GDPR

About the GDPR

The EU General Data Protection Regulation (GDPR) came into force in UK law on 25th May 2018. The GDPR replaces the 1995 EU Data Protection Directive (European Directive 95/46/EC) and when read in conjunction with the Privacy and Electronic Communications Regulations PECR (which governs telephone and electronic marketing channels i.e. email marketing and text marketing etc.) provides clear regulations for processing marketing data.

The Schools Marketing Company in line with the relevant regulatory and legal bodies has worked to ensure that the data and services we process and supply, are compliant with GDPR legislation.

Our grounds for processing personal data are under Legitimate Interest grounds based on our Legitimate Interests impact assessment.

Read our database research and compliance statement here

What are the rules on using B2B (which includes SCHOOLS as “organisations” under the GDPR) marketing data?

For  B2B/Schools marketing data bought from Schools Marketing Company, the following rules apply (Full details on the GDPR can be found at the Information Commissioner's Office website).

  • Postal mailings continue to be an opt-out channel. You need to give recipients the opportunity to opt out of future mailings from you.
  • School Telephone numbers (where supplied) must be screened against the Telephone Preference Service and Corporate Telephone Preference Service files prior to use, and subsequently every 28 days. Telemarketing communications are also an opt-out channel.

Business-to-Business (School) email communications fall into two categories of regulation as follows:

  • *Emails to the employees of corporate entities (which includes schools) – limited companies, public limited companies, limited liability partnerships and government departments (including schools and hospitals) can be emailed without consent. Individuals must be given a clear and easy means of opting-out from future communications.
  • **Emails to sole traders and traditional partnerships are treated in the same way as consumer data, and opt-in consent must be gained for these contacts.

Note: *Schools Marketing Company only supply data for, or offer, email marketing services to corporate bodies and for corporate staff.

Using Schools Marketing Company Data or Managed Email Services for marketing purposes

 

When using The Schools Marketing Company managed email service, the control and processing of teachers and educators (corporate) personal email data is in accordance with the GDPR and PECR as detailed above.

When using data supplied by Schools Marketing Company the following broad principles apply:

  • All communications to data subjects must be relevant and proportionate – as well as legal, decent honest and truthful.
  • All communications sent out must transparently identify whom the message is coming from (the Advertiser*) and must contain a clear opportunity for data subjects to opt-out from future correspondence from the Advertiser*.
  • Advertisers* should endeavour to keep the data supplied up to date through reasonable contact frequency and should record any changes.
  • All requests to opt-out must be honoured by the Advertiser* and measures should be put in place not to inadvertently re-contact a data subject through data refreshes or updates, once they have opted out.
  • Detailed guidelines and usage restrictions can be found in our Terms & Conditions.(* Advertiser = data user/data controller)

Data subject access requests

Subject access requests from the SMC database should be addressed to:

The Data Controller

Schools Marketing Company

Phoenix House

24 High Street

London

E11 2AQ

 

Email: datacontroller@schoolsmarketingcompany.co.uk

Schools Marketing Company (SMC) is a division of Family Marketing Limited, registered with the Information Commissioner’s Office, registration number Z9153578. Registered in England No. 5491020.

Whilst every effort is made to ensure the information provided here is accurate, this relates to data and services supplied by Schools Marketing Company and is not intended as specific or general guidance on data protection. If you are concerned about any issues relating to the GDPR or PECR you should seek independent legal advice.