EMAIL COMPLIANCE TO GDPR/DATA PRIVACY
Information provided under the United Kingdom General Data Protection Regulation (“UK GDPR”)
Newton Day is conducting a campaign of direct marketing within the meaning of the Data Protection Act 2018, s.122(5), in which you are a recipient.
Newton Day is conducting this campaign to businesses in the UK, using a mailing list that Newton Day maintains. If your personal data is held by Newton Day, we will only pass on information you provide in a reply or form, when you want to engage Newton Day, such as to request a quote.
Frequently Asked Questions
Under what law are you allowed to send me emails?
The protection of personal data and the delivery of marketing by email are governed in the United Kingdom by separate but related laws. In addition to data protection legislation such as the UK GDPR and Data Protection Act 2018, The Privacy and Electronic Communications (EC Directive) Regulations 2003, also known as “PECR”, is the principal law that covers direct marketing by email.
What is a “corporate subscriber”?
In terms of the PECR, the subscriber is the individual or legal entity that is party to a contract with a provider of public electronic communications services. It specifically defines a corporate subscriber as, essentially, an incorporated company. This is different to the usual meaning of
“subscriber” when discussing mailing lists. ICO guidance clarifies that this includes public bodies and Scottish partnerships, but not sole traders or members of an ordinary partnership, as they are not incorporated. In terms of email, the subscriber is held to be the individual or organisation for whom the email service is operated. Any of a corporate subscriber’s email addresses would be a corporate email address. If a corporate email address contains a person’s name or distinctive job title, it is known as a personal corporate email address. This is not the same as a strictly personal email address pertaining only to a private individual.
Why have you not asked for my consent?
Your email address has been identified as pertaining to a “corporate subscriber” within the meaning of PECR Regulation 2. Regulation 22 prohibits the delivery of unsolicited marketing messages by email to “individual subscribers”, with certain exemptions such as for existing customers. However, this does not apply to corporate subscribers. The UK’s data protection supervisory authority, the Information Commissioner’s Office or ICO, has published guidance clarifying that consent is not required to email business email addresses. Data protection laws still apply to any personal data being stored or used in relation to that address, such as if your email address contains your name, or a job title through which you could be easily identified. Such personal data is lawfully processed under Art. 6(1)(f) of the UK GDPR, about which more information is provided below.
Where did you get my email address?
Newton Day does not hold the mailing list used to deliver the email to you.
Newton Day has partnerships with data providers and can provide detailed information about the source of your contact record upon request. You can find contact details for such a request further down the page.
How do I stop getting emails from Newton Day?
All emails Newton Day sends as part of any given direct marketing campaign includes an unsubscribe link to a page where you can check the email address and request that it be unsubscribed from further such
We have reproduced the form below, which you can submit to unsubscribe from further emails from Newton Day:
Data Controller Information
Please take note of the following information in accordance with Chapter 3 of the UK GDPR.
Identity of the controller
Newton Day, registered in England under company number 10638600.
Address: 3rd Floor, 86-90 Paul St, London EC2A 4NE.
Data Protection Officer (DPO)
The following means of contacting the DPO may be used to make a request under the rights guaranteed by the UK GDPR or other applicable data protection and privacy laws:
Categories of Personal Data
Where a name or job title may be used to identify a living human being (“data subject”) in relation to a business email address, the following categories of information directly or indirectly identifying that person may be processed: Name, job title and company, work contact details, records of emails opened with images enabled, records of hyperlinks clicked on in emails, IP addresses used to engage with emails, replies sent to emails, content submitted in forms linked to from emails.
Purposes and Basis of Processing Personal data is processed for the purpose of targeting and personalising marketing messages, and delivering them to the data subject in order to prospectively market products and services of the data controller’s clients in pursuit of the commercial interests of both the data controller and its client. The personal data listed above is processed in accordance with Article 6(1)(f) of the UK GDPR, in pursuit of the legitimate interests detailed in this section. The data controller’s and its client’s legitimate interests are balanced with the fundamental rights and freedoms of data subjects by the provision of compliant transparency and disclosure notices, a clear, simple and effective means of opting out of further marketing messages, and the appointment of a Data Protection Officer who is available to fulfil any lawful request from a data subject.
Personal data is retained for the purposes above, for a period of 12 months following the last recorded engagement.
Data Subject Rights
The data subject has the right to request access to, rectification of, erasure of, and restriction to the processing of their personal data, as well as to object to its processing, and to the portability of that data. At any time, the data subject has a right to lodge a complaint with the Information Commissioner’s Office in the United Kingdom.
If you need to report abuse or talk to someone about your experience, please contact us.