Legal Notice on Lead Generation

Last updated: July 2026

1. What this page is about

anilead.io is a B2B lead research tool. It aggregates publicly accessible business data and makes it available to business customers for their own sales work. Whenever this involves data relating to identifiable natural persons — for example sole traders, freelancers or named contact persons — the General Data Protection Regulation (GDPR) applies. This page explains transparently on which legal basis this happens, who is responsible for what, and which obligations apply to users of the platform.

2. Data sources

anilead.io exclusively processes business data from publicly accessible sources:

  • Google Places API (Google’s official programming interface — no scraping of the Google Maps website)
  • Publicly accessible company websites (contact and legal notice pages)

No data is collected from behind logins or paywalls, no private email addresses are gathered, and no special categories of personal data (Art. 9 GDPR) are processed. The source of each record is stored.

3. Legal basis: Legitimate interest

In the European Economic Area, collecting and processing personal business contact data without the data subject’s consent is only permitted if it can be based on a legitimate interest pursuant to Art. 6(1)(f) GDPR. Recital 47 GDPR explicitly recognises direct marketing as a possible legitimate interest — but this always requires a case-by-case balancing test: the interest in the processing must outweigh the interests and fundamental rights of the data subject, and the processing must stay within what the data subject can reasonably expect.

“The data is public” is explicitly not a carte blanche: even publicly accessible data may only be processed with a documented legal basis and only for purposes that withstand this balancing test. For building and operating its own data base, anilead.io (mysoftwarelab GmbH) maintains a documented legitimate interest assessment.

4. Responsibilities

  • For the collection, storage and provision of lead data within the platform, mysoftwarelab GmbH is the data controller.
  • As soon as users use lead data for their own business activities — for example exporting it, transferring it to a CRM or contacting leads — they become controllers in their own right within the meaning of Art. 4(7) GDPR and must ensure their own legal basis as well as compliance with unfair competition law.

5. User obligations when contacting leads

Whether and how researched contacts may be approached is governed not only by the GDPR but in particular by unfair competition law (in Germany: UWG). The most important rules for Germany:

  • Email advertising: Under Section 7(2) no. 2 of the German UWG, advertising emails require the recipient’s prior express consent — including in B2B. An exception applies only to existing customers under the narrow conditions of Section 7(3) UWG. Cold emails to researched addresses without consent are unlawful under competition law and can trigger cease-and-desist claims.
  • Telephone outreach (B2B): Under Section 7(2) no. 1 UWG, advertising calls to businesses are only permitted where at least presumed consent exists — i.e. a specific, factual interest of the called party in the offer can be inferred from the circumstances. Mere industry affiliation is not sufficient.
  • Postal advertising: Postal advertising to business addresses is generally permissible on the basis of legitimate interest, provided no objection has been lodged.
  • Information obligation (Art. 14 GDPR): Anyone who obtains personal data from sources other than the data subject must inform them about the processing at the latest at the time of first communication, and in any case within one month — including the data source, purpose, legal basis and right to object.
  • Objection (Art. 21 GDPR): If a person objects to processing for marketing purposes, this objection is absolute: the data may no longer be used for direct marketing and must be blocked or erased.
  • Documentation and data minimisation: Users should document their own legitimate interest assessment, store only the data required for the purpose, and delete unresponsive contacts after a reasonable period.

Rules in other EEA countries may differ (implementation of the ePrivacy Directive); users must check the regulations applicable in the target country.

6. Rights of data subjects

Are you the owner, managing director or contact person of a business and want to know whether data about your business is contained in anilead.io? You have the right to access (Art. 15 GDPR), rectification (Art. 16), erasure (Art. 17) and to object to processing for marketing purposes (Art. 21(2) GDPR) at any time.

An informal email to info@mysoftwarelab.com is sufficient. We implement objections promptly and maintain an internal suppression list so that blocked contacts are not collected again.

7. Not a substitute for legal advice

The information on this page is provided for general information and transparency. It does not constitute legal advice and does not replace an individual assessment by qualified legal counsel. Lawful use of the researched data — in particular the choice of outreach channel — is the responsibility of the respective user.

Further information on the processing of personal data can be found in our privacy policy.