Grounds for Processing Personal Data
The following document outlines our legitimate grounds for processing personal data and should be read in conjunction with our
Data Controller contact information: IGA Ltd Co No: 08314588
Purposes of processing personal data for marketing
We process personal data for the purposes of outbound marketing when we come across companies which we believe can, in principle, derive value from our product. We contact the relevant individuals including CEOs/MDs/Directors and Senior Managers at companies or businesses with whom we are looking to engage, via a mix of letter, email, LinkedIn and phone in order to ascertain whether the company wishes to discuss our service offering. The data we hold is not "sensitive data" as determined by the GDPR and may include but is not limited to:
- First name
- Last name
- Job title
- Company name
- Company registration number
- Email addresses
- LinkedIn profile ID
- Telephone numbers
- Trading or registered addresses
- Turnover or estimated turnover
- Employee numbers or estimated employee numbers
- Profit or estimated profit
- Growth rate or estimated growth rate
- Year founded
The data is either found within the public domain or sourced through GDPR compliant providers and therefore the risk to the data subject's fundamental rights and freedoms is extremely limited.
Lawful grounds for processing personal data for marketing - "Legitimate Interests"
We base our outbound marketing approach on the grounds of Legitimate Interests. In other words, we contact companies where we believe our service can legitimately add value to their business. This is based on article 6.1.f) of the GDPR: https://gdpr-info.eu/art-6-gdpr/
Lawful grounds for processing personal data for marketing - Consent
In the event that data subjects have consented to receive marketing communications from BGI Products and Licensing Ltd, the data subject has the right to withdraw that consent at any time either by confirming in writing or by clicking on the unsubscribe links contained in email communications.
Data transfers to 3rd countries
The Controller may from time to time transfer data to 3rd countries where the processor within the 3rd country has signed a contract including GDPR compliant Standard Contractual Clauses and where the processor has been subject to data protection training and security controls in order to ensure secure processing of personal data. Details of these security protocols will be made available on request. For certain 3rd countries there has been no adequacy decision by the Commission, but due to the non-sensitive nature of the data and the aforementioned security protocols the risk to the freedom of the data subject has been deemed extremely low.
Personal Data Storage
All personal data will also be audited and updated annually to ensure it is kept up to date. We continue to store personal data if a data subject asks to be unsubscribed as we need to have a record of the data in order to avoid contacting the unsubscriber again in the future. Data subjects have the right to request we remove their data from our database, which we will of course do, but we do so on the grounds that the data subject understands that removal of their data means that we cannot 100% avoid contacting them again in the future, as we will not have a record of the contact's data against which to "clean" the contact's record.
The right to lodge a complaint with a supervisory authority
Data subjects have the right to lodge a complaint with a supervisory authority if they reject our grounds for communication.