Privacy Policy – Business to Business

Privacy Policy for Business-to-Business Communication

This privacy policy document outlines how we collect and use your business contact data for the purposes of business-to-business direct marketing.

By business-to-business direct marketing, we refer to marketing material sent directly and uniquely to business contacts within organisations that operate in the same business sector or in a strongly correlated business sector to ours – e.g. study-abroad and travel agencies.

Our commitments:

  • To comply with data privacy legislation.
  • To obtain your business contact information lawfully, fairly and transparently.
  • To keep your business contact information and the business you do with us in strict confidence.
  • To maintain appropriate technical and organisational safeguards to protect business contact information against loss, theft, unauthorised access, disclosure, copying, use or modification
  • To maintain appropriate procedures to ensure that business contact information we possess is accurate and, where necessary, kept up-to-date.
  • Where we choose to have certain services, such as data processing, provided by third parties we do so in accordance with applicable law and take all reasonable precautions regarding the practices employed by the service provider to protect business contact information.
  • Not to sell your business contact information.

Legal Context

Common EU rules have been established to ensure that personal data enjoy a high standard of protection everywhere in the EU. Currently, the two main pillars of the data protection legal framework in the EU are the ePrivacy Directive (Directive on Privacy and Electronic communications), and the General Data Protection Regulation, which entered into force on 24 May 2016 and applies since 25 May 2018.

Legislation on Data Privacy and Electronic Communications in the UK descends from those EU Directives. The next section covers the UK legal context of business-to-business direct marketing and focuses in particular on the specific rules pertaining to electronic and telephone marketing (i.e. calls, emails, texts and faxes). The following section outlines some legal differences among EU Countries relating to emails for Business-to-Business Direct Marketing.

Legal Context in the UK

Rules around business-to-business marketing derive from:

The DTA 2018 defines direct marketing in section 122(5) as:

“…the communication (by whatever means) of advertising or marketing material which is directed to particular individuals”.

Business-to-business emails and texts

In general, companies cannot send marketing emails or texts directly to private individuals without their specific consent (although there is a limited exception for previous customers, often called the ‘soft opt-in’). 

Rules are less strict for marketing between companies. A company can send marketing emails or texts to other ‘corporate subscribers’ (i.e. companies and other corporate bodies, such as  limited liability partnerships, Scottish partnerships, and government bodies). A general requirement, in this case, is that the sender must identify itself and provide contact details (2018 ICO Direct Marketing, pg. 44). It is also good practice to keep a ‘do not email or text’ list of any companies that object. However, the rules on consent, soft opt-in and right to opt-out would still apply in a number of cases.

The GDPR, for instance, applies wherever processing involves ‘personal data’. The GDPR defines personal data as:

 “…any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”.

This means that if an individual can be identified either directly or indirectly, the GDPR applies – even if that individual is acting in a professional capacity. The GDPR, therefore, applies whenever business contacts contain a person’s name or even only an email address that can identify a specific individual (e.g. initials.lastname@company.com).

Sole traders and some partnerships must also be treated as individuals. These business contacts can be contacted either via email or text only if they have specifically given consent. Prior consent is not a requirement only when sole traders have been involved in previous business transactions with the company. In this case, it is sufficient that they haven’t opted out from marketing messages – i.e. have not activated the opt-out or unsubscribe option – when given the opportunity in any previous communication.

Business-to-business calls

Rules for marketing calls to companies are similar to those for marketing calls to individuals. Sole traders and partnerships may register their phone numbers with the Telephone Preference Service (TPS) in the same way as individual consumers, while companies and other corporate bodies may register their phone numbers with the Corporate Telephone Preference Service (CTPS). An organisation cannot make calls to business contacts who have stated their wish not to be contacted or who have their numbers listed on either the TPS or the CTPS registers and have not specifically consented to receive marketing calls from that organisation. Organisations making business-to-business marketing calls would therefore need first to screen the phone numbers they intend to call against both the TPS and the CTPS registers. (2018 ICO Direct Marketing, pg. 39-44). Another obligation is to always state who is calling, allow the phone number (or an alternative contact number) to be displayed to the person receiving the call, and provide a contact address or freephone number if asked.

 

DIRECT MARKETING RULES 

Source: 2019-01-09 ICO Direct marketing checklist

Method of communication

Individual consumers

(plus sole traders and partnerships)

Business-to-business

(companies and corporate bodies)

Live Calls

  • Screen against the Telephone Preference Service (TPS)
  • Can opt out
  • Screen against the Corporate Telephone Preference Service (CTPS)
  • Can opt out

Recorded Calls

  • Consumers must have given the caller specific consent to make recorded marketing calls.
  • Consumers must have given the caller specific consent to make recorded marketing calls.

