GDPR Disclosure

Last updated on January 12, 2026

Verata, Inc. ("Verata," "we," "us," or "our") is committed to protecting the privacy and personal data of individuals in the European Economic Area (EEA), the United Kingdom (UK), and Switzerland. This GDPR Disclosure explains how we collect, use, and protect personal data in compliance with the General Data Protection Regulation (EU) 2016/679 ("GDPR") and the UK Data Protection Act 2018.

1. Data Controller Information

Verata, Inc. is the data controller responsible for processing your personal data. If you have questions about this disclosure or wish to exercise your data protection rights, please contact us at:

Verata Privacy Team
Email: privacy@veratainsight.com

2. Categories of Personal Data We Process

As a B2B SaaS intelligence platform, we process the following categories of personal data:

A. Subscriber Data (Our Customers)

Identity Data: Name, job title, and company affiliation.
Contact Data: Business email address and phone number.
Technical Data: IP address, browser type, device information, and usage logs.
Transaction Data: Billing and payment information (processed through secure third-party payment processors).

B. Professional Intelligence Data (Profiled Individuals)

Professional Identity: Name, professional photographs, and business contact details.
Career Information: Employment history, job titles, and professional affiliations.
Business Metrics: Publicly available deal history, board positions, and company performance data.
Educational Background: Degrees, institutions attended, and professional certifications.

3. Lawful Basis for Processing

We process personal data under the following lawful bases as defined in Article 6 of the GDPR:

Contract Performance (Article 6(1)(b)): To provide our platform services to subscribers who have entered into a contract with us.
Legitimate Interests (Article 6(1)(f)): To process Professional Intelligence Data for market research, due diligence, and business intelligence purposes. We have conducted a legitimate interests assessment to ensure our processing does not override the fundamental rights and freedoms of data subjects.
Legal Obligation (Article 6(1)(c)): To comply with applicable laws and regulatory requirements.
Consent (Article 6(1)(a)): Where required, we obtain explicit consent for specific processing activities, such as marketing communications.

4. Data Sources

We collect personal data from the following sources:

Directly from You: When you register for our platform, request a demo, or contact us.
Publicly Available Sources: Government filings, regulatory disclosures, professional networking sites, news articles, and corporate websites where information has been manifestly made public.
Third-Party Data Providers: Licensed data from business information vendors who aggregate publicly available professional data.

5. International Data Transfers

Verata is headquartered in the United States. When we transfer personal data from the EEA, UK, or Switzerland to the United States or other countries outside the EEA, we implement appropriate safeguards to ensure your data is protected:

Standard Contractual Clauses (SCCs): We use EU-approved Standard Contractual Clauses for data transfers to countries without an adequacy decision.
Data Transfer Impact Assessments: We conduct transfer impact assessments to evaluate the level of protection in the destination country.
Technical Safeguards: All data is encrypted in transit (TLS 1.2+) and at rest (AES-256).

6. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected:

Subscriber Data: Retained for the duration of the business relationship plus any period required by applicable law or for legitimate business purposes (such as audit or re-activation).
Professional Intelligence Data: Retained while the information remains professionally relevant and publicly available. We regularly review and update our database to ensure accuracy.

7. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights:

Right of Access (Article 15): You may request a copy of the personal data we hold about you.
Right to Rectification (Article 16): You may request correction of inaccurate or incomplete personal data.
Right to Erasure (Article 17): You may request deletion of your personal data under certain circumstances.
Right to Restriction (Article 18): You may request that we limit the processing of your personal data.
Right to Data Portability (Article 20): You may request to receive your personal data in a structured, machine-readable format.
Right to Object (Article 21): You may object to our processing of your personal data based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time.

8. How to Exercise Your Rights

To exercise any of your rights, please contact our Privacy Team at privacy@veratainsight.com. We will respond to your request within one month, as required by the GDPR. In certain circumstances, we may extend this period by an additional two months, in which case we will notify you of the extension and the reasons for the delay.

We may request verification of your identity before processing your request to ensure the security of your personal data.

9. Automated Decision-Making and Profiling

Verata uses automated processes to analyze publicly available professional data and generate insights for our subscribers. These processes may include profiling to assess professional experience, deal history, or industry expertise.

However, we do not use automated decision-making that produces legal effects or similarly significant effects on individuals without human intervention. Our platform is designed to assist our subscribers in making informed business decisions, not to make decisions on their behalf.

10. Data Security

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction:

Encryption: Data is encrypted at rest (AES-256) and in transit (TLS 1.2+).
Access Controls: We enforce role-based access control (RBAC) and multi-factor authentication (MFA) for all administrative access.
Security Monitoring: We maintain continuous monitoring and logging of our systems to detect and respond to security incidents.
Vendor Management: We conduct security assessments of third-party vendors who process personal data on our behalf.

11. Third-Party Disclosure (Article 14 Notice)

When we collect personal data from sources other than the data subject (such as public records or third-party data providers), we are required under Article 14 of the GDPR to provide notice of this collection.

Due to the large scale of our data aggregation and the nature of publicly available professional information, providing individual notice to every data subject may involve disproportionate effort (Article 14(5)(b)). This GDPR Disclosure serves as our public notice regarding our data processing activities.

If you discover that your information is included in our database and wish to learn more or request its removal, please contact us at privacy@veratainsight.com.

12. Right to Lodge a Complaint

If you believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with a supervisory authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

We encourage you to contact us first so that we may address your concerns directly.

13. Updates to This Disclosure

We may update this GDPR Disclosure from time to time to reflect changes in our practices or legal requirements. We will notify subscribers of material changes via email or a notice on our platform. We encourage you to review this disclosure periodically.

Contact Us

For questions or concerns regarding this GDPR Disclosure or our data protection practices, please contact:

Verata Privacy Team
Email: privacy@veratainsight.com