← All policies
Lawful basis

Legitimate Interest Assessment

Paraden AI Ltd

B2B data processing under UK GDPR Article 6(1)(f). This assessment is published in full for transparency.

FieldDetail
AuthorDirector, Paraden AI Ltd
StatusLive
Data ControllerParaden AI Ltd
ICO registrationZC136291

1. Purpose of this assessment

This Legitimate Interest Assessment (LIA) documents the three-part test required under UK GDPR Article 6(1)(f) to confirm that Paraden AI Ltd has a valid legitimate interest as its lawful basis for processing B2B contact data. This document applies to all processing activities conducted by Paraden AI Ltd on behalf of itself and its clients.

This assessment covers:

  • Processing of business contact data (names, job titles, business email addresses, business telephone numbers, company names and firmographic data) entered into the platform by the Controller, including data sourced by the Controller from third-party B2B data providers under the Controller's own contracts and lawful basis;
  • Processing of business contact data entered directly into the Paraden platform by clients;
  • Use of that data for B2B sales outreach, prospecting, account research, and campaign management activities;
  • Storage and processing of that data within the Paraden ARIA platform – an agentic intelligence layer between a sales team's CRM and the team – hosted on Railway infrastructure.

2. The three-part legitimate interest test

UK GDPR Article 6(1)(f) requires satisfaction of three cumulative tests: the Purpose Test, the Necessity Test, and the Balancing Test. Each is documented below.

2a. Purpose test – is there a legitimate interest?

The purpose test asks whether there is a genuine, lawful interest being pursued. Paraden AI Ltd identifies the following legitimate interests:

InterestDescription
B2B commercial prospectingEnabling clients to identify and contact businesses that may have a genuine need for their products or services. Legitimate: Yes.
Platform operationStoring and processing B2B contact data to operate the Paraden ARIA platform as an agentic intelligence layer for clients' sales teams. Legitimate: Yes.
Market research and intelligenceResearching companies and industries to support clients in building informed sales strategies. Legitimate: Yes.
Business developmentParaden AI Ltd identifying and contacting potential clients for its own commercial purposes. Legitimate: Yes.

The ICO and relevant case law confirm that B2B direct marketing and prospecting represent legitimate commercial interests, provided they are proportionate and respect the rights of data subjects. The processing in question relates exclusively to individuals in their professional capacity using business contact details. This is distinct from consumer data processing and carries lower privacy risk.

2b. Necessity test – is processing necessary?

The necessity test asks whether processing is a targeted and proportionate way of achieving the purpose, and whether the same result could be achieved through less intrusive means.

QuestionAssessment
Could the purpose be achieved without processing personal data?No. B2B outreach requires contact-level data (name, job title, business email) to reach the appropriate decision-maker within a target organisation. Company-level data alone is insufficient.
Is the processing limited to what is necessary?Yes. Paraden processes only business contact data relevant to professional roles. No sensitive personal data (special category data) is processed. Consumer data is not processed.
Are less intrusive means available?No less intrusive means exist that would achieve the same outcome. Processing is limited to data that individuals have made available in a professional capacity.
Is data minimised?Yes. Only fields necessary for legitimate B2B outreach are stored: name, job title, business email, business telephone, company name, company website, and LinkedIn URL where available.

2c. Balancing test – do the individual's interests override?

The balancing test weighs Paraden's legitimate interests against the privacy rights and reasonable expectations of the individuals whose data is processed.

Factors weighing in favour of processing:

  • Data subjects are contacted in their professional capacity only, using business contact details. Their personal (non-work) contact details are not processed;
  • Data subjects hold senior professional roles (directors, VP-level, C-suite, heads of function) where receipt of relevant B2B communications is a reasonable and expected part of their professional role;
  • The nature of B2B outreach is fundamentally different from consumer direct marketing. Individuals in commercial roles have a reasonable expectation of receiving relevant business communications from third parties;
  • Where data is sourced by clients from third-party B2B data providers, those providers operate under their own legitimate interest or consent-based frameworks and are subject to UK GDPR and ICO oversight. Paraden does not directly source contact data from third-party providers;
  • Processing is limited in scope: data is used solely for B2B prospecting, account management, and sales campaign activities. It is not sold, shared with unrelated third parties, or used for profiling beyond commercial relevance;
  • Paraden operates a strict client data separation model using Row Level Security (RLS) in PostgreSQL. No client's data is accessible to any other client.

