Grounds for Processing Personal Data
Data Controller contact information: The CFO Centre Group Ltd. Badger’s Brook, The Street, Lydiard Millicent, Swindon, SN5 3LU
Purposes of processing personal data for marketing:
We process personal data for marketing when we come across companies which offer a product or service which lends itself to our style of outbound marketing. Where we believe we can genuinely add value to that company we contact the relevant individuals (Owners, Founders, CEOs, Presidents, MDs and other relevant senior executives) at that company via a mix of letter, email, LinkedIn and phone in order to ascertain whether the company wishes to discuss our service offering. The data we hold is not ‘sensitive data’ as determined by the GDPR and is limited to:
- First name
- Last name
- Job title
- Company name
- Company registration number
- Email address
- LinkedIn profile ID
- Company telephone number
- Trading or registered address
- Turnover or estimated turnover
- Employee numbers or estimated employee numbers
- Profit or estimated profit
- Growth rate or estimated growth rate
- Year founded
The data is either found within the public domain or sourced through GDPR compliant providers and therefore the risk to the data subject’s fundamental rights and freedoms is extremely limited.
Lawful grounds for processing person data for marketing – ‘Legitimate Interests’
We base our outbound marketing approach on the grounds of Legitimate Interests. In other words, we contact companies where we believe our service can legitimately add value to their business. This is based on article 6.1. f) of the GDPR: https://gdpr-info.eu/art-6-gdpr/
Lawful grounds for processing person data for marketing – Consent
In the event that data subjects have consented to receive marketing communications from The FD Centre Ltd./CFO Centre Ltd. the data subject has the right t withdraw that consent at any time either by confirming in writing or by clicking on the unsubscribe links contained in email communications.
Data transfers to 3rd countries
The Controller may from time to time transfer data to 3rd countries where the processor within the 3rd country has signed a contract including Standard Contractual Clauses (as stipulated by the GDPR) and where the processor has been subject to data protection training and security controls in order to ensure secure processing of personal data. Details of these security protocols will be made available on request. For certain 3rd countries there has been no adequacy decision by the Commission, but due to the non-sensitive nature of the data and the aforementioned security protocols the risk to the data subject has been deemed as extremely low.
Personal Data Storage
Personal Data will be updated within 4 weeks of contacting any prospect. All personal data will also be audited and updated annually to ensure it is kept up to date. We continue to hold personal data if a data subject asks to be unsubscribed as we need to have a record of the data in order to avoid contacting the unsubscriber again in the future. Data subjects have the right to request we remove their data from our database, which we will of course do, but we do so on the grounds that the data subject understands that removal of their data means that we cannot 100% avoid contacting them again in the future.
The right to lodge a complaint with a supervisory authority
Data subjects have the right to lodge a complaint with a supervisory authority if they reject our grounds for communication.