Home FAQs GDPR and Compliance SAR Standard responses for clients
Categories

SAR Standard responses for clients

Please find below the list of commonly asked SAR questions and proposed replies

Where did you find my personal details?

FIRSTNAME, please accept my apologies for causing annoyance here, certainly not my intention.

We make every effort to reach out only to companies and individuals who we genuinely believe could benefit from our services. In this case, we identified you on LinkedIn as the relevant contact at COMPANY, derived your email address from the publicly available information, and verified it through trusted third-party sources. Our intention was simply to provide a brief introduction to our services. We process only the minimal data necessary for this purpose (e.g., your name, job title, and email address).

Under GDPR, we rely on Legitimate Interest as our lawful basis for contacting you in a business-to-business context. However, we fully respect your rights under GDPR. If you prefer not to hear from us again or wish to have your personal data deleted from our systems and added to our “Do Not Contact” list, please let me know, and I will action that right away.

If you want to submit a full Subject Access Request under GDPR, you can address your request directly to [SAR-emailaddress]@clientsdomain.com or by replying to this email, and we will action this right away. You may also refer to our Privacy Policy [link] for more information on how we handle personal data.

Again, my apologies for any inconvenience, and I hope this clarifies our position.

Kind regards,
Firstname

Who is dealing with SAR requests?

FIRSTNAME, please accept my apologies for causing annoyance here, certainly not my intention.

If you wish to pursue a Subject Access Request (SAR) under GDPR, you can address your request directly to [SAR-emailaddress]@clientsdomain.com or by replying to this email. Upon receipt, we will provide a copy of any personal data of yours that we hold and direct you to our Privacy Policy.

Please note that company-related information (non-personal data) is treated differently under GDPR and typically falls outside the scope of a SAR.

By way of background, we identified you on LinkedIn as the relevant contact at COMPANY, verified your email address through trusted third-party sources, and contacted you as we believed our services might be of benefit. We only process minimal data for this purpose (e.g., your name and email address). We rely on Legitimate Interest as our lawful basis, specifically for B2B marketing.

If you would like us to delete your personal data from our systems and add you to our “Do Not Contact” list, please confirm, and I will do so immediately.

Apologies again for any inconvenience, and I hope this clarifies our approach.

Kind regards,
Firstname

GDPR prohibits using personal data for marketing activities and I have not opted in. Why are you contacting me?

FIRSTNAME, please accept my apologies for causing annoyance here, certainly not my intention.

Under GDPR, personal data can be processed under several lawful bases, including Legitimate Interest.

**For UK prospects:**: For B2B marketing, we assessed that our outreach aligns with this basis, especially given the UK’s PECR exemption for B2B communications

**For EU/EEA prospects**: For B2B marketing, we assessed that our outreach aligns with this basis, as per the EDBP guidelines on processing personal information based on legitimate interest under GDPR.

We identified you on LinkedIn as a decision-maker at COMPANY and derived your email address through publicly available information. We endeavor to contact only those individuals who might be interested in our services, and we limit our data processing to what is necessary (name, email address, job title) for this introduction.

If you prefer not to receive future messages, or if you would like your data deleted and placed on a “Do Not Contact” list, please let me know, and I will action that immediately.

For more details on our approach and your rights under GDPR, you are welcome to review our Privacy Policy [link to client privacy policy].

Apologies once again, and I hope this clarifies our position.

Kind regards,
Firstname

Where did you find my details and why are you contacting me when I have not opted in? Do you know anything about GDPR and ICO? (Level 2 Complaint)

FIRSTNAME, I’m very sorry if our introduction caused you any frustration.

We identified you through your public profile on LinkedIn as the most relevant contact at COMPANY for our business introduction. We verified your email address through publicly available information, and we process only minimal data – specifically, your name, email address, and job title.

**For UK prospects: We rely on Legitimate Interest as a lawful basis under GDPR for our B2B communications, and we adhere to the ICO’s guidance on direct marketing. We understand that B2B marketing is treated differently from B2C under the UK’s PECR guidelines.**.

**For EU/EEA prospects: We rely on Legitimate Interest as a lawful basis under GDPR for our B2B communications, and we adhere to the EDBP guidelines on processing personal information based on legitimate interest under GDPR.

To support our marketing and prospecting activities, [Client Company Name] occasionally engages with trusted digital marketing partners – which may involve obtaining and processing personal information, all strictly under GDPR-compliant agreements. One of our appointed data processors is:
(i) Prospect Global Ltd (trading as Sopro), registered in the UK under company number 09648733. You can contact Sopro and view their privacy policy at http://sopro.io. Sopro is registered with the Information Commissioner’s Office (ICO) under registration number ZA346877. Their Data Protection Officer can be reached at dpo@sopro.io.

If you would like us to remove your personal data from our systems and add you or your organization to our “Do Not Contact” list, please let me know, and I will do so immediately.

If you want to submit a full Subject Access Request under GDPR, you can address your request directly to [SAR-emailaddress]@clientsdomain.com or by replying to this email, and we will action this right away.

Please also feel free to review our Privacy Policy [link] for more details on how we handle personal data.

Kind regards,
Firstname

Why are you contacting me?

FIRSTNAME, apologies if our message caught you off guard.

We reach out to individuals we believe may have a professional interest in our services. We identified you via your public LinkedIn profile as a key contact at COMPANY, verified your email address through publicly available sources, and used this minimal data to send a business introduction.

We rely on Legitimate Interest under GDPR to process such data for B2B marketing. If you would prefer not to receive messages from us in the future, or if you would like your personal data deleted from our systems, please let me know, and I will remove your details right away.

Should you wish to learn more about our data handling processes, you can read our Privacy Policy [link].

Thank you for your time, I hope you enjoy the rest of your week.

Kind regards,
Firstname

Do you share my details with any other organisations or people?

FIRSTNAME, thank you for your message, and I’m sorry for any inconvenience caused.

We do not sell or distribute personal data to third parties for unrelated purposes. We only share personal data with trusted processors that help us deliver our services and manage our communications, under strict Data Processing Agreements, solely to help us identify and reach out to businesses that may benefit from our services. For full transparency, one of our appointed data processors is:
(i) Prospect Global Ltd (trading as Sopro), registered in the UK under company number 09648733. You can contact Sopro and view their privacy policy at http://sopro.io. Sopro is registered with the Information Commissioner’s Office (ICO) under registration number ZA346877. Their Data Protection Officer can be reached at dpo@sopro.io.

We initially identified you from publicly available sources (e.g., LinkedIn) as a relevant contact at COMPANY. We use only minimal details – such as name, title, and professional email to get in touch with you to offer our services which we believe would be of professional interest to you. Our lawful basis for this B2B outreach is Legitimate Interest, and we do not share your data beyond trusted processors fulfilling these legitimate business functions.

If you would like your details deleted from our systems or prefer not to hear from us again, please let me know, and I will ensure that happens promptly. You can also find more information about how we handle personal data in our Privacy Policy [insert client PP link].

Thank you, and apologies for any inconvenience caused.
Firstname