This website uses cookies for functionality and statistics. By continuing to browse or clicking the button „AGREE", you give your consent to the use of cookies. You may withdraw your consent at any time by changing your web browser’s settings and deleting our cookies. Please click here to learn more.

Accept

Primus search filters will help you find the needed information much quicker. Please choose practice area or the country of Primus office and click „Search“.

Primus team

Practice areas

Foreign Desks:

Publications

“High standards of professional work.” (IFLR1000, 2017)

News Publications Events
08.07.2020

Legitimate purchase and use of databases for direct marketing. 4 crucial steps

In order to promote sales, companies consider the possibility to purchase from third persons databases of business contact data and use them to publicise their services i.e. for direct marketing.

In such cases, it should be kept in mind that even business contact details of companies’ managers or employees may be considered as personal data, and processing of such data is subject to the personal data protection requirements (including GDPR). Theoretically, contact details acquired in such way may be used for direct marketing. But very often third persons selling such contact details “stay silent” in respect to the personal data protection aspects related to such sale and leave all the responsibility for legal (including GDPR) compliance to the purchaser.

Therefore, prior to the purchase of the mentioned data, we recommend to make sure that such purchase and further use of contact details will be legitimate, including, inter alia, not forget to:

  1. Make sure that the seller collected contact details and other personal data in good faith and has the right to transfer it to you (e.g. has obtained the consent of the data subject in accordance with the requirements of the GDPR wherein you are clearly indicated as a data recipient), as well as has a possibility to provide the relevant proof.
  2. Consider the legal basis for further processing of acquired personal data for direct marketing purposes. If it will be consent, it is necessary to evaluate possibilities to obtain it in a legitimate way or, if the seller has already obtained it for you, evaluate whether such consent complies with the requirements of the GDPR.
  3. Ensure that persons who are subject to personal data processing for direct marketing purposes are duly informed about their personal data processing.
  4. Use acquired personal data only for the purposes for which you have legal basis and which were communicated to the data subject.

In addition, in order to reduce risks, in all cases, we recommend to conclude a written contract with the seller covering the main personal data protection aspects.

PRIMUS data protection legal team in Lithuania:
Giedrė Dailidėnaitė, Partner, Head of Corporate & Commercial group
Šarūnė Prankonytė – Segen, Senior Associate
Augustė Linauskaitė, Associate

More publications

Contacts

Lithuania

Konstitucijos av. 7,
LT-09308, Vilnius

Estonia
Latvia

Follow us: