It is important to respect people’s preferences about direct marketing. People can object to you using their information for direct marketing and you must stop or not start using their information for this purpose.
People can also change their mind and can withdraw their consent or choose to opt-out of your direct marketing.
If someone no longer wants you to use their information for direct marketing purposes, you should put their details onto a suppression or ‘do not contact’ list, instead of deleting them. Doing this means you can check against your list so you don’t use their information for direct marketing in future by mistake.
Why is it important to respect people’s preferences?
Many people will be happy for you to use their information for direct marketing purposes, but some might not want you to do this, or they may change their mind.
It is important to respect people’s preferences to maintain good relationships with your customers and supporters. It is also important because the law gives people rights about whether they want you to use their information for direct marketing. You must comply if someone exercises these rights.
People can:
object to your direct marketing;
opt-out or unsubscribe;
withdraw their consent to your direct marketing; and
What do we do if someone objects to our direct marketing?
People have a legal right to object to you using their information for direct marketing purposes.
If someone objects, you must stop using their personal information for direct marketing. There are no reasons that you can use to refuse their objection.
This right covers any use of people’s information for direct marketing purposes, including profiling. For example, using people’s information to try to infer what products or services people in a particular geographical location might be interested in or disclosing their information to third parties for direct marketing purposes.
It is important to take the following actions:
Make people aware that they can object.
You must make people aware that they can object to your direct marketing. You must clearly bring this to their attention, presenting it separately from other matters, using plain language.
You must tell people about this right “at the latest” at the time of your first communication with them. However, remember that as part of people’s separate right to be informed, you also have to tell them that they can object (eg at the time you collect their details) (see Collect information and generate leads).
People can object at any time. This means they might want to object straight away or before you use their information for direct marketing.
Make it easy for people to object.
It is good practice to give people an easy way to object. They should be able to do this at the time you collect their details (if this is not already required or you are not relying on consent to use their information). It must be free of charge for them to object.
Recognise when someone is objecting.
There is no form of words that people must use to object to your direct marketing. People can object verbally, as well as in writing, and this might be directed to any part of your organisation. Therefore, you should have a process in place to recognise and deal with direct marketing objections.
If someone objects and you have any reasonable doubts about their identity, you can ask them for more information, but only for what is necessary for you to action their objection. For example, you may need to confirm their email address or phone number, in order to stop using these details for direct marketing.
If someone has objected to your direct marketing, you can’t contact them at a later date to ask if they’ve changed their mind. This contact would still be for direct marketing purposes that they have specifically objected to. However, you may be able to remind people about their direct marketing preferences, if the reminder forms a minor and incidental addition to a message that you are sending anyway. The content must be for another purpose and not include marketing material. For example, an annual statement that includes a message at the end saying how they can update marketing preferences (but not encouraging them to change their mind).
Let people can change their mind.
A person’s most recent indication of their wishes about your direct marketing is the most important and it is possible for them to change their mind. For example, their original objection is overridden if they specifically withdraw their objection or in the future agree to direct marketing from you. However, failing to opt-out of your direct marketing at a later date doesn’t override their previous objection.
What do we do if someone opts out of our direct marketing?
If someone opts out of your direct marketing, you must stop using their information for the direct marketing purposes that the opt-out covers.
For example, you may be relying on the PECR soft opt-in to send direct marketing emails. If your customer uses the ‘unsubscribe’ link within your email to opt-out, you mustnot send them any further marketing emails.
Someone opting-out of receiving direct marketing works in the same way as if they had issued an objection to direct marketing on that channel. This is because they are making it clear that they don’t wish to get your direct marketing. However, unlike an objection, an opt-out is more likely to cover a specific method of contact or a particular direct marketing activity, rather than being a general objection to all direct marketing purposes.
Example
A customer receives direct marketing by text message and by email from a company. The company is relying on the PECR soft opt-in to send the messages. As part of this, each text message includes an opt-out (‘to opt-out text STOP to 12345’) and each email has an unsubscribe button.
The customer decides they no longer want to receive marketing by text message and follows the instructions to opt-out by texting the word STOP.
The company stops sending marketing to them by text message. However, as they have not unsubscribed from its emails the company continues to send marketing by this other method, as it is still compliant to do so.
If you give people opt-out options when you collect their details, you should make it clear what method of direct marketing this covers.
