GDPR & Public Data Policy

Last updated: 5 June 2026

This policy explains the nature of the data that FRAXBIT DIGITAL SRL ("Fraxbit," "we," or "us"), the operator of ClosePeak (the "Service"), discovers, processes, and displays, and how we comply with the EU General Data Protection Regulation (GDPR), the UK GDPR, and related electronic-marketing rules such as the ePrivacy Directive and PECR. It supplements, and should be read together with, our Privacy Policy and Terms of Service.

In plain terms. The business information ClosePeak finds and shows you is sourced exclusively from publicly availableplaces, such as public business listings on Google Maps and the businesses' own public websites. We do not access private accounts, we do not buy or sell data lists, and we do not process sensitive personal data. ClosePeak is built for business-to-business (B2B) outreach only.

1. What data we process and display

Through its Lead Finder, ClosePeak collects and displays ordinary business contact information about organisations and the professionals who operate them, limited to:

  • Business or trading name.
  • Publicly listed business address and general area.
  • Publicly listed business phone number.
  • Publicly listed business email address (for example, the address printed on a company website).
  • Public website address and publicly observable facts about that website (for example, whether it loads quickly or is mobile-friendly).
  • Publicly available business attributes, such as category, public ratings, and review counts.

2. Where the data comes from

All of the information above is obtained from publicly accessible sources, including:

  • Public business listings and map data (for example, the Google Places and Google Maps platform).
  • The public, openly accessible pages of a business's own website.
  • Other openly published business directories and public records.

We only collect information that any member of the public could find by searching online. We do not scrape data from behind logins or paywalls, we do not access private social-media accounts, and we do not purchase, rent, or sell third-party contact lists.

3. What we do not do

  • We do not collect special-category (sensitive) data, such as data about health, religion, political views, or biometrics.
  • We do not knowingly target private individuals as consumers. ClosePeak is a B2B tool for reaching businesses.
  • We do not sell, rent, or share the discovered data with third parties for their own marketing.
  • We do not bypass technical access controls to obtain data.

4. Public does not mean unprotected

We want to be clear and honest. The fact that data is publicly available does not remove it from the scope of the GDPR. Where business contact information identifies an individual (for example, a named owner or a personal work email), we treat it as personal data and protect it accordingly. Our position is not that public data is exempt. Our position is that the data is public, and we still handle it lawfully, transparently, and with full respect for individual rights.

5. Our lawful basis

We process this publicly available business data on the basis of legitimate interests (Article 6(1)(f) GDPR): enabling businesses to identify and contact other businesses that may benefit from their services. We have weighed this interest against the rights and freedoms of the individuals concerned through a legitimate-interests assessment. Because the data is limited to business contact details, is already public, and is used only for relevant B2B outreach, we consider this basis appropriate. You have the right to object to this processing at any time (see section 7).

6. Controller and processor roles

When a ClosePeak customer uses the Service to find and contact prospects, that customer is the data controller for their outreach and decides who to contact and what to send. In that role, Fraxbit acts as a processor on the customer's behalf. Each customer is responsible for ensuring their outreach complies with the laws that apply to them, including consent and anti-spam rules in their own country and in the country of the recipient. Fraxbit is the controller for the data of its own account holders, as described in the Privacy Policy.

7. Your rights and how to opt out

If you are a business owner or an individual whose public business details appear in ClosePeak, you have the right to access, rectify, erase, restrict, or object to our processing of your data, and to lodge a complaint with a supervisory authority. To exercise any of these rights, or to have your business details removed and suppressed from future results, email contact@fraxbit.com. We action valid requests without undue delay, and where you object to legitimate-interests processing we will stop unless we have compelling legitimate grounds that override your interests.

8. Transparency in outreach

Recipients can decline further contact at any time, including by replying to the sender or by contacting us as described in section 7, and we suppress removed contacts from future results. The sending of any message is performed by the customer, who remains responsible for its content and lawfulness, including sender identification and honoring opt-out requests where required by the laws that apply to them.

9. Retention, security, and transfers

We keep discovered business data only for as long as it is needed for the purposes described here, and we apply appropriate technical and organisational security measures. Where data is processed by our sub-processors (for example, infrastructure, AI, and payment providers) or transferred outside the EEA, we rely on appropriate safeguards as described in our Privacy Policy, which also lists those sub-processors.

10. Contact

For any question about this policy, our data sources, or your rights, contact us at contact@fraxbit.com. FRAXBIT DIGITAL SRL is a company registered in Romania and acts as the data controller for the purposes described above.