OUT NOW: The Shoe Factory — a library made in collab with OPW

Legitimate Interests Assessment

Direct Marketing

Part 1: Purpose test

Why do you want to process the data?

To continue to send marketing messages in order to maintain the growth of Spitfire Audio, while informing and entertaining our customers.

What benefit do you expect to get from the processing?

Increased sales, but also continued engagement with our customers by way of sending them interesting and relevant (and free) editorial content which is about, or closely related to, the use of our products, others’ products or the wider music-making scene.

Do any third parties benefit from the processing?

Our customers themselves benefit from our free LABS programme, and our free editorial content. Additionally, Spitfire Audio only currently sell (and have only ever sold) one type of product: Sample libraries. Where we directly market new or updated products, therefore, we are only emailing customers who have a declared interest in sample libraries about other sample libraries.

Are there any wider public benefits to the processing?

The high quality editorial content we produce for our customers’ benefit is freely available to anyone on Youtube, regardless of whether they have a Spitfire account.

How important are the benefits that you have identified?

Very important to us. We are an e-commerce retailer, and our email database is our principal means of reaching our customers.

What would the impact be if you couldn’t go ahead with the processing?

Loss of sales, and loss of customer engagement.

Part 2: Necessity Test

Will this processing actually help you achieve your purpose?

We can, and do, inform customers about new products, labs and editorial content via other means (social channels for example), but our email mailing list remains the most effective.

Is the processing proportionate to that purpose?

We believe so.

Can you achieve the same purpose without the processing?

No, not currently.

Can you achieve the same purpose by processing less data, or by processing the data in another more obvious or less intrusive way?

Sending messages via email only requires one piece of data: the customer email address. Every message we send (or have ever sent) allows the customer to unsubscribe.

Part 3: Balancing Test

Nature of the Personal Data

Is it special category data or criminal offence data?


Is it data which people are likely to consider particularly ‘private’?


Are you processing children’s data or data relating to other vulnerable people?


Is the data about people in their personal or professional capacity?


Reasonable Expectations

Do you have an existing relationship with the individual?

Yes, everyone on our mailing list is there because they have either bought a sample library from us (or signed up to receive a free one), expressed an affirmative interest in LABS (by signing up on our labs page), entered a competition either on our site or with a partner site, or signed up at a trade show. Where a competition was entered, joining our mailing list will have been in the terms and conditions.

What’s the nature of the relationship and how have you used data in the past?

As above. These are existing customers (who have bought the same type of products as we’re emailing about), competition entrants or active sign ups.

Did you collect the data directly from the individual? What did you tell them at the time?

All our data was freely given by the individual themselves. What the customer was told at the point of collection has varied over the life of Spitfire Audio, though the option to unsubscribe or update details has ALWAYS been given in every message.

If you obtained the data from a third party, what did they tell the individuals about reuse by third parties for other purposes and does this cover you?

We have never obtained data from a third party. Customers who purchased from one of our resellers (current or past) would still have been required to create an account on our site in order to redeem their product.

How long ago did you collect the data? Are there any changes in technology or context since then that would affect expectations?

The data has been collected over the last 8 years. The technology and context has remained essentially the same during that time period.

Is your intended purpose and method widely understood?

Our emails are unambiguous in their intentions, and we are using a well-established method.

Are you intending to do anything new or innovative?

We occasionally invite customers to take part in innovative marketing (e.g. our BT Phobos game), though the data processing described here remains very simple.

Do you have any evidence about expectations – eg from market research, focus groups or other forms of consultation?


Are there any other factors in the particular circumstances that mean they would or would not expect the processing?

We believe our customers expect our messages by way of well-established precedent.

Likely Impact

What are the possible impacts of the processing on people?

We are simply sending messages, which can be opted out of at any time. We believe any impact our messages have will be largely positive (for example, helping existing customers get more value from products they’ve already bought via our editorial content, or letting them know that free sample libraries are available to them if they want).

Will individuals lose any control over the use of their personal data?

No, they can update the information itself (name, email) and their preferences regarding the use of it at any time.

What is the likelihood and severity of any potential impact?

In terms of negative impact, negligible and negligible.

Are some people likely to object to the processing or find it intrusive?

A very small minority of people may object, but we don’t believe our messaging to be excessive or intrusive, particularly in light of our generally enthusiastic and engaged audience (as evidenced by our well above-average open and click rates by our industry’s standards). In any case, it is very easy to opt out of future messages.

Would you be happy to explain the processing to individuals?


Can you adopt any safeguards to minimise the impact?

As existing customers adopt our new preferences over the less granular “all in” permission we’ve relied upon historically, we believe our messaging will become more targeted and relevant to them. Furthermore, we will systematically remove from our list those who stop engaging with us for a year (as measured by Mailchimp’s “open” tracking measure).

Can you offer individuals an opt-out?


Making the Decision

Can you rely on legitimate interests for this processing?