Factors considered that could weigh against processing:

  • Individuals may not be aware that their data is held by Paraden or its clients;
  • Individuals may receive outreach that is not relevant to their current role or interests.

Mitigation measures in place:

  • All outreach facilitated through Paraden includes the ability for recipients to opt out of further communications. Opt-outs are recorded and honoured;
  • Paraden clients are required under the Master Services Agreement to identify themselves clearly in all outreach and to honour opt-out requests promptly;
  • Data retention periods are defined and enforced. Data that has not been engaged with is subject to scheduled review and deletion;
  • Individuals can exercise their right of access, erasure, or objection at any time by contacting [email protected];
  • Outreach facilitated by Paraden is targeted and relevant: the platform's AI agents are designed to identify contacts whose professional role is directly relevant to the product or service being offered, reducing the risk of irrelevant communications.
Conclusion: The balancing test is satisfied. The legitimate interests of Paraden AI Ltd and its clients in conducting targeted B2B prospecting and outreach are not overridden by the interests, rights, or freedoms of the data subjects, given the professional context, the nature of the data processed, the safeguards in place, and the reasonable expectations of individuals in senior commercial roles.

3. Categories of data processed

Data fieldPurpose and retention
Full nameIdentify and address the correct individual. Retention: duration of client relationship + 12 months.
Job titleConfirm relevance and seniority of contact. Retention: duration of client relationship + 12 months.
Business email addressPrimary channel for B2B outreach. Retention: duration of client relationship + 12 months.
Business telephone numberSecondary outreach channel. Retention: duration of client relationship + 12 months.
Company nameLink contact to target organisation. Retention: duration of client relationship + 12 months.
Company websiteResearch and enrichment. Retention: duration of client relationship + 12 months.
LinkedIn URLProfessional network identification. Retention: duration of client relationship + 12 months.
Outreach historyTrack communications and avoid duplication. Retention: duration of client relationship + 12 months.

No special category data (as defined under UK GDPR Article 9) is processed. No consumer personal data is processed. All data relates to individuals in their professional capacity.

4. Data sources

SourceLawful basis applied by source
Client-entered data and client-sourced enrichmentLegitimate interest or contract – data entered directly into the ARIA platform by the Controller, including data the Controller has sourced from third-party B2B providers under its own contracts. The Controller is responsible for the lawful basis of data it provides to ARIA.
ARIA research tools (Perplexity, Tavily)Publicly available business information only.

5. Individual rights

Data subjects have the following rights under UK GDPR, all of which Paraden AI Ltd is committed to honouring:

RightHow to exercise
Right of access (Subject Access Request)Email [email protected] – response within 30 days
Right to erasureEmail [email protected] – data deleted within 30 days
Right to object to processingEmail [email protected] or reply to any outreach with 'unsubscribe' or 'remove me'
Right to restrict processingEmail [email protected]
Right to data portabilityEmail [email protected] – data provided in CSV format

Opt-out requests received via any channel (email reply, direct contact, or platform-level instruction) are recorded in the Paraden platform and honoured within 5 business days. Contacts who have opted out are suppressed from all future outreach by that client.

6. Conclusion and sign-off

Having conducted this three-part legitimate interest assessment, Paraden AI Ltd concludes that:

  • A genuine legitimate interest exists in processing B2B contact data for the purposes of commercial prospecting, platform operation, and B2B outreach facilitation;
  • Processing is necessary and proportionate to achieve those purposes;
  • The interests of Paraden AI Ltd and its clients are not overridden by the rights and freedoms of the data subjects, given the professional context, the nature of the data, and the safeguards in place.

Legitimate interest under UK GDPR Article 6(1)(f) is therefore the appropriate lawful basis for the processing activities described in this document. This assessment will be reviewed annually or whenever there is a material change to processing activities, data sources, or applicable law.

Sign-offDetail
SignedDirector, Paraden AI Ltd