Data Protection Privacy FAQs
Data Protection & Privacy General Data Protection Regulation 2016 (GDPR) & Privacy and Electronic Communications Regulations 2003 (PECR)
Frequently Asked Questions
1. What Personal Data does Rhetorik process?
Rhetorik processes Business Card details of specific corporate employees who have a direct link to technology implementations, priorities and decision making.
We identify a total of 48 Job Functions linked to 3 core levels of responsibility: Decision Maker, Influencer, and User.
We also process company information, such as legal entity details, installed and planned technology purchases, related analytics and financial information, which are not considered Personal Data and therefore are not protected by privacy laws.
2. How is Rhetorik data processing compliant with GDPR?
Rhetorik has been leading the way in data protection and privacy compliance for almost 20 years. We regularly review all applicable and enforceable data privacy and data protection regulations to check that we are compliant, and we take the following steps to comply with new GDPR legislation:
a) We rely on the lawful ground of “legitimate interests” to process Personal Data (Art.6/f)
b) We follow the principle of data minimisation, ensuring the personal data collected is kept to a minimum (Art.5)
c) The Personal Data we process is restricted to Business Card Information of corporate employees who are directly linked to technology implementations and decision making
d) An extensive assessment has been completed, ensuring the personal data we process does not disproportionally affect the privacy rights of the Business Card Owner
e) We practice transparency by clearly informing all Business Card Owners that we are processing their personal data, and for what purposes (Art. 13 & 14)
f) We provide a simple and clear route for Business Card Owners to obtain a copy of the personal data we process, and to remove permission to process their personal data (Art.15)
g) We keep the data up to date (Art. 5)
3. How is Rhetorik’s data processing compliant with PECR?
Our practices for complying with the PECR regulations include:
a) Daily matching of all telephone numbers with the Corporate Telephone Preference Service (CTPS) and Do Not Call Registry
b) Weekly update of all suppression lists, including Unsubscribe, Opt-out and other requests resulting from the regular use of our email database
c) Clear recording of Privacy Preferences following “Notice @ Source” processes via phone and/or email
4. How can we use Rhetorik data for direct marketing and be GDPR-compliant?
Business Card Information supplied by Rhetorik can be used in 3 basic ways to support your direct marketing activities.
a) Keep your data current and up-to-date: this is a core requirement of GDPR. By matching your existing database to Rhetorik data, you can: ensure that the Legal Entity details in your database are up to date; remove all closed or merged Legal Entities; and obtain new and updated Business Card Information for the Legal Entities that are already part of your database
b) Market to new contacts at existing accounts: Rhetorik data support account-based marketing by providing Business Card, Legal Entity and key technology information, enabling you to understand and market to your existing accounts more effectively. Unless listed as CTPS, all new Business Card Information provided to you by Rhetorik within your existing accounts can be directly contacted via email, phone and post to provide relevant marketing information.
c) Market to new contacts at new accounts: All Business Card Owners are clearly informed that their Business Card Information is processed by Rhetorik and licensed to technology product and service vendors, like you, to be used for direct marketing purposes. If they are decision makers, recommenders or influencers for your technology, you have a legitimate interest in processing their personal data, and they are likely to have a reasonable expectation to receive relevant marketing communications from you. You will need to notify them of your interest and ensure they can access, update or ask to delete the personal data you process, according to your own GDPR compliance Policies.
5. How can we access Rhetorik data?
Licensees of Rhetorik data receive a unique username and passcode to access the licensed data via a web-based platform.
Alternatively, clients can receive regular offline files containing the licensed data via a secure site.
At the end of your license period, you will be required to remove all Rhetorik licensed data from your systems. Failure to do so may result in a data breach, which would need to be reported to the Information Commissioners Officer. This means licensees need to retain the Rhetorik data ID fields to facilitate the data removal and stay compliant.
6. How often should we access Rhetorik data?
New data is added, and unsubscribed Business Cards (opt outs, CTPS, Privacy preferences) are removed, on a weekly basis.
Occasionally, we may remove the entire Legal Entity, if we consider this would benefit the right of the Data Owner.
We encourage that you check with your Account Manager regularly to track how those specific Business Cards are processed in your own organization, and to ensure the licensed data you process remains compliant.
7. Do you share suppression lists?
For licensees that access Rhetorik data via the web-based platform, updated suppression information will be published weekly, enabling licensees to avoid marketing to suppressed Business Card Owners.
For licensees that have received Rhetorik data in an offline file, we will work with the licensees to update the licensed data.
Licensees that receive a suppression request from a Business Card Owner, as a result of their own direct marketing activities, must follow their own GDPR and PECR processes to remain compliant.
8. What if we receive a complaint from a Business Card Owner?
It is an obligation that any direct request to Rhetorik from Business Card Owners to suppress their personal data is processed by us within 28 days. If a Business Card Owner complains they have been contacted, despite having made such a request, please contact us. We can determine when the request was received and whether our live database was displaying the Business Card Owner details.
We recommend that licensees access the licensed data via the web-based platform, as this will minimize the likelihood of such complaints.
9. Are you registered with the ICO?
Yes. Registration number: ICO:00045756472
We are also a DMA Member.
10. Who is the Rhetorik Data Protection Officer?
Katie Allen is our Research Manager and Data Protection Officer (DPO).
You can contact her via our main switchboard line or at firstname.lastname@example.org
11. Who is your EU Representative?
We have appointed IT Governance Europe Limited to act as our EU representative. If you are an EU resident and wish to exercise your rights under the EU General Data Protection Regulation (EU GDPR), or have any queries in relation to your rights or general privacy matters, you can contact us as above or email our Representative at email@example.com Please ensure to include our company name (Rhetorik) in any correspondence you send to our Representative.