Skip to content
English
Contact us
  • There are no suggestions because the search field is empty.

Are the CRM and Outlook integrations GDPR-compliant?

Yes, the integrations are GDPR-compliant.

Below we explain why the Lemontaps integrations—both for CRM systems and Outlook—can be used in a GDPR-compliant manner. The focus is on one-way data transfer, data minimization and targeted duplicate checks.

1. One-way data flow

Only new contacts are transferred from Lemontaps to your CRM or Outlook.
Existing records in your CRM or Outlook are not updated or written back to Lemontaps.

 

2. Data minimization

Lemontaps integrations process only the personal data required for the specific purpose:

Although the full contact (including name, email address, phone number, etc.) is transferred, Lemontaps uses only the minimum necessary information—email address and user ID—to check whether a contact already exists.
This targeted duplicate check prevents contacts from being created multiple times while ensuring that data access is limited to what is strictly necessary.

This approach complies with the GDPR principle of data minimization, as only the data essential to fulfill the integration’s purpose is processed.

 

3. Technical and organizational measures

  • Secure data transmission: All transmitted data is protected using modern encryption technologies to prevent unauthorized access.

  • Targeted data access: During duplicate checks in the CRM or Outlook, only a minimal dataset (email address and user ID) is queried. This limitation reduces potential risks and ensures that no unnecessary data is accessed.

 

4. Responsibility and contractual basis

Lemontaps provides the technical interface for exporting data. The data protection responsibility lies with the user/organization, including:

  • Data Processing Agreement (DPA): A corresponding DPA must be concluded with the CRM or Outlook provider to clearly define roles and responsibilities in accordance with GDPR.

  • Consent and transparency: Only individuals who have explicitly consented to data processing (e.g. for marketing purposes) should be transferred to the CRM or Outlook. The privacy policy must transparently describe the storage and processing of this data.

  • GDPR obligations: Once the data is stored in the CRM or Outlook, the controller is responsible for handling access and deletion requests, complying with retention periods, and keeping data up to date. Lemontaps has no further access to data stored in the target systems.

 

Summary

Lemontaps integrations are GDPR-compliant because:

  • They use a one-way data flow (push from Lemontaps) that transfers only new contacts.

  • Only the minimum necessary data is processed to fulfill the defined purpose (data minimization).

  • Duplicate checks rely exclusively on email address and user ID to avoid redundant entries.

  • Appropriate technical and organizational measures ensure secure data transmission.

  • Data protection responsibility remains with the users, who are also responsible for the required agreements and compliance with GDPR obligations.

  • With this clear separation of responsibilities and targeted data handling, Lemontaps integrations can be used securely and in compliance with GDPR.