Privacy Notice

Last updated: 3 May 2026

ATTN Please ltd ("we", "us", "our") provides a B2B contact intelligence and outreach support platform to business customers. This notice explains what personal data we hold about business contacts, how we obtained it, what we do with it, and the rights you have over it.

This notice is written for business contacts whose information appears in our platform - typically employees, owners, or representatives of companies that our customers may wish to contact about business offers. If you are a customer of our platform (an operator using it to run outreach), separate terms apply to your account data.

1. Who we are

Controller: ATTN Please ltd
Contact for data protection matters: yavo@bamya.co

We are established in the United Kingdom and our processing is primarily governed by the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018. Where we process the personal data of individuals located in the European Union (in particular, business contacts in Bulgaria), the EU General Data Protection Regulation also applies to that processing.

2. What personal data we hold

We collect and hold the following categories of business-context personal data about individuals in their professional capacity:

  • Identity and role: full name, job title, employer name.
  • Business contact details: work email address, work phone number where available, LinkedIn profile URL.
  • Profile photograph as published on the individual's public LinkedIn profile.
  • Business-context summaries generated from the individual's recent public LinkedIn activity. We do not retain the original posts. An automated process reads the individual's recent public posts and extracts only business-relevant signals (such as role changes, company announcements, professional achievements, or industry-related commentary). Personal content (including but not limited to health, family, politics, religion, and lifestyle topics) is excluded from the summary by design. The original posts are not stored after summarisation.
  • Company-level information about the individual's employer: industry, headcount, revenue band, registered address, ownership and director information from the Bulgarian Commercial Register where applicable, and recent news mentions from public sources.

We do not intentionally collect special category data (such as health, political opinions, religious beliefs, or trade-union membership). Our summarisation process is specifically designed to exclude such categories from the data we retain.

3. Where we obtained your data

Your data was obtained from one or more of the following sources:

  • Public LinkedIn profiles - accessed via automated tools that read pages publicly accessible on the LinkedIn website without logging in to any LinkedIn account.
  • Apollo.io - a third-party B2B contact data provider whose database includes professional contact information aggregated from public and partner sources.
  • The Bulgarian Commercial Register (Търговски регистър) - the public state registry of Bulgarian companies and their officers.
  • Publicly available news, company websites, and business directories.
  • Email-pattern inference - where a company's standard email format is publicly known, we may construct a likely email address from that format combined with the individual's name, and verify deliverability before that address is used.

4. Why we hold your data and our lawful basis

We process your data for the following purposes:

  • To maintain a database of business contacts and their employers that our customers can use to identify potential business counterparties for legitimate B2B offers.
  • To provide our customers with research, context, and message drafts to support targeted, relevant business outreach to those contacts.
  • To support our customers in operating outreach campaigns in line with our outreach doctrine, which restricts contact to a small number of relevant individuals per company and prohibits bulk or untargeted messaging.

Our lawful basis for this processing is legitimate interests under Article 6(1)(f) of the UK GDPR (and EU GDPR where applicable). The legitimate interests in question are our own commercial interest in operating the platform and our customers' interest in conducting lawful B2B outreach to relevant decision-makers.

We have carried out a balancing test and concluded that this processing does not override your interests, rights, and freedoms, on the basis that:

  • the data concerns you in your professional capacity, not your personal life;
  • the data is drawn from sources where you have made the information available in a professional context, or which exist as public registers of business information;
  • we apply data minimisation in practice: we do not retain raw social media content, and our summarisation process is designed to exclude personal and sensitive topics from the data we hold;
  • the processing supports communication that is, by design, targeted, relevant, low-volume, and capable of being stopped on request;
  • you have the right to object to the processing at any time, as set out below.

A summary of our legitimate interests assessment is available on request.

5. Who we share your data with

We do not sell personal data.

We share data with the following categories of recipient:

  • Our customers - businesses who have engaged us to support their B2B outreach. Each customer is provided only with contact information relevant to their specific outreach campaign and is contractually required to handle that data in line with applicable data protection law and to honour objections received from data subjects.
  • Our hosting and infrastructure providers - in particular Microsoft Azure (United Kingdom region), which hosts our platform and database.
  • Our data sources, where relevant - for example, where Apollo.io or other providers are used as part of our enrichment process.
  • Regulators, law enforcement, or legal advisers where we are required to do so by law or where it is necessary to establish, exercise or defend legal claims.

6. International transfers

Our primary data storage is in the United Kingdom (Microsoft Azure UK region). The United Kingdom and the European Union have mutual adequacy decisions in place, so transfers between them do not require additional safeguards.

Where personal data is transferred outside the UK or EEA in the course of using sub-processors (for example, where a vendor has support staff in another jurisdiction), we rely on appropriate safeguards including the UK International Data Transfer Agreement, the EU Standard Contractual Clauses with the UK addendum, or applicable adequacy decisions.

7. How long we keep your data

We retain business contact records for up to 24 months from the last meaningful activity associated with that record (for example, the last time a customer engaged with the contact through our platform). After this period, the record is either deleted or anonymised so it can no longer be linked to you.

If you exercise your right to object to processing (see below), we will retain a minimal record of your identity and contact details on a suppression list for the sole purpose of ensuring you are not re-contacted. This suppression record is kept indefinitely or until you ask us to delete it.

8. Your rights

Under UK GDPR (and EU GDPR where applicable), you have the following rights in relation to your personal data:

  • Right to be informed - this notice is part of how we satisfy that right.
  • Right of access - you can ask us for a copy of the personal data we hold about you.
  • Right to rectification - you can ask us to correct inaccurate or incomplete data.
  • Right to erasure - you can ask us to delete your data, subject to some exceptions (for example, the limited suppression-list retention described above).
  • Right to restrict processing - you can ask us to limit how we process your data while a query is being resolved.
  • Right to data portability - applies in limited circumstances; ask us if you wish to exercise it.
  • Right to object to processing - you have a particular right to object to processing carried out on the basis of legitimate interests, including the processing described in this notice. If you object, we will stop processing your data for outreach purposes and add you to our suppression list.
  • Right to lodge a complaint with a supervisory authority - in the UK this is the Information Commissioner's Office (ICO, ico.org.uk). If you are located in Bulgaria or another EU member state, you may complain to your local supervisory authority; in Bulgaria this is the Commission for Personal Data Protection (CPDP, cpdp.bg).

To exercise any of these rights, contact us at yavo@bamya.co. We will respond within one month. We do not charge a fee for handling reasonable requests.

You do not need to give a reason when objecting to processing or asking to be removed.

9. Automated decision-making

We do not make decisions about you that produce legal or similarly significant effects on you using solely automated means.

10. Changes to this notice

We may update this notice from time to time. The date at the top of this page shows when it was last revised. Material changes will be reflected in an updated version published at the same web address.

11. Contact

For any question about this notice or about how we handle your data, write to:

ATTN Please ltd
yavo@bamya.co