Skip to main content
Hafan

How do we comply with the PECR electronic mail marketing rules?

Contents

In detail

Who must comply?

PECR applies to anyone who sends or instigates the sending of direct marketing by electronic mail.

You’re likely to be instigating if you encourage, incite, incentivise or ask someone else to send electronic mail containing your direct marketing. If you ask another organisation to send your electronic mail marketing, you may still be responsible under PECR as the instigator, while the other organisation is the sender. In these cases, both parties are responsible for complying.

However, using a webmail service or bulk-email platform does not normally make that service responsible. They’re simply providing the technical delivery. You remain responsible for complying with PECR.

If you want another organisation to send electronic mail marketing on your behalf which includes using personal information, you must have a contract with them.

You must ensure that you do not allow anyone else to use your phone line or internet connection to breach the electronic mail marketing rules. If someone does use your line or connection to send electronic mail marketing, you must make sure those messages comply with PECR.

You should undertake appropriate compliance checks on the organisation sending the marketing for you. You should also have a written contract with them that sets out their responsibilities.

Which rules apply to which subscriber type?

Different rules apply depending on whether the message is solicited or unsolicited, and whether the recipient is an individual or corporate subscriber.

You can send solicited electronic mail marketing without the recipient’s consent and without meeting the requirements of a soft opt-in. This is because they have specifically asked you to send that message.

If you are sending unsolicited electronic mail marketing to individual subscribers, you must have their consent or be able to meet all the requirements of a soft opt-in. See What is consent and how do we use it? and What are the soft opt-ins and who can use them? for more information.

You can send unsolicited electronic mail marketing to corporate subscribers without consent or a soft opt-in.

You must not disguise or hide your identity in messages to either type of subscriber. You must provide a valid contact address for recipients to opt out or unsubscribe. These rules apply regardless of whether the message is solicited or unsolicited.

Further reading – ICO guidance

Business-to-business marketing

What is consent and how do we use it?

Consent is where someone actively agrees to receive your electronic mail marketing. Under PECR, organisations normally must have consent before sending unsolicited electronic mail marketing to individual subscribers. PECR takes its standard of consent from the UK GDPR, which says consent is:

any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her

If you’re seeking consent for your electronic mail marketing, you must:

  • give people a free choice to consent so that they can refuse without detriment and keep the consent separate from other things, such as terms and conditions (‘freely given’);
  • make it clear that the consent covers your electronic mail marketing messages and give your name in the consent request (‘specific and informed’); and
  • have no doubt that people are consenting to your electronic mail marketing messages (‘unambiguous indication’)

Additionally, people must take a positive action to consent, so you must not use pre-ticked opt-in boxes, silence or inactivity as evidence of consent (‘clear affirmative action’).

Example

A company provides the following information on their website when they collect customer details:

I would like to receive marketing emails from you about your services.

If customers decide to tick the box, the company has their consent to send them marketing emails.

You must make sure the consent specifically covers the type of electronic mail marketing you want to send. Simply asking for consent for direct marketing will not be specific or informed.

Example

I would like to receive marketing from you about your services by text message.

I would like to receive marketing from you about your services.

Some people may want to receive some types of electronic mail marketing but not others. For example, they may want to receive your marketing emails but not your text messages. You should ask for consent for each type separately.

Consent must be freely given. It’s unlikely to be valid consent if you make agreeing to marketing a necessary condition for buying your product or service or donating to your cause.

Example

☐ I would like to receive marketing emails about your services. 
Submit your order.

By submitting your order, you agree to receive our marketing emails. 
Submit your order.

There are several ways you can obtain consent for your electronic mail marketing. For example, you could use opt-in tick boxes or take the consent verbally. The key point is that you must get valid consent and you should keep a record of the consent (eg who, when, how) so that you can demonstrate it is valid.

Example

Good practice
A customer calls a restaurant to book a table. The restaurant asks for the customer’s mobile phone number in case they need to contact them about the booking and to send a confirmation message. The customer gives the restaurant their mobile number.

The restaurant asks the customer if they would like to receive marketing text messages about their discounts and events. The customer agrees verbally. The restaurant adds the customer’s number to their marketing database, which shows the time and date they consented.

The restaurant subsequently sends a booking confirmation text to the customer. A few days later they also send the customer a text advertising their special food event.

