Existing customers: the ‘soft opt-in’
Although organizations can generally only send marketing texts or emails with specific consent, there is an exception to this rule for existing customers, known as the ‘soft opt-in’. This means organizations can send marketing texts or emails if:
· they have obtained the contact details during a sale (or negotiations for a sale) of a product or service to that person.
· they are only marketing their own similar products or services; and
· they gave the person a simple opportunity to refuse or opt out of the marketing, both when first collecting the details and in every message after that.
The texts or emails must be marketing products or services, which means that the soft opt-in exception can only apply to commercial marketing. Charities, political parties, or other not-for-profit bodies will not be able to rely on the soft opt-in when sending campaigning texts or emails, even to existing supporters. In other words, texts or emails promoting the aims or ideals of an organization can only be sent with specific consent.
The contact details must be obtained directly from the individual by the organization who wishes to engage in the marketing and the marketing must be in relation to that organization’s similar products and services. Therefore, the soft opt-in can only be relied upon by the organization that collected the contact details. This means organizations cannot rely on a soft opt-in if they obtained a marketing list from a third party – they will need specific consent. See the section on indirect (third party) consent for more on this.
The customer does not actually have to have bought anything to trigger the soft opt-in. It is enough if ‘negotiations for a sale’ took place. This means that the customer should have actively expressed an interest in buying an organization’s products or services – for example, by requesting a quote, or asking for more details of what it offers. There must be some sort of express communication: The communication must be about buying products or services. It is not enough simply to send any query.
Organizations can only send texts or emails about similar products or services. We consider that the key question here is whether the customer would reasonably expect messages about the product or service in question. This is likely to depend on the context – including the type of business and the category of product. For example, someone who has shopped at a supermarket might reasonably expect messages about a much wider range of goods than someone who has shopped at a specialist store for a specialist product. Organizations must give the customer the chance to opt out – both when they first collect the details, and in every email or text.
Organizations should not assume that all customers will be happy to get marketing texts or emails in future and cannot rely on the soft opt-in rule unless they provided a clear opportunity to opt out first.
It must be simple to opt out. When first collecting a customer’s details, this should be part of the same process (e.g., online forms should include a prominent opt-out box, and staff taking down details in person should specifically offer an opt-out). In subsequent messages, we consider that the individual should be able to reply directly to the message or click a clear ‘unsubscribe’ link. In the case of text messages, organizations.
Contact Us
Hope you find this useful. If you need an EU Rep, have any GDPR questions, or have received a SAR or Regulator request and need help then please contact us anytime. We are always happy to help...
GDPR Local team.
Recent blogs
Appointment of a DPO in Singapore: What You Need to Know Before 30th September
If your business handles personal data in Singapore, it’s important to be aware of a key deadline
Enterprise Data Protection: Securing Large-Scale Information Assets
Cyber threats and regulatory pressures have made it necessary for businesses around the world to sa
Continuous Data Protection: Ensuring Real-Time Information Security
Continuous data protection (CDP) has emerged as a crucial strategy in safeguarding data assets agai