Data Compliance and Marketing Transparency
See the information below that explains how the email data we provide is processed in accordance with GDPR.
See the information below that explains how the email data we provide is processed in accordance with GDPR.
Which Lawful Basis?
We identify ‘Legitimate Interest’ as the most appropriate lawful basis for processing our third party B2B marketing data. Direct marketing is recognised as a legitimate interest in GDPR recital 47.
How was this explained on collection?
Our online business directory and preference centre, 5mins.co.uk captures, legitimises, verifies and updates the corporate data on our file. On collection it was/is explained to each individual what their personal information would be used for. The 5mins Site Subscriber Privacy Policy is accessible directly on this link: https://www.5mins.co.uk/SubscriberPrivacy.aspx.
Do we use a Layered Privacy Policy?
On collection of the data we use a layered privacy policy with the most important information upfront. This is designed to be transparent and clear with concise language.
How are individuals informed of what we do with their data and how they can refuse marketing?
We send a regular data privacy notice by email reminding individuals of what personal information we hold and what we do with their data. The email includes a link for them to update their personal information and preferences within the 5mins preference centre. At this point they are also reminded of their right to object to processing and provided with the opportunity to unsubscribe. This gives them control over their information.
What do you need to do?
If you purchase B2B email data you will need to do your due diligence on your suppliers. We can assist you with documentation that will help you gather the necessary information. With sales of our prospect B2B email lists we to provide our clients with a copy of our data due diligence documents before purchase. We can also help with running balancing tests that ensure you are correctly targeting the right contacts. We can advise on any other necessary processes such as sending a data privacy notice on immediate purchase of an email list. We aim to help our clients as much as possible so that they understand the process and implications of GDPR.
What do we need to do with our clients?
We clearly have a responsibility to comply with the new law ourselves. This includes the need to ensure that, when we share personal data with you, it will be in good hands. Therefore we have to do our own due diligence on our customers. You will notice that we are asking you more questions, for instance about your lawful basis and data processes.
In summary, we are GDPR compliant with the UK B2B email data we supply because we do the following:
Under the GDPR principle of accountability, Emailmovers is able to demonstrate that we are compliant. We always record the legal grounds for processing an individual’s personal data
We have done our Due Diligence on our suppliers of B2C data which has included documentation, site visits and a thorough understanding on how they collect data for third parties. Their details are as follows:
Data OD Ltd | Data On Demand – https://dataondemand.co.uk/privacy-policy/
Data OD Ltd, Platform, New Station Street, Leeds, LS1 4JB
ICO: ZA231384
UK Reg No: 10183365
Which Lawful Basis?
Our suppliers offer 2 separate data-sets for targeted marketing. When collecting new data under GDPR for Third Party Marketing, our suppliers consider consent to be the most appropriate basis for lawful processing. However, our supplier also offers a data-set that was collected under PECR which is processed under legitimate interest.
How was consent gained on collection?
They collect data for Third Party Marketing from their Data Contributor Network (DCN).
Consent from the Data Subject on the Data Contributors websites is collected with the following rules:
How is consent recorded?
How is consent managed?
What do you need to do?
You need to do you due diligence with any data supplier and in preparation for this we will be assisting our clients with this. We will provide a copy of our data due diligence documentation for B2C email lists before purchase. We will help you correctly target your audience and will offer advice on any other necessary processes. We aim to help our clients as much as possible so that they understand the process and implications of GDPR.
In summary, the UK B2C data we provide to clients is GDPR compliant because we ensure our suppliers do the following:
See also our B2C Data Processing Privacy Notice page.
We have been doing due diligence on our UK and overseas suppliers to ensure that their data collection is compliant with GDPR fair processing policies, and that their systems are robust enough to be able to deal with the rigours of GDPR such as SAR’s.
Which Lawful Basis?
The European third party B2B data we provide is processed under the legal basis of ‘Legitimate Interest’. Direct marketing is recognised as a legitimate interest in GDPR recital 47. In the B2B environment it can be assessed that sending relevant promotional materials to data subjects in their job roles will be appropriate.
How are individuals informed of what we do with their data and how they can refuse marketing?
What do you need to do?
In preparation and post 25th May we will be assisting our clients in doing their due diligence. With future sales of prospect B2B email lists we are going to provide our clients with a copy of our data due diligence documentation before purchase. You will be expected to do an Impact Assessment to assess if your processing is relevant and appropriate. We will help with running balancing tests that ensure you are correctly targeting the right contacts. We can advise on any other necessary processes such as sending a data privacy notice on immediate purchase of an email list. We aim to help our clients as much as possible so that they understand the process and implications of GDPR.
What do we need to do with our clients?
We clearly have a responsibility to comply with the new law ourselves. This includes the need to ensure that, when we share personal data with you, it will be in good hands. Therefore we have to do our own due diligence on our customers. You will notice that we are asking you more questions, for instance about your lawful basis and data processes.
|