Bad practice
A customer calls a restaurant to book a table. The restaurant asks for the customer’s mobile phone number in case they need to contact them about the booking and to send a confirmation message. The customer gives the restaurant their mobile number.

The restaurant subsequently sends a booking confirmation text to the customer. A few days later they also send the customer a text advertising their special food event.

Consent isn’t transferrable. It’s specific to receiving electronic mail marketing to a particular number or address that the person gives you. For example, the consent someone gives you to receive direct marketing to a particular email address won’t cover any other email addresses they use.

You must make it easy for people to withdraw their consent. If someone does this, you must stop sending them direct marketing by electronic mail. See Can people change their mind about our electronic mail marketing? for further information.

Further reading – ICO guidance

Consent

What are the soft opt-ins and who can use them?

There are two limited circumstances where you can send unsolicited electronic mail marketing to individual subscribers without their consent. They are commonly referred to as the ‘soft opt-ins’. They are listed below:

  • The products and services soft opt-in. All organisations can use this, including charities.
  • The charitable purposes soft opt-in. Only charities can use this.

The two soft opt-ins apply in different contexts and have different requirements.

Even if the soft opt-ins could apply, you might decide to get people’s consent instead. For example, if you want to send marketing content not allowed by the soft opt-ins, or if you want more assurance that people are happy to receive your electronic mail marketing.

How do we use the products and services soft opt-in?

The products and services soft opt-in allows you to send electronic mail marketing without consent if the message is about your similar products and services, but only where all the following requirements are met:

  • You obtained the recipient’s contact details.
  • You did so while selling or negotiating to sell a product or service.
  • You are only marketing your similar products and services.
  • You provided the recipient with an opportunity to refuse or opt out when you collected their contact details.
  • You give the recipient an opportunity to refuse or opt out in every subsequent communication.

We explain these requirements in detail below.

You obtained the recipient’s contact details

You must obtain the contact details directly from the person you want to send the electronic mail marketing to. The soft opt-in doesn’t apply if someone else obtains the contact details for you, even if it’s another organisation within your own group structure. There is no such thing as a third-party marketing list that is compliant with the soft opt-in.

Example

Good practice
A restaurant collects mobile phone numbers from customers when they book a table on their website. By collecting the contact details themselves, the restaurant satisfies this first part of the soft opt-in.

Bad practice
A restaurant buys a list of people’s mobile phone numbers from a third party, who claims the list is ‘soft opt-in compliant’. The soft opt-in doesn’t apply because the restaurant did not obtain the contact details directly.

While selling or negotiating to sell a product or service

A person doesn’t need to actually buy anything from you. It’s enough if ‘negotiations for the sale’ took place. This means that they must actively express an interest in buying your products or services. This includes signing up to a free trial of your product or service, requesting a quote or asking for more details about what you offer.

Example

Good practice
A customer completes an online enquiry form asking for more details about a product or range of products. This may be enough to meet this part of the soft opt-in.

Bad practice
A customer logs into a company’s website to browse their range of products. This is not enough to constitute negotiations and this part of the soft opt-in.

You must have some form of express communication from the person and it must involve them buying your products or services. It’s not enough for someone to send any type of query.

Example

Good practice
A customer sends an online enquiry to ask if the company can order a particular product. This could constitute negotiations for a sale and satisfy this part of the soft opt-in.

Bad practice
A customer sends an online enquiry asking if the company is going to open more branches in a particular location. This does not satisfy this part of the soft opt-in because the enquiry is not about buying products or services.

You are only marketing your similar products and services

You must only send electronic mail marketing about your similar products or services. The key question is whether, based on previous interactions, people reasonably expect direct marketing about your product or service. This will depend on the context, including the nature of your organisation and the category of product or service.

Example

Good practice
A customer buys bread and bananas from a large supermarket chain’s online shop and provides their email address through the process. Afterwards, they might reasonably expect to receive emails about groceries, as well as emails about other products commonly sold in supermarkets.

Bad practice
A customer buys bread and bananas from a large supermarket chain’s online shop and provides their email address through the process. Afterwards, however, they’re unlikely to expect emails about banking or insurance products because they are not bought and sold in a similar context. Also, the supermarket is often not the same organisation as the one that provides banking or insurance products under their branding.

