Outreach is responsible for processing the personal data it receives under the Privacy Shield and then transmits it to a third party acting on its behalf as an agent. Outreach adheres to the principles of the Data Protection Shield for all transmissions of personal data from the EU or Switzerland, including the rules of responsibility for transfer. (d) that, after reviewing the requirements of the applicable data protection law, security measures are such as to protect personal data from accidental or accidental destruction, modification, disclosure or unauthorized access, particularly where processing involves the transfer of data through a network, and against all other forms of illicit processing, and that these measures ensure a level of security adapted to the risks associated with the processing and nature of the data to be protected, given the state of the art and processing of the data; Hello Steven, I`m a little worried if you mention that I buy personal data based on legitimate interest and continues to send an email to the interested as well as store the data, unless I have his/their request, making contact or deleting the data to stop. 1. Does this mean that I can continue to communicate, unless I have an answer from him, even if it continues for the long term? 2. In this case, what is the distinguishing factor between email marketing and this type of email? I consider each email as marketing, which explicit or implicitly selling or maintaining (again, the end goal is to sell properly?) Does he have an end goal? 3. Why can`t I use personal data for sale if the third party provides me with the data without consent, but on the basis of legitimate interest? Don`t you think there`s something in common between this case and the one you described in “Collecting the data and getting the person`s permission” section? Thank you Personal data is submitted to the following basic processing activities (please specify): the security measures we take are described on our website under Blaast.com/security/. These measures are regularly updated to ensure that we meet current data security standards. Hello Jon, in this case I would recommend having two guidelines, so you are very clear for the prospect that if you decide, your data will be shared. (i) that, in the case of a subcontract in point 11, the processing activity is carried out by a subcontractor offering at least the same level of protection for personal data and the rights of the person concerned as the importer of data in accordance with the clauses; And yes, I do.