Frequently Asked Questions: Data Protection & Privacy

General Data Protection Regulation 2018 (GDPR) &

e Privacy Directive 2003 (RPEC)


Information for data respondents and business card holders

1. Business Card Information

You might have been contacted via email or phone and you would have been presented with a note that aims to ensure all our respondents are aware that their Basic Business Card Information is processed by Smart Profile.

Business Card information include: Name, Surname, Job Title, business email with company domain and Main Switchboard line.

This information supports our customers and us to maintain your Company (Corporate) Profile and be able to understand how an organization deploys products and services for the achievement of key business missions. This includes automated processing of Business Card Information to assign Purchasing Responsibility of Decision Maker, Influencer and Recommender.

2. Source of your Business Card Information

Businesses like yours have participated in our marketing research for the past 20 years – during which time we have created a unique repository of Company Profiles and related Business Card Information. Nowadays we use a diverse range of sources in the collection of Business Card Details – those may include your own company website, collaboration with publicly and private listed data repositories, social media interactions or interaction at events. Smart Profile takes great pride in ensuring that all our data research efforts are of the highest standards.

Business Card information linked to a specific Corporate is reviewed on a regular basis and notice is refreshed on an 18-months cycle.

3. How long do you keep my Business Card information?

Business Card information details are linked to a specific Company Profile for as long as the information is valid and accurate.

When a Business Card is no longer active at a specific Company, we would archive the information.

Following a suppression request, the Business Card Details are moved to the suppression list related to the specific Company, for the performance of our legal obligation.

4. Does Smart Profile disclose your e-mail address to third parties, so they can e-mail you?

No, if third parties would like to e-mail you, you will receive an e-mail from Smart Profile with an offer or information of that third party and hyperlink. If you’re interested just use the hyperlink to connect to the advertiser.

5. What are my rights as a Business Card Data subject?

Under the GDPR each Business Card Data Subject has the right to:

  • Ensure that Business Details are up to date and correct – please notify us of any spelling or other changes that we should make to your Business Card information.
  • Ensure that the Business Details processed are not excessive – we do not search and collect social media details which might create a doubt upon division between public and private life.
  • Request a copy of the information: we will send you a copy of your personal data, in form of Business Card Information.
  • Request to unsubscribe to email information: if you prefer to keep your business email anonymous, please let us know via the contact form.
  • Request not to share any information related to your Business Card

6. How does the GDPR affect the operations of Smart Profile?

The GDPR doesn’t affect the high standards already used by Smart Profile in collecting and processing Business Card Information. Smart Profile informs the data subject for what purposes the data is collected and the categories of recipients. Smart Profile uses several sources to create the Business Card Information.

When this business card information is used by a client of Smart Profile, the client has his own obligation to inform the data subject. The client of Smart Profile should do this within a month after the client got the data of the data subject. And since different sources are used, a client may give general information (see recital 61 GDPR: ‘Where the origin of the personal data cannot be provided to the data subject because various sources have been used, general information should be provided.’)

7. How does Smart Profile get consent for e-mail?

Consent for e-mail is only needed if the e-mail address is used for sending commercial communication. So, there is no need to get consent for collecting and processing an e-mail address. Smart Profile asks the user for consent so that Smart Profile as sender can use the e-mail address for sending commercial communication of Smart Profile clients offering goods and services in the B2B world. When this consent is given, Smart Profile can e-mail commercial communication to a target group. It is up to the client of Smart Profile to include a hyperlink in the material, so the recipient can start the conversation directly with the advertiser, and the advertiser can then ask the consent for the use of the e-mail address for commercial communication.

8. Is the use of e-mail part of GDPR?

No, the use of e-mail for sending commercial communication is in the E-Privacy Directive. This E-Privacy Directive will be replaced by the E-privacy Regulation somewhere around 2019/2020.

The only thing which must be taken into account is that consent in the E-Privacy Directive / E-Privacy Regulation refers to consent as in the GDPR. When Smart Profile asks for consent, Smart Profile will do this with the new definition of consent in the GDPR.

9. With the new GDPR, do I have to ask for new consent of the user of e-mail addresses?

In practice, the GDPR raises the bar with regard to implementing consent mechanisms and introduces several new requirements that require controllers to alter consent mechanisms, rather than rewriting privacy policies alone.

For example, as the GDPR requires that a controller must be able to demonstrate that valid consent was obtained, all presumed consents of which no references are kept will automatically be below the consent standard of the GDPR and will need to be renewed. Likewise, as the GDPR requires a “statement or a clear affirmative action”, all presumed consents that were based on a more implied form of action by the data subject (e.g. a pre-ticked opt-in box) will also not be apt to the GDPR standard of consent.

However, when the text for consent in the past was well informing and the user was free to express his own will, and no pre-ticked box was used, the consent is still valid!