This soft opt-in only covers your own similar products and services. You must not use it to send messages about other organisations or their products and services.

Charities, political parties and other not-for-profit organisations must not use the products and services soft opt-in to send electronic mail marketing about their campaigning or fundraising, even to existing supporters.

Example

A charity has an online shop that sells ethically-sourced products. A customer buys some specialty teas. When they provide their contact details, the charity gives them a clear, upfront chance to opt out of direct marketing by email.

If the customer doesn’t tick the box to opt out, the charity may use the products and services soft opt-in to send electronic mail marketing about their similar products and services (assuming it also meets the other requirements).

However, the charity can’t send emails to the customer asking them to volunteer for the charity or to donate because the products and services soft opt-in doesn’t allow this type of direct marketing.

You provided the recipient with an opportunity to refuse or opt out when you collected their contact details

You must give people a simple way to opt out of your electronic mail marketing when you collect their contact details. An opt-out box hidden within your privacy policy is not a simple way for people to refuse your electronic mail marketing.

Your forms should include a prominent opt-out box. Staff taking down details verbally should specifically offer a choice of opting out.

Example

Good practice
A customer buys some trainers online and gives the retailer their email address as part of the process. The retailer provides a clear, easy to understand opt-out box. The customer doesn’t tick the box, so the retailer adds the customer’s email address to their marketing database. The customer subsequently receives an email with a 10% discount code for their next purchase.

Bad practice
A customer buys some trainers online and gives the retailer their email address as part of the buying process. The retailer automatically adds the customer’s email address to their marketing database. The customer subsequently receives an email with a 10% discount code for their next purchase.

You must offer the opt-out when you collect the contact details. Including an opt-out in an order confirmation email is not sufficient.

Example

Good practice
A customer orders a takeaway pizza online. As part of the process, the company asks them to provide either an email address or mobile phone number. The customer provides their mobile phone number.

☐ We’d like to send you marketing text messages about our special offers. If you don’t want to receive these please tick here.

The customer decides to tick the box because they don’t want to receive these text messages from the company. The company subsequently sends the customer an order confirmation text but doesn’t send them any direct marketing text messages.

Bad practice
A customer orders a takeaway pizza online. As part of the process, the company asks them to provide either an email address or mobile phone number. The customer provides their mobile phone number.

The company subsequently sends the customer an order confirmation text. The text message also tells them how to opt out of future marketing messages.

The company did not provide this way of opting out until after they had collected the customer’s contact details. Any further marketing text messages would breach PECR.

You give the recipient an opportunity to refuse or opt out in every subsequent communication

You must give people the chance to opt out in every subsequent message that you send.

You must make it simple for people to change their mind and opt out or unsubscribe from marketing. You should make it for people to reply directly to your messages or to click a clear ‘unsubscribe’ link. With text messages you could offer an opt-out by telling people to send a stop message to a code number. You must make this free of charge, apart from the other cost to people of sending the message.

Example

Good practice
A yoga studio sends their clients an email about upcoming events. At the bottom of the email, it says: ‘If you no longer want to receive these emails from us, please click here to unsubscribe.’

Bad practice
A yoga studio sends their clients an email about upcoming events. At the bottom of the email, it says: ‘If you no longer want to receive these emails from us, please call the studio on 012345678910 and quote your membership number and email address.’

Example

Good practice
A hairdresser sends their clients a text message offering 30% off colour treatments. At the end of the text, it says: ‘To opt out text STOP to 12345.’

Bad practice
A hairdresser sends their clients a text message offering 30% off colour treatments. They don’t provide any information in the message about how to opt out or unsubscribe.

You should not ask people to create an account to unsubscribe or ask them to log into their existing account to change their preferences. This is not a simple way to opt out of your electronic mail marketing.

How do we use the charitable purposes soft opt-in?

The charitable purposes soft opt-in allows a charity to send electronic mail marketing without consent where the message furthers their charitable purposes, but only where all the following requirements are met:

  • You’re a charity.
  • You obtained the recipient’s contact details.
  • You did this through the person expressing an interest in, or offering or providing support for, your charitable purposes.
  • The sole purpose of your direct marketing is to further your charitable purposes.
  • You provided the recipient an opportunity to refuse or opt out when you collected their contact details.
  • You give the recipient an opportunity to refuse or opt out in every subsequent communication.

