GDPR And Corrie D Marketings Position
Since GDPR came into effect in May 2018 Corrie D Marketing have always been acutely aware of the importance of this from a marketing perspective.
Our position regarding data collection can vary, depending on where and how that data is collected.
We have listed below various examples and scenarios. With an explanation of our understanding of our position within each of these.
As a digital marketing agency when we develop websites or landing pages for our clients. Our website developers provide the tools for our clients to collect data on their own websites. This is normally via a “Contact Form” on their website and/or landing page.
Our clients customers/or any data via these contact forms is not stored or saved on our servers ie we do not build databases on the back end of your website that stores ANY data whatsoever.
Each of our clients manage their own storage of data, using their own preferred in-house admin systems of choice, to manage their business. Therefore we will not be liable or responsible for any tools or methods they use for the purpose of this.
Therefore we consider the client to be both the Data Controller and the Data Processor. Because Corrie D Marketing has no control over this process which is managed and controlled entirely by our clients.
Corrie D Marketing may make recommendations as a guide, however we are not lawyers and advise if you are looking for legal advice contact a solicitor or looking for advice about GDPR compliance, contact the ICO.
At the end of the day, the onus is on each business owner to ensure compliance.
When we collect data and import it into our database, the database we use is a member of privacy shield and therefore GDPR compliant. We have carried out a data audit and taken robust checks on all of our service providers, where we share or save data.
We are a B2B markting business, so we do not have access to sensitive data. Nor personal data as such. Because a business email is not classed as personal data only a personal email is. So we politely request at all times you contact us using your business email address if whenever possible. We do not use profiling. Cookies are anonymous.
The only time we save your data is when you complete a contact form on our website. We do not store the data on a database on the back end of our website but we do save your details to contact you on our database that we use within our admin systems to help us to run our business.
We save this data so that allows us to contact you as a customer for legal obligations and as an enquiry for legitimate interests. We consider ourselves to be the Data Processor in this situation.
Very rarely do we send out email mailshots and when we do, we always use mailchimps GDPR settings.
Our aim is to meet our obligations under both GDPR.
As a digital marketing agency marketing tags are used that will appear in their website code only with their express permission, to allow the transfer of data between the website and the user’s device.
Where this arises, we consider the client to be the Data Controller. We will also consider a third party to be the Data Processor. This could be the client themselves, or a third party such as the designated third party eg Google.
Corrie D Marketing takes no responsibility whatsoever or liability for this type of transaction.
Cookies will mainly be limited to Google Analytics code that is GDPR compliant and the implementation is covered satisfactorily by the ePrivacy Regulations.
And perhaps on some occassions Google Ads if they run ad campaigns.
Our Position Regards Our Clients
Our clients are always considered to be the Data Controller as it is them who determine what data is to be collected and how that data is used and stored. However in some situations as per documented above. Our client will be considered both the Data Controller and the Data Processor.
Clients must ensure that you are fully compliant with the requirements of GDPR. The onus is on each business owner.
Named Data Controller
Types of cookies
• Cookies that do NOT contain personal data
• Cookies that DO contain personal data
We do not collect any sensitive data.
Cookies that do NOT contain personal data
Cookies that do not contain personal data, as defined by the GDPR regulations will be covered by the new ePrivacy Regulations.
Please note, personally sensitive data now includes any data that can be used in conjunction with other data to create profiles of the natural persons and identify them.
Cookies that DO contain sensitive data are covered by GDPR, and as such, you will need to ensure you are compliant with the requirements of GDPR.
We recommend you implement a robust approach to ensure that your website users are aware of the cookies, know what the cookies do and what data they collect, and most importantly, obtain the users permission to use those cookies BEFORE they are dropped onto the users device.
Again, personally sensitive data includes data such as IP addresses that could be used in conjunction with other data to create profiles of the natural persons and identify them. We do not use profiling.
If you have any external code that drops cookies that contain personally sensitive data, please inform us at your earliest convenience so that we can assist you with your compliance requirements from a technical perspective. We will need to implement an opt-in cookie notice that is capable of being rejected by the user as a minimum.
Google Analytics code
Google has stated their ambition to be GDPR compliant. So, providing your Google Analytics set up is standard, then you should be GDPR compliant. However, this may not be the case if:
• You have URLs on your website that contain personally sensitive data
• You have configured Google Analytics to record personally sensitive data (custom implementation)
As we understand this;
Google Adwords for instance, should be compliant unless you have a custom configuration.
Our geolocation service is also GDPR compliant.
Other marketing scripts that you may have added by anyone else, may NOT be GDPR compliant.
Our aim is to only work with clients whos aim is to be GDPR compliant as GDPR is of paramount importance to us.
If you think your business fits with our ethos, please contact Corrie D Marketing.
If you are unsure if you are GDPR compliant, and would like to work with us, get in touch TODAY!
Our Database Code Of Practice
We use Microsoft Office and Microsoft access database. This does not drop cookies. Anyone who contacts us via our website or over the phone, Facebook private messenger or via email these types of enquiries have a contract with us, consent is not required, providing the use of the data is in line with another legal basis for data collection ie contractual obligations or legitimate interests.
(a) Legitimate Interests: the processing is necessary to contact the person regards an enquiry.
(b) Contractual Obligations: the processing is necessary for us to have a contract with the individual, or because they have asked us to take specific steps before entering into a contract.
You can read more on the ICO website here: