OUR LEGITIMATE INTEREST ASSESSMENT:
☐ We have checked that legitimate interests is the most appropriate basis.
Yes
☐ We understand our responsibility to protect the individual’s interests.
Our customers’ data is only shared with trusted suppliers for the purposes of processing orders and delivering customer services.
We protect our customers’ information and do not share it with 3rd parties for marketing use without explicit consent.
We do not use sensitive information such as racial or ethnic origin, political opinions, religious or philosophical beliefs, sexual orientation, trade union membership and genetic or biometric in our analytics.
☐ We have conducted a legitimate interests assessment (LIA) and kept a record of it, to ensure that we can justify our decision.
Yes
☐ We have identified the relevant legitimate interests.
Commercial: As a small business we derive a large proportion of our sales from repeat customers. As our product is a low frequency purchase, it is critical to our success to maintain contact with our customers between purchases.
We do this primarily by providing interesting content and alerting our customers to promotional offers, new products, and services and service update.
☐ We have checked that the processing is necessary and there is no less intrusive way to achieve the same result.
Necessity: We occasionally need to contact our customers regarding customer service or product issues. As our sales are through third party retailers or our own website our primary means of contact is through face-to-face e-mail as this is less intrusive, but occasionally by telephone if there has been no response from the e-mail.
Necessity: As a small business with low brand awareness we do not have a large advertising budget. Therefore, the only means of developing our business is through respectfully contacting customers and people who have provided their details to us through the course of a sale or through our promotional activities. We only communicate regarding products and services that the person showed and interest in or similar products.
☐ We have done a balancing test, and are confident that the individual’s interests do not override those legitimate interests.
Balancing individual’s rights and freedoms: We make it clear on our website, in our e-mails and in all promotions that we would like to gather contact information for marketing purposes.
We ensure that there are prominent ‘opt out’ notices on our website and in all communications.
For newly provided contact details, we send a service email containing product and order information, with a prominent opt out notice. We only make one more contact and, if there is no response we will flag the contact details as ‘opted out’.
☐ We only use individuals’ data in ways they would reasonably expect, unless we have a very good reason.
We only use customers’ information for the purposes laid out in our privacy policy. Namely to:
• Assess a candidates suitability for a role.
• Provide information to hiring managers for the purposes of candidate selection.
• Set selection thresholds and create benchmarks.
• Identify and address any potential hidden biases within out selection processes.
• Develop predictive analytics to continually improve our services to candidates, clients and customers.
• Fulfil orders and contracts.
• Manage access to our online services, content and apps.
• Send content via e-mail, push notifications, newsletters, etc.
• Send service notifications related to product or services (e.g. order notifications, order confirmations and password resets).
• Manage customer service queries and complaints.
• Manage privacy preferences and requested communications (which may include suppression from communications
• Send you administrative emails (your account, reminders, service changes and new policies).
• general location-based services (e.g. country), advertising or search results for our content.
• Detect and reduce fraud including fraudulent orders.
• Prevent users from posting illegal, offensive or objectionable comments on our site.
• Run promotions.
• And invite a speaker or contributor at, or in, one of our events, or contribute to content in one of our blogs or communications.
We only contact people about the products or services they have shown an interest in or similar products and services.
☐ We are not using people’s data in ways they would find intrusive or which could cause them harm, unless we have a very good reason.
We believe that our customers and those browsing our site for whom we have contact details would reasonably expect ANSON to contact them. However, we also believe that our customers would also expect us to stop contacting them if they do not respond to our communications.
We communicate with our audience four times or less a month via e-mail. We have above average industry open rates and below industry average opt-out rates. We therefore, believe that our rolling programme is appropriate to our audience.
☐ If we process children’s data, we take extra care to make sure we protect their interests.
We do not collect data on people under 16 years of age and, where we may have erroneously done so, we immediately inform the person and delete this data.
☐ We have considered safeguards to reduce the impact where possible.
We use a ‘data lifecycle’ model to ensure that we have a full end-to-end process for the management of customer data. See diagram:
All contacts who have opted out are flagged in our CRM system and we regularly check that our e-mail service provider is not including those who have opted out in our marketing contact list.
If a newly provided contact does not respond to the first two contacts, we flag them as having opted-out.
In order to ensure we do not contact customers who have shown no interest we purge our marketing contacts database every year to ensure that historic contact details are not available to our CRM system.
☐ We have considered whether we can offer an opt out.
We provide a simple ‘one click’ opt out on our website and in all marketing communications
☐ If our LIA identifies a significant privacy impact, we have considered whether we also need to conduct a DPIA.
We investigate all instances were an opted-out contact receives a wrongful communication, including a full review of our processes with the e-mail service provider.
We also conduct an impact assessment in all instances of data collection, processing, distribution or destruction that was not in line with our policies and procedures
We have additional processes for securing and managing sensitive data.
☐ We keep our LIA under review, and repeat it if circumstances change.
We review our LIAs every 6 months or where our reporting systems implies there may be a change in customer behaviour
☐ We include information about our legitimate interests in our privacy information.
Yes