Sign Up for Free
Sign in

GDPR Statement

Last Updated:
November 8, 2023

The European General Data Protection Regulation (GDPR) has come into effect on 25 May 2018. This article details GDPR compliance of Icypeas (https://www.icypeas.com). We wanted to provide a clear document detailing the 12 points of GDPR.

For the purposes of this document SERVICE means Icypeas. WE means the company providing the SERVICE as per point 12.

Icypeas's data is stored in the European Union, specifically in Roubaix, France. In situations where it is transferred and stored in the USA, sub-processors are on the certified EU-US Privacy Shield framework.

Sub-processors: We use a number of sub-processors which have confirmed their GDPR compliance.

  • Sub-processor: SendGrid  |  Location: USA  |  Purpose: Email Notifications
  • Sub-processor: OVH  |  Location: France  |  Purpose: Hosting Provider
  • Sub-processor: Freshdesk  |  Location: EU  |  Purpose: Support Platform, Ticket Management
  • Sub-processor: Google Cloud  |  Location: USA  |  Purpose: Internal Emailing and Collaborative Suite
  • Sub-processor: Customer.io  |  Location: USA  |  Purpose: Internal Emailing and Collaborative Suite

1. Awareness

Our employees, responsible for infrastructure, software development and support are fully aware of the concepts and principles of GDPR.

2. Information we hold

2.1 Customer Data

  • Email address, phone number, full name, company name
  • IP address, user agent
  • Payment and invoicing details

2.2 Prospect Data

  • Email address, phone number, full name, company name, firmographics, technographics

3. Communicating privacy information

Our privacy and terms are clearly communicated in our Privacy Policy and our Terms of Service.

4. Individuals’ rights

  • The right to be informed; we clearly inform our customers how we use their data via our clear Privacy Policy.
  • The right of access; our customers can access all of their data through our web application.
  • The right to rectification; our customers may Contact Us with any rectification queries.
  • The right to erasure; our customers may Contact Us with any erasure queries.
  • The right to restrict processing; our customers have the right, under certain circumstances, to restrict the processing of their data. In this case, we will not process their data for any purpose other than storing it.
  • The right to data portability; our customers may Contact Us to request a copy of their data in a common format.
  • The right to object; our customers may Contact Us with any objections.
  • The right not to be subject to automated decision-making including profiling; we do not and have no plans to do this.

5. Subject access requests

  • We reply to all access requests within 4 weeks (the legal limit from GDPR is 1 month).
  • All access requests are free of charge.

6. Lawful basis for processing personal data

2.1 Customer Data

User Content is the lawful basis for any processing.

2.2 Prospect Data

Legitimate interest is the lawful basis for any processing.

Processing of Prospect Data is necessary for the performance of our contractual obligations towards you and providing you with our services, to protect our legitimate interests and to comply with our legal obligations. Processing of Public Data is done in accordance with our legitimate interest, as long as such interest does not override your fundamental rights and freedom.

7. Consent

Consent is provided by our customers when signing up for the service and logged by us.

8. Children

This service is not available to Children (under the age of 13). Our product is strictly B2B (business-to-business).

9. Data breaches

Upon request, we will provide you with a detailed description of our security policy. We will notify customers and the relevant supervisory authority within 72 hours of a breach.

10. Data Protection by Design and Data Protection Impact Assessments

Security and Data Privacy always comes first when implementing new features. Our Data Protection Officer is involved at every stage of development.

11. Data Protection Officer

For the purposes of Icypeas and related services, our Data Protection Officer is:

12. International

We operate and are established in Paris, France. Our supervisory authority is the CNIL (Commission nationale de l'informatique et des libertés) based in Paris, France.

  • Legal Address: 31 rue Victor Massé, Paris 75009, France
  • Main office: 31 rue Victor Massé, Paris 75009, France
  • Company No: 809606700 (registered in France)

Companies using the Service and handling European user data (people living in the EU) may need to sign a Data Processing Agreement (DPA), as part of GDPR requirements. You can find your DPA upon request (admin users only) at support@icypeas.com, including instructions on how to sign and return it.

Company
About UsContactPR Kit
Resources
BlogKnowledge BaseCustomer Stories
Product
FeaturesIntegrations
Social
LinkedinXGithub
Benchmarks
The Best Email Finders in 2025
The Best Email Verifiers in 2025
Compare
Findymail AlternativeAnymailfinder Alternative
© 2025 Icypeas. All rights reserved.
Designed by LoudFace