GDPR Compliance

Last Updated: May 10, 2025

Our Commitment to GDPR Compliance

At BravoTangoBravo, we are committed to ensuring that our business practices comply with the General Data Protection Regulation (GDPR). As a B2B lead generation service that processes personal data, we understand the importance of data protection and privacy rights.

This page outlines our approach to GDPR compliance and how we protect the personal data we process.

Understanding GDPR

The General Data Protection Regulation (GDPR) is a comprehensive data protection law that came into effect on May 25, 2018. It applies to all organizations operating within the EU and to organizations outside the EU that offer goods or services to individuals in the EU or monitor their behavior.

The GDPR gives individuals greater control over their personal data and requires organizations to be transparent about how they collect, use, and store personal data.

Our Role Under GDPR

BravoTangoBravo acts as both a data controller and a data processor:

  • As a data controller: We determine the purposes and means of processing personal data that we collect directly from our clients and website visitors.
  • As a data processor: We process personal data on behalf of our clients according to their instructions.

In both roles, we are committed to complying with the GDPR principles and safeguarding the personal data we handle.

GDPR Principles We Follow

We adhere to the following GDPR principles in our data processing activities:

1. Lawfulness, Fairness, and Transparency

We process personal data lawfully, fairly, and in a transparent manner. We provide clear information about how we collect and use personal data in our Privacy Policy.

2. Purpose Limitation

We collect personal data for specified, explicit, and legitimate purposes and do not process it in a manner incompatible with those purposes.

3. Data Minimization

We limit the personal data we collect to what is necessary for the purposes for which it is processed.

4. Accuracy

We take reasonable steps to ensure that the personal data we process is accurate and kept up to date.

5. Storage Limitation

We retain personal data only for as long as necessary for the purposes for which it is processed.

6. Integrity and Confidentiality

We implement appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing, accidental loss, destruction, or damage.

7. Accountability

We take responsibility for complying with the GDPR and can demonstrate our compliance.

Lawful Basis for Processing

Under the GDPR, we must have a lawful basis for processing personal data. The lawful bases we rely on include:

Legitimate Interest

As a B2B lead generation service, we primarily rely on legitimate interest as our lawful basis for processing business contact information. We conduct legitimate interest assessments to ensure that our processing is necessary and balanced against the individual's interests, rights, and freedoms.

Consent

Where required by law, we obtain consent for specific processing activities, such as sending marketing communications.

Contractual Necessity

We process personal data when necessary for the performance of a contract with our clients or to take steps at their request before entering into a contract.

Legal Obligation

We process personal data when necessary to comply with a legal obligation.

Data Subject Rights

We respect and facilitate the rights of individuals under the GDPR, including:

Right to Access

Individuals have the right to request access to their personal data that we process.

Right to Rectification

Individuals have the right to request correction of inaccurate personal data or completion of incomplete personal data.

Right to Erasure

Individuals have the right to request the deletion of their personal data in certain circumstances.

Right to Restriction of Processing

Individuals have the right to request the restriction of processing of their personal data in certain circumstances.

Right to Data Portability

Individuals have the right to receive their personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller.

Right to Object

Individuals have the right to object to the processing of their personal data in certain circumstances, including processing for direct marketing purposes.

Rights Related to Automated Decision-Making

Individuals have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal effects or similarly significantly affects them.

To exercise any of these rights, individuals can contact us using the information provided in the "Contact Us" section below.

Data Protection Measures

We implement appropriate technical and organizational measures to protect personal data, including:

  • Encryption of personal data where appropriate
  • Regular testing and evaluation of the effectiveness of our security measures
  • Access controls and authentication procedures
  • Staff training on data protection and security
  • Data protection impact assessments for high-risk processing activities
  • Data processing agreements with our processors

International Data Transfers

When we transfer personal data outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place, such as:

  • Standard Contractual Clauses approved by the European Commission
  • Binding Corporate Rules
  • Adequacy decisions by the European Commission

Data Breach Notification

In the event of a personal data breach, we have procedures in place to:

  • Detect and investigate the breach
  • Assess the risk to individuals' rights and freedoms
  • Notify the relevant supervisory authority without undue delay and, where feasible, within 72 hours of becoming aware of the breach, where required
  • Notify affected individuals without undue delay, where required
  • Document the breach and our response

Data Protection Officer

While not legally required to do so, we have appointed a Data Protection Officer (DPO) to oversee our data protection strategy and ensure compliance with the GDPR. Our DPO can be contacted at dpo@bravotangobravo.com.

GDPR Compliance for Our Clients

As a B2B lead generation service, we help our clients obtain business contact information. We advise our clients to:

  • Ensure they have a lawful basis for processing the personal data we provide
  • Provide appropriate privacy information to the individuals whose data they receive
  • Respect individuals' rights under the GDPR
  • Implement appropriate security measures to protect the data

We provide our clients with information about the source of the data and the categories of personal data we collect to help them meet their transparency obligations.

Contact Us

If you have any questions about our GDPR compliance or wish to exercise your rights under the GDPR, please contact us at:

Email: dpo@bravotangobravo.com