Emails or Texts

  • Consumers must have given sender specific consent to send marketing emails/texts.
  • Or soft opt-in (previous customer, our own similar product, had a chance to opt out)
  • Can email or text corporate bodies
  • Good practice to offer opt out
  • Individual employees can opt out

Faxes

  • Consumers must have given sender specific consent to send marketing faxes
  • Screen against the Fax Preference Service (FPS)
  • Can opt out

Mails

  • Name and address obtained fairly
  • Can opt out
  • Can mail corporate bodies
  • Individual employees can opt out

For all forms of communication, the sender must identify itself and provide contact details (2018 ICO Direct Marketing, pg. 44).

 

EU Countries: Double Opt-In, Single Opt-In and Opt-Out

With regards to the Privacy and Electronic Communication Regulation (PECR) directive, each member state may implement distinct derogations provided these meet the minimum required levels of privacy and protection. This has led to some legal differences among EU Countries, particularly concerning the use of Double Opt-In, Single Opt-In or Opt-Out options in email communications for Business-to-Business Direct Marketing.

Source: https://www.leadiro.com/blog/gdpr-mapped Map design by Showeet.Com

Who we are

Language Link London Limited, registered in England and Wales with company number 03300705, hereafter referred to as ‘we’, ‘us’ and ‘our’.

Under the General Data Protection Regulation (GDPR), we are a controller of personal data. A controller is a company that determines the purpose and processing of the personal data it uses. 

Legal bases and purposes for processing business contact data as personal data

Article 6 of the GDPR sets out six lawful bases for data processing. At least one of these must apply whenever we process business contacts as personal data. When processing data for direct marketing purposes and exclusively for business-to-business promotion (i.e. directed to organisations only), we operate under either Legitimate Interest or Consent.

Legal Basis: Legitimate Interest

Article 6(1)(f):

“…processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.”

Purpose

Personal Data

Necessity

To promote our products to companies working in the same business or very closely related business.

Business

Contact Details

Transaction History

To provide our business contacts with details on courses and services that may be of interest to them.

 

Legal Basis: Consent

Article 4(11):

“…‘consent’ of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;

Purpose

Personal Data

Necessity

To promote our products to previous sole traders who consented to receiving marketing communications

Business Contact Details

To provide our sole traders with details on courses and services that may be of interest to them.

To promote our products to business contacts that can be identified and have not opted out from receiving marketing communications

Business Contact Details

To provide our business contacts with details on courses and services that may be of interest to them.

 

How we collect business contact data

We collect business contact data via different means:

  • online accreditation membership databases (e.g. English UK, Quality English)
  • company websites
  • social media
  • email correspondence
  • phone calls
  • meetings in person
  • website and/or social media analytics (see Cookie Policy for more details)

How long we keep your business contact data

We only keep your business contact information for as long as we need it to provide you with the information or services that you have requested, to comply with the law, to administer your relationship with us, or to ensure we do not communicate with those that have asked us not to.

Our general retention period is five years after a record has ceased to be active.

Where we store your business contact data

We store your data on a secure online-cloud archive. We use appropriate security procedures to protect and safeguard data from unauthorised access. Access to the online-cloud archive is restricted by security login procedures.

Who has access to the business contact data we store

Only authorised personnel can access your information via security login authentication to our online-cloud archive. We only share your personal information with third parties where it is directly relevant to the services you have requested. We require third parties to treat your data with the same level of care as if we were handling it directly.

Whom we share your business contact data with

We may also disclose your business contact data to third parties if we are under a duty to disclose or share it in order to comply with any contractual or legal obligation or in order to enforce or apply any agreements, or to protect the rights, property or safety of Language Link London Limited or others.

Your rights

You have a number of rights in relation to your data. These are:

  • The right to be informed: you have the right to know how and why we collect, store and use your personal data.
  • The right of access: you have the right to access and receive a copy of the data and information we hold about you.
  • The right to rectification: you have the right to request a correction or removal of whichever information you think may be inaccurate.
  • The right to erasure: you have the right to ask us to delete any information we hold about you.
  • The right to restrict processing: you have the right to limit the way we process your data.
  • The right to data portability: you have the right to request your data to be provided in an easy-to-use format to another supplier.
  • The right to object: you have the right to opt out of hearing from us at any point.

Please note that if you make a request not to be contacted by us or to have all your data erased, we will need to keep a record of your contact details. This minimal record is allowed under the GDPR and necessary for us to ensure you will not be contacted again in the future. The GDPR and the Data Protection Act 2018 set out exemptions to some of the rights and obligations above in some other circumstances

How to contact us

In case you wish to send us any requests concerning your personal data, please use the contact details below:

Margaret Curran, Language Link London Limited, 181 Earls Court Road, London, England, SW5 9RD.

Email: margaret@languagelink.co.uk

Requests will be dealt with and responded to within one month.