Part 1: Purpose Test
1.1 Why do you want to process the data?
To send marketing messages and company information in order to maintain and grow the marketing reach of DocCentrics.
1.2 What benefit do you expect to get from the processing?
Generating new business leads whilst increasing and maintaining awareness of our products, services and solutions.
1.3 Do any third parties benefit from the processing?
1.4 Are there any wider public benefits to the processing?
The content we produce is freely available via our website or associated profiles. Our marketing emails are used to promote content that may otherwise be missed.
1.5 How important are the benefits that you have identified?
Fairly important to us. As a provider of software solutions and services, our email database is a primary method of reaching out and keeping in touch with our potential and existing customers.
1.6 What would the impact be if you couldn’t go ahead with the processing?
Reduction in our marketing reach which could impact leads generated. Reduced customer engagement and awareness of DocCentrics as a solutions provider.
1.7 Would your use of the data be unethical or unlawful in any way?
Part 2: Necessity test
2.1 Will this processing actually help you achieve your purpose?
We believe so, yes.
2.2 Is it a reasonable way to go about it?
Yes, we believe so.
2.3 Can you achieve the same purpose by processing less data, or by processing the data in another more obvious or less intrusive way?
We do not believe so.
Part 3: Expectations test
3.1 What is the nature of your relationship with the individual?
Some individuals on our mailing list are existing customers – so we know these individuals directly. Some have been obtained from a third party website – so we do not have any direct relationship with them. Some have directly expressed interest in our services and solutions via a form on our website or at an event. Depending on the circumstance, we may or may not know these individuals directly.
3.2 How has the data been obtained? If supplied from a third party what did they tell the individual about reuse?
If the individual is an existing customer, the data is obtained via our internal systems (such as a CRM). Other data has either been freely given by the individual or obtained by a third-party specialist marketing list provider (Electric Marketing). According to their data protection information:
“Every data subject on Electric Marketing's mailing lists has been sent an email to inform them that they are on our mailing lists and that they may be contacted by potential suppliers who wish to work with them or their department.”
3.3 Do you have the means and processes to keep the information up to date?
We believe we have the technical means, but there are no strict processes in place to ensure this.
3.4 Is any of the data particularly sensitive or private?
We do not believe the data we hold and process to be of a sensitive nature.
3.5 Would people expect you to use their data in this way?
We believe the majority of individuals would expect their data to be used in this way however, a small minority may not.
3.6 Are you happy to explain it to them?
3.7 Are some people likely to object or find it intrusive?
A small minority may object, but we do not deem our messaging to be excessive or intrusive. We aim to ensure our messaging is relevant and of interest to the individual but if it is not, we provide an easy way for them to opt out of receiving future messages.
Part 4: Impact test
4.1 What is the possible impact on the individual?
We believe the possible impact on the individual to be mostly positive. The messages we send aim to be informative of the industry and our solutions. We believe these messages to be of potential interest to the individual, however if the impact on the individual is negative, they can opt out at any time.
4.2 How big an impact might it have on them?
If negative, we believe the impact on the individual to be minor. Our email marketing campaigns focus on quality over quantity. We aim to send individuals no more than 2 emails per month and ensure that the content shared will not cause offense.
4.3 Are any of the individuals vulnerable in any other way?
We do not believe individuals to be vulnerable in any other way.
4.4 Can you adopt any safeguards and technical measures to minimise the impact?
We can adopt technical measures to ensure that only engaged individuals continue to receive messages from us. An ‘engaged’ individual can be identified using Mailchimp’s “open” tracking measure. Individuals who are not engaged for more than a year should be removed from our list.
4.5 Can you offer individuals an opt-out?
Part 5: Decision
Outcome date: 12th August 2019
Outcome: We can rely on legitimate interests for this processing