Compliance Framework

Outbound Communication Policy

Last Updated: Thursday, 15 January 2026

We operate all outbound communication in strict alignment with UK GDPR, PECR, and ICO guidance. Our framework utilizes a rigorous legitimate interest assessment appropriate for B2B engagement.

1. Source of Contact Data

We strictly avoid random, scraped, or consumer marketing lists. We only contact individuals who:

Already exist within the client’s CRM or contact database;
Have initiated contact with the business (e.g., inbound call, enquiry); or
Are existing or prior business contacts where a professional relationship is reasonably expected.

2. Lawful Basis for Processing

Our outbound contact is conducted under the following legal frameworks:

UK GDPR Article 6(1)(f) – Legitimate Interests

Processing is necessary for the purposes of legitimate interests pursued by the controller. We have conducted a Legitimate Interest Assessment (LIA) ensuring the processing is purposeful, necessary, and balanced against individual rights.

UK GDPR Recital 47

Explicitly states that "The processing of personal data for direct marketing purposes may be regarded as carried out for a legitimate interest."

B2B Context: Our outreach is professionally relevant to the recipient’s role, limited in frequency, and intended to support an existing business interaction.

3. WhatsApp & Call Follow-Ups

WhatsApp is utilized strictly as a responsive follow-up channel, never as a first-touch bulk marketing tool. This aligns with the "Soft Opt-In" approach for existing relationships.

Permitted Use Cases

Returning a missed call or voicemail.
Following up where a call was unanswered.
Continuing a conversation already initiated by the recipient.

Operational Controls

Manual Transmission: All messages are sent by humans, not bots.
Contextual: Content is directly related to the prior interaction.
Opt-Out: Every message includes a clear path to stop communication.

4. PECR Compliance & Corporate Subscribers

Under the Privacy and Electronic Communications Regulations (PECR), we distinguish between individual consumers and corporate subscribers.

Regulation 22

We direct messaging to individuals acting in a business capacity (Corporate Subscribers). Under PECR, prior consent is not required for corporate bodies provided the sender is identified and an opt-out is provided.

The Soft Opt-In Exemption

For previous customers or negotiators, we rely on the soft opt-in exemption (PECR Reg 22(3)), allowing electronic marketing of similar services to those previously negotiated.

5. Data Accuracy & Accountability

In accordance with UK GDPR Article 5(2) (Accountability) and Article 5(1)(d) (Accuracy):

Suppression: Any contact identified as personal, incorrect, or unwanted is immediately suppressed.
Logs: All opt-outs and objections are logged and enforced across all channels instantly.
Review: Our compliance team reviews channel usage quarterly to ensuring ongoing alignment with ICO updates.