DIRECT MARKETING – A GENERAL GUIDE FOR DATA CONTROLLERS

Targeted direct marketing, giving individuals information about products and services, is a perfectly legitimate activity – provided it respects the individual’s right to privacy. Sending unwanted direct marketing is neither in your interests nor the interests of those receiving it. 

Data protection law imposes strict obligations on the use of personal data for direct marketing.  Because marketing using electronic means is more intrusive than postal marketing, stricter rules apply to it. 

GENERAL RULE

The basic rule that applies to direct marketing is that you need the consent of the individual to use their personal data for direct marketing purposes.   As a minimum, an individual must be given a right to refuse such use of their personal data both at the time the data is collected (an “opt-out”) and, in the case of direct marketing by electronic means, on every subsequent marketing message.  The “opt-out” right must be free of charge.

You must also make clear who you are and where you obtained the individual’s personal data (where this is not obvious).

POSTAL MARKETING

The rules governing postal marketing are mainly contained in Section 2 of the Data Protection Acts.

Marketing through the post is the traditional and oldest form of direct marketing. For mail to be considered to be direct marketing it must, generally speaking, be addressed to a named person and must be promoting a product or service. Unaddressed mail or mail addressed to “the occupant”, “the resident” or “the householder” does not normally involve the use of personal data and consequently data protection legislation would not apply. However, where a data controller can identify “the occupant”, “the resident” or “the householder” from the address in conjunction with other data in or likely to come into his possession, this may involve the processing of personal data and data protection requirements would apply. Also, the rules do not normally apply to postal marketing of corporate entities (companies, agencies etc) – including marketing of office-holders within such an entity (provided that the marketing is related to the organisation’s business needs and that the details of the named person in receipt were obtained fairly). 
 
Before you can use personal data for postal marketing, you must tell customers (or potential customers) that you intend to use their data for this purpose and give them an opportunity to refuse such use.  Where you yourself have collected the personal data, this should be done at the time of collection (for example, by providing a “tick-box” on a form).  Where you have obtained the personal data from a third party – including a source  of information that is publicly available by law – the opportunity to refuse direct marketing material  must be provided before any such material is sent.
If any customer objects, you may not use their personal data to directly market them. The individual may withdraw their consent to direct marketing at any time.  If your only reason for holding an individual’s personal data is direct marketing, then you must erase the personal data from any lists or databases that you hold once the individual has objected.
 
You may use names and addresses drawn from the Edited Electoral Register for postal marketing. The "Edited Register" contains a sub-set of the names and addresses on the “Full Register” of voters.   Individuals on the Edited Register are those who, when registering to vote, did not object to their personal data being used for marketing or other non-statutory purposes.  It is an offence under electoral law to use information drawn from the “Full Register” of electors for direct marketing (or for any other purpose not provided for in legislation).   It is also your duty to make sure that you are using the most up-to-date version of the Edited Register (see separate guidance-note).

ELECTRONIC MARKETING

The rules governing electronic marketing (phone, fax, text message, email) are mainly contained in Regulation 13 of the Electronic Privacy Regulations.   Different rules apply to phone, fax, text message and e-mail marketing. The rules are more restrictive in the case of marketing by electronic mail of individuals(1) who are not your customers. Unlike in the case of postal marketing, certain restrictions also apply to electronic marketing to businesses and other corporate entities(2).

Phone (All Subscribers)
You  may not make a marketing  phone call to the phone number of an individual or business, other than a current(3) customer who has given consent to the receipt of such calls,  if his/her/it’s preference not to receive such calls is noted in the National Directory Database.
You also may not make a marketing phone call to an individual or business phone number if s/he/it has previously told you that s/he/it does not consent to the receipt of such calls.

Fax(4)

Individual Subscriber

You may not send a fax for the purpose of direct marketing to the line of an individual subscriber unless that individual has previously consented to the receipt of such a communication.

NOTE:  The line of the subscriber on which the fax operates must solely be used for domestic/personal purposes. If the line is used (in any part) to run a business, that line will be treated as a business, not a residential line.

(1) The terminology in the Regulations is “natural person”
(2) The terminology in the Regulations is “not a natural person”
(3) “current customer” is interpreted by the Commissioner as one with whom there has been a transaction within the 12 months prior to the call
(4) The same rules apply to the use of automatic calling machines

Business Subscriber

You may not send a fax for marketing purposes to a business fax number if that business has its preference not to receive marketing calls noted in the National Directory Database.

You also may not send a fax for marketing purposes to a business fax number if that business has previously told you that it does not consent to the receipt of such faxes. 

Electronic Mail

Electronic mail includes text messages (SMS), voice messages, sound messages, image messages, multimedia message (MMS) and email messages.

Individual and Business Customers

Where you have obtained contact details in the context of the sale of a product or service, you may only use these details for direct marketing by electronic mail if the following conditions are met:

1. the product or service you are marketing is of a kind similar to that which you sold to the customer at the time you obtained their contact details
2. At the time you collected the details, you gave the customer the opportunity to object, in an easy manner and without charge, to their use for marketing purposes
3. Each time you send a marketing message, you give the customer the right to object to receipt of further messages

NOTE: the Regulations state that the customer contact details must have been collected “in accordance with the Data Protection Act”. The Data Protection Commissioner considers that, in order to comply with the provisions of the Data Protection Acts concerning the retention of data for no longer than is necessary, it would not be in order to market a customer where there had not been a transaction within the previous 12 months. If the subscriber fails to unsubscribe using the cost free means provided to them by the direct marketer, they will be deemed to have remained opted-in to the receipt of such electronic mail for a twelve month period from the date of issue to them of the most recent marketing electronic mail.

Individuals (“Natural Persons”) who are not Customers

If an individual is not a customer, you may not use electronic mail to send a marketing message to their contact address unless you have obtained the prior consent of that individual to the receipt of such messages – a consent that can be withdrawn at any time.

Business Contacts (Customers and non Customers)

You may not use electronic mail to send a marketing message to a business contact address/number if the subscriber has notified you that they do not consent to the receipt of such communications.

SUMMARY

The following table summarises the rules that apply.  “Opt-in” means you can only market an individual where you have their explicit consent to do so.  “Opt-out” means that you can market an individual provided you have given them the option not to receive such marketing and they have not availed of this option.  For a electronic communication to a business, an option to unsubscribe must be included.

OFFENCES AND PENALTIES
Failure to comply with the rules can attract heavy penalties.  In the case of breach of the rules on electronic marketing, the onus is on you to prove that you had a subscriber’s consent to send a marketing message.  You should retain such consents for a period of 2 years after the sending of the most recent marketing message to the recipient.  Further information on offences and penalties is available here.