PAV GDPR Statement

The EU General Data Protection Regulation came into force on 25th May 2018 and this introduced new responsibilities, including the need to demonstrate compliance and more stringent enforcement than the current Data Protection Act requires.

This document provides a detailed statement on PAV’s GDPR position.  

Legitimate interest statement

As from 25 May 2018, under the General Data Protection Regulation, PAV IT Services will rely on legitimate interest as per GDPR Article 6(1)(f) for some of its processing of data. This permits the organisation to contact its customers and prospects by email and phone. Individuals are free to opt out of this contact at any time.

Clear information about how individuals can opt out of contact or change their contact preferences is prominent on PAV’s website and each outbound email. Our detailed rationale for claiming legitimate interest is as follows:

The purposes for which we will use individuals’ personal information will be to send email newsletters about technology and business services to people in relevant job roles with the goal of assisting their business IT objectives and knowledge.

Articles 47 and 48 of the GDPR say that direct marketing activity is a legitimate interest; in particular, in the context of a relevant and appropriate relationship between the PAV and the individual (the recipient), there would be a reasonable expectation that business contact details are used for these purposes.