Data Protection FAQs
The General Data Protection Regulations 2016 (GDPR) and the UK Data Protection Act 2018 (DPA)
Frequently Asked Questions
1. What Personal Data does Rhetorik process?
Rhetorik processes typical business card information, as well as information made publicly-available through online websites or social media and other professional information about specific organisation staff who have a direct link to technology implementations, priorities and decision making.
We identify more than 50 Job Functions linked to 3 core levels of responsibility: Decision Maker, Influencer, and User.
We also process company information, such as legal entity details, installed and planned technology purchases, related analytics and financial information, which are not considered Personal Data and therefore are not protected by privacy laws.
2. How is Rhetorik data processing compliant with GDPR?
Rhetorik has been leading the way in data protection and privacy compliance for more than 20 years. We regularly review all applicable and enforceable data privacy and data protection regulations to check that we are compliant, and we take the following steps to comply with new GDPR legislation:
a) We rely on the lawful ground of “legitimate interests” to process Personal Data (Art.6/f)
b) We follow the principle of data minimisation, ensuring the personal data collected is kept to a minimum (Art.5)
c) The Personal Data we process is restricted to typical business card information, as well as information made publicly-available through online websites or social media and other professional information about employees who are directly linked to technology implementations and decision making
d) An extensive assessment has been completed, ensuring the personal data we process does not disproportionally affect the privacy rights of the data subject
e) We practice transparency by clearly informing all data subjects that we are processing their personal data, and for what purposes (Art. 13 & 14)
f) We provide a simple and clear route for data subjects to obtain a copy of the personal data we process, and to remove permission to process their personal data (Art.15)
g) We keep the data up to date (Art. 5)
Click here to learn more.
3. How can we use Rhetorik data for direct marketing and be GDPR-compliant?
Professional Information supplied by Rhetorik can be used in 3 basic ways to support your direct marketing activities.
a) Keep your data current and up-to-date: this is a core requirement of GDPR. By matching your existing database to Rhetorik data, you can: ensure that the Legal Entity details in your database are up to date; remove all closed or merged Legal Entities; and obtain new and updated Professional Information for the Legal Entities that are already part of your database
b) Market to new contacts at existing accounts: Rhetorik data support account-based marketing by providing professional information, Legal Entity and key technology information, enabling you to understand and market to your existing accounts more effectively. Unless listed as CTPS, all new UK Professional Information provided to you by Rhetorik within your existing accounts can be directly contacted via email, phone and post to provide relevant marketing information.
c) Market to new contacts at new accounts: All data subjects are clearly informed that their Personal Information is processed by Rhetorik and licensed to technology product and service vendors, like you, to be used for direct marketing purposes. If they are decision makers, influencers or users for your technology, you have a legitimate interest in processing their personal data, and they are likely to have a reasonable expectation to receive relevant marketing communications from you. You will need to notify them of your interest and ensure they can access, update or ask to delete the personal data you process, according to your own GDPR compliance Policies.
4. How can we access Rhetorik data?
Licensees of Rhetorik data receive a unique username and passcode to access the licensed data via a web-based platform.
Alternatively, clients can receive regular offline files containing the licensed data via a secure site.
At the end of your license period, you will be required to remove all Rhetorik licensed data from your systems. Failure to do so may result in a data breach, which would need to be reported to the Information Commissioners Officer. This means licensees need to retain the Rhetorik data ID fields to facilitate the data removal and stay compliant.
5. How often should we access Rhetorik data?
New data is added, and unsubscribed Professional Information (opt outs, CTPS, Privacy preferences) are removed, on a weekly basis.
Occasionally, we may remove the entire Legal Entity, if we consider this would benefit the right of the Data Owner.
We encourage that you check with your Account Manager regularly to track how those specific Business Cards are processed in your own organization, and to ensure the licensed data you process remains compliant.
6. Do you share suppression lists?
For licensees that access Rhetorik data via the web-based platform, updated suppression information will be published weekly, enabling licensees to avoid marketing to suppressed data subjects.
For licensees that have received Rhetorik data in an offline file, we will work with the licensees to update the licensed data.
Licensees that receive a suppression request from a Bdata subject, as a result of their own direct marketing activities, must follow their own GDPR and PECR processes to remain compliant.
7. What if we receive a complaint from a Data Subject?
It is an obligation that any direct request to Rhetorik from data subject to suppress their personal data is processed by us within 28 days. If a data subject complains they have been contacted, despite having made such a request, please contact us. We can determine when the request was received and whether our live database was displaying the data subjectdetails.
We recommend that licensees access the licensed data via the web-based platform, as this will minimize the likelihood of such complaints.
8. Are you registered with the ICO?
Yes. Registration number: ICO:00045756472
We are also a DMA Member.
9. Who is the Rhetorik Data Protection Officer?
Katie Allen is our Research Manager and Data Protection Officer (DPO).
You can contact her via our main switchboard line or at [email protected]
10. Who is your EU Representative?
We have appointed IT Governance Europe Limited to act as our EU representative. If you are an EU resident and wish to exercise your rights under the EU General Data Protection Regulation (EU GDPR), or have any queries in relation to your rights or general privacy matters, you can contact us as above or email our Representative at [email protected] Please ensure to include our company name (Rhetorik) in any correspondence you send to our Representative.