Legal

Privacy Policy

Last updated: 6 June 2026  ·  Acquistly

1. Who we are

Acquistly is a B2B lead generation service run by Adam Vassallo and Keith Abela, based in Malta. We help UK recruitment agencies generate more qualified sales meetings through targeted outbound outreach. For questions about this policy, contact us at privacy@acquistly.com.

2. Data we collect on this website

When you visit acquistly.com, we may collect:

• Usage data via Google Analytics 4 (pages visited, time on site, device type, approximate location) — only if you have accepted cookies. This data is anonymised and aggregated; we do not identify individual visitors.
• Calendly booking data if you book a call: your name, email address, and any information you provide in the booking form. Calendly's own privacy policy applies to data processed by their platform.

We use a cookie consent banner to obtain your permission before loading analytics cookies. You can withdraw consent at any time by clearing your browser cookies and declining on your next visit.

3. Data we process in outbound campaigns

Acquistly's core service involves identifying and contacting business contacts on behalf of our clients. This means we process personal data of third parties — specifically, business professionals at companies that match a client's ideal customer profile.

The categories of data we process for outbound campaigns include:

• Name and job title
• Business email address
• Company name, size, and industry
• LinkedIn profile URL (where publicly available)
• Publicly available business signals used to personalise outreach

Our lawful basis for processing this data is legitimate interests under UK GDPR Article 6(1)(f). We process business contact data to send relevant, personalised B2B communications to professionals whose job responsibilities make them a plausible recipient of the services being offered. We conduct a Legitimate Interests Assessment before each campaign and maintain records of those assessments. A copy is available on request by emailing privacy@acquistly.com.

4. Where data comes from

Contact data used in outbound campaigns is sourced from:

• Publicly available professional databases and directories
• LinkedIn (in accordance with LinkedIn's terms of service)
• Third-party data providers that comply with UK GDPR

We verify all email addresses before sending to minimise bounces and protect sending reputation. We do not purchase lists from sources that cannot evidence their own lawful basis for collection.

5. Opt-out and suppression

Every outbound email we send includes a clear and functional unsubscribe mechanism. If a contact opts out, their details are added to a suppression list and they will not be contacted again — by Acquistly or by the relevant client — through our infrastructure.

If you have received an email from an Acquistly campaign and would like to be removed, click the unsubscribe link in that email or contact us at privacy@acquistly.com.

6. International data transfers

Some of the third-party services we use are based outside the UK and EU, primarily in the United States. Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, including International Data Transfer Agreements (IDTAs) approved by the UK ICO, or equivalent mechanisms. If you would like more information about specific safeguards for any transfer, contact us at privacy@acquistly.com.

7. Data retention

• Website analytics: retained for 14 months (Google Analytics default), then automatically deleted.
• Calendly booking data: retained for as long as the relationship is active, then deleted within 12 months of the relationship ending.
• Campaign contact data: retained for the duration of the relevant client engagement, plus 12 months. Suppression records are retained indefinitely to honour opt-out requests.
• Client data: retained for the duration of the client relationship and for 6 years afterwards for legal and accounting purposes.

8. Data sharing

We do not sell personal data. We share data only with:

• Clients: contact details of prospects who have responded positively to outreach (e.g. booked a meeting).
• Tool providers: platforms used to operate our service (including email sending infrastructure, list-building tools, enrichment platforms, and analytics). All providers are contractually required to process data only on our instructions and in compliance with applicable data protection law.
• Regulators: if required by law.

9. Your rights

Under UK GDPR, you have the right to:

• Access the personal data we hold about you
• Request correction of inaccurate data
• Request erasure of your data (subject to our legitimate retention obligations)
• Object to processing based on legitimate interests
• Request restriction of processing
• Lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk/make-a-complaint
• Lodge a complaint with the Information and Data Protection Commissioner (IDPC) in Malta at idpc.org.mt

To exercise any of these rights, email privacy@acquistly.com. We will acknowledge your request within 30 days.

10. Complaints

If you have a concern about how we have handled your personal data, email privacy@acquistly.com. We will acknowledge your complaint within 30 days and aim to resolve it within 3 months. If you are not satisfied with our response, you can escalate to the ICO or IDPC using the links above.

11. Security

We use industry-standard measures to protect personal data, including access controls, encrypted connections (HTTPS), and restricted access to contact databases. Our tool providers maintain their own security certifications.

12. Changes to this policy

We may update this policy as our services or legal obligations change. The "last updated" date at the top of this page will reflect any revisions.

13. Contact

For any privacy-related queries: privacy@acquistly.com