We explain these requirements in detail below.

You’re a charity

Only charities can use the charitable purposes soft opt-in. PECR uses the definitions of ‘charity’ set out in the legislation for each UK nation. You must meet the relevant definition to use this soft opt-in.

You obtained the recipient’s contact details

This works in the same way as the equivalent requirement in the products and services soft opt-in. You must obtain the contact details directly from the person you want to send the direct marketing to. The soft opt-in doesn’t apply if someone else obtains the contact details for you, even if it’s another organisation closely connected to your charity, such as a trading subsidiary. There is no such thing as a third-party marketing list that is ‘soft opt-in compliant’.

Example

Good practice
A supporter donates through a charity’s website. The online form asks for their email address and has a prominent opt-out box the supporter can tick if they don’t want to receive marketing about the charity’s charitable purposes.

Bad practice
A supporter donates through a third-party online fundraising platform. The platform collects their email address and passes it on to the charity. The charity did not collect the contact details directly.

The charitable purposes soft opt-in commenced on 5 February 2026. You must only use it if you obtained the recipient’s contact details on or after this date.

Example

Good practice
A supporter donated in 2025 and gave the charity their email address as part of the process but did not consent to receiving electronic mail marketing. In April 2026, they make another online donation. As part of this, they provide their contact details again. This time, they are given a clear way to opt out of receiving electronic mail marketing about the charity’s charitable purposes.

Bad practice
A supporter donated in 2025 and gave the charity their email address as part of the process but did not consent to receiving electronic mail marketing. They have not donated or provided their contact details again since then.

Through the person expressing an interest in, or offering or providing support for, your charitable purposes

When you collect a person’s contact details, they must:

  • express an interest in your charitable purposes; or
  • offer or provide support to further your charitable purposes.

They can do one or both of these things.

If someone actively engages with your charitable purposes, such as asking for information about the work your charity does, they’re likely to be expressing an interest. However, interactions that don’t reveal anything about the person’s interest in your charitable purposes normally won’t be enough.

Example

Good practice
A person browses a wildlife charity’s website. The website has an online form for people to complete if they’d like to receive updates about the charity’s work to support endangered species. The person is interested in this and submits their contact details through the form.

Bad practice
A person visits a community café run by a local charity. While there, they use the free guest wifi and enter their email address when prompted. They don’t ask for information about the charity’s work or do anything else that suggests they’re interested in the charitable purposes.

People who benefit from your charity’s support may express an interest in your charitable purposes as part of that interaction. They may do something over and above merely receiving your support to show they’re interested in your charitable purposes.

However, in these situations it’s particularly important to consider whether it’s appropriate to send marketing to the person at all, especially where they may be in a vulnerable situation or at risk of harm. See How does ‘legitimate interests’ work for the soft opt-ins? for more information.

Example

Good practice
A mental health charity runs drop-in wellbeing sessions in a community centre. During one session, a visitor spends time talking to a staff member about the charity’s broader initiatives including their peer-support groups and public education work. The visitor asks for a copy of a resource booklet, so the staff member offers to email them a copy. They ask the visitor to write their email address on a paper form. The form says: ‘We may also email you occasional updates about our charitable work to improve mental health. If you do not want to receive these emails, tick this box.’

Bad practice
A person uses a charity’s website to request emergency food support. They provide their phone number so the charity can text them to confirm the collection time. They don’t ask about the charity’s aims, programmes or wider work and don’t take any steps that indicate interest beyond receiving the support they need.

Offering or providing support includes situations where the person:

  • donates to your charity (eg by giving money or unwanted property); or
  • volunteers to help your charity (eg by running stalls at your fundraising events).

Example

A person visits a charity’s donation point and hands over a bag of unwanted clothes. The charity asks for their name and email address so they can issue a Gift Aid declaration and record the donation for audit purposes.

When someone buys something from a charity, this usually falls within the products and services soft opt-in.

However, some purchases from a charity are clearly understood by the buyer as a way of supporting your charitable purposes. This might include familiar activities such as taking out an annual membership, sponsoring an animal, entering a charity raffle or paying to take part in a charity’s fundraising event.

