GDPR Compliance Statement

WDC Consulting Ltd, trading as Sales Enablers Inc. (“we”, “us”, or “our”) is committed to ensuring the protection of your personal data and to comply with the General Data Protection Regulation (GDPR) and other relevant data protection laws.

What is GDPR?

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection, storage, and processing of personal information from individuals who live in the European Union (EU).

The Information Commissioner’s Office is the UK regulator dealing with the Data Protection Act 2018 and the General Data Protection Regulation and the Privacy and Electronic Communications (EC Directive) Regulations 2003 across the UK.

The ICO are like the data protection police and we need to make sure we always keep on their good side. Our determination to be 100% GDPR and PECR compliance will do exactly that.

It is important to take GDPR compliance very seriously, since the penalties for non-compliance are punitive and designed to be painful. You definitely don’t want to be on the receiving end of an ICO investigation or enforcement notice.

Data Collection and Processing

We are Joint Controllers. Even though, as a service provider, we are essentially working for a 3rd party client, it is important to recognise that we are both responsible for deciding who to target, what data to collect, how the data is processed, what messages we send them and how their data will be collected, processed, and stored.

We collect and process personal data in accordance with the principles of lawfulness, fairness, and transparency.

Personal data is collected for specified, explicit, and legitimate purposes and is not further processed in a manner that is incompatible with those purposes.

We collect personal data only to the extent necessary for the purposes for which it is collected.

Our services are designed and offered solely to help businesses promote to other businesses. i.e. B2B marketing only. In which case PECR allows email marketing provided material is relevant and we allow the recipient to opt-out of future emails. In this respect we are naturally compliant. GDPR always applies and actually applies to all aspects of collection, storage, and processing of data. We have been designed to be compliant and have established technical and operational systems to make sure this is the case. For example, before launching new client activity, we conduct an in-depth assessment to establish if the product or service, combined with the proposed targeting, meets the criteria for GDPR and PECR compliant business to business (B2B) marketing. A key part of this assessment is called the Legitimate Interest Assessment (LIA), we have completed a LIA for us and also a standard LIA for each of our clients.

Whilst GDPR controls the storage and processing of personal data in the UK, sending messages is regulated under the Privacy and Electronic communications Regulations (PECR). This is very clear as to the requirements on business communication: “You can email or text any corporate body (a company, Scottish partnership, limited liability partnership or government body). However, it is good practice – and good business sense – to keep a ‘do not email or text’ list of any businesses that object or opt out and screen any new marketing lists against that.” https://ico.org.uk/for-organisations/guide-to-pecr/electronic-and-telephone-marketing/electronic-mail-marketing/

We ensure that personal data is accurate and, where necessary, kept up to date.

We store personal data in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.

We take appropriate technical and organisational measures to ensure the security of personal data.

Data Subject Rights

Data subjects have the right to access their personal data and to request correction, deletion, or restriction of processing where appropriate.

Data subjects have the right to object to the processing of their personal data.

We respect data subjects’ rights to data portability.

We provide mechanisms for data subjects to exercise their rights and respond to requests promptly and within the timeframes required by law.

Legal Basis for Processing

We process personal data on the legal basis of consent, contract necessity, legal obligations, vital interests, public tasks, or legitimate interests.

Where consent is relied upon as the legal basis for processing, we ensure that it is freely given, specific, informed, and unambiguous.

Third-Party Data Processing

We may engage third-party service providers to process personal data on our behalf. We ensure that such providers comply with GDPR requirements and provide sufficient guarantees to implement appropriate technical and organisational measures to ensure the protection of data subjects’ rights.

We transfer personal data to third countries only if adequate safeguards are in place.

Client responsibilities

Whilst we continue to take extensive measures to ensure best practice with respect to GDPR and PECR across all client activity, clients should take note of responsibility for compliance vests (in different forms) with each party. We cannot be abreast of the constantly evolving regulatory frameworks in all countries at all times, as such it is important that you, as the client, have knowledge of your local regulatory climate and ensure your business operates within the relevant regulatory frameworks.

Data Breach Notification

In the event of a data breach that is likely to result in a risk to the rights and freedoms of individuals, we will notify the relevant supervisory authority and affected data subjects without undue delay.

Contact Us

If you have any questions or concerns about our GDPR compliance or the processing of your personal data, please contact us at hello@sales-enablers.com