This Privacy Policy explains how Applybird Technologies Private Limited ("Applybird", "we", "our" or "us") collects, uses, discloses, transfers and otherwise processes personal data, and the rights available to individuals whose data we process.
It applies to:
By using the Website or the Services, you acknowledge that you have read and understood this Policy. Where we rely on your consent, we will obtain it separately and as required by applicable law.
Data controller / Data Fiduciary:
Grievance Officer (required under India's Digital Personal Data Protection Act, 2023):
EU / UK representative (Article 27 GDPR / UK GDPR): Where Article 27 applies to our processing of EEA or UK personal data, we are required to designate a representative in those territories. Applybird is in the process of appointing such a representative; in the meantime, EEA and UK individuals may contact us at privacy@applybird.co.
Data Protection Officer: We have not appointed a Data Protection Officer. You may direct any privacy question to privacy@applybird.co.
The capacity in which we act depends on the activity:
Because these roles carry different obligations, we identify our role on a per-activity basis and apply the corresponding safeguards.
For convenience, "personal data" (also "personal information") means any information relating to an identified or identifiable individual. "Data Principal" (India) and "data subject" (EU/UK) both refer to the individual to whom personal data relates; we use these terms interchangeably. "Processing" means any operation performed on personal data, such as collection, storage, use, disclosure or erasure.
Depending on the Service and the source, we may process the following categories of personal data. The majority of the data in our data products is business and professional contact information relating to individuals in their professional capacity.
The personal data contained in our data products is limited to the following business contact fields, relating to individuals in their professional capacity:
We do not collect or hold any other category of personal data in our data products.
Where a customer uses our fraud-detection functionality, the customer provides us with certain transaction signals relating to its own end users so that we can help assess the risk of fraud. These signals are used only for fraud detection and for no other purpose, and they do not form part of our data products. They consist of:
We process these signals as a processor / Data Processor acting on the documented instructions of the customer (which is the controller / Data Fiduciary for this data). We do not use them to build, enrich, update or supplement our data products, and we do not retain them beyond what is necessary for the fraud-detection purpose.
We obtain personal data from the following categories of sources:
We take reasonable steps to assess that the personal data we acquire from third parties was collected lawfully and that we are permitted to use and onward-supply it.
We use personal data only where we have a lawful basis to do so. Where the GDPR/UK GDPR applies, our legal bases are: consent; performance of a contract; compliance with a legal obligation; protection of vital interests; or our legitimate interests (or those of our customers), provided these are not overridden by the individual's interests or rights. Where India's DPDP Act applies, we process personal data on the basis of consent or a recognised legitimate use as defined by that Act.
| Purpose | Description | Legal basis (GDPR / UK GDPR) |
|---|---|---|
| Providing the Services | Operating, delivering and supporting the products you use, including matching, verification and enrichment requested by customers. | Performance of a contract; legitimate interests in operating our business. |
| Building and maintaining our data products | Compiling, structuring, updating and quality-checking professional contact data, primarily relating to individuals acting in a business capacity. | Legitimate interests (providing B2B information services), subject to a documented balancing assessment and to the individual's right to object. |
| Account management and billing | Creating accounts, authenticating users, invoicing and processing payments. | Performance of a contract; compliance with legal obligations (e.g. tax). |
| Communications and support | Responding to enquiries and providing customer support. | Performance of a contract; legitimate interests. |
| Marketing | Sending business communications about our Services to professional contacts and prospects. | Consent where required; otherwise legitimate interests. You can opt out at any time. |
| Security, fraud prevention and integrity | Protecting our systems, customers and the public against misuse, fraud and abuse. | Legitimate interests; compliance with legal obligations. |
| Fraud detection service (on behalf of customers) | Processing the transaction signals supplied by a customer (IP address, user-agent, transaction timestamp and amount) solely to help that customer detect and prevent fraud. We do not use these signals for any other purpose. | We act as a processor on the customer's documented instructions. The legal basis is determined by the customer as controller โ typically its legitimate interests in preventing fraud and/or compliance with its legal obligations. |
| Compliance and legal claims | Meeting legal and regulatory obligations and establishing, exercising or defending legal claims. | Compliance with legal obligations; legitimate interests. |
Where we rely on consent, you may withdraw it at any time (this does not affect processing carried out before withdrawal). Where we rely on legitimate interests, you have the right to object (see Section 11). We maintain a record of our legitimate-interests assessments and can provide a summary on request.
