GDPR – Data Protection & Compliance
CRM Refresh has taken a number of steps to help customers address their GDPR (General Data Protection Regulation) covered by a Master Subscription agreement (between CRM Refresh and the Customer).
The GDPR defines six lawful bases for the processing of Personal Data. Of these six there is one that CRM Refresh is related to is the purposes of processing data and making it available to business customers and this is ‘Legitimate Interest’.
CRM Refresh relies on the legitimate interest precedent as an appropriate legal basis under the applicable Data Protection Laws to provide Business Data to its customers.
Customers may use the Business Data for the sending of direct business-to-business marketing communications provided they do so in accordance with the applicable laws. In this respect, where employees of a public or corporate entity are contacted for the purposes of direct marketing and or sales the initiator shall include the option to unsubscribe/opt-out basis to remain compliant under GDPR.
CRM Refresh is GDPR Compliant because:
- Only Business Data is processed from publicly available sources of information.
- All Business Data is tested and verified to be valid and accurate.
- We continuously update and maintain our Business Data and we ensure all data is secure.
- We make it easy for customers to be in control of their customer’s personal data and to instruct CRM Refresh on how to process individuals personal data.
- CRM Refresh’s services provide functionality that helps customers address data subject requests, such as requests for access, rectification, or erasure of personal data that CRM Refresh maintains about the individual on the customer’s behalf.
- CRM Refresh offers Data Processing Agreement to qualifying, paid subscription Customers (Eligible Customers) to Document our commitments as a data processor.
- * CRM Refresh – only processes professional data, regardless of where an individual is based. This usually includes things like their job role and details about the their employing company.
- This means that CRM Refresh DOES NOT provide or collect consumer-focused data such as age, health, web browsing history, health records or economic status.
CRM Refresh is a Data Processor
While CRM Refresh is committed to assisting its Customers in its role as a data processor, Customers are still ultimately responsible for adhering to their obligations as a “data controller.”
Broadly speaking, this means that Customers are responsible for obligations such as:
- Properly collecting, processing, and transmitting personal data from EU subjects
- Properly marketing and communicating to current/potential customers
- Properly handling requests from EU data subjects, such as erasure and access.
CRM Refresh is almost always the “data processor” of the data we handle on behalf of our Customers, whereas the Customer or Partner is usually the “data controller”. In plain English, that effectively means that data controller’s responsibility is to collect, process, and transmit data in compliance with applicable laws such as GDPR and it’s the data processor’s responsibility to comply with the terms of its data processing agreement with the data controller, which specifies how it can process personal data on the data controller’s behalf.
If you have any questions concerning GDPR please contact your CRM Refresh account rep.