The Privacy and Electronic Communications (EC Directive) Regulations 2003 place restrictions on how companies can carry out unsolicited direct marketing by electronic mail. In very general terms, the rules apply to E-mails sent to individuals as opposed to organisations, and are as follows:
- Your business is only allowed to direct unsolicited marketing towards individuals who have given their permission. The exception is when your business had obtained the individual’s details in the course of a sale or the negotiations for a sale of a product/service to that person; and the individual had declined to opt out from receiving advertisements for similar products/services in the future.
- You need to inform the recipient of your identity and contact details.
You may find the following guidelines provided by the ICO helpful:
- Try to go for permission-based marketing as much as possible. This way you are only contacting customers who want you to contact them.
- Provide a statement of use when you collect details. Put this in an obvious place or make sure it has to be read before individuals submit their details.
- Make sure you clearly explain what individuals’ details will be used for. For example, explain to individuals why you might use their email address in the future.
- Do not have consent boxes already ticked.
- Provide a simple and quick method for customers to opt out of marketing messages at no cost other than that of sending the message.
- Promptly comply with opt-out requests from everyone, not just those from individuals.
- Have a system in place to deal with complaints about unwanted marketing.
- When you receive an opt-out request, suppress the individual or company details rather than deleting them. This way you will have a record of who not to contact.
For more detailed guidance, you may wish to refer to the section on the Privacy and Electronic Communications Regulations on the ICO website (www.ico.gov.uk) or contact Jo Tall (firstname.lastname@example.org).