Last Updated: May 10, 2025
Introduction
This Data Processing document outlines how BravoTangoBravo ("we," "our," or "us") processes data as part of our B2B lead generation services. It provides information about our data processing activities, including the types of data we process, how we process it, and the measures we take to protect it.
This document is intended to provide transparency about our data processing practices and to help our clients understand how we handle data on their behalf.
Our Data Processing Activities
As a B2B lead generation service, we process various types of data to help our clients identify and connect with potential business prospects. Our data processing activities include:
Business Discovery
We use advanced location-based search technology to identify businesses in specific geographic areas that match our clients' criteria. This involves processing business information such as:
- Company names
- Business addresses
- Industry classifications
- Company size and revenue information
- Business registration details
Role Identification
We identify individuals with specific roles or job titles within target businesses who are likely to be decision-makers. This involves processing professional information such as:
- Job titles and professional roles
- Professional qualifications
- Department information
- Professional hierarchies and reporting structures
Contact Acquisition
We locate and verify contact information for targeted prospects. This involves processing contact details such as:
- Professional email addresses
- Business phone numbers
- Professional social media profiles
- Business mailing addresses
Lead Qualification
We qualify and verify leads to ensure they meet our clients' specific criteria. This involves processing and analyzing:
- Business needs and challenges
- Decision-making authority
- Budget information
- Purchasing timeframes
- Current solutions or vendors
Sources of Data
We obtain data from various sources, including:
- Publicly available business directories and databases
- Company websites and public professional profiles
- Business registration records
- Professional networking platforms
- Industry publications and events
- Legitimate third-party data providers who have obtained the data lawfully
We ensure that all data is collected from legitimate sources and in compliance with applicable data protection laws.
Data Processing Methods
We use a combination of automated and manual methods to process data:
Automated Processing
Our automated systems help us:
- Search and filter business information based on specific criteria
- Verify and validate contact information
- Match individuals to their professional roles
- Score and rank leads based on qualification criteria
Manual Processing
Our team of experts performs manual processing to:
- Verify the accuracy of automatically processed data
- Conduct additional research to fill information gaps
- Perform quality checks on lead information
- Ensure compliance with data protection requirements
Data Quality Measures
We implement various measures to ensure the quality and accuracy of the data we process:
- Regular data validation and verification processes
- Cross-checking information across multiple sources
- Automated and manual data cleaning procedures
- Regular updates to maintain data freshness
- Quality assurance reviews before delivering data to clients
Data Protection Measures
We implement appropriate technical and organizational measures to protect the data we process:
Technical Measures
- Encryption of data in transit and at rest
- Secure data storage systems with access controls
- Firewalls and intrusion detection systems
- Regular security updates and patches
- Secure data transfer protocols
- Regular security testing and vulnerability assessments
Organizational Measures
- Staff training on data protection and security
- Access controls based on the principle of least privilege
- Data protection policies and procedures
- Regular audits and compliance checks
- Incident response plans
- Data protection impact assessments for high-risk processing
Data Retention
We retain data only for as long as necessary for the purposes for which it is processed. Our data retention practices include:
- Defining retention periods for different categories of data
- Regularly reviewing and updating retention schedules
- Securely deleting or anonymizing data that is no longer needed
- Maintaining records of data deletion
Specific retention periods depend on the type of data, its purpose, and legal requirements. We provide more detailed information about retention periods in our data processing agreements with clients.
Data Subject Rights
We respect and facilitate the rights of individuals whose data we process. When we receive requests from data subjects, we:
- Verify the identity of the requester
- Assess the validity of the request
- Respond within the timeframes required by applicable law
- Maintain records of requests and our responses
- Notify relevant clients when necessary
For more information about data subject rights, please see our GDPR Compliance page.
Data Processing Agreements
When we process data on behalf of our clients, we enter into data processing agreements that specify:
- The subject matter and duration of the processing
- The nature and purpose of the processing
- The types of personal data and categories of data subjects
- The obligations and rights of the client (as data controller)
- Our obligations as a data processor
- Subprocessing arrangements
- International data transfer mechanisms
- Audit and inspection rights
We ensure that our data processing agreements comply with the requirements of applicable data protection laws, including the GDPR.
Subprocessors
We may engage subprocessors to perform certain data processing activities on our behalf. When we do so, we:
- Conduct due diligence to ensure they provide appropriate safeguards
- Enter into written agreements that include the same data protection obligations as in our agreements with clients
- Monitor their compliance with data protection requirements
- Maintain a list of current subprocessors
- Notify clients of any intended changes concerning the addition or replacement of subprocessors
Clients can request information about our current subprocessors by contacting us using the information provided in the "Contact Us" section below.
International Data Transfers
When we transfer data outside the European Economic Area (EEA) or the United Kingdom, we ensure appropriate safeguards are in place, such as:
- Standard Contractual Clauses approved by the European Commission or the UK
- Binding Corporate Rules
- Adequacy decisions
- Other appropriate transfer mechanisms
We assess the risks associated with international data transfers and implement additional measures where necessary to ensure an adequate level of protection.
Data Breach Management
We have procedures in place to detect, report, and investigate personal data breaches. In the event of a breach, we will:
- Assess the nature and scope of the breach
- Identify the cause and take steps to contain and mitigate the breach
- Notify relevant supervisory authorities without undue delay, where required
- Notify affected clients without undue delay
- Notify affected individuals, where required
- Document the breach and our response
- Review and update our security measures to prevent similar breaches
Compliance Monitoring
We regularly monitor our compliance with data protection requirements through:
- Internal audits and reviews
- Staff training and awareness programs
- Updating policies and procedures to reflect changes in law or best practices
- Maintaining records of processing activities
- Conducting data protection impact assessments for high-risk processing
Contact Us
If you have any questions about our data processing practices, please contact us at:
Email: dataprocessing@bravotangobravo.com