DSGVO-compliant handling of data

Is the execution of direct advertising with beDirect addresses still permitted after the DSGVO has come into force? What else has to be taken into account when providing customer data? We have compiled these and other questions that arise in the course of the extensive regulations of the basic data protection ordinance for you. On this page we provide you with essential answers for a DSGVO-compliant handling of data. If you require further information, please do not hesitate to contact us.

Direct marketing is still allowed! Art. 6 para. 1 lit. f explicitly states that the processing of data is lawful if "processing is necessary for the protection of the legitimate interests of the controller or of a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require the protection of personal data..." and explicitly mentions the purposes of direct marketing as a legitimate interest in recital 47 DPA.

Mailing campaigns are therefore still permitted, and under certain conditions direct marketing by telephone may also be carried out.

In principle, the implementation of telemarketing in the B2B sector is still allowed, but requires some points to be made:

  • Compliance with §7 UWG
    • §7 allows the tel. approach of companies if a presumed interest can be assumed. this is most likely the case if services specific to the industry or profession are offered. in the case of non-B2B or even private offers, a presumed interest is more unlikely to be assumed. since our addresses do not have an opt-in for telephony, we recommend obtaining a legal assessment in case of doubt.
  • Duty to inform and right of appeal
    • The called party must be informed about his data protection rights, in particular his right to object. For this purpose, general information could be given, for example, in a telephone call. If more detailed information is required, reference can also be made to detailed information provided on the Internet.

These either arrive directly with us or can be forwarded to beDirect, as is already the case today. Please send them to us. We take over the communication with the person concerned, provide comprehensive information and, if desired, carry out a blocking.

According to UWG §7 paragraph 2 sentence 1, advertising via e-mail is only permitted with prior consent, which has not changed with the validity of the DSGVO.

The cleansing and enrichment of data is still allowed and also meets a new legal requirement: Article 5(d) provides that "personal data must be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data which are inaccurate as to the purposes for which they are processed are erased or rectified without delay".

The argumentation with » Art. 6 Para. 1 lit. f. also applies here.

All information which is available about the actuality or which is enriched on the part of beDirect as additional information, was submitted to a corresponding examination » art. 6 paragraph 1 lit. f and may be taken over into the customer systems. Furthermore, if new information, especially contact persons, is enriched to your address file, if necessary information duties according to art. 14 DSGVO have to be kept.

Furthermore, within the scope of project handling, there is no permanent storage or connection of customer data to the beDirect database. In the course of synchronisation with the beDirect database, only a reference key (BIPID) is stored in the customer database for optional recurring processes for data maintenance. All customer data provided will be irretrievably deleted in accordance with the closed GCU after completion of the project and at the end of the agreed storage period (for rework, queries, complaints).

The cleansing or enrichment requires the customer data to be sent and processed in our systems. In this case, this is called order processing in accordance with Art. 28. In this case, the legislator prescribes the conclusion of an order processing contract (» GCU). The GCU serves on the one hand to protect personal data and at the same time to protect your customer data.

It is our concern to process your personal data in accordance with data protection regulations and thus protect both parties to the contract from possible fines and claims for damages.

We will be happy to provide you with a sample AVV in advance. beDirect will conclude an individual » AVV with you if you place an order.

a secure transmission is of course also obligatory. we send your customer data back to you via sFTP server. on request, the transmission can also be done via a customer's own sFTP server.

The use of external reference databases and thus the creation of new databases with beDirect addresses is still allowed!

The same legal basis and argumentation applies here as for the admissibility of master data cleansing.

The cleansing and enrichment of data is still permitted and also meets a new legal requirement under » Art. 5(d). The basis for this is » Art. 6(1)(f).

Data usage objections received by beDirect are marked with the so-called STATUS_ID 5 in our database and in the query. beDirect does not automatically mean that the person concerned has also objected to the use of the data by the customer company! In this case, however, we recommend that the activities with the person concerned be checked accordingly.

If the system is also used to retrieve new addresses for mailing or telemarketing purposes, the supplementary information on B2B addresses applies.

An opt-in for the use of B2B addresses for new customer acquisition measures is not required. Our B2B addresses may be used by beDirect and its customers against the background of the balance of interests Art. 6 para. 1 lit. d DSGVO.

Can beDirect provide evidence of the lawful collection and processing of pbD?

The activities of beDirect have been duly reported to the data protection authorities, an external data protection officer has been appointed and also reported to the authorities. beDirect is also audited annually by the Bertelsmann SE & Co KGaA Group Privacy Department and DDV Deutscher Dialogmarketing Verband e. V.

The duty to inform according to » Art. 13 DSGVO also applies here.

Yes. pbD may be stored as long as you inform the person concerned. this also applies if this data is provided voluntarily and without request (e.g. via contact form from the website). here again the duty to inform according to » Art.13 DSGVO applies.