GDPR Policy

GDPR: WHY IS EVERYONE TALKING ABOUT IT?

Since 25th May 2018 the ā€˜General Data Protection Regulationā€™ (GDPR) has been in force, which means the same rules for all EU countries. This was created in response to modern data procedures, especially with regards to the biggest technology firms & digital giants, data breaches, email usage etc. and to bring about a unified data protection policy to all of Europe. GDPR is primarily to improve the data protection rights of EU subjects, and to clarify what safeguards are needed in this new digital age.

NO MORE COLD CALLING OR EMAILING?

You may have heard rumours that under the GDPR it will be impossible to cold-call or send emails to people without their prior consent. This is because article 6.1(a) of the GDPR stipulates that we must have the consent of the subject to process his personal data, namely ā€œthe data subject has given consent to the processing of his or her personal data for one or more specific purposesā€.

Article 6.1(f) LEGITIMATE INTEREST & THE BALANCING TEST

So, how can we still cold-call and send direct marketing emails under the new regulation if consent is required? Surely this means that direct marketing is dead!

Very importantly, there are exceptions, and with regards to direct marketing, we will operate under that of legitimate interest as laid out in Article 6.1 (f):

ā€œprocessing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal dataā€

WHAT IS DEVEO’S & OUR CLIENTS’ LEGITIMATE INTEREST?

Deveo has the right to conduct business under EU law. As a direct marketing agency, our main activity is setting-up teleconferences/meetings between our clients and their prospects. Similarly, our clients have the right to sell their products and services, and market them.

Recital 47 on the GDPR stipulates that direct marketing can be a legitimate interest. In December 2017, parts of the forthcoming GDPR were clarified by the EU, and it was confirmed that ā€œThe processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.ā€

RIGHTS & FREEDOMS OF INDIVIDUALS?

What about the rights and freedoms of the individuals that the GDPR is seeking to protect?

We must also take these into account, so for Deveo this means the people we are trying to contact to arrange meetings or teleconferences with for our clients. As well as direct legal impacts from using their data, the emotional impact must also be considered. Relevant for us, the GDPR gives these people the legal right to be forgotten, and the right to access the information we hold on them, and change any incorrect information. We inform people of their rights & respect their decisions under every aspect of the GDPR.

BALANCING TEST

So now we can see that both Deveo has right to run a direct marketing agency, and people have rights and freedoms regarding the usage of their data. So how can we know whose rights are greater? Under EU law, we apply a ā€˜balancing testā€™ as laid out in the opinion from the Data Protection Working Party to assess the impact that Deveoā€™s actions will have on the individual, and here at Deveo we have applied this test to every type of campaign we run.

Deveo has very clear policies regarding our calling and emailing practices, and will always call and email in a professional and courteous manner.

DEVEO’S BEST PRACTICES

DEVEO DOES…

ā€¢ Contact people in office hours – we have a note of the time-zone for each contact in our CRM to help with this, and the reception opening hours where known

ā€¢ Contact people an appropriate number of times ā€“ the norm is once per day for an interesting prospect

ā€¢ Contact people that have a relevant job title matching our clients target audience

ā€¢ Send emails to a small, exclusive, carefully selected segment of our database (only a few hundred contacts)

ā€¢ Send a reasonable number of marketing emails per campaign (normally 3 per 4-week campaign)

ā€¢ Send emails only to peopleā€™s work address

ā€¢ Respect peopleā€™s rights to opt-out of current and all future marketing campaigns for a client

ā€¢ Only hold the minimum information needed to establish a business relationship (mainly the contactā€™s work email, phone number & LinkedIn URL)

ā€¢ For our own marketing campaigns, we only contact people who could benefit from our services, and we apply the same principles as detailed in this section

DEVEO DOES NOT…

ā€¢ Contact people out of their office hours

ā€¢ Contact people repeatedly by telephone over a short space of time

ā€¢ Contact people whose job title is not relevant to the product or solution offered by our client

ā€¢ Send a ā€˜blanketā€™ email regarding your solution to a massive population (tens of thousands of contacts)

ā€¢ ā€˜Spamā€™ people with repeated emails on the same topic over a short space of time

ā€¢ Use peopleā€™s personal (Gmail, Yahoo etc) email addresses for business

ā€¢ Send emails to people who have opted out of our clientā€™s brand

ā€¢ Hold information not relevant to a business relationship, e.g. Date of birth, marital status, religion or political views etc.

DATA PROTECTION BY DEFAULT & DESIGN

At Deveo, we take data protection seriously, and do this by default and design. We have implemented technical and organisational measures to show that we have considered data protection in all of our processing activities. Such measures include, but are not limited to:

ā€¢ ‘Right to be forgotten’ – we will erase all personal details except the email address which will be retained for our suppression lists

ā€¢ Holding client & contact data on a secure server (HTTPS)

ā€¢ Will provide details of any data we hold to comply with the ‘Right of access to data’

ā€¢ The ‘Balancing Test’ has been applied to each type of data processing activity, and we respect the rights of the individuals that we will be contacting

ā€¢ Our privacy policy lays out how we collect and use the information that we hold

ā€¢ We have appointed a Data Protection Officer to inform & advise our staff of their obligations & provide training, monitor compliance, provide advice & cooperate with the supervisory authorities

ā€¢ We run regular security audits with an outside agency to ensure that we are taking all possible steps to keep our data secure

WE TAKE FULL RESPONSIBILITY FOR THE WAY IN WHICH WE USE OUR DATA FOR YOUR CAMPAIGN. For more information, please contact us

Weā€™re hiring!

Weā€™re hiring! Be a part of our friendly international team and help us deliver high quality results to our clients, every single time.

Learn more