Warning: session_start(): open(/var/opt/remi/php74/lib/php/session/sess_emiqm4bjbh35e5643b35fp87ms, O_RDWR) failed: Permission denied (13) in /var/www/selectabase-build/wp-content/plugins/selectabase/selectabase.php on line 91

Warning: session_start(): Failed to read session data: files (path: /var/opt/remi/php74/lib/php/session) in /var/www/selectabase-build/wp-content/plugins/selectabase/selectabase.php on line 91
We are GDPR compliant. What you need to know | Selectabase

GDPR & Marketing Data

The General Data Protection Regulation (GDPR), and the main provisions of the UK’s new Data Protection Act 2018, came into effect on 25th May 2018. The GDPR requires that all businesses ensure the ways they collect, manage and use any personal data are compliant with new, higher, standards of data protection.

The purpose of GDPR is to protect the privacy rights and interests of individuals and it ensures that any business that trades within the EU, processes personal data in a way that respects these rights, with strict penalties for those who breach legislation or their own data processes.

  • obtaining, processing, and using data compliantly and responsibly.
  • supply marketing data lists and data checking services that are compliant under the UK’s GDPR processing rules.
  • Trust us to only provide you with the highest quality service
  • marketing data that can be utilised under legitimate interests

GDPR Compliant Marketing Data!

Data has the power to improve and ease our lives. It connects us in ways that are good for everyone – individuals, organisations, and society.

We’re committed to always doing the right thing – obtaining, processing, and using data compliantly and responsibly. We can therefore assure you that Selectabase only supply marketing data lists and data checking services that are compliant under the UK’s GDPR processing rules. You can trust us to only provide you with the highest quality service and marketing data, in accordance with the latest GDPR guidance.

Learn more

4 Simple Steps to Marketing Ready Data

1

Compliance

All B2B and B2C data are sourced compliantly

2

Data Process

Selectabase processes the data under a legitimate interest of a marketing company

3

Marketing Data

Selectabase provides marketing data that can be utilised under legitimate interests

4

Purchase Data

Customers process purchased data in accordance with GDPR

GDPR Marketing Data FAQs

Am I allowed to use your data lists for direct marketing purposes under the new GDPR rules?

Yes, provided you comply with your obligations under our terms and conditions, the GDPR and the PECR when you use our data lists. For example, our data lists are sold for direct marketing purposes using legitimate interests as the legal basis for processing.

For further information on using legitimate interests, please see the ICO’s guidance which is available here:
Legitimate Interests

Marketing is a significant and important economic activity. Organisations are entitled to market their goods and services, and they have a legitimate interest in seeking to address marketing to the most relevant audiences.

Are all of your services compliant with the GDPR?

Yes, all of our services are compliant with the GDPR and we have taken the necessary steps to ensure this is the case (including, for example, carrying out a legitimate interests assessment to determine that we can process personal data for direct marketing purposes and use in connection with our services).

Are all of your services compliant with the PECR which sits alongside the GDPR?

Yes, all of our services comply with the Privacy and Electronic Communications Regulations 2003 (as amended) (PECR):

Postal mail: not subject to PECR.
Email marketing: we only use B2B data (i.e. corporate data) not B2C data (consumers and sole traders) which does not require consent to market to under PECR.
Live telephone marketing: all phone numbers are screened against the Telephone Preference Service (TPS) and the Corporate Telephone Preference Service (CTPS), as appropriate.

We do not provide any services where consent is required as the legal basis for processing under GDPR or PECR.

What legal ground are you using to process personal data and explain your justification?

We rely on legitimate interests under Article 6(1)(f) of the GDPR to process personal data in connection with our services. We have chosen legitimate interests as our legal basis for processing as we believe that it is the most appropriate for our activities based on the GDPR and recent guidance from the Information Commissioner’s Office (ICO) and the Direct Marketing Association (DMA).

We have considered different legal bases, including consent, and determined that legitimate interests is the most appropriate for the processing of personal data in connection with our services. Amongst other considerations, we believe that where there are a large number of organisations which may process personal data for direct marketing purposes, naming those organisations individually is impractical and less useful to individuals than identifying categories of organisations. We therefore consider legitimate interests to be a fairer and more appropriate legal basis for processing than consent, whilst offering individuals a similar degree of control over their personal data.

We have conducted and documented a full legitimate interests assessment (LIA). Listed below are some of the key factors that are included and played a role in us determining that we can process personal data for use in our direct marketing services:

  • Transparency. Transparency with data subjects is critical when using legitimate interests. We ensure that from the point when the data is collected right through to use of that personal data by our customers that individuals are clear about the purpose for which their data will be used, who will use it and that they have the chance to object to that processing when the personal data is originally collected and subsequently.
  • ICO and DMA guidance followed. We ensure that we follow ICO and DMA guidance on the use of legitimate interests for direct marketing purposes, including the requirement that we only use personal data for direct marketing purposes where consent under the Privacy and Electronic Communications Regulations 2003 (PECR) is not required.
  • Additional safeguards. We have put in a broad range of safeguards to ensure that any risk or potential harm to data subjects is mitigated, including security, due diligence and contractual measures to ensure that personal data is not misused.

Consumer data for postal marketing.
Has consent been obtained from the individuals to process their personal data for direct marketing?

