DATA THAT IS GDPR COMPLIANT
GDPR IS THE REPLACEMENT FOR THE DATA PROTECTION ACT WHICH CAME INTO FORCE ON 25TH MAY 2018.
Wonderful Communications is registered with the Information Commissioner’s Office and operates within the terms of the Data Protection Act. We are also ready for GDPR (General Data Protection Regulation) which came into force on 25th May 2018. If you buy/use data from Wonderful Communications and use it within the constraints of our Terms and Conditions, the data complies with GDPR and you can use it beyond 25th May 2018.
Much of our data is gathered from public sources such as company reports, press releases, trade magazines, business news websites, company websites, email signatures and social media. We focus on large companies and the key decision makers within those companies.
We supplement information from public sources with telephone research, checking all data every four months with the relevant company.
The key requirements of the Data Protection Act are that data is used responsibly, is checked regularly and that the person listed (or someone associated with that person) has not asked to be removed from that list.
If a person asks to be removed from our database, their name is immediately removed from our databases and systems are in place to ensure that their name is not added at a later date.
As a user of Wonderful Communications data lists, the Data Protection Act requires you to:
Only send mail that relates to business matters.
Make sure you have a return address on the envelope (so that the Royal Mail can return any letters that are incorrectly addressed). You can return these ‘gone aways’ to us, so that we can update our records too, but bear in mind that if you are using the data more than four weeks after you purchased it, you will not receive the 60p handling refund that we offer for all verified ‘gone aways’.
You must ensure there is an option for the addressee to remove himself or herself from the list.
If you are using email addresses your email must contain a mechanism whereby the person can opt out of receiving any further e-marketing communications from you. All it requires is a line at the bottom of the email saying, ‘if you don’t wish to hear from us again, please reply with the word ‘unsubscribe’ in the subject line’. This is a central part of the Privacy & Electronic Communications (EC Directive) Regulations 2003.
We recommend that you do not use the data for more than six months without either checking it yourself or buying an updated version of the list from Wonderful Communications. When the new Data Protection legislation comes into force on 25th May 2018 (GDPR) you will be legally obliged to keep your lists updated. So that data you have bought/used can be used beyond 25th May 2018.
If we find that data users are not complying with the Data Protection Act or are using our data unlawfully, we reserve the right to blacklist the offending organisation and report them to the Information Commissioner.
The Data Protection Act and its successor GDPR, exists to protect people from the unscrupulous companies who take no care over the compilation and updating of their data. Legitimate users of well researched and maintained lists have nothing to fear from this law.
GDPR & LEGITIMATE INTERESTS
How Can You Continue to Use Bought-In Mailing Lists and Cold Email To Generate Sales?
GDPR Allows Six Lawful Bases for Processing Personal Data. Consent is one of the six, but Legitimate Interests is a more suitable reason for B2B sales and marketing.
Legitimate Interests is one of the six lawful bases for processing personal data under the GDPR (General Data Protection Regulation). You must have a lawful basis in order to process personal data in line with the ‘lawfulness, fairness and transparency’ principle.
Legitimate interests might be your own interests, or the interests of the third party receiving the data, or a combination of the two.
The latest guidance from the Information Commissioner says that legitimate interests may be the most appropriate basis when:
“the processing is not required by law but is of a clear benefit to you or others; there’s a limited privacy impact on the individual; the individual should reasonably expect you to use their data in that way; and you cannot, or do not want to, give the individual full upfront control (i.e. consent) or bother them with disruptive consent requests when they are unlikely to object to the processing.”
Crucially for marketers, direct marketing is described in the GDPR as an activity that may indicate a legitimate interest.
However, in order to be a legitimate interest, the direct marketing must be legal: as it is legal for businesses to market to individuals at other businesses by post, by email, by text and by phone (as long as the number is not registered with the CTPS), many businesses will be able to use legitimate interests as their basis for processing personal data for direct marketing purposes.
What you must do if you decide to use legitimate interests as your basis for processing personal data for direct marketing purposes?
As with much of the new Data Protection Regulation, much of the work that you need to do revolves around writing policy documents.
Carry out a legitimate interests’ assessment.
Assess each part of a three-part test and document the outcome so that you can demonstrate that legitimate interests applies. The three tests are:
Purpose test – is there a legitimate interest behind the processing? In the case of direct marketing, yes there is a legitimate interest for your business in using direct marketing in order to promote itself.
