Frequently Asked Questions: Data Protection & Privacy

General Data Protection Regulation 2018 (GDPR) & Regulation of Privacy and Electronic Communications 2003 (RPEC)

  1. What Personal Data does Smart Profile process?

Smart Profile processes Business Card Details of specific Corporate Employees who have a direct link to Business implementations, priorities and decision making.

Account information, such as legal entity details, installed and planned technology purchases, related analytics and financial information, are not considered Personal Data and therefore are not protected by privacy laws.

  1. How is Smart Profile data processing compliant with GDPR?

Smart Profile has been leading the way in data protection and privacy compliance for over 25 years. We regularly review all applicable and enforceable data privacy and data protection regulations to check that we are compliant, and we take the following steps to comply with new GDPR legislation:

  1. We rely on the lawful ground of “legitimate interests of us or by a third party (eg client of Smart Profile)” to process Personal Data (Art.6/f)
  2. We follow the principle of data minimization, ensuring the personal data collected is kept to a minimum (Art.5)
  3. The Personal Data we process is restricted to Business Card Information of corporate employees who are directly linked to business implementations and decision making
  4. An extensive assessment has been completed, ensuring the personal data we process does not dis-proportionally affect the privacy rights of the Business Card Owner
  5. We practice transparency by clearly informing all Business Card Owners that we are processing their personal data, and for what purposes (Art. 13 & 14)
  6. We provide a simple and clear route for Business Card Owners to obtain a copy of the personal data we process, and to block their personal data for direct marketing purposes (Art.15 & 21)
  7. We keep the data up to date (Art. 5)
  1. How is Smart Profile’s data processing compliant with RPEC?

Our practices for complying with the RPEC directive include:

  1. Periodically matching of all telephone numbers with the Corporate Telephone Preference Service (CTPS) and Do Not Call Registry, if there is a legal obligation.
  2. Clear recording of Privacy Preferences following “Notice @ Source” processes via phone and/or email
  3. Consent that Smart Profile is allowed to use the e-mail address for newsletters including information or offer of a third party
  1. How can we use Smart Profile data for direct marketing and be GDPR-compliant?

Business Card Information supplied by Smart Profile can be used in 3 basic ways to support your direct marketing activities.

The GDPR is not changing the rules to use the data for communications for commercial purposes. This is indicated in the E-Privacy Directive which is unchanged so far.

  1. Keep your data current and up-to-date: this is a core requirement of GDPR. By matching your existing database to Smart Profile data, you can: ensure that the Legal Entity details in your database are up to date; remove all closed or merged Legal Entities; and obtain new and updated Business Card Information for the Legal Entities that are already part of your database
  2. Market to new contacts at existing accounts: Smart Profile data supports account-based marketing by providing Business Card, Legal Entity and key technology information, enabling you to understand and market to your existing accounts more effectively. Unless your local implementation law of the E-privacy directive limits this, all new Business Card Information provided to you by Smart Profile within your existing accounts can be directly contacted via email (if you have the consent), phone and post to provide relevant marketing information.
  3. Market to new contacts at new accounts: All Business Card Owners are clearly notified that their Business Card Information is processed by Smart Profile and licensed to business product and service vendors, like you, to be used for direct marketing purposes. If they are decision makers, recommenders or influencers for your product or service, you have a legitimate interest in processing their personal data, and they are likely to have a reasonable expectation to receive relevant marketing communications from you. You will likely need to notify them of your interest and ensure they can access, update or ask to delete the personal data you process, according to your own GDPR compliance Policies. Marketing of new contacts is always done in an e-mail originating (also in URL) from Smart Profile. Through a response mechanism the data subject can make a choice for an advertiser for more information. E-mail addresses will not be disclosed to advertisers by Smart Profile since there is no consent to use the e-mail address for commercial purposes.
  1. How can we access Smart Profile data?

Licensees of Smart Profile data receive a unique username and password to access the licensed data via a web-based platform.

Alternatively, clients can receive offline files containing the licensed data via a secure site.

At the end of your license period, you will be required to remove all Smart Profile licensed data from your systems unless there is a business relation. This means licensees need to retain the Smart Profile data ID fields to facilitate the data removal and stay compliant.

  1. How often should we access Smart Profile data?

New data is added, and unsubscribed Business Cards (opt outs, CTPS, Privacy preferences) are removed, on a weekly basis.

Occasionally, we may remove the entire Legal Entity, if we consider this would benefit the right of the Data Owner.

We encourage that you check with your Account Manager regularly to track how those specific Business Cards are processed in your own organization, and to ensure the licensed data you process remains compliant.

  1. Do you share suppression lists?

For licensees that access Smart Profile data via the web-based platform, updated suppression information will be published weekly, enabling licensees to avoid marketing to suppressed Business Card Owners.

For licensees that have received Smart Profile data in an offline file, we will work with the licensees to update the licensed data.

Licensees that receive a suppression request from a Business Card Owner, as a result of their own direct marketing activities, must follow their own GDPR and RPEC processes to remain compliant.

  1. What if we receive a complaint from a Business Card Owner?

It is an obligation that any direct request to Smart Profile from Business Card Owners to suppress their personal data is processed by us within a month. If a Business Card Owner complains they have been contacted, despite having made such a request, please contact us. We can determine when the request was received and whether our live database was displaying the Business Card Owner details.

We recommend that licensees access the licensed data via the web-based platform, as this will minimize the likelihood of such complaints.

  1. Who is the Smart Profile Data Protection Officer?

Michiel Alkemade, Managing Partner and Compliance Officer for Smart Profile is our Data Protection Officer (DPO).

You can contact him via our main switchboard line or via our contact page