Frequently Asked Questions: Data Protection & Privacy

General Data Protection Regulation 2018 (GDPR) & Regulation of Privacy and Electronic Communications 2003 (RPEC)

  1. What Personal Data does Computer Profile process?

Computer Profile processes Business Card Details of specific Corporate Employees who have a direct link to Technology implementations, priorities and decision making.

Account information, such as legal entity details, installed and planned technology purchases, related analytics and financial information, are not considered Personal Data and therefore are not protected by privacy laws.

  1. How is Computer Profile data processing compliant with GDPR?

Computer Profile has been leading the way in data protection and privacy compliance for over 25 years. We regularly review all applicable and enforceable data privacy and data protection regulations to check that we are compliant, and we take the following steps to comply with new GDPR legislation:

  1. We rely on the lawful ground of “legitimate interests of us or by a third party (eg client of Computer Profile)” to process Personal Data (Art.6/f)
  2. We follow the principle of data minimization, ensuring the personal data collected is kept to a minimum (Art.5)
  3. The Personal Data we process is restricted to Business Card Information of corporate employees who are directly linked to technology implementations and decision making
  4. An extensive assessment has been completed, ensuring the personal data we process does not disproportionally affect the privacy rights of the Business Card Owner
  5. We practice transparency by clearly informing all Business Card Owners that we are processing their personal data, and for what purposes (Art. 13 & 14)
  6. We provide a simple and clear route for Business Card Owners to obtain a copy of the personal data we process, and to block their personal data for direct marketing purposes (Art.15 & 21)
  7. We keep the data up to date (Art. 5)
  1. How is Computer Profile’s data processing compliant with RPEC?

Our practices for complying with the RPEC directive include:

  1. Periodically matching of all telephone numbers with the Corporate Telephone Preference Service (CTPS) and Do Not Call Registry, if there is a legal obligation.
  2. Clear recording of Privacy Preferences following “Notice @ Source” processes via phone and/or email
  3. Consent that Computer Profile is allowed to use the e-mail address for newsletters including information or offer of a third party
  1. How can we use Computer Profile data for direct marketing and be GDPR-compliant?

Business Card Information supplied by Computer Profile can be used in 3 basic ways to support your direct marketing activities.

The GDPR is not changing the rules to use the data for communications for commercial purposes. This is indicated in the E-Privacy Directive which is unchanged so far.

  1. Keep your data current and up-to-date: this is a core requirement of GDPR. By matching your existing database to Computer Profile data, you can: ensure that the Legal Entity details in your database are up to date; remove all closed or merged Legal Entities; and obtain new and updated Business Card Information for the Legal Entities that are already part of your database
  2. Market to new contacts at existing accounts: Computer Profile data supports account-based marketing by providing Business Card, Legal Entity and key technology information, enabling you to understand and market to your existing accounts more effectively. Unless your local implementation law of the E-privacy directive limits this, all new Business Card Information provided to you by Computer Profile within your existing accounts can be directly contacted via email (if you have the consent), phone and post to provide relevant marketing information.
  3. Market to new contacts at new accounts: All Business Card Owners are clearly notified that their Business Card Information is processed by Computer Profile and licensed to technology product and service vendors, like you, to be used for direct marketing purposes. If they are decision makers, recommenders or influencers for your technology, you have a legitimate interest in processing their personal data, and they are likely to have a reasonable expectation to receive relevant marketing communications from you. You will likely need to notify them of your interest and ensure they can access, update or ask to delete the personal data you process, according to your own GDPR compliance Policies. Marketing of new contacts is always done in an e-mail originating (also in URL) from Computer Profile. Through a response mechanism the data subject can make a choice for an advertiser for more information. E-mail addresses will not be disclosed to advertisers by Computer Profile since there is no consent to use the e-mail address for commercial purposes.
  1. How can we access Computer Profile data?

Licensees of Computer Profile data receive a unique username and password to access the licensed data via a web-based platform.

Alternatively, clients can receive offline files containing the licensed data via a secure site.

At the end of your license period, you will be required to remove all Computer Profile licensed data from your systems unless there is a business relation. This means licensees need to retain the Computer Profile data ID fields to facilitate the data removal and stay compliant.

  1. How often should we access Computer Profile data?

New data is added, and unsubscribed Business Cards (opt outs, CTPS, Privacy preferences) are removed, on a weekly basis.

Occasionally, we may remove the entire Legal Entity, if we consider this would benefit the right of the Data Owner.

We encourage that you check with your Account Manager regularly to track how those specific Business Cards are processed in your own organization, and to ensure the licensed data you process remains compliant.

  1. Do you share suppression lists?

For licensees that access Computer Profile data via the web-based platform, updated suppression information will be published weekly, enabling licensees to avoid marketing to suppressed Business Card Owners.

For licensees that have received Computer Profile data in an offline file, we will work with the licensees to update the licensed data.

Licensees that receive a suppression request from a Business Card Owner, as a result of their own direct marketing activities, must follow their own GDPR and RPEC processes to remain compliant.

  1. What if we receive a complaint from a Business Card Owner?

It is an obligation that any direct request to Computer Profile from Business Card Owners to suppress their personal data is processed by us within a month If a Business Card Owner complains they have been contacted, despite having made such a request, please contact us. We can determine when the request was received and whether our live database was displaying the Business Card Owner details.

We recommend that licensees access the licensed data via the web-based platform, as this will minimize the likelihood of such complaints.

  1. Who is the Computer Profile Data Protection Manager?

Michiel Alkemade, Managing Partner and Compliance Manager for Computer Profile is our Data Protection Manager (DPM).

You can contact him via our main switchboard line or via our contact page