In these situations, it might be clear that the person is engaging with you as a supporter and that their payment contributes directly to supporting your charitable purposes. Remember, for the charitable purposes soft opt-in to apply, the person’s interaction must be with the charity itself and not a connected organisation such as a trading subsidiary or a third-party fundraiser.

Not all purchases indicate support for your charitable purposes. There will be situations where an interaction is clearly just transactional. Sometimes there will be no reasonable basis for you to conclude the person was providing support to further your charitable purposes. In these cases, you must not use the charitable purposes soft opt-in. This is likely to be where:

  • the purchase is incidental or made from convenience;
  • the buyer has no meaningful engagement with the charity’s mission; or
  • the circumstances make it clear that the person is acting as an ordinary consumer rather than as a supporter.

We provide examples below to help illustrate the distinction. They are not exhaustive. You should always consider your specific context before deciding to use the charitable purposes soft opt-in.

Example

Good practice
A person buys handmade crafts directly from a charity that supports people with learning disabilities. The items are created through the charity’s skills development programme. The person gives the charity their contact details when buying the items.

Good practice
As part of an ongoing campaign, a charity sells some T-shirts on their online store. The charity makes it clear that the proceeds go directly to supporting the campaign. Someone buys the T-shirt to give their support to the campaign and provides their email address through the purchase process. 

Bad practice
A charity has a small café near a local park. A passerby stops at the café to buy a drink because they are thirsty. They give their email address because the charity offers digital receipts as standard.

The sole purpose of your direct marketing is to further your charitable purposes

You must ensure that the sole purpose of your direct marketing is to further your charitable purposes.

PECR uses the definitions of ‘charitable purposes’ set out in legislation for each UK nation. These provide examples of things which, if done for the public benefit, can be considered charitable purposes.

Electronic mail marketing to further your charitable purposes includes:

  • asking for donations, including money or other property (eg clothes or food) where required for your charitable purposes;
  • asking people to volunteer to help further your charitable purposes (eg inviting them to give their time or skills by helping at an event); and
  • providing information about your charity’s mission-related activities, such as your programmes, projects and campaigns.

You must only use this soft opt-in to further your own charitable purposes. You must not use it to promote other organisations, including other charities.

Example

Good practice
A pet rehoming charity collects email addresses from people who apply to adopt cats and dogs. They provide a clear way for people to opt out of marketing about their charitable purposes. The charity later emails these people asking for donations to help cover veterinary care costs and sharing updates on recent rehoming successes.

Bad practice
The same charity later emails these people promoting discounted pet care products sold by a commercial pet supply company that sponsors the charity. They also promote the work of a separate animal welfare charity they are collaborating with, encouraging people to donate directly to the partner charity’s veterinary care appeal.

You provided the recipient an opportunity to refuse or opt out when you collected the contact details

This works in the same way as the equivalent requirement in the soft opt-in for products and services.

You must give people a simple way to opt out of your electronic mail marketing when you collect their contact details. An opt-out hidden within your privacy policy is not a simple way for people to refuse your electronic mail marketing.

Your forms should include a prominent opt-out box. Staff taking down details verbally should specifically offer a choice of opting out.

You must offer the opt-out when you collect the contact details. For example, including an opt-out in an order confirmation email does not meet the requirement to give people a way to opt out at the time you collect their details.

Example

Good practice
A wildlife protection charity has an online form allowing people to sign up to volunteer for upcoming habitat restoration projects. Where the person enters their contact details, the charity includes an opt-out box labelled: ‘Tick this box if you do not want to receive emails about our conservation work and volunteering opportunities’.

Bad practice
An arts education charity runs a competition for members of the public to submit ideas for new community workshops. To take part, entrants submit their contact details through an online form. The form doesn’t include any information about future marketing emails or any way to opt out. A week later, the charity starts emailing participants newsletters about their wider activities and fundraising events.

You give the recipient an opportunity to refuse or opt out in every subsequent communication

This works in the same way as the equivalent requirement in the soft opt-in for products and services.

You must give people the chance to opt out in every subsequent message that you send.

You must make it simple for people to change their mind and opt out or unsubscribe. It should be possible for people to reply directly to your messages or to click a clear ‘unsubscribe’ link. With text messages you could offer an opt-out by telling people to send a stop message to a code number. You must make this free of charge, apart from the other cost to people of sending the message.

