Legitimate Interest Assessment (LIA)
Organisation: Smashed Crab Studio Ltd
Purpose: To comply with the UK GDPR and ICO guidance regarding reliance on Legitimate Interests for processing personal data.
1. Purpose Test
We process limited business contact data in order to promote our software development and consultancy services to prospective customers. These prospects are typically individuals with decision-making or budgetary responsibilities within UK organisations, who could reasonably expect to receive relevant B2B marketing communications.
The processing allows us to:
- Identify and communicate with appropriate business contacts.
- Offer tailored information about services that may be of genuine interest.
- Develop business relationships that support both our growth and that of the organisations we contact.
Without processing this data, we would be unable to effectively market our services to potential customers.
Safeguards in place:
- All purchased data is screened against the Telephone Preference Service (TPS) and Corporate TPS (CTPS) before use.
- We apply monthly suppression lists provided by our data broker.
- Every prospect is given a clear and simple opportunity to opt out of further communications at any time.
2. Necessity Test
The processing is necessary for the purposes described because:
- We rely on direct communication with relevant business contacts to introduce our services.
- Alternative methods (such as relying solely on inbound enquiries) would not allow us to operate competitively or sustainably.
- The data processed is strictly limited to what is needed for the stated purpose (see Balance Test below).
While other marketing channels exist (e.g. advertising), they do not enable the same targeted, efficient, or proportionate approach to reaching prospective customers.
3. Balance Test
We have considered the potential impact of this processing on the rights and freedoms of individuals and believe the balance falls in favour of processing:
- Nature of the data:
Only professional contact details are processed: name, job title/function, organisation, industry, corporate email address, and corporate phone number.
No special category data, children’s data, criminal offence data, or information about vulnerable persons is processed. - Reasonable expectations:
Individuals in decision-making or budgetary roles within organisations would reasonably expect to receive information about relevant business services, including software development and consultancy. - Impact and safeguards:
The potential impact on individuals is minimal. We provide clear privacy information, respect all opt-outs promptly, and keep contact information accurate and up to date. We never use the data for unrelated purposes. - Proportionality:
The processing is proportionate to our business needs and is limited to what is strictly necessary. We do not engage in excessive contact, nor do we share this data with unrelated third parties.
Conclusion
Having considered the purpose, necessity, and balance of interests, we conclude that the processing of professional contact data for direct B2B marketing is a legitimate interest under Article 6(1)(f) UK GDPR.
This processing is proportionate, has minimal privacy impact, and is balanced against the rights and freedoms of the individuals concerned. Appropriate safeguards, including opt-out rights and suppression measures, are in place.
