A Quick Reference Guide
You should check the origin and accuracy of bought-in lists. You should screen call lists against the Telephone Preference Service (TPS), and only use bought-in lists for email, text or recorded calls with very specific consent.
For in-house marketing lists, use opt-in boxes wherever possible. Specify consent to marketing by email, text, fax, telephone or by automated call. Ask for specific consent also if you want to pass details to other companies and make sure you name or describe those companies.
Keep clear records of consent and keep a ’do not contact’ list of anyone who objects or opts out.
In more Detail.....
Can we use bought-in marketing lists?
You can use bought-in lists to make live marketing calls, but you should screen against both the TPS and your own ’do-not-call’ list of people who have previously objected to or opted out of your calls.
You must be very careful before using bought-in lists for automated calls, texts or emails. You can only use them if all the people on the list specifically consented to receive that type of message from you. Generic consent such as “selected third parties” or consent collected in lengthy privacy policies on third party websites will not be enough.
If you are using bought-in B2B fax lists, you must screen against both the FPS and your own ’do-not-fax’ list of people who have previously objected to or opted out of your faxes. When it comes to faxing individuals (which includes sole traders and some partnerships) you can only do so if they have specifically consented to receiving faxes from you. Faxes to individuals falls under the Privacy Electronic Communications Regulations (PECR).
You must make checks to satisfy yourself that any list is accurate, that the details were collected fairly and that the consent is specific and recent enough to cover your marketing.
ICO guidance on direct marketing
What’s the best way to compile our own marketing list?
You may want to compile your own in-house marketing list using details of people who have bought goods or services in the past or who have registered on your website or made an enquiry. However, you should not assume that everyone is happy to receive marketing just because they have provided their contact details.
You should make it clear upfront that you intend to use their details for marketing purposes. The best way to get clear consent for your marketing is to provide opt-in boxes that specify the type of messages you plan to send (e.g. by email, text, telephone, fax or automated call).
You should record when and how you got consent and what type of messages it covers. If possible, you should also record whether the customer is an individual or a company, as different rules apply. If this is not clear, assume they are an individual.
Remember, individuals also includes sole traders and partnerships.
Can we sell our marketing list?
As a general rule, you can only sell your marketing list if you have the consent of the listed individuals to do so.
Other businesses will only be able to use the list for recorded calls, texts or emails if the people on the list have specifically consented to receive that type of message from that specific company.
Can we share our list with other companies in our group?
The same rules apply as for other third parties. If you intend to share the list within your group, you must have each individual’s specific consent to marketing from your group companies.
Can one company use one list for multiple trading names?
If you are a single entity trading under several different names, you should not assume that a customer opting in to marketing from one brand is consenting to marketing from all your brands. Consent must be informed and customers may not even be aware of any connection between the brands. You may also find it difficult to rely on the soft opt-in, as this only applies to similar products and services
If you want to use one list for all your trading names, you should list them all clearly when you obtain the opt-in.
If an individual opts out of marketing from one trading name, you should assume this opt-out applies to all your trading names unless they make it clear otherwise.
How should we respond to objections or opt-outs?
As soon as someone objects to or opts out of your marketing, you should add them to a ’do not contact’ list. You should screen all your marketing against this list to make sure you don’t contact anyone who has opted out. You can send an immediate reply confirming they have unsubscribed, but you must not contact them at a later date even if this is just to ask if they want to opt back in.
You must not simply delete their details altogether, as you need to ensure they are not later put back on your marketing list by mistake (for example if you buy more leads that include the same details). If someone asks you to delete their details, you should explain that you will need to keep them on a ’do not contact’ list to make sure you comply with their right to opt out.
How do the rules apply to our loyalty scheme members?
If you operate a loyalty scheme, you should make sure your customers understand what messages they will receive if they sign up. They are likely to expect a periodic update on how many points or vouchers they have earned. In the ICO’s view, under the soft opt-in rule, as long as you provide a clear opt-out when they sign up and in every subsequent message, you may also send them further electronic mail about other promotions unless they opt out.
If you operate a joint loyalty scheme with other companies, you must make sure customers are fully aware of the nature of the scheme and range of the promotions you propose to send. In the ICO’s view, under the soft opt-in rule, as long as you do so and provide a clear opt-out when they sign up and in every message, the scheme may send electronic mail about incentives offered by any of the partners.
However, if a participating company wants to send additional marketing messages outside the loyalty scheme, it must have the individual’s clear consent to do so. If there are several partners in a loyalty scheme, you may therefore find it easier to provide specific opt-in boxes when people sign up
ICO guidance on direct marketing
Can we send marketing by post?
PECR do not cover marketing by post, but if you are sending post to named individuals you must comply with the Data Protection Act and the GDPR.
More useful links
If your business purchases or sells data then you should read the latest Direct Marketing Guidance
issued by the ICO for a complete explanation of what the ICO expects from companies involved in or buying from the direct marketing industry.