You should check the origin and accuracy of bought-in lists. You should screen call lists against the TPS, and only use bought-in lists for email, text or recorded calls with very specific consent.
For in-house marketing lists, use opt-in boxes wherever possible. Specify consent to marketing by email, by text, by fax, by phone or by recorded call. Ask for specific consent also if you want to pass details to other companies, and make sure you name or describe those companies.
Keep clear records of consent, and keep a ‘do not contact’ list of anyone who objects or opts out.
In more detail…
- Can we use bought-in marketing lists?
- What’s the best way to compile our own marketing list?
- Can we sell our marketing list?
- Can we share our list with other companies in our group?
- Can one company use one list for multiple trading names?
- How should we respond to objections or opt-outs?
- How do the rules apply to our loyalty scheme members?
- Can we send marketing by post?
You can use bought-in lists to make live marketing calls, but you should screen against both the TPS and your own ‘do-not-call’ list of people who have previously objected to or opted out of your calls.
You must be very careful before using bought-in lists for recorded calls, texts or emails. You can only use them if all the people on the list specifically consented to receive that type of message from you. Generic consent covering any third party will not be enough.
If you are using bought-in B2B fax lists, you must screen against both the FPS and your own ‘do-not-fax’ list of people who have previously objected to or opted out of your faxes. You may only fax individuals (including sole traders and some partnerships) if they have specifically consented to receiving faxes from you.
You must make checks to satisfy yourself that any list is accurate and the details were collected fairly, and that the consent is specific and recent enough to cover your marketing.
For more information on collecting people’s information from other sources, see our direct marketing guidance.
You may want to compile your own in-house marketing list using details of people who have bought goods or services in the past, or who have registered on your website or made an enquiry. However, you should not assume that everyone is happy to receive marketing just because they have provided their contact details.
You should make it clear upfront that you intend to use their details for marketing purposes. The best way to get clear consent for your marketing is to provide opt-in boxes that specify the type of messages you plan to send (eg by email, by text, by phone, by fax, by recorded call).
You should record when and how you got consent, and what type of messages it covers. If possible, you should also record whether the customer is an individual or a company, as different rules apply. If this is not clear, assume they are an individual.
For further information, see our guidance on direct marketing.
As a general rule, you can only sell your marketing list if you have the consent of the listed individuals to do so.
Other businesses will only be able to use the list for recorded calls, texts or emails if the people on the list have specifically consented to receive that type of message from that company.
For more information on sharing information for direct marketing purposes, see our direct marketing guidance.
The same rules apply as for other third parties. If you intend to share the list within your group, you must have each individual’s specific consent to marketing from your group companies.
If you are a single entity trading under several different names, you should not assume that a customer opting in to marketing from one brand is consenting to marketing from all your brands. Consent must be informed, and customers may not even be aware of any connection between the brands. You may also find it difficult to rely on the soft opt-in, as this only applies to similar products and services.
If you want to use one list for all your trading names, you should list them all clearly when you obtain the opt-in.
If an individual opts out of marketing from one trading name, you should assume this opt-out applies to all your trading names unless they make it clear otherwise.
As soon as someone objects to or opts out of your marketing, you should add them to a ‘do not contact’ list. You should screen all your marketing against this list to make sure you don’t contact anyone who has opted out. You can send an immediate reply confirming they have unsubscribed, but you must not contact them at a later date even if this is just to ask if they want to opt back in.
You must not simply delete their details altogether, as you need to ensure they are not later put back on your marketing list by mistake (for example if you buy more leads that include the same details). If someone asks you to delete their details, you should explain that you will need to keep them on a ‘do not contact’ list to make sure you comply with their right to opt out.
For more information on objections and opt-outs, see our direct marketing guidance.
If you operate a loyalty scheme, you should make sure your customers understand what messages they will receive if they sign up. They are likely to expect a periodic update on how many points or vouchers they have earned. In our view, under the soft opt-in rule, as long as you provide a clear opt-out when they sign up and in every subsequent message, you may also send them further electronic mail about other promotions unless they opt out.
If you operate a joint loyalty scheme with other companies, you must make sure customers are fully aware of the nature of the scheme and range of the promotions you propose to send. In our view, under the soft opt-in rule, as long as you do so and provide a clear opt-out when they sign up and in every message, the scheme may send electronic mail about incentives offered by any of the partners.
However, if a participating company wants to send additional marketing messages outside the loyalty scheme, it must have the individual’s clear consent to do so. If there are several partners in a loyalty scheme, you may therefore find it easier to provide specific opt-in boxes when people sign up.
PECR do not cover marketing by post, but if you are sending post to named individuals you must comply with the Data Protection Act and the UK GDPR.