Platform

Agents

Blog

Pricing

Login

Book a demo

GDPR Compliance at Lantern

We're committed to helping our customers understand and comply with the General Data Protection Regulation. Here's how we protect your data and support your compliance obligations.

Overview


The General Data Protection Regulation (GDPR) is the European Union's comprehensive data privacy law, in effect since May 25, 2018. It strengthens and standardizes personal data protection across EU member states and imposes obligations on all organizations that handle EU citizens' personal data, regardless of where those organizations are located.

Lantern has adapted its product offerings, operations, and contractual commitments to help customers comply with the GDPR. We continuously monitor guidance from data protection regulatory bodies and update our practices accordingly.

Our Commitment


We've taken concrete steps to align our platform and operations with GDPR requirements:

  • Invested in our security infrastructure and achieved SOC 2 Type II certification

  • Updated our contractual terms, including our Data Processing Addendum, to reflect GDPR requirements

  • Implemented Standard Contractual Clauses (SCCs) and the UK International Data Transfer Addendum for lawful cross-border data transfers

  • Maintain a transparent subprocessor list with advance notification of changes

  • Conduct regular security assessments, vulnerability scanning, and incident response testing

  • Provide data subject rights support to help customers respond to access, deletion, and portability requests

  • Appointed a dedicated privacy point of contact reachable at support@withlantern.com


Data Processing Roles


Under the GDPR, the roles of controller and processor determine each party's obligations. Lantern's role depends on the type of data being processed:


Customer Data — Lantern as Processor


When you provide your CRM data, contact lists, or other personal data to Lantern for processing through our platform, Lantern acts as a data processor under your instructions. Our Data Processing Addendum governs this relationship and sets out the security, confidentiality, and data handling obligations we commit to.


Product Data — Lantern as Controller


When Lantern provides enriched business contact data through our data enrichment services (e.g., new email addresses, phone numbers, job titles sourced from our provider network), Lantern acts as an independent data controller for the collection and curation of that data. When enriched data is delivered to your account, you become a controller for any subsequent processing. Our Master Service Agreement details the terms governing Product Data.

This dual-role structure reflects the distinct data flows within our platform and is standard practice in the B2B data enrichment industry.


Legal Basis for Processing


Lantern processes personal data under the following legal bases as defined in GDPR


Article 6: Legitimate Interest (Article 6(1)(f))


For the processing of business contact data obtained through our enrichment services, we rely on legitimate interest. The processing of professional contact information — such as business email addresses, work phone numbers, job titles, and LinkedIn profiles — for B2B sales and marketing purposes represents a recognized legitimate business interest. We conduct balancing assessments to ensure that our processing does not override the fundamental rights and freedoms of data subjects, taking into account that the data is limited to professional and business contexts.


Contractual Necessity (Article 6(1)(b))


For customer account data, we process personal data as necessary to fulfill our contractual obligations under the Subscription Service agreement.


Consent (Article 6(1)(a))


Where applicable, we obtain consent for specific processing activities such as marketing communications. You may withdraw consent at any time.


Your Rights Under the GDPR


If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights with respect to your personal data:


  • Right of Access — Request a copy of the personal data we hold about you.

  • Right to Rectification — Request correction of inaccurate or incomplete personal data.

  • Right to Erasure — Request deletion of your personal data in certain circumstances.

  • Right to Restriction — Request that we limit the processing of your personal data.

  • Right to Data Portability — Receive your data in a structured, machine-readable format.

  • Right to Object — Object to processing based on legitimate interests or direct marketing.

  • Right to Withdraw Consent — Withdraw consent at any time for consent-based processing.

  • Right to Lodge a Complaint — File a complaint with your local data protection supervisory authority.


To exercise any of these rights, please contact us at support@withlantern.com. We will respond to your request within the timeframes required by applicable law.


If you interact with one of our customers through the Lantern platform and wish to exercise your rights, please contact the relevant Lantern customer directly. As a processor of their data, we will assist them in fulfilling your request.


