5 things to know if your clients complain about receiving your prospecting e-mails

How do tools like Dropcontact reconstruct e-mail addresses and scan websites to build e-mail databases? And how does Dipeeo build its databases?

Commercial prospecting: 4 rules to follow

Commercial prospecting and GDPR : The most talked-about topic on respecting personal data. 

Beliefs are manifold, everyone has an opinion. Each rule is considered independently of the others, leading to reasoning and decisions that are often erroneous❌. Sometimes even harmful to the actor making the decision.

✅ RESPECT FOR Data retention DURATIONS: To comply with GDPR, the CNIL (National Commission for Information Technology and Civil Liberties) has defined durations that must not be exceeded in terms of personal Data retention . In other words, legally speaking, personal data cannot, under any circumstances, be retained for an unlimited period. 

However, there is a difference between B2B and B2C commercial prospecting. Since prior consent is not required for B2B prospecting, there are no limits on Data retention . On the other hand, for B2C prospecting, the period defined by the CNIL (National Commission for Information Technology and Civil Liberties) is 3 years from the last contact. 

✅ CONSENT: Unlike B2C prospecting, in B2B prospecting the conditions and rules are less onerous. In fact, the only requirement for BtoB prospecting is that you address companies that are likely to be interested in your product or service. For example, if you sell refrigerators, you must contact companies that are interested in refrigerators. If you don't, you're no longer compliant, and your reputation will suffer as a result.

However, in BtoC, consent must be explicitly requested prior to prospecting. Otherwise, you're likely to receive complaints from some of the people you contact. In this case, you risk a fine of up to 20 million euros or 4% of your turnover.

✅ O PT OUT RESPECT: Although consent is not mandatory in B2B prospecting, you should never forget to allow your prospects to unsubscribe.

Individuals must be given the opportunity to object to commercial prospecting at any time, without having to seek or justify their choice. Given that this is part of the rules laid down by the GDPR, the data controller will be obliged to respect this choice and no longer send emails to this person. 

✅ Information for data subjects: Legally speaking, and in accordance with the rules laid down by the GDPR, data subjects have the right to know how their data is processed for commercial prospecting purposes.

Among the information that must be provided are the identity of the data controller, the categories of personal data processed, the duration of Data retention, the purposes for which the data is processed, and so on.  

As a result, to prospect effectively while complying with the rules laid down by the GDPR, every company is obliged to inform data subjects of the data sources used to retrieve their personal datae.g: surname, first name, telephone number, etc).

✔️ Two examples of e-mail recovery tools

Emailing is a marketing technique generally used to generate new leads to promote a product or service. However, building up a list of qualified, targeted e-mail addresses is often costly and time-consuming.

But how can you retrieve e-mails from the web so that you can enrich your prospect base quickly and cost-effectively? Here are two of the best tools you can use: Dropcontact and Kaspr.

Dropcontact is an online service offering professional contact information retrieval functionalities. It enriches prospect databases by providing e-mail addresses, first and last names, telephone numbers and links to LinkedIn profiles. 

With regard to GDPR compliance, Dropcontact is able to take measures to protect personal data, with a view to guaranteeing its security.

Dropcontact allows you to :

• B2B email validation ;
• Add validated emails ;
• Add pleasantries, LinkedIn profile links ;
• Add websites ;
• Correct the spelling of first names;
• etc.

Dropcontact is " The most reliable B2B email address search on the market ".

Through its service, Dropcontact processes personal data. These processing operations require the company to comply with the GDPR. 

Kaspr is a LinkedIn extension that provides recruiters and sales reps with the most reliable B2B contacts. It displays prospects' contact details when you visit their LinkedIn profiles, and sends them automated messages. The extension also offers dashboard-based contact management. 

Kaspr is " Your prospects' contact details in 1 click ". 

Through its service, like Dropcontact, Kaspr also processes personal data. These personal data processing operations require the company to comply with the GDPR.

CASE STUDY

Digital Marketing Software :   

Plezi is B2B marketing automation software for marketers, enabling them to manage their entire digital marketing strategy. 

With over 400 clients placing their trust in them, the platform offers : 

• Qualified lead management for your sales force;
• Save time on low value-added tasks;
• Structure your digital marketing strategy.

With Plezi, you can attract visitors via newsletters, email campaigns and social networks. You can collect leads via Landing Pages and forms, as well as content management. What's more, by using Plezi, you'll have the opportunity to go even further in automating your actions: dashboards & Analyses, Automatic Emails and CRM Integrations. 

Through its service, Plezi offers a digital platform that processes the personal data of its clients' prospects. What's more, it's a service that uses cookies to track the sessions and events of users of the sites that use it. 

Dipeeo and PLEZI set up the technical and legal framework to ensure full compliance of data collection and processing. 🟢In other words, Dipeeo took stock of the issues to be addressed, and worked alongside Plezi to achieve full compliance. By declaring itself DPO to the CNIL (National Commission for Information Technology and Civil Liberties) for Plezi, Dipeeo is taking an Accountability share in their compliance. 