You should not ask people to create an account to unsubscribe or ask them to log into their existing account to change their preferences. This is not a simple way to opt out of your electronic mail marketing.

Example

Good practice
A homelessness charity collects email addresses from supporters who complete a form to register for a sponsored sleep-out fundraising event. At the time of the collection, the charity gave them a clear opt-out option.

The charity later sends an email update about their wider homelessness outreach projects, using the soft opt-in. At the bottom of the email, it says: ‘You are receiving this because you previously supported our charitable work. If you no longer want to hear from us by email, you can unsubscribe here’ (and there is an unsubscribe link).

Bad practice
A children’s literacy charity collects email addresses from supporters who sign up at a community book drive event. When gathering the details, the charity provides a clear opt-out. Those who don’t opt out are added to the mailing list under the charitable purposes soft opt-in.

A month later, the charity sends an email encouraging supporters to join a new ‘reading buddy’ scheme and to donate books for an upcoming school partnership project. The email contains information about the initiative but does not include an unsubscribe link or any wording explaining how people can opt out of future communications.

What happens if both soft opt-ins apply?

The soft opt-ins cover different types of electronic mail marketing. One lets organisations send marketing about their own products or services. The other lets charities send marketing that furthers their charitable purposes. Charities can sometimes use both at the same time.

If you want to use both soft opt-ins together, you must offer separate opt-out boxes for each one when you collect the contact details. You must only provide an opt-out box where you have met the collection requirements for that soft opt-in. You must also provide a way for the recipient to opt out of each type of marketing in every subsequent message you send.

If you have satisfied the collection requirements for both soft opt-ins, you can send one message combining both types of direct marketing. However, you must ensure your message only includes marketing that is permitted under those soft opt-ins. You must have the recipient’s consent to send any other type of electronic mail marketing.

Using both soft opt-ins together may mean that different people on your contact list are permitted to receive different categories of marketing. For example, some people may only meet the criteria for the charitable purposes soft opt-in, while others may meet the criteria for both. You may also be using consent to send marketing to some people, such as historic supporters who gave their consent before the charitable purposes soft opt-in existed.

To manage this properly, you should keep clear records showing which method applies for each person. A simple set of flags or preference fields in your system is usually enough. This helps ensure you only send each person the specific type of marketing you’re allowed to send them.

Example

Someone buys an entry ticket to visit a historic mill operated by a heritage preservation charity. The charity is satisfied that the person has bought a product or service and also provided support for the charity’s heritage preservation work.

During checkout, the charity collects the person’s email address and presents two separate opt-out boxes:

I do not want to receive email marketing about your similar products or services (for example, tickets for future exhibitions or guided tours); and

I do not want to receive email marketing about your charitable purposes (for example, volunteering opportunities, requests for donations or updates about your work)

The person doesn’t tick either box. The charity can send the person emails combining direct marketing about their similar products and services and their charitable purposes.

The charity gives the person a clear unsubscribe link in every subsequent message they send where the person can choose to opt out of each type of direct marketing.

Can we use bought-in lists?

Many organisations offer marketing lists for sale, rent or under licence. If you want to use a list to send electronic mail marketing, the people on it must have given valid consent to receive marketing from you and for the specific method you plan to use (eg email or text).

If a third party claims that people on their list consented to direct marketing, you must check that the consent is valid. You should do this by checking that the consent:

  • named your organisation (not just ‘trusted partners’ or similar);
  • clearly covered the method of electronic mail marketing;
  • was freely given, specific, informed and unambiguous; and
  • is recorded so you can demonstrate who consented, when and how.

If the consent doesn’t name you or does not cover the method you intend to use, then it is not valid. You must not send electronic mail marketing to people on the list in those circumstances.

Remember, for the soft opt-ins to apply, you must collect the contact details directly from the person you want to send the marketing to. This means you must not use the soft opt-ins to send unsolicited electronic mail marketing to people on a bought-in marketing list.

You must also be aware of the data protection implications if the information you are buying is personal information. See What is the relationship between PECR and the data protection rules? for more information.

Can we use publicly available contact details to send electronic mail marketing?

The term ‘publicly available’ refers to contact details sourced from various places, including social media accounts, websites or other online of offline sources.

Just because someone’s contact details are publicly available, it doesn’t mean they’ve consented to your direct marketing.

