Information provided under Regulation (EU) 2016/679, the General Data Protection Regulation, "GDPR"
Opal is conducting a campaign of direct marketing within the meaning of the Data Protection Act 2018, s.122(5), in which you are a recipient.
Opal is conducting this campaign to businesses in the UK, using a mailing list compiled since 2013 consisting of existing customers, people and businesses we have met during events, companies who have marketed to us or any of our staff have spoken to before as well as prospects who we believe may have commercial interest in the service. If your personal data are held, it will only be your email address.
Frequently Asked Questions
Under what law are you allowed to send me emails?
The protection of personal data and the delivery of marketing by email are governed in the United Kingdom by separate but related laws. In addition to data protection legislation such as the GDPR and Data Protection Act 2018, The Privacy and Electronic Communications (EC Directive) Regulations 2003, also known as "PECR", is the principal law that covers direct marketing by email.
What is a “corporate subscriber”?
In terms of the PECR, the subscriber is the individual or legal entity that is party to a contract with a provider of public electronic communications services. It specifically defines a corporate subscriber as, essentially, an incorporated company. This is different to the usual meaning of “subscriber” when discussing mailing lists. ICO guidance clarifies that this includes public bodies and Scottish partnerships, but not sole traders or members of an ordinary partnership, as they are not incorporated. In terms of email, the subscriber is held to be the individual or organisation for whom the email service is operated. Any of a corporate subscriber's email addresses would be a corporate email address. If a corporate email address contains a person's name or distinctive job title, it is known as a personal corporate email address. This is not the same as a strictly personal email address pertaining only to a private individual. Opal fully cooperates with ICO to make sure our terms and processes comply with latest legislation.
Why have you not asked for my consent?
Your email address has been identified as pertaining to a “corporate subscriber” within the meaning of PECR Regulation 2. Regulation 22 prohibits the delivery of unsolicited marketing messages by email to “individual subscribers”, with certain exemptions such as for existing customers. However this does not apply to corporate subscribers. The UK's data protection supervisory authority, the Information Commissioner's Office or ICO, has published guidance clarifying that consent is not required to email business email addresses. Data protection laws still apply to any personal data being stored or used in relation to that address, such as if your email address contains your name, or a job title through which you could be easily identified. Such personal data is lawfully processed under Art. 6(1)(f) of the GDPR, about which more information is provided below.
How do I stop getting emails / unsubscribe?
All emails sent as part of marketing campaign include an unsubscribe instructions but we are also happy just receiving a reply with UBSUBSCRIBE in the subject.
Purposes and Basis of Processing
Personal data is processed for the purpose of targeting and personalising marketing messages, and delivering them to the data subject in order to prospectively market products and services of the data controller's business in pursuit of the commercial interests of both the data controller. The personal data listed above is processed in accordance with Article 6(1)(f) of the GDPR, in pursuit of the legitimate interests detailed in this section. The data controller's legitimate interests are balanced with the fundamental rights and freedoms of data subjects by the provision of compliant transparency and disclosure notices, a clear, simple and effective means of opting out of further marketing messages, and the appointment of a Data Protection Officer who is available to fulfil any lawful request from a data subject.
Personal data is retained for the purposes above. Unsubscriber data is held on a suppression list to ensure we respect the data subjects request not to be contacted.