Here we explain our role in processing personal data, what we do to comply with GDPR and your obligations when you work with us.
A common misconception of GDPR is that businesses can not process any kind of personal data. This is not technically true. However, as a business you do need to consider the rights and freedoms of data subjects.
It is possible to collect and process data about your website visitors in complete accordance with GDPR. We take our legal responsibility very seriously and here, we explain Albacross’ role in personal data processing, the steps we take to comply with GDPR and your obligation as a data controller when you work with us.
The General Data Protection Regulation (GDPR) contains provisions on the protection of individuals with regard to the processing of personal data and on the free movement of such data. It is a regulation of the European Union and it came into effect in May 2018. We are continuously investing time and resources in ensuring that our services comply with GDPR.
‘Personal data’ is information that relates to a person that is already identified, or can be directly or indirectly identified. Names, email addresses, location data and IP-addresses (static and dynamic) can be personal data. Albacross processes IP-addresses and as this may constitute personal data, we take the necessary steps to comply with the GDPR, outlined in our Data Processing Agreement and Privacy Policy.
The GDPR is designed to ensure EU residents have more control over how, when and why their personal data is being used.
Operating a sales and marketing function is still entirely possible under GDPR.
The GDPR is there to protect and control the use of personal data. It is not meant to hinder business but to ensure businesses consider the rights and freedoms of their data subjects.
However, under the GDPR rules, marketers and sales professionals are only allowed to gather information that is required to fulfil the purpose of the personal data processing. That means you must take a highly targeted approach to ensure your offering is of relevant interest to the data subject.
This might seem troublesome for businesses but it actually presents a great opportunity for teams to become more data-driven and personalized.
The GDPR states that personal data for direct marketing purposes may be regarded as carried out for a ‘legitimate interest’. In most situations, B2B marketers will be able to leverage legitimate interest as a lawful basis for processing personal data.
Provided that as a data controller, you have considered and can evidence that there is a legitimate interest, personal data may be collected, processed and stored for the purposes of those legitimate interests.
For example, if an organization sells finance software, and the Finance Manager is sent an email about finance software at their business email address, they could be interested in the software based upon their current job role.
It is also fundamental to show that you’ve weighed the use of legitimate interest against the individual’s interests, rights and freedoms. You must also state full details of your legitimate interests in your external privacy policy.
In your outreach, you must also always make sure that you never conceal your identity, clearly state the context of the message and provide simple instructions on how to opt-out from further messages, or otherwise object to the processing.
It is legally acceptable to identify companies on your website and collect ‘company data’ such as company name and address, website and company telephone number and any other enriched information about the company.
Albacross reveals the companies visiting a website by identifying IP-addresses and matching them to company data in a proprietary database. IP-addresses may constitute personal data and therefore, Albacross (and our customers) must comply with GDPR.
Albacross also enriches company data via a third party with contact data for individuals, upon request from customers. All contact information shown in the platform has been provided by our third party data partner Cognism.
We are closely advised by external data protection and privacy lawyers who work independently of Albacross. These experts specialise in GDPR and ensure that existing and new developments in our product offering abide by GDPR rules.
In the infographic below, we explain our role in processing personal data, what we do to comply with the GDPR and your obligations when you work with us.
Disclaimer: Albacross has taken the necessary action to ensure we comply with the GDPR. We have knowledge of the regulation but cannot provide legal advice on the GDPR nor be held responsible for the GDPR compliance of any of our customers.
Have a GDPR question? Get in touch.