LinkedIn Lead Sync
Internal Data Handling & Privacy Policy
Internal — Confidential
Purpose and Scope
This policy sets out the mandatory rules that all BeeEye employees, contractors, and authorized personnel ("staff") must follow when accessing, processing, or otherwise handling lead data obtained through our integration with the LinkedIn Lead Sync API. Its purpose is to ensure we uphold the highest standards of data privacy, maintain the trust of our clients, and strictly comply with our contractual obligations as a data processor.
In scope: All client lead data ingested automatically from LinkedIn Lead Gen Forms into the BeeEye CRM and any downstream systems. This includes raw lead records, reports that contain personal data, and notification content.
Out of scope: Anonymised, aggregated data that does not identify an individual.
Definitions
- Lead Data: Personally identifiable information (PII) submitted by a prospect via a client's LinkedIn Lead Gen Form — e.g., name, email address, phone number, job title, company name, LinkedIn profile URL, and custom form answers.
- Lead Sync API: The programmatic interface that automatically pulls new leads from LinkedIn into the BeeEye CRM in real time, once a client has authenticated the connection.
- Client: The organisation that holds the direct relationship with the lead and for whom BeeEye is processing data.
Overriding Principles
All staff handling Lead Data must always follow these principles:
Lead Data may only be used for the specific purposes the client has authorised. You must never use it for any other internal business purpose or personal gain.
Only access the minimum amount of Lead Data required to perform your role.
Lead Data is strictly confidential. It must never be discussed, shared, or displayed outside of authorised business channels.
You must follow all information security controls at all times. If in doubt, stop and ask the policy owner.
Authorised Use Cases and Procedures
The following three business processes are the only permitted uses of Lead Data originating from the LinkedIn integration. Any deviation requires prior written approval from the policy owner.
4.1 — Lead Sync (Real-time Ingestion)
What we do: The Lead Sync API automatically ingests new leads into the client's BeeEye CRM instance the moment a form is submitted. No manual intervention by BeeEye staff is necessary.
Staff responsibilities:
- You may only access a client's synced leads if your role specifically requires it (e.g., for support or troubleshooting).
- You must not browse or search through lead records without a clear, documented business reason tied directly to servicing that client.
- During system testing or debugging, you must use anonymised or synthetic test data whenever possible. If live data is strictly necessary, you must obtain explicit permission from your line manager and the policy owner, and you must delete the local copies immediately after the issue is resolved.
4.2 — Reporting (Lifecycle Tracking & ROI Measurement)
What we do: We connect synced lead data with the client's internal sales pipeline to generate internal reports that show a lead's journey from initial form submission to a closed-won purchase, enabling conversion rate and ROI analysis.
Staff responsibilities:
- Reports that will be viewed by anyone beyond the client's designated account team must be aggregated and anonymised so that no individual lead can be identified.
- You must never create or share a report containing raw Lead Data with any party other than the client, unless required by law and approved by the policy owner.
- When presenting performance benchmarks internally or to other clients, only aggregated, anonymised data may be used. Any accidental inclusion of PII must be reported immediately (see Section 8).
4.3 — Real-time Notifications
What we do: Our system triggers automatic alerts to the client's designated sales representatives the moment a lead is synced, minimising speed-to-lead.
Staff responsibilities:
- The content of notification templates must be reviewed to ensure no Lead Data is exposed in log files, email subject lines, or notification previews unless strictly necessary.
- You must not configure, test, or modify notification routing in a way that would send Lead Data to any email address, Slack channel, or phone number not authorised by the client.
- If you are involved in setting up a client's notification workflows, you are responsible for verifying the recipient list and must document that verification.
Access Control & Confidentiality
Access to the BeeEye CRM and any internal databases containing Lead Data is granted based on the principle of least privilege. You will only be given the minimum access rights needed to do your job.
- You must never share your login credentials, API keys, or authentication tokens with anyone else.
- All workstations used to access Lead Data must be password-protected, encrypted at rest, and locked when unattended.
- Discussion of any individual lead's data in public channels (e.g., open-plan offices, public Slack channels, unencrypted email) is strictly forbidden.
Data Security
You must adhere to the following technical and organisational measures:
- Always transmit Lead Data over encrypted channels (HTTPS/TLS). Never send raw Lead Data via unencrypted email or messaging apps.
- Do not store Lead Data on portable media (USB drives, personal cloud storage) without explicit, written permission from the policy owner.
- Report any suspected security vulnerability or unauthorised access immediately through the incident reporting process.
Data Retention & Deletion
Lead Data is retained within the client's CRM instance for as long as the client's contract specifies, or until they instruct us to delete it.
- You must not create unofficial backups or personal copies of Lead Data.
- When a client terminates the LinkedIn integration or their BeeEye account, the automated data deletion procedure will run.
- If you are asked to assist with a manual deletion, you must confirm in writing that all copies have been securely erased and that no residual data remains in test environments, local machines, or log archives, unless otherwise required by law and documented.
Incident Reporting
If you become aware of a data incident — such as unauthorised access, accidental disclosure of Lead Data, loss of a device containing Lead Data, or a system vulnerability that could compromise Lead Data — you must:
- Immediately notify the policy owner and the security team via info@beeeye.ca.
- Preserve any relevant evidence (do not delete logs or files).
- Do not attempt to investigate or "fix" the issue yourself unless you are an authorised member of the incident response team.
Training & Acknowledgement
All current and new staff with access to Lead Data must complete the mandatory Data Privacy & Security Awareness training annually.
You are required to read, understand, and formally acknowledge this policy upon joining and whenever it is updated. The acknowledgement record will be kept in your personnel file.
Violations & Consequences
Failure to comply with this policy is a serious matter. Any violation — deliberate or negligent — may result in disciplinary action, up to and including termination of employment or contract, and could lead to personal legal liability. We reserve the right to report illegal activities to the relevant authorities.
Policy Review
This policy will be reviewed at least annually, or whenever there is a material change to the LinkedIn Lead Sync API functionality, our processing activities, or applicable data protection law. All staff are welcome to submit suggested improvements to the policy owner at info@beeeye.ca.