Experian’s data partners obtain personal and commercial data compliantly and, where appropriate, notice has been given for them to pass the information to Experian for use in their products and services. Selectabase utilise Experian data services. More details about Experian’s consumer information can be found within the Experian website.

Selectabase process the data under a legitimate interest of a marketing company. We have ensured that all of the requirements for legitimate interests to be used as the legal basis for processing have been met.

This postal marketing data can be utilised by our clients under legitimate interests.

For your convenience postal marketing B2C data can be ordered and downloaded from Prospect Download.

Business data for postal and telephone marketing use, specifically to the sole traders and some partnerships (classed as individuals), or named contact at the companies contained within the database.
Has consent been obtained from these individuals to process their personal data?

Experian’s data partners obtain personal and commercial data compliantly and, where appropriate, notice has been given for them to pass the information to Experian for use in their products and services. Selectabase utilise Experian data services. More details about Experian’s business information.

Selectabase process the data under a legitimate interest of a marketing company. We have ensured that all of the requirements for legitimate interests to be used as the legal basis for processing have been met.

This postal and telephone marketing data can be utilised by our clients under legitimate interests.

For your convenience postal and telephone marketing B2B data can be ordered and downloaded from Prospect Download.

Business data for postal, telephone or email marketing (to generic and personal email addresses e.g. info@companyname or john.smith@companyname) use to incorporated companies within the database.
What are the rules for direct marketing to this audience under GDPR?

GDPR governs the processing of personal data while the Privacy and Electronic Communications Regulations 2003 (as amended) (PECR) govern direct marketing by electronic means.

For postal marketing to corporate entities, where only the name of the company is included (i.e. and not the name of an individual), this will generally not constitute personal data (unless, for example, an individual’s name forms part of the company name) and therefore the GDPR will not apply. PECR will also not apply as it is not marketing by electronic means. Where an individual’s name is included, this will constitute personal data under GDPR and you will require a legal basis for processing that data under GDPR. Where you purchase postal marketing data from Selectabase, your legal basis for processing will be legitimate interests.

For telephone marketing to corporate entities, phone numbers must be screened against CTPS. Corporate phone numbers are unlikely to constitute personal data under GDPR but may do so (for example, if a mobile phone number is used as a corporate phone number), and you therefore require a legal basis for processing that data under GDPR. Where you purchase telephone marketing data from Selectabase, your legal basis for processing will be legitimate interests.

For email marketing to corporate entities, generic email addresses (such as info@companyname.com, admin@companyname.com) will generally not constitute personal data unless you can identify an individual from that data (for example, if you know that the company only has one individual working for it e.g. one director/employee). Such email addresses will therefore (generally) fall outside the scope of both GDPR and PECR.

For personal corporate email addresses (such as joe.bloggs@companyname.com), these will constitute personal data under GDPR but do not require consent to market to under PECR (i.e. legitimate interests can be used). Where you purchase corporate email data from Selectabase, your legal basis for processing will be legitimate interests. You must also ensure that you include an unsubscribe or opt-out where you send an email to a personal corporate email address. As a matter of best practice and to avoid any risk of a generic corporate email address (e.g. an info@company.com) address being considered personal data, you should include an unsubscribe or opt-out on all marketing emails you send (including to corporates).

You can find out more about the requirements for these forms of marketing from the ICO’s direct marketing guidance and checklist which are available via the following links:

Direct marketing guidance
Direct marketing checklist

Please note that in addition to GDPR and PECR, there are other laws and regulations which apply to marketing communications, including those sent by email (such as the Electronic Commerce (EC Directive) Regulations 2002).

For your convenience B2B email marketing data can be ordered and downloaded from Prospect Download.

Where consent has been obtained, did they opt-in or opt-out to the processing of their personal data by third parties for direct marketing, and at the collection points did it list organisations by name, by description, or was the consent for disclosure to any third party?

Where consent was obtained prior to 25th May 2018, individuals will have either opted in or had the chance to opt-out to the processing of their personal data for direct marketing purposes. Third parties will have been identified by category/description.

From 25th May onwards (at the latest), all personal data previously processed on the basis of consent will be processed on the basis of legitimate interests.

Will lists purchased before 25th May 2018 be GDPR compliant or will we have to buy new lists?

The answer will depend on the data you have purchased and what type of direct marketing you are carrying out.

For example, if you are conducting email marketing to B2C recipients (consumers, sole traders and unincorporated partnerships, for example) you will be unable to use those lists after 25 May as the data will not meet the GDPR requirements for consent (in particular that any third parties relying on consent, such as your organisation, are specifically named).

For other data, for example postal mail or telephone data, you may need to change the legal basis for processing to legitimate interests and satisfy the relevant requirements for doing so (including, for example, informing individuals that you have changed the legal basis on which you are processing their personal data).

We would therefore suggest that the safest and easiest option is to purchase a new list.

Target the right customers with the right campaign

Unlock the power of precise campaign targeting with us. Our specialised solutions ensure your message reaches the right customers for maximum impact. Whether you're looking to enhance your B2B or B2C outreach, our bespoke strategies are affordable, accurate, and designed to resonate with your audience. Ready to get started? Choose your next step below.

X

Request Callback

Please note calls may be recorded for training and quality purposes

    We handle your information in accordance with our Privacy Policy

    This service is available during office hours between 9am and 5:30pm Mon-Fri