Yes.

There is currently one EU certification scheme indicating compliance to GDPR . A UK scheme is anticipated, but none is yet approved by the UK Information Commissioner.

The best indicator of compliance is to ensure the organisation has successfully implemented controls (including people, process, equipment, and records) which cause the organisation to ...

‘respond to the requirements of GDPR in a reliable, consistent, transparent, and verifiable manner’. 

Accountability

Accountability is defined in GDPR as the controller being able to demonstrate compliance with the six key principles. 

Evidence of systematic capability is often encapsulated in an information governance framework (IGF).

Leisure Lists operates an IGF which includes policies for data protection and information security.

Are there mandatory GDPR requirements?

Yes. Mandatory GDPR requirements are defined in the Data Protection Act 2018 and GDPR ; these are reflected in the current UK Information Commissioner ‘compliance checklists’. We regularly compare our IGF with these checklists to provide a reliable guide that we effectively ‘respond’ to the mandatory requirements.

You can also view our Data Transparency and Privacy Policy information for more detail on how we process personal data in our Contact Lists. 

1. Europrivacy Certification https://www.europrivacy.com/en/ep/overview
2. UK GDPR § 5(2)
3. Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) (Text with EEA relevance)

Yes.

In addition to meeting our Data Protection Act 2018 and GDPR requirements, Leisure Lists also complies with the Privacy and Electronic Communications (EC Directive) Regulations 2003. 

Our compliance is centred on two key requirements.

1. Our web domains and the requirement for informed consent to utilise non-essential cookies, and

2. Adherence to the direct marketing rules in regulations 21 and 22 (Calls for direct marketing purpose and use of electronic mail for direct marketing purposes)

No. There is no GDPR compulsion to acquire consent to process the personal data.

 We do not process any special category data nor the data of children. As a controller we must ensure we have a lawful basis for processing, which is our legitimate interests and those of third parties. To ensure those interests remain balanced with those of the individual, we have conducted and recorded a legitimate interests assessment test as recommended by the Information Commissioner. We regularly review this document to ensure that it remains valid.

Without consent, how can the lists be used for direct marketing purposes?

The Privacy and Electronic Communications (EC Directive) Regulations 2003 (22(1)) requires the consent of an individual for the transmission of unsolicited communications by means of electronic mail to individual subscribers ONLY. Messages directed to corporate subscribers are permitted on an opt-out basis i.e., without consent.

Our lists contain the electronic contact details of corporate subscribers. Consent is therefore not required.

We telephone research our data on a regular basis. In addition, any bounced emails can be returned to us for re-verification each time our data is used so that emails are corrected on an on-going continuous basis. 

 We offer three licence options for our data as follows for postal mail, email and telemarketing:

• Single Use: Use for one campaign
• Six Month Lease: Use as often as you like over a six month licence
• Annual Lease: Use as often as you wish over twelve months. There is also an option for a full data refresh after six months for a £36 charge (optional)

Our database packages are created bespoke for your requirements. We're more than happy to discuss these with you and provide a count and quote same day. Please do get in touch to learn more.  

In common with all reputable list owners, our data contains seed addresses so that we are able to identify data that is being used out of time. For first time customers, we also ask you to sign a confidentiality letter confirming that the data will not be passed onto third parties without our agreement. 

Through postal, email or telephone a request for further information and/or quote allows you to retain that data and develop in perpetuity. 

Any inaccuracy in our postal or telemarketing data is covered by a £1 refund per record when reported within six weeks of supply. With email data, we will re-verify any bounces experienced for the duration of your lease and return the updated emails to you. 

Data from Leisure Lists comes with a named contact in 99% of cases. Our email data is a mixture of both Personal and Generic - the level of personal emails varies from list to list from 15% to 97%. We're happy to supply Personal emails only for which there is a small premium in price. 

We define Personal as a direct prefix for the post-holder such as [first_name].[last_name]@[company].co.uk or [specific.role]@[company].co.uk  such as Manager@ Secretary@. 

Generic addresses are defined as department based prefixes, such as info@, or admin@. The inclusion of generic addresses is based on a telephone call to verify the post-holder / decision maker can be contacted through this address.

Yes - when we supply telephone numbers any TPS records are marked up accordingly.