The following document outlines our legitimate grounds for processing personal data.
Data Controller contact information:
Please email Anita Tweats at firstname.lastname@example.org
Purposes of processing personal data for marketing:
We process personal data for marketing when we come across companies which offer a product or service which lends itself to our style of outbound marketing. Where we believe we can genuinely add value to that company we contact the relevant individuals (Owners, Founders, CEOs, Presidents, MDs and other relevant senior executives) at that company via a mix of letter, email, LinkedIn and phone in order to ascertain whether the company wishes to discuss our service offering. The data we hold is not ‘sensitive data’ as determined by the GDPR and is limited to:
Company registration number
LinkedIn profile ID
Company telephone number
Trading or registered address
Turnover or estimated turnover
Employee numbers or estimated employee numbers
Profit or estimated profit
Growth rate or estimated growth rate
The data is either found within the public domain or sourced through GDPR compliant providers and therefore the risk to the data subject’s fundamental rights and freedoms is extremely limited.
Lawful grounds for processing person data for marketing – ‘Legitimate Interests’
We base our outbound marketing approach on the grounds of Legitimate Interests. In other words, we contact companies where we believe our service can legitimately add value to their business. This is based on article 6.1. f) of the GDPR.
Lawful grounds for processing person data for marketing – Consent
In the event that data subjects have consented to receive marketing communications from The Finance People the data subject has the right to withdraw that consent at any time either by confirming in writing or by clicking on the unsubscribe links contained in email communications.
Data transfers to 3rd countries
The Controller may from time to time transfer data to 3rd countries where the processor within the 3rd country has signed a contract including Standard Contractual Clauses (as stipulated by the GDPR) and where the processor has been subject to data protection training and security controls in order to ensure secure processing of personal data. Details of these security protocols will be made available on request. For certain 3rd countries there has been no adequacy decision by the Commission, but due to the non-sensitive nature of the data and the aforementioned security protocols the risk to the data subject has been deemed as extremely low.
Personal Data Storage
Personal Data will be updated within 4 weeks of contacting any prospect. All personal data will also be audited and updated annually to ensure it is kept up to date. We continue to hold personal data if a data subject asks to be unsubscribed as we need to have a record of the data in order to avoid contacting the unsubscriber again in the future. Data subjects have the right to request we remove their data from our database, which we will of course do, but we do so on the grounds that the data subject understands that removal of their data means that we cannot 100% avoid contacting them again in the future.
The right to lodge a complaint with a supervisory authority
Data subjects have the right to lodge a complaint with a supervisory authority if they reject our grounds for communication.