Skip to main content
search

Privacy Policy

Menu

Last Updated: October 2025 

  1. Introduction

DataGroomr, LLC (“DataGroomr”, “we”, “our”, or “us”) is committed to protecting your privacy and ensuring compliance with applicable data protection laws and regulations, including the EU General Data Protection Regulation (“GDPR”), the UK GDPR, the Swiss Federal Act on Data Protection (“FADP”), the California Consumer Privacy Act (“CCPA”), and other applicable data protection laws as described in our Data Processing Addendum (“DPA”). 

This Privacy Policy describes how we collect, use, process, and protect Personal Data in connection with our services, websites, and applications (the “Services”). 

 

  1. Roles and Responsibilities

Under applicable Data Protection Laws and Regulations: 

  • Customer is the Data Controller determining the purposes and means of processing Personal Data. 
  • DataGroomr is the Data Processor that processes Personal Data on behalf of the Customer in accordance with the Customer’s instructions and applicable law. 

Ownership and control of Personal Data always remain with the Customer. DataGroomr processes Personal Data only as directed by the Customer or as required by law. 

 

  1. Categories and Sources of Personal Data

The Personal Data processed through the Services may include: 

  • Business contact information (name, email, phone, address); 
  • Salesforce data or Customer CRM content transferred through integrations, including data about employees, leads, contacts, and customers. 

DataGroomr does not determine what Personal Data the Customer submits to the Services. 

 

  1. Purpose and Legal Basis of Processing

DataGroomr processes Personal Data solely: 

  • To provide and operate the Services under the Agreement and the DPA; 
  • To comply with legal obligations; and 
  • As otherwise directed in writing by the Customer. 

DataGroomr does not use, sell, or share Personal Data for any other purpose, including advertising or unrelated commercial purposes, as prohibited under the CCPA and other applicable laws. 

 

  1. Data Subject Rights

If DataGroomr receives a request from an individual whose Personal Data is processed by our Services (“Data Subject”), DataGroomr will not respond directly but will promptly refer the request to the Customer, who is responsible for handling such requests under applicable law. 

Upon written instruction and at the Customer’s expense, DataGroomr will assist in fulfilling such requests to the extent reasonably possible. 

 

  1. Security of Personal Data

DataGroomr maintains technical, organizational, and administrative safeguards designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. These measures include (as outlined in Annex II of the DPA): 

  • Encryption and network security 
  • Secure authentication and authorization 
  • Logging, monitoring, and intrusion prevention 
  • Physical and personnel security 
  • Data segregation and secure deletion 
  • Regular audits and SOC 2 or equivalent certifications 

DataGroomr may revise its security measures over time, provided such changes do not materially diminish the overall level of protection. 

 

  1. Sub-Processors

DataGroomr may engage approved Sub-processors to support delivery of the Services, as listed in Annex III of the DPA, including infrastructure, analytics, communications, and verification providers. All Sub-processors are subject to written agreements requiring compliance with data protection standards equivalent to those in this DPA. 

DataGroomr remains responsible for the performance of its Sub-processors. Customers will be notified of new Sub-processors and may object within the period and under the conditions defined in the DPA. 

 

  1. Data Transfers

Where Personal Data is transferred internationally: 

  • EU Data is protected using the EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914). 
  • UK Data is protected using the UK International Data Transfer Addendum (“UK IDTA”). 
  • Swiss Data is handled under equivalent provisions aligned with the FADP. 
  • U.S. State Data (including California) is processed under applicable privacy law and the CCPA. 

Transfers are made only to countries or entities offering adequate protection or under legally recognized safeguards. 

 

  1. Personal Data Breach Notification

In the event of a Personal Data Breach affecting Customer data, DataGroomr will notify the Customer without undue delay, and in any event within 48 hours, providing sufficient details to assist the Customer in meeting notification obligations to supervisory authorities or affected individuals. 

DataGroomr will cooperate in investigating and mitigating any breach. 

 

  1. Retention and Deletion of Data

DataGroomr retains Personal Data only as long as necessary to provide the Services or as required by law. Upon termination of the Agreement, DataGroomr will return or securely delete Customer data according to its data retention policy and applicable legal obligations. 

 

  1. Audits and Compliance

Customers may audit DataGroomr’s compliance once per year or as required by law, subject to reasonable notice and limitations outlined in the DPA. DataGroomr may provide existing SOC 2 or equivalent reports in lieu of an on-site audit when appropriate. 

 

  1. Data Protection Officer

DataGroomr has appointed a Data Privacy Officer to oversee compliance with applicable Data Protection Laws and this Policy. 

Contact:
Email: privacy@datagroomr.com
Address: 1729 McNelis Drive, Southampton, PA 18966, USA 

 

  1. Updates to This Policy

We may update this Privacy Policy to reflect legal, technical, or operational changes. The latest version will always be available on our website, and where required by law, we will notify Customers of material updates. 

 

  1. Contact Information

If you have any questions, concerns, or complaints regarding this Policy or our data practices, please contact us at:
privacy@datagroomr.com 

 

Close Menu