top of page

LEGITIMATE  INTERESTS  ASSESSMENT.

Processing Purpose.

Personalizing landing page content and measuring campaign performance through anonymized cookies, and transferring user-provided PII to clients in lead-generation campaigns.

 

1. Purpose Test

  • What is the purpose?
    To personalize landing page content based on the user's ad interaction, source, or targeting cohort and to enable analytics on campaign effectiveness. Additionally, to facilitate lead-generation flows by transferring voluntarily submitted personal data (e.g., email, phone) to clients.

  • Is there a legitimate interest? 
    Yes. Improving user experience through content relevance, enhancing campaign performance insights, and enabling lead handoff to clients are all legitimate business interests of both the service provider and its clients,
     

 

2. Necessity Test

  • Is the processing necessary for that purpose?
    Yes. Personalization based on IP-derived location and campaign context is essential for relevance. Analytics relies on cookies that avoid directly identifying individuals. PII collected in lead-gen forms is transferred to clients for follow-up.

  • Could the result be achieved in a less intrusive way?
    Cookie and IP-derived data used for personalization is non-PII and pseudonymized. No profiling or cross-site tracking is performed. Lead-gen forms are voluntary, with data use disclosed in both the service's and the client’s privacy policies.

3. Balancing Test

  • Nature of the data:

    • For personalization/analytics: IP-based location, ad campaign ID, cohort tag — stored in NON-PII cookies.

    • For lead generation: Contact information (e.g., name, email), submitted voluntarily by the user.

  • Reasonable expectations:
    Users expect dynamic content in response to ads and reasonable tracking for analytics. Where PII is provided, they are clearly informed it is for lead follow-up.

  • Potential impact on individuals:

    • Very low for personalization and analytics—no intrusive tracking or profiling.

    • For lead-gen data, users are informed and data is not retained by the service provider.

  • Safeguards in place:

    • Clear privacy notices (your own and the client’s)

    • NO use of collected PII beyond immediate transfer

    • Data minimization for cookies

    • Secure transmission and limited access rights

4. Outcome & Accountability

  • Conclusion:
    The processing is balanced, transparent, and aligned with the users’ expectations. The legitimate interest basis is valid and defensible under GDPR.

  • Actions:

    • Maintain an internal log of this assessment

    • Ensure all landing pages link to both privacy policies

    • Periodic audit of data types and retention practices

    • Publish this legal basis in our Privacy Policy

bottom of page