Exciting News:
Madkudu lands $18M Series A led by Felicis to accelerate PLG adoption
Read Now!

Privacy Notice (Processor)

Effective on: 2023-10-04

1. Introduction and Scope

MadKudu Inc. ("MadKudu", "we," "us," "our") takes the protection of personal data ("Personal Data") very seriously. This Privacy Notice (the "Notice") describes our processing of Personal Data that we may receive from of our customers (“Customers”) in our MadKudu platform. This Notice does not apply to Personal Data we collect by other means, such as Personal Data that we receive directly through MadKudu's own publicly accessible websites. his Notice does not apply to Personal Data subject to the MadKudu (Controller) Privacy Notice. 

2. Controllership

In the context of this Notice, MadKudu acts as a data processor for the data we process.

3. Categories of Personal Data

We may process the following types of Personal Data:

  1. name;
  2. work email address;
  3. job title;
  4. work address;
  5. the company somebody works for;
  6. interactions with the Customers’ website (for example, visits to a given page);
  7. lead score;
  8. work phone number;
  9. geolocation information (city, state, country)
  10. information relevant to sales, such as details about past or scheduled meetings;
  11. web application usage data;
  12. IP address and associated domain; and
  13. any other type of Personal Data our clients may choose to share with us.

4. How we Receive Personal Data

We may receive Personal Data in a variety of ways. For example:

  1. When clients upload Personal Data to us, or when receive access to raw customer data from our clients;
  2. when the users of our services interact with our services;
  3. when our clients enable our programmatic access to Personal Data collected and stored by them;
  4. as otherwise provided by our Customers via technical means and integrations; and
  5. from B2B marketing data engines.

5. Basis of Processing

Within the scope of this Notice, we will only process Personal Dataas instructed by our clients (the data controllers). When our engagement with a client ends, we will delete the Personal Data submitted by that client within one month.

6. Purpose of Processing

The purposes for processing Personal Data include:

  1. Lead scoring which involves taking a list of Customers and assigning a lead "score" to each customer based on the available data;
  2. topical enrichment; and
  3. providing our Customers with other services that they have specifically requested from us.

7. Sharing Personal Data with Third Parties

We share Personal Data with third-party service providers that process Personal Data on behalf of MadKudu. Such service providers include:

  1. Infrastructure service providers;
  2. B2B marketing data engines; and
  3. Analytics service providers.

Our service providers may be located outside of the United States; however, we will require that those third parties maintain at least the same level of confidentiality that we maintain for such Personal Data. MadKudu remains liable for the protection of Personal Data that we transfer to our service providers, except to the extent that we are not responsible for the event giving rise to any unauthorized or improper processing.

Where such international Personal Data transfers are regulated by the EU General Data Protection Regulation, we will transfer Personal Data outside the European Economic Area (for example, to the United States of America, where MadKudu and some of our service providers are located) in compliance with the said Regulation.

In some cases, the European Commission may have determined that the data protection laws of some countries provide a level of protection equivalent to European Union law. You can see here the list of countries that the European Commission as recognized as providing an adequate level of protection to Personal Data. We will only transfer Personal Data to third parties in countries not recognized as providing an adequate level of protection to personal data when there are appropriate safeguards in place. One of the typical safeguards we implement with third parties are the Standard Contractual Clauses (“SCCs”) as approved by the European Commission under Article 46(2) of the Regulation. In compliance with the Schrems II judgment, MadKudu is continuously working on implementing supplementary measures as recommended by the European Data Protection Board in the agreements with its clients and service providers to enhance the protection of the transferred Personal Data.

8. Other Disclosure of Personal Data

We may disclose Personal Data:

  1. To the extent required by law or if we have a good-faith belief that such disclosure is necessary in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, or private parties, including but not limited to: in response to subpoenas, search warrants, or court orders;
  2. if we sell or transfer all or a portion of our company's business interests, assets, or both, or in connection with a corporate merger, consolidation, restructuring, or other company change; or
  3. to our subsidiaries or affiliates only if necessary for business and operational purposes as described in the section above.

We reserve the right to use, transfer, sell, and share aggregated, anonymous data, which does not include any Personal Data for any legal business purpose, such as analyzing usage trends and seeking compatible advertisers, sponsors, clients, and customers.

If we must disclose Personal Data in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of Personal Data will maintain the privacy or security of said Personal Data.

9. Access & Review

If you are a data subject about whom we store Personal Data, you may have a right to request access to, and the opportunity to update, correct, or delete, such Personal Data. You may also have the right to opt out of having your Personal Data shared with third parties and to revoke your consent to our sharing your Personal Data with third parties. You may also have the right to opt out if your Personal Data is used for any purpose that is materially different from the purpose(s) for which it was originally collected or which you originally authorized. To submit such requests or raise any other questions, the affected data subjects should directly contact our client that submitted the Personal Data to us.

10. Data Integrity & Security

MadKudu has implemented and will maintain technical, administrative, and physical measures that are reasonably designed to help protect Personal Data from unauthorized processing, such as unauthorized access, disclosure, alteration, or destruction.

11. EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF)

MadKudu complies with the EU-U.S. Data Privacy Framework (EU-U.S. DPF) and the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (Swiss-U.S. DPF) as set forth by the U.S. Department of Commerce. MadKudu has certified to the U.S. Department of Commerce that it adheres to the EU-U.S. Data Privacy Framework Principles (EU-U.S. DPF Principles) with regard to the processing of personal data received from the European Union and the United Kingdom in reliance on the EU-U.S. DPF and the UK Extension to the EU-U.S. DPF. MadKudu has certified to the U.S. Department of Commerce that it adheres to the Swiss-U.S. Data Privacy Framework Principles (Swiss-U.S. DPF Principles) with regard to the processing of personal data received from Switzerland in reliance on the Swiss-U.S. DPF. If there is any conflict between the terms in this privacy policy and the EU-U.S. DPF Principles and/or the Swiss-U.S. DPF Principles, the Principles shall govern.

To learn more about the Data Privacy Framework (DPF) Program, and to view our certification, please visit c https://www.dataprivacyframework.gov/

12. Dispute Resolution

Where a privacy complaint or dispute cannot be resolved through MadKudu's internal processes, MadKudu has agreed to participate in the VeraSafe DPF Dispute Resolution Procedure. Subject to the terms of the VeraSafe DPF Dispute Resolution Procedure, VeraSafe will provide appropriate recourse free of charge to data subjects. To file a complaint with VeraSafe and participate in the VeraSafe DPF Dispute Resolution Procedure, please submit the required information here: https://www.verasafe.com/privacy-services/dispute-resolution/submit-dispute/

13. Binding Arbitration

If a dispute or complaint can't be resolved by us, nor through the dispute resolution program established by VeraSafe, data subjects may have the right to require that we enter into binding arbitration with the affected individual pursuant to the DPF's Recourse, Enforcement and Liability Principle and Annex I of the DPF.

14. Regulatory Oversight

MadKudu is subject to the investigatory and enforcement powers of the United States Federal Trade Commission.

15. Changes to this Privacy Notice

If we make any material change to this Notice, we will post the revised Notice to this web page and update the "Effective" date above to reflect the date on which the new Notice became effective.

16. Contact Us

If you have any questions about this Notice or our processing of Personal Data, please contact our CPO Francis Brero by email at privacy@madkudu.com, by phone at +1 (203) 216-9872, or by postal mail at:

MadKudu Inc. Attn: Francis Brero 333 W Maude Ave., Suite 207, Sunnyvale, CA 94085 USA

Please allow up to four weeks for us to reply.

17. European Union Representative

We have appointed VeraSafe as our representative in the EU for data protection matters. While you may also contact us, VeraSafe can be contacted on matters related to the processing of Personal Data. To contact VeraSafe, please use this contact form: https://www.verasafe.com/privacy-services/contact-article-27-representative/

Alternatively, VeraSafe can be contacted at:

VeraSafe Czech Republic s.r.o. Klimentská 46, Prague 1, 11002, Czech Republic

18. United Kingdom Representative

We have appointed VeraSafe as our representative in the UK for data protection matters. While you may also contact us, VeraSafe can be contacted on matters related to the processing of Personal Data. To contact VeraSafe, please use this contact form:

https://www.verasafe.com/privacy-services/contact-article-27-representative/ or via telephone at: +44 (20) 4532 2003.

VeraSafe United Kingdom Ltd. 

37 Albert Embankment

London

SE1 7TL

United Kingdom