GDPR for Marketing - Third parties
Updated
Can we still email on external databases/data brokers?
Only if the data is obtained according to GDPR (with specific consent to be shared with SD Worx for commercial use), if the broker can evidence this, and if appropriate contractual arrangements are in place.
Buying external databases or other sources of prospects from data brokers is an established and useful practice to expand our business. This practice has, even before GDPR, had difficulty in complying with privacy requirements. Especially the need to obtain prior informed consent before the target can receive marketing emails.
A data broker must have obtained prior consent of its sources (individual contacts) for these to be shared with SD Worx for direct (e-)marketing purposes.
Can we share personal data of customer contacts with external parties (agencies, printing agencies, ...) who will provide services to us?
Yes, we can do this, but only when they agreed and signed our supplier Data Processing Agreement (DPA) and appropriate contract. All suppliers and partners are expected to sign SD Worx templates. You can find our dedicated contract for partners and suppliers on the portal of Corporate Legal. Look for the section on Supplier contracts.
When you engage a new partner or supplier, always inform Rob Woestenborghs and Corporate Legal. Explain the scope and duration of the engagement, parties involved, etc. In the context of Brexit, make sure to mention where the supplier or partner is located. Additional measures, like concluding EU Model Clauses, may be necessary.
No data can be exchanged, or Services can begin, until the supplier or partner has signed the contract(s).
Where do we store signed contracts (with partners, data brokers etc.) ?
We created a document library where you must upload your signed contracts and DPAs. You can access the library via this link.
Can we still advertise on Facebook, Linkedin, Google, Twitter, … ?
Yes, we can still use the advertising possibilities but we can't share personal data directly with those platforms (eg. upload a lists of email addresses of customers on Facebook), because we don't have the necessary consent to support this.
Can we use pixels of Facebook, Linkedin or other platforms on our websites to allow remarketing tactics?
Yes, since we launched our cookie consent solution on our websites, visitors can opt-in or opt-out for the placement of those type of cookies
Can we still use Google Analytics on our websites?
Yes. For legal reasons and to enhance privacy, we have changed GA settings to anonymize the IP addresses, and we have disabled all the options to share data with third parties. As a consequence of this we can't filter out internal traffic anymore based on our IP adresses. We created a work around for this where you can place a cookie that we can use to exclude your visits and tests in our Analytics. Find the instructions here.
How can we transfer personal date in secure way to colleagues and/or external parties ?
There are several ways to send data in a secured way to a third party. Ideally, platform-based solutions are used instead of email. When transferring confidential data via less secure channels such as e-mail, you must appropriately secure data by using password protection. You can do this via 7-ZIP (find instructions here) or via standard Microsoft Office functionality (find instructions here) if 7-ZIP is not possible.