International Data Transfers


Lantern is based in the United States. When personal data is transferred from the EEA, the United Kingdom, or Switzerland to the United States, we rely on the following mechanisms to ensure lawful and adequate protection:


Standard Contractual Clauses (SCCs)


We execute the European Commission's Standard Contractual Clauses (adopted June 2021) as part of our Data Processing Addendum. These clauses provide contractual safeguards for personal data transferred outside the EEA.


UK International Data Transfer Addendum


For transfers originating from the United Kingdom, we execute the UK Addendum to the Standard Contractual Clauses, as approved by the UK Information Commissioner's Office.


Our subprocessors are also required to maintain appropriate data transfer safeguards, including Standard Contractual Clauses or equivalent mechanisms, for any personal data they process on our behalf.


Security & Certifications


SOC 2 Type II


Lantern has completed a SOC 2 Type II audit conducted by an independent third-party auditor. This certification validates our controls across security, availability, and confidentiality. A copy of our SOC 2 report is available under NDA — contact support@withlantern.com to request it.


Technical & Organizational Measures


Our security program includes encryption in transit (TLS 1.3) and at rest (AES-256), automated vulnerability scanning, secure SDLC practices with mandatory code reviews, incident response procedures, and continuous infrastructure monitoring. For more detail, visit our Trust Center.


Incident Notification


In accordance with GDPR Article 33, Lantern maintains incident response procedures that include timely notification to affected customers in the event of a personal data breach. Notification timelines and procedures are detailed in our Data Processing Addendum.


Subprocessors


Lantern engages subprocessors to support our infrastructure and deliver the Subscription Service. Each subprocessor is contractually bound by data processing agreements that impose the same data protection obligations required by the GDPR.

Our current subprocessor list — including identities, locations, and processing descriptions — is available at withlantern.com/legal/subprocessor. We provide advance notice of any changes to our subprocessor list in accordance with our DPA commitments.


Data Processing Agreement


Lantern offers a Data Processing Addendum (DPA) that governs our processing of customer personal data. The DPA addresses:

  • Scope, nature, and purpose of processing

  • Categories of personal data and data subjects

  • Security obligations and technical measures

  • Data subject rights and assistance obligations

  • Breach notification procedures

  • Subprocessor management and approval processes

  • International data transfer mechanisms (SCCs and UK Addendum)

  • Data retention and deletion upon termination


To request a copy of our DPA, please contact support@withlantern.com or speak with your Lantern account representative.


Contact Us


If you have questions about your rights under the GDPR, how Lantern can help with your compliance, or any other privacy matter, please reach out:


Privacy Inquiries: support@withlantern.com

Security Inquiries: support@withlantern.com 

AGENTS

Champion

Visitor ID Agent

Intent Signals

Visitor ID

Outbound

Account Scoring

Lead Scoring

Inbound Routing

ABM Orchestration

Opportunity

Account Intelligence

Waterfall Enrichment

Data Hygiene

Pipeline Health

PLATFORM

Revenue Data

Signals

Ontology

Builder

Integrations

Research

Agent Builder

Enterprise

PRICING

Pricing

RESOURCES

Blog

Support

© LANTERN 2026

GDPR

Subprocessors

MSA

Terms

Privacy

Linkedin

AGENTS

Champion

Visitor ID Agent

Intent Signals

Visitor ID

Outbound

Account Scoring

Lead Scoring

Inbound Routing

ABM Orchestration

Opportunity

Account Intelligence

Waterfall Enrichment

Data Hygiene

Pipeline Health

PLATFORM

Revenue Data

Signals

Ontology

Builder

Integrations

Research

Agent Builder

Enterprise

PRICING

Pricing

RESOURCES

Blog

Support

© LANTERN 2026

GDPR

Subprocessors

MSA

Terms

Privacy

Linkedin

AGENTS

Champion

Visitor ID Agent

Intent Signals

Visitor ID

Outbound

Account Scoring

Lead Scoring

Inbound Routing

ABM Orchestration

Opportunity

Account Intelligence

Waterfall Enrichment

Data Hygiene

Pipeline Health

PLATFORM

Revenue Data

Signals

Ontology

Builder

Integrations

Research

Agent Builder

Enterprise

PRICING

Pricing

RESOURCES

Blog

Support

© LANTERN 2026

GDPR

Subprocessors

MSA

Terms

Privacy

Linkedin