Legal Compliance Division
Global Privacy & GDPR Framework
Effective Date: January 1, 2026 | Document ID: SS-GDPR-409A
Article 1: Data Controller & Processor Definitions
In executing the scope of services defined within individual Master Services Agreements (MSA), Sales Stag acts explicitly as a Data Processor. Our clients retain the exclusive designation of Data Controllers. Sales Stag maintains zero proprietary claim over prospect data (PII) mapped, scraped, or routed during the execution of outbound architecture, limiting all internal actions strictly to processing directives issued by the Controller.
Article 2: Lawful Basis of Processing (Legitimate Interest)
Sales Stag engineers business-to-business (B2B) communications entirely under the premise of Legitimate Interest, as defined in Recital 47 of the General Data Protection Regulation (GDPR) and reinforced by equivalent global legislative frameworks (e.g., CCPA, PIPEDA). We enforce a strict algorithmic qualification process ensuring all targeted entities have a highly probable, demonstrable commercial interest in the Data Controller's service offering.
Article 3: Telemetry & Infrastructure Security
All pipeline data in transit is secured via AES-256 encryption. The secondary domains engineered by Sales Stag operate in highly isolated sandbox environments, explicitly to insulate the Data Controller's primary corporate DNS records. Access to these environments is strictly gated to authorized Pipeline Engineers via zero-trust authentication protocols.
Article 4: Right to Erasure & Suppression
In adherence with Article 17 of the GDPR, any B2B entity requesting data deletion ("Right to be Forgotten") is immediately processed through our automated suppression matrix. Their data is permanently purged from all active sequencing logic, and their domain is globally blacklisted across our infrastructure to prevent future unauthorized solicitation on behalf of the Data Controller.