Dipeeo is now their referent at the CNIL (National Commission for Information Technology and Civil Liberties) and manages all of the startup's GDPR issues.

Charles DOLISY 

Co-founder of Plezi | Digital Marketing Software 

"We've been working at Plezi for 2 years with Dipeeo. We had two objectives, to become GDPR compliant and to ensure that our software enabled our clients to be compliant themselves.

The Dipeeo teams were very responsive and supported us perfectly in this process.

📋 Non-compliant tools and uses

🔥 Regardless of the main activity of your digital tool, in order for it to be GDPR it must meet certain criteria laid down by law. Indeed, to be GDPR, a digital tool must have what the CNIL (National Commission for Information Technology and Civil Liberties) calls a Data Processing Agreement-DPA. This is a data processing agreement between the data controller and the personal data processor . A DPA must include :

• Data processing purposes;
• Types of personal data processed ;
• The processor 's data security obligations ;
• Data breach notification procedures.

In addition to the DPA, if the digital tool is located outside the European Union, the organization must have Standard Contractual Clauses (SCC).

 To remember

GDPR compliance for your digital tool

For your digital tool (or that of your processor) to be GDPR, it must take into account certain rules laid down by the GDPR :

• Data Processing Agreement (DPA)
• Standard Contractual Clauses (SCC), if the tool is located outside the European Union

and

• the various documents that need to be on the site, i.e. the privacy policy, the cookies policy, the legal notice and a compliant cookies banner.

You want to know if you compliant ?

We're here to help. 

🔥 Database creation at Dipeeo

Setting up a database requires organization and precision, while taking into account security and respect for the privacy of the people concerned.

At Dipeeo, everything is studied so that it meets the requirements and rules laid down by the GDPR. In fact, everything is compliant from the tools we use to enrich our databases, through the various consent andOpt out rules, right up to compliance with Data retention periods. 

First of all, our sales people start by defining the objectives behind the recovery of e-mail addresses. In other words, they determine the types of data to be collected and how they should proceed. 

Then, after defining the target according to the campaign they intend to launch, our sales staff move on to collecting the e-mail addresses of prospects who should be interested in our offer. As Dipeeo operates on a B2B basis, it is not necessary to obtain the prior consent of the persons concerned.

The important thing is to target people who will be interested in our compliance service. To do this, there are various compliant tools available, such as Dropcontact, for example, which can be used to collect contact information from prospects. 

However, although the request for consent is not compulsory, the CNIL (National Commission for Information Technology and Civil Liberties) requires that e-mails sent contain an unsubscribe button that will allow recipients to stop receiving e-mails from us. 

After all this, our sales staff take into consideration the Data retention periods for the personal data they collect, so as not to exceed those stipulated by the CNIL (National Commission for Information Technology and Civil Liberties)). 

⚡ Recourse to the CNIL (National Commission for Information Technology and Civil Liberties) in the event of abuse

The CNIL (National Commission for Information Technology and Civil Liberties) ) is the regulator of personal data. It is the public authority empowered to define laws and regulations to guarantee the protection of personal data.

On the subject of B2B commercial prospecting, it has issued a number of recommendations to ensure the protection of personal data. 

In principle, whether in B2B or B2C prospecting, to be compliant, certain rules must be taken into consideration, particularly with regard to the collection of email addresses and the consent of the people concerned.

Any user who identifies a non-compliant practice may lodge a complaint with the CNIL (National Commission for Information Technology and Civil Liberties).

In general, complaints lead to checks by the CNIL (National Commission for Information Technology and Civil Liberties), and in some cases, sanctions may be imposed. 

Indeed, the CNIL (National Commission for Information Technology and Civil Liberties) could fine you GDPR up to millions of euros.

It could also depend on the size of your company, so that you pay a fine of 4% of your annual sales.

Worse still, sanctions can be made public! The impact on your image can be very significant. Several start-ups, such as Nestor, have been hard hit.

So you need to be vigilant about your business practices.

⚠️ But beware! Receiving emails in B2B can be completely GDPR. 

 This is what Raphaël BUCHARD, Co-founder of Dipeeo, would say in the event of a negative response from a prospect, under the pretext that we don't comply with the GDPR :

Hello,

As an expert and one of France's leading players in this field, our duty is obviously to comply with applicable data protection regulations.

Please note that B2B prospecting does not require your prior consent, as explained by CNIL (National Commission for Information Technology and Civil Liberties).

Our only obligations in contacting you are to :

• give you a way to unsubscribe (art. 15 of the GDPR)
• inform you of the sources from which your data is acquired (art. 14 of the GDPR)
• inform you about the processing carried out during the initial contact (art. 14.3 of the GDPR)
• Comply with any request for access and deletion within one month of the request (art. 15 et seq. of the GDPR).

You will see that we scrupulously respect each and every one of these rules. We understand that you no longer wish to receive our messages and we are therefore removing you from our mailing list.

Beautiful day,

Dipeeo's legal team

Raphaël Buchard

CEO - GDPR Expert