You can send a message immediately after someone has opted out to confirm they have unsubscribed and provide information about how to resubscribe if they change their mind. But this message mustnot require them to take action to confirm their opt-out. It may also be possible to remind people about their direct marketing preferences (see What do we do if someone objects to our direct marketing?).
What do we do if someone withdraws their consent?
Although people may have initially been happy to consent to your direct marketing, they may change their mind. Data protection law and PECR allow people to withdraw their consent to your direct marketing.
The key things to remember are:
you must make it as easy for people to withdraw consent as it was to give it;
if someone withdraws their consent you must stop the direct marketing that the consent covers immediately or as soon as possible; and
if consent is withdrawn and this was your data protection reason (“lawful basis”) for the direct marketing, you mustnot swap to a different basis to continue your direct marketing (this would be unfair).
Direct marketing suppression lists or ‘do not contact lists’ are lists of people who have told you that they don’t want to:
get direct marketing from you; or
have their information used for direct marketing purposes.
Data protection law and PECR don’t say you have to use a suppression list, but you should use one to help you to comply instead of just deleting their details. By using a suppression list, you can check any new marketing lists against it. This ensures you don’t send direct marketing to anyone who has asked you not to, or use their information for direct marketing purposes if they have objected.
Sometimes organisations are concerned that the law stops them from putting someone on a suppression list when they object. This is not correct. While you mustnot keep using someone’s information for direct marketing purposes when they object, keeping a suppression list isn’t for direct marketing purposes. You are keeping this list so that you can comply with your statutory obligations (ie to comply with their objection) and not for direct marketing purposes.
Example
A person whose phone number is not on the TPS receives a live direct marketing call from a company. The person asks the company not to call them again. In response the company simply deletes their phone number.
A few months later the company buys in a list of telephone numbers that have been checked against the TPS. This list includes that person’s number because it isn’t registered on the TPS. The company makes a further direct marketing call to that person.
The company has breached PECR by calling their number as the person had previously told it not to call.
If the company had placed the number on a suppression list rather than deleting it, the breach would have been prevented. This is because checking the bought-in list against its own suppression list would have identified that there was an objection to receiving direct marketing calls on that number.
It is also important that you do the following:
Only keep the minimum amount of information needed.
Suppression involves keeping just enough information about someone to ensure you respect their preferences in the future, so you mustnot keep more than you need. You should clearly mark the information so you don’t use it for the direct marketing purposes they objected to.
Understand what is and isn’t a suppression list.
The TPS and CTPS registers are types of suppression lists where people or organisations actively register an objection to receiving live direct marketing phone calls. You must check phone numbers against these statutory registers. The MPS is also a type of suppression list for postal marketing that you should check, although it is not a statutory one.
Don’t confuse direct marketing suppression lists with screening lists. You may use a screening list when you have decided to screen out certain people because they don’t fit the particular direct marketing campaign that you or a third party are running. Unlike a suppression list, you don’t use a screening list to comply with someone’s objection to direct marketing. Use of a screening list is processing for direct marketing purposes.
What do we do if someone asks us to delete their information?
People may ask you to delete or erase the information you hold about them. They have a specific data protection right to ask you to erase their information (also known as the right to be forgotten). This can include their information that you use for direct marketing purposes.
However, this right only applies in certain circumstances such as:
you are using consent for the direct marketing and it is withdrawn;
you no longer need their information for your direct marketing purpose; or
someone objects to you using their information for direct marketing purposes.
You don’t need to automatically treat withdrawals of consent or objections to direct marketing as an erasure request. However, in practice if someone withdraws their consent, you can no longer keep using their information for that purpose. Similarly, if someone objects to you using their information for direct marketing purposes, you must stop. Therefore, you are likely to need to delete that information (unless you need to keep a small amount for another reason, such as on a suppression list).
Example
A customer contacts a company to object to direct marketing and at the same time asks it to delete their information. The company stops using their information for direct marketing and deletes all of it, apart from a small amount that it keeps on its suppression list. This prevents it from using the customer’s personal information for direct marketing purposes in the future. The company is complying with the customer’s right.
Because we don’t consider that a suppression list is used for direct marketing purposes, there is no automatic right for people to have their information on such a list deleted. (See What are direct marketing suppression lists?)