fbpx

Last updated: October 21, 2019

This document should be treated as an attachment to Fullers Consultancy Terms of Service.

GDPR (General Data Protection Regulation) applies from May 25, 2018. Fullers Consultancy is committed to having had introduced all appropriate and necessary changes in our day to day services, on the website, and on the blog by that time. Here’s what Fullers Consultancy will do to comply with the regulation, and what Fullers Consultancy clients need to know about GDPR.

Fullers Consultancy’s GDPR Compliance Statement

What is Fullers Consultancy doing to comply with GDPR?

Fullers Consultancy sets out to meet all the GDPR requirements that relate to protecting the privacy concerns of our clients, website and blog visitors, as well as email lists subscribers.

Here’s what we’re going to do before the regulation becomes binding:

familiarize ourselves with the full text of the regulation (COMPLETED)

attend legal training sessions (COMPLETED)

nominate Data Protection Specialist; we’ve nominated for the role our MD Alexander R. Fuller (COMPLETED)

make necessary changes to our Privacy Policy, Terms of Service, Safety & Security documents (COMPLETED)

make a list of all the areas that need to be taken care of to comply with the regulation (COMPLETED)

make a list of all the areas on the website and blog that need to be taken care of to comply with the regulation (COMPLETED)

implement necessary changes on the website and blog to make sure they abide by all the GDPR rules (COMPLETED)

apply pseudonymization to protect the clients’ data which are not necessary to be kept in its original form (COMPLETED)

make sure the personal data of Fullers Consultancy clients and email lists subscribers is well-protected (COMPLETED)

implement necessary changes in our services to make sure all clients can comply with GDPR when sending emails from Fullers Consultancy (COMPLETED)

educate the clients about GDPR in relation to email outreach (IN PROGRESS)

What kind of a role Fullers Consultancy has in data protection?

Fullers Consultancy is defined as:

1) data administrator in relation to Fullers Consultancy clients and email lists subscribers;

2) data processor in relation to the data owners whose personal data is uploaded to Fullers Consultancy and used in emails sent from Fullers Consultancy by its clients.

It means that as a company, we oversee a couple of matters:

Fullers Consultancy needs to inform its clients and email lists subscribers whenever a third party takes part in processing their personal data. Fullers Consultancy is obliged to immediately inform the data administrator (the client) in case a person from the user’s prospect list contacts Fullers Consultancy to stop the outreach.

Fullers Consultancy openly informs about the ‘right to be forgotten’ and the ‘right to assist in data deletion’ on a special request. As Fullers Consultancy user or email list subscriber, you may request your personal data change or deletion. The detailed instruction on how to exercise those rights can be found below in the section Adequacy, relevance, limitedness of the GDPR Compliance.

Fullers Consultancy will address any violation of GDPR submitted at info[at]Fullers Consultancy.

What is GDPR?

The General Data Protection Act (GDPR) is being introduced by the European Union to regulate how personal data can be processed. It’s intended to reinforce data protection of the people who live in the EU.

Why is there a need for GDPR?

EU data protection rules haven’t been updated for over two decades. There are at least two reasons why the EU legislative branch decided to improve the existing data protection regulations.

Technological progress has a global reach – personal data processing is so ubiquitous in today’s online sphere that existing regulations were becoming obsolete;

Answering the need of EU citizens – according to Eurobarometer, 75% of people that have been asked in the 2011 survey want to exercise their so-called right to be forgotten. 90%, however, believes that it’s necessary to standardize the rights concerning personal data protection (source).

What kind of information is under protection?

GDPR is supposed to protect natural persons and their rights. It doesn’t protect businesses, entities or organizations, and processing of their data.

It protects processing personal data, such as name, age, address, phone number, but also indirect identifications that influence their identity including physiological, mental, physical, genetic, economic, cultural and social identity. Basically, any information based on which one can identify the individual.

What does ‘processing’ mean?

‘Processing’ relates to personal data “collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction,” as in Article 4 (2) of the regulation.

What is the lawful basis for data processing?

To safely and legally process personal data in the light of GDPR, you should abide by several principles. Those are lawfulness, fairness, transparency, adequacy, relevance, limitedness, accuracy, storage limitation, integrity, and confidentiality.

Below you will read about how Fullers Consultancy abides by those principles and what actions you should, or shouldn’t, take to use Fullers Consultancy in accordance with GDPR.

Lawfulness, fairness, and transparency

As a data processor, Fullers Consultancy remains transparent and legitimate when processing data of its clients and subscribers. All Fullers Consultancy clients and subscribers get notified upon the signup process that the personal data they provide will be processed in ways specified by Terms of Service and Privacy Policy.

As data administrator, you should make sure your actions are transparent and the purpose of processing data is legitimate. It means you should be always able to prove that you had legitimate reasons to process personal data of EU citizens. You also need to be able to describe the whole process of obtaining the personal data you use.

