Effective date: November 1, 2025

1. General provisions

1.1. This Privacy Policy (the “Policy”) describes how Leadex (hereinafter referred to as “We,” “the Agency,” “Leadex”) collects, uses, stores, and protects the personal data of customers, partners, and/or website visitors (hereinafter referred to as “User,” ‘You’) through the website https://leadex.is/en and related services (hereinafter referred to as “Services”).
1.2. We recognize and respect the User’s right to protect their personal data and undertake not to transfer information about customers or orders to third parties without your consent, except in cases expressly provided for in this Policy.
1.3. Your use of the website and/or Services means that you accept the terms of this Policy. If you do not agree with its terms, please do not use the website/Services.

2. Data controller

2.1. The personal data controller (hereinafter referred to as the “Controller”) is:
– Company name: Leadex LTD
– Contact email: support@leadex.is

3. What data we collect

We may collect the following categories of personal data:

• Contact details: first name, last name, email address, phone number (if provided) — when you contact us, fill out a form, subscribe to a newsletter, or enter into a contract.
• Customer company/business data: name, legal address, contact persons, if you are a legal entity and enter into a contract with us for Services.
• Payment data: details, if applicable (e.g., when paying for services). We do not store full bank card details if we use a payment provider.
• Technical data: IP address, device type, browser, time zone, page visit statistics, cookies, and similar technologies — collected automatically when you visit the website.
• Marketing and communications data: your correspondence history with us, preferences, interests — if you have given your consent or if it is necessary for the performance of the contract.
• Purposes and legal basis for processing

4.1. We process your personal data for the following purposes:

• Provision of services to attract the target audience through advertising on online channels (Telegram, Google, influencers, etc.).
• Administration and performance of the contract with you, including invoicing, reporting, communication.
• Improvement of the website, usage analysis, technical maintenance.
• Marketing communications — only with your consent, or if it is permissible under the existing customer contract and in accordance with the law.

4.2. The legal grounds for processing are:

• performance of a contract (if you are a customer);
• the legitimate interest of the Controller (e.g., ensuring website security, improving services) — taking into account
• the balance of your rights;
• your voluntary consent (e.g., to marketing communications) — with the right to withdraw at any time.

5. Transfer of data to third parties

5.1. We guarantee that we do not transfer our clients’ personal data about orders, campaigns, strategies, or other confidential information to third-party organizations or individuals, except in cases specifically agreed upon with the Client and necessary for the provision of Services (e.g., influencers, advertising platforms) and only on the basis of written consent or a contract with a corresponding confidentiality obligation.
5.2. When transferring data to such contractors (e.g., advertising platforms, hosting providers, analytics), we enter into appropriate data processing agreements and require security guarantees.
5.3. We do not sell your personal data or transfer it for direct marketing to third parties without your consent.

6. Data storage

6.1. We store your personal data for no longer than is necessary for the purposes for which it was collected, or as required by contract or law.

6.2. After the termination of the Services and the end of cooperation, the data may be either deleted or anonymized, except in cases where the law requires it to be stored for longer.

6.3. Criteria for determining storage periods: type of data, legal obligations, need for reporting and proof of contract performance.

7. Data security

7.1. We take technical and organizational measures to protect your data from unauthorized access, loss, alteration, or disclosure.

7.2. Only authorized employees and contractors who need the data to provide the Services have access to personal data.

7.3. In the event of a security breach that may pose a risk to the rights and freedoms of individuals, we will notify the data subjects and the competent supervisory authority in accordance with the law.

8. Rights of data subjects

In accordance with the law on the processing of personal data, you have the following rights:

• The right to know whether we process your personal data and to access it.
• The right to request the correction of inaccurate or incomplete data.
• The right to erasure (“right to be forgotten”) when the data is no longer needed or the processing was unlawful.
• The right to restrict data processing.
• The right to object to processing if it is based on legitimate interest.
• The right to data portability (to receive your data in a structured format and transfer it to another controller).
• The right to withdraw your consent to processing if your consent was the basis for processing (without prejudice to the lawfulness of processing prior to withdrawal).
• The right to lodge a complaint with a data protection supervisory authority. (gdpr-info.eu)
• To exercise these rights, please contact us using the contact details provided in section 2.

9. Use of cookies and similar technologies

9.1. We use cookies and/or similar technologies (e.g., web beacons, browser local storage) on the website to ensure the proper functioning of the website, analyze usage, and personalize the website.
9.2. You will be informed and, where required, your explicit consent will be obtained for the use of non-essential cookies.
9.3. You can withdraw or change your cookie settings through your browser or through the settings panel on the website.

10. Details of processing outside the EU

10.1. If data is transferred or stored outside the European Economic Area (EEA), we ensure that appropriate safeguards are in place and notify you accordingly.

10.2. If data is transferred outside the EU, we ensure that the recipient provides adequate data protection.

11. Changes to the Policy

11.1. We may update this Policy from time to time, for example, in connection with changes in legislation, our services, processes, or technology.

11.2. In the event of significant changes, we will notify you or publish an updated version with a new effective date.

11.3. Your continued use of the site/Services after the changes take effect means you agree to the updated Policy.