Introduction
Spinnaker has been in business since 1997 and has built and cherishes a reputation for doing the right things in the right way and, in particular, respecting the confidentiality and data protection rights of the individuals it comes into contact with.
Like any business, Spinnaker needs to publicise its services to existing and prospective clients through marketing activities of various kinds.
Spinnaker is a privately-owned business which employs between 25 and 35 people. It does not have the financial wherewithal to rely solely upon paid advertising to reach its prospective audience.
Why this policy exists
This policy exists to record the rationale behind the decision Spinnaker has reached in deciding how it will approach the processing of personal data for business to business marketing purposes.
It also exists to satisfy Spinnaker’s aim under the company’s Data Protection Policy to ensure that individuals are aware of that and how their data is being held and processed.
Data Protection Law
Under data protection legislation there are a number of lawful bases for processing personal data. One of these is ‘legitimate interests’. The Information Commissioner’s Office advises that this basis for data processing is likely to be most appropriate where people’s data is used in ways they would reasonably expect and which have a minimal privacy impact.
Recital 47 of the General Data Protection Regulation (GDPR) says: “…The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest.” The Information Commissioner’s Office further advises that legitimate interests may be an appropriate basis for sending emails and text messages to business contacts.
Article 21(2) of GDPR gives individuals the right to object to direct marketing. This therefore requires the inclusion of a clear option to opt out of direct marketing in any marketing communication sent to them.
There are three elements to the legitimate interests basis (a three-part test). To rely upon the legitimate interest basis, one needs to:
- identify a legitimate interest (the purpose test);
- show that the processing is necessary to achieve it (the necessity test); and
- balance it against the individual’s interests, rights and freedoms (the balancing test).
Legitimate interests can include commercial interests, individual interests or broader societal benefits.
What type of marketing does Spinnaker undertake?
Spinnaker uses direct marketing as a means of making existing and prospective customers aware of the company’s existence, the products and services provided by its Recruitment, HR Consulting and Executive Search businesses, the types of jobseekers it is competent in sourcing, and the locations in which it works.
Spinnaker also uses direct marketing to promote the charitable and industry association work in which it is involved. In particular this includes the OSCAR Campaign which raises funds for Great Ormond Street Hospital for Children, Maritime London, The Maritime London Officer Cadet Scholarship and The Women’s International Shipping and Trading Association.
The Purpose Test: Spinnaker has a legitimate interest in the growth of its business through networking and direct marketing and in the raising of charitable funds and the growth of membership of, and support for, the industry organisations in which it is involved.
The Necessity Test: We have concluded that collecting contact details via the exchange of business cards and via research within the public domain (websites, brochures, etc.) is necessary for these purposes.
The Balancing Test: Having considered purpose and necessity, Spinnaker has concluded that the balance favours data processing for the types of marketing which it undertakes and that it is reasonable for business people within the industry sectors in which it operates to expect that their business contact details will be processed. Spinnaker ensures that it will provide recipients of all marketing information from Spinnaker with privacy information which includes their right to object. In practice this means links to Spinnaker’s privacy policy and a simple unsubscribe facility.