Privacy Policy

Insight Lab considers itself to be a steward of industry-specific information that we collect, manage and provide. It is our responsibility to safeguard the information within our care, and we are committed to managing our data in a secure and responsible manner. We provide products and services based on information about millions of businesses and business professionals. This Privacy Policy explains how Insight Lab collects, uses, manages, shares, and secures business professional and business contact data and information about website visitors and users of our products (“Data”). It is designed to comply concurrently with the privacy laws of various jurisdictions; where any such law grants stronger rights, those stronger rights apply to residents of that jurisdiction. 

Our Data management practices are guided by our Global Privacy Principles, which commit Insight Lab to the following tenets: 

Accountability for Onward Transfer: Data is disclosed to third parties only for the purposes described in this notice and as permitted under applicable law, including where the individual has provided implicit or explicit consent. Where Data is shared, we require contracts that include limitations on use, comparable security standards, and data-handling procedures. International transfers are made under recognised safeguards such as adequacy decisions, Standard Contractual Clauses, the UK IDTA / Addendum, or equivalent local instruments, with a transfer-impact assessment where required (for example under the UK Data (Use and Access) Act 2025, India’s DPDPA, Indonesia’s UU PDP, and Nigeria’s NDPA).

Data Integrity and Purpose Limitation: We employ substantive measures to produce high-quality, timely, and reliable Data, including direct contact with businesses and quality-assurance procedures during collection and processing. Data is used in a manner compatible with the purposes for which it was collected and authorised, on lawful bases that include consent, contract, legal obligation, legitimate interests, and other locally recognised grounds. 

Access and Correction: We provide businesses and business professionals with access to their information held in our databases and an opportunity to correct verified inaccuracies. Subject to local law, individuals also have rights of erasure, restriction, objection, data portability, withdrawal of consent, the right not to be subject to solely automated decisions with legal or similarly significant effects, and (where granted, e.g. India’s DPDPA) the right to nominate another individual to exercise rights on their behalf. Verified rights requests are handled within the timeframe required by local law. 

Data Security: We apply appropriate technical, physical, and administrative measures to protect Data against unauthorised access, alteration, disclosure, or destruction. In the event of a personal data breach meeting the notification threshold of an applicable law, we notify the relevant authority and, where required, affected individuals within the statutory timeframe (typically 72 hours under the GDPR/UK GDPR, Kenya, Nigeria, the Philippines, and Indonesia).  

Accountability: We adhere to our Privacy Principles through ongoing compliance, training, documentation, assessment, and dispute-resolution initiatives. To exercise a right, raise a complaint, or contact our Data Protection / Grievance Officer, write to privacy@insightlab.co. If you are not satisfied with our response, you may lodge a complaint with your local data protection authority. We update this Policy when our practices or applicable law change; the Effective Date above indicates when it was last revised.