: Lead Generation Forms & Privacy Policy I have a lead form in my website (A website about High-End Fashion) in which visitors can contact a sales representative about product A. There is no
I have a lead form in my website (A website about High-End Fashion) in which visitors can contact a sales representative about product A. There is no opt-in checkbox, just a couple of text fields (phone number, e-mail etc...) and I received several thousands of submissions from customers in the UK. The form's purpose is to schedule an appointment.
I want to send these leads a marketing mail of product B. It's a different product from the same brand and I know it's relevant to those leads - But, it's a completely different product category.
Currently, I do not have a privacy policy in my website.
Can I legally send such e-mails?
What kind of privacy policy do I need in my website for this to be legal?
More posts by @Nimeshi995
2 Comments
Sorted by latest first Latest Oldest Best
across the EU there is a concept that allows you to send emails to a list without their permission, but that's still based on prior permission.
It's known as 'soft opt-in'. It applies if the following conditions are met;
where you've obtained a person's details in the course of a sale or negotiations for a sale of a product or service;
where the messages are only marketing similar products or services; and
where the person is given a simple opportunity to refuse marketing when their details are collected, and if they don't opt out at this point, are given a simple way to do so in future messages.
Though you seem to have two problems imo: you don't actually have their consent email them (which is a different purpose), nor have you ever shown them a privacy notice. Therefore theoretically you'd need to create new consent.
I think you might be interested in reading these two guides by the UK authority, the ICO:
Direct Marketing Checklist
Direct Marketing
which will go into detail about the requirements for successfully navigating the waters of compliance.
Regarding your second question - what kind of privacy policy you need - that privacy policy will need to follow the minimum standards of EU/UK law and case law and include the data processing practices, along with the information about direct marketing being done by you.
P.S. I've written a bit about the topic on my company blog here, which might also give you some desired insights.
You are collecting personal data from users to send them promotional emails.
You can send those emails as long as you have a proper disclosure to users that they may receive promotional emails and you have a Privacy Policy where you disclose what kind of personal data you collect, what are you going to do with that data and how users can opt-out from your emails.
In summary:
Depending on your jurisdiction, read about CAN-SPAM in the USA, the new GDPR in the EU and the DPA in the UK.
Research how to draft a more prominent disclosure of your data collection in your lead generation forms. Clickwrap method (without or without the ‘I agree’ checkbox) is a good start.
Draft a Privacy Policy where you disclose:
What information you collect from users.
What will you do with the collected personal information.
With whom you share the collected personal information, i.e. with third-parties
How users can unsubscribe from your promotional emails.
Place links to your Privacy Policy on your lead generation page
Place unsubscribe links in your emails
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.