Much of the data in our data products is not collected directly from the individual. Where the GDPR applies and we obtain personal data from sources other than the individual, we comply with our information obligations (Article 14 GDPR) by, among other measures: making this Privacy Policy publicly available; identifying the categories of data and the categories of sources (Sections 5 and 6); and providing the required information to individuals within the time limits set by law, except where a recognised exemption applies (for example, where this would be impossible or involve disproportionate effort, in which case we take appropriate alternative measures, including publishing this Policy).
We may share personal data with:
We require recipients to handle personal data consistently with this Policy and applicable law. We do not permit the use of our data products for purposes prohibited by our Permissible Use Policy.
We are based in India and may store and process personal data in India and in other countries where we or our service providers operate. These countries may have data-protection laws that differ from those of your country.
Where we transfer personal data internationally and the GDPR/UK GDPR applies, we use a recognised transfer mechanism, such as the European Commission's Standard Contractual Clauses (and the UK Addendum where relevant), an adequacy decision, or another lawful safeguard, together with any supplementary measures required. A copy of the relevant safeguards can be requested at privacy@applybird.co.
Where India's DPDP Act applies, cross-border transfers are made in accordance with that Act and any applicable government notifications.
Subject to applicable law and to verification of your identity, you may have the following rights. The exact rights depend on which law applies to you.
Residents of certain US states may have rights to know, access, correct, delete, and to opt out of the "sale" or "sharing" of personal information and of certain targeted advertising and profiling. We honour verified requests as required by the applicable state law.
We do not discriminate against individuals for exercising their privacy rights.
To exercise any right, or to request that we suppress or delete your information from our data products, contact:
We will respond within the timeframes required by applicable law. We may need to verify your identity before acting, and we will explain our decision if we are unable to fulfil a request in whole or in part. Access is normally provided free of charge, except where the law permits a reasonable fee for manifestly unfounded or excessive requests.
Marketing opt-out: You can unsubscribe from our marketing at any time using the link in our emails or by contacting us.
Our Website does not use cookies, pixels, web beacons or other tracking technologies. We do not use third-party analytics or advertising trackers on the Website. The only technical data processed when you visit the Website is the limited server-log information described in Section 5(d), used for security and to operate the site.
We do not make decisions that produce legal or similarly significant effects about individuals based solely on automated processing. Our compilation of professional contact data into our data products does not involve such automated decision-making about the individuals concerned. Where any fraud-detection scoring is carried out, it is performed on behalf of, and under the responsibility of, the customer (see Section 5(e)), and you may exercise your rights as described in Section 11.
The Services and Website are intended for businesses and professionals and are not directed to children (individuals under the age of 18). We do not knowingly collect personal data from children, and we do not knowingly include children's data in our data products. If we learn that we have collected such data without the required consent, we will delete it.
We retain personal data only for as long as necessary for the purposes set out in this Policy, including to provide the Services, comply with legal and regulatory obligations, resolve disputes and enforce our agreements. Retention periods are determined by the type of data, the purpose of processing and applicable legal requirements; data that is outdated or no longer needed is deleted or anonymised within a reasonable time.
We implement appropriate technical and organisational measures designed to protect personal data against unauthorised access, alteration, disclosure or destruction โ for example, access controls, encryption in transit and at rest, network security, logging and monitoring, vendor due diligence, and staff confidentiality obligations. No method of transmission or storage is completely secure, so while we work to protect your data we cannot guarantee absolute security. In the event of a personal-data breach, we will notify affected individuals and the competent authorities where and as required by applicable law.
The Website and Services may contain links to, or integrations with, third-party websites and services that we do not control. This Policy does not apply to those third parties, and we encourage you to review their own privacy notices.
We may update this Policy from time to time. We will post the updated version on the Website and revise the "Last updated" date above. Where required by law, we will provide additional notice of, or seek your consent to, material changes.
If you have a concern about how we handle your personal data, please contact us first at privacy@applybird.co or, in India, our Grievance Officer at grievance@applybird.co, so we can try to resolve it.
You also have the right to lodge a complaint with the competent authority: