DPA available on request
Summary: Sendburg is compliant with the EU General Data Protection Regulation (GDPR). We process B2B professional contact data under Legitimate Interest (Article 6(1)(f)). We support all data subject rights with a 30-day response commitment. A Data Processing Agreement (DPA) is available to enterprise customers. Submit requests to privacy@send-burg.com.
1. Our GDPR Commitment
Sendburg Technologies Pvt Ltd is committed to full compliance with the EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and the UK GDPR. This page documents how we comply and how individuals and enterprise customers can exercise their rights.
Our GDPR compliance covers two distinct categories:
- Platform users — EU/UK customers and users of our platform whose personal data we process as Data Controller.
- B2B contact database subjects — EU/UK professionals whose business contact information appears in our database, processed under legitimate interest.
2. Data Controller
For EU customers, Sendburg acts as Data Controller for platform user data and as Data Processor when processing your CRM data via integration. A Data Processing Agreement (DPA) is available for enterprise customers — request via privacy@send-burg.com.
3. Legal Bases for Processing
We rely on the following GDPR legal bases:
| Legal basis | Article | Applied to |
|---|---|---|
| Contract | 6(1)(b) | Providing the platform service to registered users |
| Legitimate Interest | 6(1)(f) | B2B contact database; service improvement; fraud prevention; security |
| Legal Obligation | 6(1)(c) | Tax records; compliance with applicable law |
| Consent | 6(1)(a) | Optional marketing emails; analytics cookies |
4. B2B Contact Database & Legitimate Interest
Our core product involves maintaining a database of business contact information for professionals. Under GDPR Article 6(1)(f), we rely on legitimate interest for this processing. Our Legitimate Interest Assessment (LIA) concludes:
- Purpose: Facilitate B2B commercial communications between businesses — a recognised legitimate commercial activity.
- Necessity: Contact data is necessary to fulfil this purpose and is limited to professional context only.
- Balancing test: We process only publicly available professional information. No sensitive data is processed. Individuals can opt out at any time. The processing does not unduly interfere with the rights and freedoms of data subjects.
Data minimisation principles applied:
- Only professional/business context data — no personal email, no sensitive categories
- Re-verified every 90 days — stale data removed
- Opt-out requests processed within 30 days
- No data sold or shared with unrelated third parties
5. Your Rights Under GDPR
If you are located in the EU, UK, or EEA, you have the following rights. To exercise any right, contact privacy@send-burg.com. We respond within 30 calendar days.
Request a copy of all personal data we hold about you.
Request correction of inaccurate or incomplete personal data.
Request deletion of your personal data ('right to be forgotten').
Request we limit processing of your data in certain circumstances.
Receive your data in a structured, machine-readable format.
Object to processing based on legitimate interest at any time.
Withdraw consent for optional processing (e.g. marketing) at any time.
File a complaint with your national Data Protection Authority.
To submit a request, email privacy@send-burg.com with subject line "GDPR Request — [Right Type]". We may ask you to verify your identity before processing the request.
6. Data Processing Agreement (DPA)
Enterprise customers who require a Data Processing Agreement to satisfy their own GDPR obligations may request one. Our DPA covers:
- Subject matter, duration, and nature of processing
- Types of personal data and categories of data subjects
- Obligations and rights of the data controller
- Sub-processor list and authorization
- Technical and organizational security measures
- Audit rights
- Standard Contractual Clauses for international transfers
Request our DPA
Available to Growth and Scale plan customers. Delivered within 2 business days.
7. International Transfers
Sendburg is incorporated in India. Our infrastructure (Oracle Cloud Infrastructure) operates in the United States. When we transfer personal data from the EEA or UK to countries without an adequacy decision, we rely on:
- Standard Contractual Clauses (SCCs) approved by the European Commission (Decision 2021/914)
- UK International Data Transfer Agreements (IDTAs) where applicable
- Sub-processor agreements that include equivalent transfer safeguards
A copy of our SCCs or IDTA is available on request at privacy@send-burg.com.
8. Data Breach Response
In the event of a personal data breach, Sendburg will:
- Notify affected EU/UK supervisory authorities within 72 hours of becoming aware, where required by GDPR Article 33
- Notify affected data subjects without undue delay where the breach is likely to result in high risk, per GDPR Article 34
- Document all breaches in our internal breach register regardless of notification obligation
- Notify affected enterprise customers promptly to enable them to meet their own notification obligations
To report a suspected data breach or security vulnerability: security@send-burg.com
9. DPO & Contact
Sendburg does not currently meet the threshold for a mandatory Data Protection Officer (DPO) under GDPR Article 37. Privacy oversight is managed by our compliance team.
For all GDPR-related enquiries, DPA requests, data subject rights, and international transfer documentation:
Privacy & Compliance Team
Sendburg Technologies Pvt Ltd, Bengaluru, India
Email: privacy@send-burg.com
Security: security@send-burg.com
Response time: 30 days for data subject requests · 72 hours for breach reports
EU and UK residents also have the right to lodge a complaint with their national supervisory authority — for example, the Irish DPC (Ireland), the ICO (United Kingdom), or the CNIL (France).