How Broad Leads supports the rights of EU, EEA, and UK data subjects under the General Data Protection Regulation.
Last updated: June 2026
This GDPR Compliance statement explains how Broad Leads LLC ("Broad Leads," "we," "us," or "our") handles personal data of individuals located in the European Union (EU), the European Economic Area (EEA), and the United Kingdom (UK) in accordance with the EU General Data Protection Regulation (GDPR) and the UK GDPR. It supplements, and should be read together with, our Privacy Policy. Where there is a conflict for data subjects in these regions, this statement controls.
Depending on the activity, Broad Leads may act as a data controller (for example, in relation to our own customers and website visitors) or as a data processor (for example, when processing lead data on behalf of an agent who acts as the controller). We process personal data only for legitimate, clearly defined purposes and in line with the responsibilities of our role.
We process personal data only where we have a valid lawful basis under Article 6 of the GDPR. Depending on the context, our lawful bases include:
If you are located in the EU, EEA, or UK, you have the following rights with respect to your personal data:
You also have the right to withdraw consent at any time where processing is based on consent, without affecting the lawfulness of processing before withdrawal.
Broad Leads is based in the United States, and your personal data may be transferred to and processed in the United States or other countries that may not provide the same level of data protection as your home jurisdiction. Where we transfer personal data out of the EU, EEA, or UK, we implement appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission (and the UK Addendum, where applicable), to ensure your data remains protected.
We maintain appropriate technical and organizational measures to protect personal data against unauthorized or unlawful processing and against accidental loss, destruction, or damage. These measures include access controls, encryption in transit where appropriate, internal policies and training, vendor due diligence, and data minimization and retention practices. For more on how data moves through our platform, see our Data Policy.
To exercise any of the rights described above, contact us using the details in Section 9. We will respond to verified requests within the timeframes required by the GDPR (generally within one month, which may be extended for complex requests). We may need to verify your identity before acting on your request, and certain rights are subject to legal limitations.
If you believe our processing of your personal data infringes data protection law, you have the right to lodge a complaint with a supervisory authority in the EU/EEA member state of your habitual residence, place of work, or place of the alleged infringement, or with the UK Information Commissioner's Office (ICO) if you are in the UK. We would, however, appreciate the opportunity to address your concerns before you approach a supervisory authority, so please consider contacting us first.
For any GDPR-related questions or requests, please contact our data protection contact: