GDPR Compliance Statement
Effective Date: July 16, 2026
As a global B2B whitepaper syndication platform, ContentClik (operated by Lead Flier Media) is fully committed to compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This addendum details how we protect the data of European Economic Area (EEA) and United Kingdom (UK) residents.
1. Our Role as Data Controller and Data Processor
Under the GDPR framework, ContentClik acts as a Data Controller regarding the personal data we collect for account registration, platform analytics, and direct communications. However, when we execute content syndication campaigns on behalf of our brand partners (e.g., when a user downloads a sponsored whitepaper), we act as a Data Processor (or Joint Controller), transferring that lead data to the content sponsor. We enforce strict Data Processing Agreements (DPAs) with all sponsors to ensure they handle EEA/UK data in full GDPR compliance.
2. Lawful Basis for Processing (Article 6 GDPR)
We process personal data of EEA and UK residents exclusively under the following lawful bases:
- Consent (Art. 6(1)(a)): We rely on your explicit, unbundled, and opt-in consent to share your professional data with third-party content sponsors for lead generation purposes. You must actively check an opt-in box before accessing gated sponsored content.
- Legitimate Interests (Art. 6(1)(f)): We process data to improve our platform, ensure cybersecurity, and curate content recommendations, provided these interests are not overridden by your fundamental rights and freedoms.
- Contractual Necessity (Art. 6(1)(b)): To provide the core services you request, such as delivering a whitepaper to your inbox.
3. Cross-Border Data Transfers (Chapter V GDPR)
ContentClik utilizes infrastructure located in the United States. If you are accessing our platform from the EEA or the UK, your data will be transferred outside your jurisdiction. To guarantee the protection of your data, we rely on the European Commission's Standard Contractual Clauses (SCCs) and the UK International Data Transfer Agreement (IDTA). Furthermore, we implement supplementary technical measures, including end-to-end encryption and pseudonymization where viable, to protect data against unauthorized access by foreign authorities.
4. Your Data Subject Rights (Chapter III GDPR)
If you are a resident of the EEA or the UK, you possess absolute rights over your personal data:
- Right of Access (Art. 15): Obtain confirmation as to whether or not personal data concerning you is being processed, and access to that data.
- Right to Rectification (Art. 16): Have inaccurate personal data rectified without undue delay.
- Right to Erasure (Art. 17): Request the deletion of your personal data ("Right to be Forgotten"). We will execute this unless retention is legally required.
- Right to Restriction of Processing (Art. 18): Limit how your data is processed under specific circumstances.
- Right to Data Portability (Art. 20): Receive your data in a structured, commonly used, and machine-readable format.
- Right to Object (Art. 21): Object to the processing of your data, particularly for direct marketing purposes.
- Automated Decision-Making (Art. 22): The right not to be subject to a decision based solely on automated processing, including profiling.
5. Exercising Your Rights
To exercise any of your GDPR rights, please submit a formal Data Subject Access Request (DSAR) to our Data Protection Officer at privacy@leadfliermedia.com. We commit to responding to all legitimate requests within one (1) month of receipt.
6. Supervisory Authority
If you believe our processing of your personal data infringes the GDPR, you have the legal right to lodge a complaint with a supervisory authority responsible for data protection in your country of habitual residence, place of work, or place of the alleged infringement.