All sources of personal data Fullers Consultancy uses are also subject to GDPR regulation. 

Adequacy, relevance, limitedness

As a data processor, Fullers Consultancy processes only the data necessary in relation to the purposes for which it is processed. We do not collect or process any sensitive data such as gender, race, ethnic background, political views, etc.

Fullers Consultancy processes its clients’ data as long as they have a Fullers Consultancy account, or until they express their wish for their personal data to be removed from our user base.

Fullers Consultancy processes its email lists subscribers’ data from the moment they subscribe for one of our mailing lists until they express their wish for their personal data to be removed from the lists.

Fullers Consultancy emailing lists include:

Product Newsletter list,

Blog Newsletter list,

a few lists of people who subscribed for specific pieces of content or specific courses.

Upon resigning from Fullers Consultancy subscription or an email list subscription, the user has a right to request immediate removal of their data from our serviceslication and mailing lists (in accordance with the ‘right to be forgotten’.) The clients or email list subscribers also have the right to view, update and make any corrections to their data in their Fullers Consultancy account and on the email subscribers lists.

How can Fullers Consultancy clients change or remove their personal data from Fullers Consultancy?

As Fullers Consultancy client, you may change your first name, last name, company name, email address, password, and time zone at any time. To do that, you should contact the support team at info [at]Fullers Consultancy.

Fullers Consultancy clients can also request deletion of their data by contacting the support team at info[at]Fullers Consultancy.

How Fullers Consultancy email list subscribers can change or remove their personal data from Fullers Consultancy?

As Fullers Consultancy email list subscriber, you can change your personal data on the subscriber list by clicking the “update subscription preferences” link in any message we have sent you using GetResponse.

You can also unsubscribe from any list by clicking a link at the bottom of any message. Such a request to unsubscribe from a list will be applied to this specific list only. If as a subscriber you wish to be removed from all lists at once, please reply to any message and write that you wish to be removed from all Fullers Consultancy’s mailing lists.

How we apply GDPR to cold email campaigns

If, at Fullers Consultancy, we decide to contact an EU citizen, who has not been a Fullers Consultancy user or email list subscriber, we will do so only if we have a clear reason to claim that this is a contact relevant to our business purposes, and that at the same time, this contact could be beneficial to the contacted person.

If a person asks us to stop contacting them, at Fullers Consultancy we will always respect that request and stop further contact immediately.

As data administrator, you can process personal data of EU citizens who have granted you permission to process their data by subscribing to one of your mailing lists. GDPR does not forbid cold emailing though, as long as you follow the data processing rules described in the regulation.

If you decide to contact a person who has not subscribed for email correspondence, and has not been in any business relationship with you before (cold email), you should have a clear reason to claim that this will be a contact relevant to your business purposes, and that at the same time this contact could be beneficial to the contacted person. If you place an offer in your cold email, the offer should be logically connected to the specifics of your prospect’s business.

You are required to inform your cold email recipient that you’re processing their data and how you process it. The email should also contain a clear and easily available information about how your prospect can request change or removal of their personal data.

You are obliged to immediately stop contacting prospects who expressed their wish not to be contacted again. If a prospect of yours demands that their data gets removed from your contact lists, you are obliged to remove it (in accordance with the ‘right to be forgotten’.)

You should process only the personal data that are necessary in relation to the purposes for which you process it. That means you should remove from your contact base all the personal data that are irrelevant to your email campaign, or be able to justify why a specific type of data is necessary for the goal you are trying to accomplish.

Accuracy

As Fullers Consultancy user or email list subscriber, you have the right to make changes in your personal data processed by Fullers Consultancy. Privacy Policy specifies how you can request the changes or where you can edit your data yourself.

As data administrator, you need to make sure all the data you process is up to date. Personal data that is inaccurate or outdated should be deleted or altered immediately.

Storage limitation

Fullers Consultancy will keep every user’s personal data no longer than it’s necessary for the purposes for which the personal data are processed. At the same time, each data owner can request an exact time limit of their data processing.

As data administrator, you need to make sure you don’t keep personal data of your prospects longer than it’s necessary for the purposes for which the personal data are processed.

In case of cold email campaigns, you shouldn’t process a non-responsive prospect’s data longer than it may be assumed to be necessary, namely one month after you tried to contact the person for the first time. That means you should always keep your prospect base updated.

Integrity and confidentiality

As a data processor, Fullers Consultancy processes its clients’ personal data in a way that ensures appropriate security of the personal data. You can find more details on the data processing in our Safety & Security document.

As data administrator, you are obliged to take a proper care of the security of the personal data you process. You should never share with third parties the personal data you process, unless you have a clear consent of the data subjects to do that.