Necessity test – is the processing necessary for that purpose? You need to demonstrate that the processing is necessary for the purposes of the legitimate interests you have identified. This doesn’t mean that it has to be absolutely essential, but it must be a targeted and proportionate way of achieving your purpose. In the case of direct marketing, yes, it is necessary to use direct marketing to promote your business.
Balancing test – is the legitimate interest overridden by the individual’s interests, rights or freedoms? With regard to business-to-business marketing the Information Commissioner says: “business contacts are more likely to reasonably expect the processing of their personal data in a business context, and the processing is less likely to have a significant impact on them personally”. So, in the case of direct marketing and email marketing to business contacts, the legitimate interest is not overridden by the interests of the individual, who as a business person with decision making and budgetary responsibilities can reasonably expect to be contacted with marketing material relating to his or her professional role.
You must carry out these assessments and document these three tests.
Wonderful Communications Legitimate Interests Assessment is available as an example.
Update your privacy notice to clearly say that you are relying on legitimate interests as your lawful basis and say what your legitimate interests are.
Communicate that you are using legitimate interests as a reason to process personal data.
The Information Commissioner has not offered any guidance on what it would accept as sufficient communication to the data subject that you are relying on legitimate interest as a basis to process personal data, but we have noted a few emails coming in to the office with notices at the foot saying
“GDPR and this email. As a GDPR compliant company, we would like to explain why you have received this email. We believe that you have a legitimate need for office furniture within your business. From our research, or from information that you have provided, we have identified your email address: email@example.com as being the appropriate representative to address within the organisation. We have deemed this to represent legitimate interest in line with the ICO’s guidance.”
While the advice on this page does not represent legal advice, you can read the Information Commissioner’s guidance on legitimate interests in full on the ICO website
At Wonderful Communications, we’re committed to protecting and respecting your privacy. This Policy explains when and why we collect personal information about people who visit our website, how we use it, the conditions under which we may disclose it to others and how we keep it secure.
We may change this Policy from time to time so please check this page occasionally to ensure that you’re happy with any changes. By using our website, you’re agreeing to be bound by this Policy.
Any questions regarding this Policy and our privacy practices should be sent by email to: firstname.lastname@example.org or by writing to: Wonderful Communications, 5 St John’s Lane, London EC1M 4BH Alternatively, you can telephone +44 (0) 20 3282 7184
WHO ARE WE?
Wonderful Communications is a strategic marketing and events production company based in London.
We arrange events, soirees, parties, networking events, fundraising, press trips, fam trips, PR and video production for corporate and charitable organisations big and small. Our key focus is to help implement a marketing plan to aid companies, brands, products or services flourish and grow.
HOW DO WE COLLECT INFORMATION FROM YOU?
We obtain information about you when you use our website, for example, when you complete the contact form, when you complete the site registration form, purchase a product or service from us or engage with other forms within our site.
WHAT TYPE OF INFORMATION IS COLLECTED FROM YOU?
The personal information we collect might include your name, address, email address, IP address, and information regarding what pages are accessed and when.
USE OF ‘COOKIES’
It is possible to switch off cookies by setting your browser preferences. For more information on how to switch off cookies on your computer, please consult the online help files specific to your browser: Firefox, Chrome, Safari, Internet Explorer or Opera.
Turning cookies off may result in a loss of functionality when using our website.
MAIN COOKIES USED ON OUR SITE:-
These cookies are used to collect information about how visitors use our site. We use the information to compile reports and to help us improve the site.
The cookies collect information in an anonymous form, including the number of visitors to the site, where visitors have come to the site from and the pages they visited
These are Google Maps third party cookies, which are unique identifiers to allow traffic analysis to Google Maps.
If you take the opportunity to ‘share’ content with friends through social networks – such as Facebook and Twitter – you may be sent cookies from these websites. We don’t control the setting of these cookies, so please check the third-party websites for more information about their cookies and how to manage them.
HOW IS YOUR INFORMATION USED?
WE MAY USE YOUR INFORMATION TO:-
Contact you regarding queries raised in the contact form:-
Progress an order you have submitted and send your information directly related to this;
Carry out our obligations arising from any contracts entered into by you and us
Seek your views or comments on the services we provide
Notify you of changes to our services
Send you communications which you have requested or that may be of interest to you. These may include information about campaigns, appeals, other fundraising activities, promotions of our associated companies’ goods and services
Process a grant or job application.
