Website visitor identification and GDPR: how it works
The short answer
B2B website visitor identification operates under clear rules in the EU, UK, and US. In the EU and UK, visitors are identified at the company level, and decision-maker contacts are then enriched through data partners with a lawful basis. In the US, identification happens at the individual level. Warm AI, like reputable tools across this category, follows these rules.
How identification works in the EU and UK
Under GDPR and UK GDPR, identification starts at the company level: the visitor's IP address is matched to a business. From there, decision makers at that company are enriched as contacts, name, title, LinkedIn, through data partners who maintain their own GDPR compliance programs and lawful-basis frameworks. So you don't see the specific anonymous individual who browsed your pricing page; you see the company that visited and the relevant decision makers at it.
How identification works in the US
In the US, person-level identification is permitted. US (and Canadian) visitors are identified at the individual level, the actual person who visited, with name, job title, and LinkedIn profile where available.
What this means in your dashboard
EU / UK visitors
Company identified → decision makers enriched. Example: “Northwind Traders visited your pricing page” plus enriched contacts at Northwind Traders.
US / Canada visitors
Individual identified. Example: “Jordan Lee, Head of Growth at Acme Corp, viewed Pricing and Features.”
How Warm AI handles your data
Processing under GDPR and UK GDPR
Warm AI is a UK company (WARMAI LIMITED) and processes data in accordance with both frameworks.
Compliant data partners
Enrichment runs through providers with their own GDPR compliance programs.
Data subject rights
Handling for access, deletion, and portability requests.
Transparent processing
Clear documentation of what we collect and how it's processed. DPA available on request.
What identification looks like in practice.
Frequently asked questions
Is website visitor identification legal under GDPR?
Yes, operated within the rules: company-level identification in the EU and UK, with decision-maker enrichment through data partners that maintain a lawful basis. This is how the category works, and how Warm AI works.
Will I see the exact person who visited from the EU or UK?
No, EU and UK identification is at the company level. You'll see the company that visited and enriched decision-maker contacts at that company, not the specific anonymous visitor.
Will I see the exact person who visited from the US?
Yes, where identifiable, US and Canadian visitors are identified at the individual level, including name, title, and LinkedIn profile where available.
What's the difference between GDPR and UK GDPR?
Post-Brexit, the UK runs its own GDPR regime alongside the EU's. The rules for visitor identification work the same way under both, and Warm AI operates under both.
Does Warm AI offer a DPA?
Yes, a data processing agreement is available on request.
This page is general information about how website visitor identification works under GDPR, not legal advice. Consult your legal team or DPO for guidance on your specific situation.
Related guides
Part of our UK website visitor identification guide. Explore the rest of the series.