GDPR: Legitimate Interests 

Last Modified: 23rd May 2018

Under the new GDPR data protection law starting in 25th May 2018, we have a number of lawful reasons that we can use (or 'process') your personal information. One of the lawful reasons is called 'legitimate interests'.

Article 6(1)(f) of the GDPR says that we can process your data where it "is necessary for the purposes of the legitimate interests pursued by [us] or by a third party, except where such interests are overridden by the interests or fundamental rights or freedoms of [you] which require protection of personal data." 

Broadly speaking, Legitimate Interests means that we can process your personal information if:

  • We have a genuine and legitimate reason and we are not harming any of your rights and interests

So, what does this mean?

When you provide your personal details to us, we use your information for our legitimate business interests of supporting the efficiency & profitability of professional services firms by providing integrated project management & professional services automation software. Before doing this, though, we will also carefully consider and balance any potential impact on you and your rights.

Some typical examples of when we might use this approach are for preventing fraud, direct marketing, maintaining the security of our system, data analytics, enhancing, modifying or improving our services, identifying usage trends and determining the effectiveness of our campaigns.

Our vision

At CMAP, our objective is to help our clients increase the overall efficiency & profitability of their businesses by providing a cloud-based software solution that automates project management processes and increases visibility over live project performance data.

CMAP will use various ways to achieve our mission and to support our objectives: we believe that professional individuals who want to achieve these objectives in their business would be interested to know about our product for their consideration. We will process the personal information you have supplied to us to conduct and manage our business to enable us to give you the most appropriate marketing, information, service and products and provide the best and most secure experience. These are what we consider to be our 'Legitimate Interests'.

Our legitimate interests

The following are some examples of when and why we would use this approach in our work:

  • Direct Marketing: We use telemarketing and email marketing campaigns which further the aims and objectives of CMAP Software. We will also make sure our direct marketing is relevant for you & your business. 
  • Your best interest: Processing your information to ensure our websites and systems are secure.
  • Personalisation: Where the processing enables us to enhance, modify, personalise or otherwise improve our services/communications for the benefit of you.
  • Analytics: To process your personal information for the purposes of customer analysis, assessment, profiling and direct marketing, on a personalised or aggregated basis, to help us with our activities and to provide you with the most relevant information as long as this does not harm any of your rights and interests. Please refer to our Privacy Policy [link] for more information.
  • Research: To determine the effectiveness of promotional campaigns and advertising and to develop our products, services, systems and relationships with you.
  • Due Diligence: We may need to conduct investigations on potential customers and business partners to determine if those companies and individuals have been involved or convicted of offences such as fraud, bribery and corruption.

Direct Marketing 

Before engaging with you via direct marketing, we will always try to speak to you on the phone beforehand to introduce our company and gauge your interest in receiving further communication from us. However, sometimes this is not possible; for example you may be in a meeting or out of office. Therefore, it is within our legitimate interests to send you direct marketing so that you can read about what we do in your own time.

Under GDPR Legitimate Interests Recital 47, it states that:

"The processing of personal data for direct marketing purposes may be regarded as carried out for legitimate interests"

The ICO gives further guidance on this by stating we must also adhere to the Privacy and Electronic Communications Regulation (PECR).  

CMAP Software is a business-to-business organisation. Under PECR, it is considered best practice for business-to-business organisations to enable individual employees to opt-out of receiving direct marketing.

CMAP Software provides you with the option to opt-out of any of our communications at any time in accordance with PECR regulations (UK) and European Directive 2002/58/EC (EU), commonly known as the 'e-Privacy Directive' (ePD). If you decide you do not want to receive direct marketing communication from us, you can either unsubscribe via the link inserted at the footer of our marketing emails, or reply directly to any marketing email and you will be added to our 'do not email' list.  If you also would like to opt-out of receiving calls from us, just let us know and we'll also add you to our 'do not call' list.

In order to do this,  we will need to keep hold of some basic information information about you (e.g.full name, job title, email address, telephone number) in order to respect your preferences for being contacted by us.

Your interests

When we process your personal information for our legitimate interests, we will consider and balance any potential impact on you and your rights under data protection and any other relevant law. Our legitimate business interests do not automatically override your interests – we will not use your personal data for activities where our interests are overridden by the impact on you (unless we have your permission or are otherwise required or permitted to by law).

For more information about your rights, please refer to our Privacy Policy.

Remember, you can change the way you hear from us or withdraw your permission for us to process your personal details at any time by using our contact form on the Contact Us page.

Data Retention

We understand that the timescale for companies choosing to engage in a business contract with us can range from a few weeks to a few years (for example, if you are in a multi-year contract with your current supplier).

Our Marketing is primarily written for decision makers at professional services organisations. Roles (Roles) we target include senior management, C-suite, VPs and the board; Finance and Operations (both systems and projects).

Due to the nature of the Roles we target, and the varying timescales involved in customers choosing CMAP as a software vendor, we feel it’s appropriate to retain your data for a maximum of 8 yearsThis 8 year retention period is taken from the date of last engagement.

We regularly review, verify and, delete the personal data of anyone who is not covered by the above Roles. This data is deleted within 1 years from the date of last engagement.

If you no longer work at an organisation where you received marketing communications from us, we delete all of your personal data associated with that company as soon as we are notified that you have left the business (for example, by an automated email response to a marketing campaign; or when notified by an employee at your former workplace).

This includes the following personal data:

  • Full Name
  • Job title
  • Business Email Address
  • All telephone numbers associated with your contact record in our CRM
  • Analytics data
  • All cookies and web beacons

 If you would like further information anything discussed above, feel free to get in touch via the Contact Us page