We review our retention periods for personal information on a regular basis. We are legally required to hold some types of information to fulfil our statutory obligations. We will hold your personal information on our systems for as long as is necessary for the relevant activity, or as long as is set out in any relevant contract you hold with us.
WHO HAS ACCESS TO YOUR INFORMATION?
We will not sell or rent your information to third parties.
We will not share your information with third parties for marketing purposes.
Third Party Service Providers working on our behalf: we may pass your information to our third-party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing services to you on our behalf (for example to send you mailings).
However, when we use third party service providers, we disclose only the personal information that is necessary to deliver the service and we have a contract in place that requires them to keep your information secure and not to use it for their own direct marketing purposes. Please be reassured that we will not release your information to third parties beyond the company for them to use for their own direct marketing purposes, unless you have requested us to do so, or we are required to do so by law, for example, by a court order or for the purposes of prevention of fraud or other crime.
When you are using our secure store pages, your payments are processed by a third-party payment processor, who specialises in the secure online capture and processing of credit/debit card transactions. If you have any questions regarding secure transactions, please contact us.
You have a choice about whether or not you wish to receive information from us. If you do not want to receive direct marketing communications from us about our products and services, then you can select your choices by ticking the relevant boxes situated on the form on which we collect your information.
We will not contact you for marketing purposes by email, phone or text message unless you have given your prior consent. We will not contact you for marketing purposes by post if you have indicated that you do not wish to be contacted.
You can change your marketing preferences at any time by contacting us by email or telephone on email@example.com or +44 (0) 20 3282 7184
HOW YOU CAN ACCESS AND UPDATE YOUR INFORMATION
The accuracy of your information is important to us. You have the right to request a copy of the information we hold about you so that you can ensure its accuracy. You can do this by the following methods:
Write to the administrator here and request the information held about you:-
firstname.lastname@example.org or by writing to: Wonderful Communications, 5 St John’s Lane, London EC1M 4BH. Alternatively, you can telephone +44 (0) 20 3282 7184
RIGHT TO ERASURE
You have the right to request for us to erase any data we hold on you. You can do this by the following methods: –
Write to the administrator here and request the information held about you:-
email@example.com or by writing to: Wonderful Communications, 5 St John’s Lane, London EC1M 4BH. Alternatively, you can telephone +44 (0) 20 3282 7184
Security precautions in place to protect the loss, misuse or alteration of your information
When you give us personal information, we take steps to ensure that it’s treated securely. Any personal information you may share with us (such as your email address or credit or debit card details etc.) is encrypted and protected with the following software: 2048 bit signatures and up to 256 bit encryption on SSL. When you are on a secure page, a lock icon will appear next to the address bar of web browsers such as Google Chrome.
We take data protection very seriously and strive to protect the information you provide. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our websites, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
We may analyse your personal information to create a profile of your interests and preferences so that we can contact you with information relevant to you. We may make use of additional information about you when it is available from external sources to help us do this effectively. We may also use your personal information to detect and reduce fraud and credit risk.
LINKS TO OTHER WEBSITES
In addition, if you linked to our website from a third-party site, we cannot be responsible for the privacy policies and practices of the owners and operators of that third-party site and recommend that you check the policy of that third-party site.
16 OR UNDER
We are concerned to protect the privacy of children aged 16 or under. If you are aged 16 or under‚ please get your parent/guardian’s permission beforehand whenever you provide us with personal information.
TRANSFERRING YOUR INFORMATION OUTSIDE OF EUROPE
As part of the services offered to you through this website, the information which you provide to us may be transferred to countries outside the European Union (“EU”). By way of example, this may happen if any of our servers are from time to time located in a country outside of the EU. These countries may not have similar data protection laws to the UK. By submitting your personal data, you’re agreeing to this transfer, storing or processing. If we transfer your information outside of the EU in this way, we will take steps to ensure that appropriate security measures are taken with the aim of ensuring that your privacy rights continue to be protected as outlined in this Policy.
If you use our services while you are outside the EU, your information may be transferred outside the EU in order to provide you with those services.
REVIEW OF THIS POLICY
We keep this Policy under regular review. This Policy was last updated in May 2018.