support.
16.3.5 Gmail data is processed programmatically. No human personnel at Masterlead will access Gmail data unless explicitly required for security investigations, compliance audits, or legal obligations.
16.4 Google API Compliance:
Masterlead complies with Google API Services User Data Policy, including:
16.4.1 Limited Use: Gmail data is used solely for the purpose of enabling email functionality.
16.4.2 Security Standards: Strong encryption, access controls, and audit logs protect Gmail data.
16.4.3 User Control: Clients can enable/disable Gmail integration at any time.
16.4.4 OAuth 2.0 Security: Masterlead securely stores OAuth 2.0 access tokens using industry-standard encryption. Tokens are used strictly for authentication and never for unauthorised access to Gmail accounts.
16.4.5 Compliance with Google's Limited Use Policy: : Masterlead strictly adheres to Google's Limited Use Policy, ensuring that Gmail data is processed only for direct user benefit, never for ad targeting, profiling, or analytics unrelated to service provision.
16.5 Client and Staff Consent:
16.5.1 The Client must obtain consent from its staff before enabling Gmail integration.
16.5.2 Each staff member will explicitly grant permission to connect their Gmail accounts to Masterlead Software.
16.6 Opt-Out and Revocation: Clients and their staff may revoke Gmail access at any time through their Google account settings or within the Masterlead Software settings.
Users can revoke Masterlead's access to their Gmail account by:
16.6.1 Visiting their Google Account Security Settings at: https://myaccount.google.com/permissions.
16.6.2 Removing Masterlead's permissions under "Third-Party Apps with Account Access."
16.6.3 Contacting privacy@masterlead.ai if you need assistance with disabling Gmail integration.
This Processor Privacy Policy is effective as of 13th November 2024.