Data Privacy and Transparency Hub

The data comes from publicly available online sources and is collected by Coresignal without involving third parties in the process. Depending on the client's request, the data may come from various global jurisdictions, including specific regions, such as the US.

Coresignal's data is collected exclusively from publicly available online sources. We follow an ethical scraping framework, engage in transparent scraping activities, and strictly refrain from any scraping using unauthorized access. 

‍

Coresignal's data collection practices are focused on business-related data. We are gathering information that is openly accessible and falls within the boundaries of ethical guidelines. Our data collection processes do not involve acquiring or extracting material non-public information (MNPI). 

‍

We do not need to log in to scrape public data, and we do not scrape any private data or data from within log-in secured areas.

Coresignal collects only publicly available business-related data that people share on social networking platforms for professionals, such as name, surname, public profile information, public profile URL, job title, and work experience. The company never collects sensitive information related to a person, such as social security numbers or phone numbers, even if this information is public, also any private data located within the login secured areas.

The field of personal data protection is subject to potential new developments, rapid changes and clarifications with case law, and decisions submitted by various supervisory authorities worldwide. 

‍

Privacy regulations can differ from one jurisdiction to another. Coresignal is a US-based company. The majority of US state comprehensive privacy laws, including those in California, Colorado, Utah, Virginia, and Connecticut, do not consider publicly available information personal data and, therefore, do not classify it as such. 

‍

However, we have made significant efforts to establish, implement, and maintain a privacy strategy that aligns with major current privacy regulations in both the US and the EU, in particular:

‍

• Defined clear purposes and established a lawful basis for data processing, such as legitimate interest or consents; 
• Transparently and in detail disclosed the use of the data in our Privacy Policy and disclosed information about our data collection practices on the dedicated Data Privacy & Transparency compliance page;  
• Established a Data Privacy Rights website and introduced an effective enforcement of privacy rights;
• Conducted privacy impact assessment as part of our commitment to accountability, following the guidelines set forth by privacy laws; 
• Implementing appropriate contractual terms, including data processing agreements, to oversee our service providers if they function as data processors.

In its web data collection practices, Coresignal gathers explicitly publicly available information from publicly available online sources. These sources primarily encompass professional social networks and other business-related platforms. Coresignal never aggregates any private data from within the secured login areas, where information is not publicly available and remains confidential and private upon the decision of the company and/or individual.

‍

We continuously stay informed about the latest developments and updates that impact or might impact the web data collection industry. Notable cases worth analyzing include disputes over scraping publicly available data, such as HiQ Labs vs. LinkedIn and Meta vs. Bright Data:

HiQ Labs, Inc. v. LinkedIn Corp. case: HiQ Labs, a data analytics company, was scraping publicly available data from LinkedIn profiles. LinkedIn sought to block HiQ, citing violations of the Computer Fraud and Abuse Act (CFAA). The Ninth Circuit Court of Appeals ruled in favor of HiQ, stating that scraping publicly accessible data does not violate the CFAA. This decision emphasizes that accessing publicly available information does not constitute unauthorized access under the CFAA, provided that it does not involve unauthorized access to protected areas of a website.

Meta (Facebook) v Bright Data case: Bright Data and Meta (formerly Facebook) had been involved in a legal dispute regarding scraping public data without permission. Bright Data argued that it was collecting public information only, not violating any terms of service. The court ultimately ruled in favor of Bright Data. In a significant development, Meta waived its right to appeal a decision by Judge Chen.

‍

These cases collectively form our approach to ethical web data collection. By adhering to these legal precedents, Coresignal ensures that our data collection methods remain in line with the current legal framework.

Please note that this explanation is provided for clarification purposes only and is not intended to, nor does it constitute legal advice. If you have any further questions, please let us know.

Coresignal collects explicitly publicly available limited professional data from publicly available online sources and widely distributed media. According to several comprehensive US state privacy laws, such as California, Colorado, Connecticut, Utah, and Virginia, this type of information is not considered personal data. 

‍

As a result, Coresignal does not meet the criteria to be classified as a data broker, a business that sells personal data. Considering these provisions, we conclude that Coresignal business does not fit the definition of a data broker, and the information Coresignal gathers from public sources is not subject to certain US State privacy laws, because such publicly available information is excluded from personal data definition and regime.

The company is adhering to the requirements of the ISO27001 standard without formal certification. Coresingal has established an Information security policy that describes the implementation of appropriate technical and organizational security measures, including, but not limited to, encryption, a data breach response procedure, web application security, server security, and restricted access control. 

Coresignal performs a set of due diligence procedures regarding prospective customers and partners by implementing internal measures, such as checking publicly available company-related relevant information about prospective customers, looking up publicly available company-related websites, and reviewing publicly available registers. 

‍

In some cases, we also provide our prospective customers with a short business evaluation questionnaire (Know Your Customer (KYC) Form) that helps us identify our customers, better understand their business activities, and elaborate more about how the data will be used and disclosed and what data compliance procedures are implemented within the customer’s organization.

Coresignal maintains its process for monitoring compliance with applicable laws, rules, regulations, and case law within the public web data collection field. This includes conducting regular regulatory research, implementing internal policies and procedures, providing training, performing risk assessments, and, in some cases, engaging with external resources to stay informed. We are committed to adhering to the evolving legal framework and the best industry practices in public web data collection.

Coresignal adheres to data minimization principles, retaining data only for the necessary period to fulfill the specific purpose for which the data was initially collected and meet legal obligations. For more information about personal data retention, please check our Privacy Policy.