Remember, you must have consent or meet the requirements of a soft opt-in to send unsolicited electronic mail marketing to individual subscribers. This includes sole traders and ordinary partnerships.

You must also comply with data protection law if you are gathering personal information from publicly available sources. See What is the relationship between PECR and the data protection rules? for more information.

Can we ask people to pass on our electronic mail marketing?

Asking people to send your electronic mail marketing to friends or family is often called ‘refer a friend’, ‘tell a friend’ or ‘viral marketing’. If you encourage people to do this, you’re likely to be instigating those messages and you must comply with PECR. You don’t need to give an incentive for it to count as instigating. It’s enough that you actively encourage someone to pass on your message.

You must not rely on the soft opt-ins for ‘refer a friend’ schemes. You must obtain valid consent. This is unlikely to be possible in practice because you have no way to show they agreed to receive your marketing.

Example

An online retailer runs a ‘refer a friend’ scheme that gives customers 10% off their orders if they take part. The customer provides their own name and email address. The retailer then automatically creates a marketing email for the customer to send to their friends or family.

The retailer is responsible for complying with PECR because it is instigating the electronic mail marketing. These emails do not comply with PECR because the retailer doesn’t have the friends or family members’ consent.

It can be difficult for you to control how customers choose to tell other people about your reward schemes. However, you can take steps to avoid instigating these messages. For example, you can avoid actively encouraging customers to send an email or text message to their friends and family.

Example

A company runs a ‘refer a friend’ scheme that gives customers a discount if their friends or family switch to the company’s service.

When a customer logs into their account, they see a page explaining the scheme. It tells them that if their friends and family input the customer’s unique code when they sign up, the customer will receive a discount on their bill. The page does not tell the customer how to share the scheme or suggest that they should send emails or texts. It’s for the customer to decide if and how they take part.

In this situation, if the customer chooses to send electronic mail to tell people about the scheme, the company is not responsible under PECR because they are not instigating those messages.

You are not responsible under PECR for messages that people choose to send without your encouragement. This includes customers or supporters who:

  • recommend you;
  • share a promotion or campaign;
  • link to your website; or
  • take part in your sponsored events who use their own electronic mail to ask for sponsorship.

Can people change their mind about our electronic mail marketing?

Yes. People can change their mind at any time.

PECR treats consent as ‘for the time being’. This means people can withdraw their consent whenever they want. If someone withdraws their consent, you must stop sending them unsolicited electronic mail marketing. You can only send further marketing if they later choose to give their consent again.

If you’re using a soft opt-in, people can also change their mind by opting out. If someone opts out, you must stop sending unsolicited electronic mail marketing under that soft opt-in. You can only send further marketing if they later give their consent.

Opt-outs usually apply to the specific communication method used. For example, if someone clicks the unsubscribe link in an email, that opt-out only applies to email marketing, as long as this is made clear in your wording.

Example

A company is sending a customer direct marketing by text message and email. The company is relying on a soft opt-in to send the marketing. Each text message tells the customer how they can opt out of texts. Each email has an unsubscribe button that clearly explains they will stop further email marketing if the customer unsubscribes.

The customer decides they no longer want to receive direct marketing by email, so they use the unsubscribe button.

The company stops sending the customer marketing emails. However, because the customer hasn’t opted out of text messages, the company continues to send marketing by text.

People have an absolute right to object under data protection law if you use their personal information for direct marketing purposes. If someone objects, you must stop using their personal information for those purposes.

You should have a clear process in place to deal with anyone who tells you they no longer want to receive your electronic mail marketing. You should act promptly to respect their wishes. You should add their contact details to your ‘do not contact’ or suppression list. You should check this list to make sure you’re not sending electronic mail marketing to people who have asked you not to.

People may decide they want to receive your electronic mail marketing again in the future, so you may want to explain how they can do this. For example, when someone unsubscribes, you could send them an automatic bounce-back message. This could confirm that they have unsubscribed and explain how they can change their mind.

You could also remind people of their electronic mail marketing preferences if the reminder is a minor addition to a message you were already sending. For example, you could include a short line in an order confirmation email explaining how they can update their preferences, as long as it does not encourage them to change their mind.

Further reading – ICO guidance

UK GDPR guidance and resources

Right to object