4. Direct marketing communications

4.1 What is direct marketing?

Direct marketing involves a person being targeted as an individual, and the marketer attempting to promote a product or service, or attempting to get the person to request additional information about a product or service. Unaddressed mail received at your home is not covered by Data Protection legislation as no personal data is used. It also does not include market surveys seeking your views on say political matters or radio listenership preferences.

Our guidance on direct marketing can be found here

Back to Menu

4.2 What is an unsolicited communication?

Unsolicited communication is essentially something that was not sought or requested. If you have an ongoing, or recent, relationship with a person, then contact from that person might not be deemed to be unsolicited, as some form of consent may be present. In addition, where you have volunteered contact details in the course of completing lifestyle surveys or entering promotions, such details may have consent attached to their future use and subsequent contact may not be deemed to be unsolicited depending on what you knew when you provided them.

Back to Menu

4.3 Are there ways of stopping unsolicited marketing contacts?

Unsolicited direct marketing mail can be stopped by sending back an opt-out from such contacts to the sender. A means of doing this should have been provided with the communication received. Your preference must be respected. If you have concerns as to where your information was sourced, you should seek an explanation from the company concerned. Where you are unhappy with the outcome please contact this Office for further advice or to make a complaint that will be investigated. The sending of unsolicited direct marketing post is what as known as a breach of Data Protection Legislation which, on becoming aware, the Commissioner will have corrected. It is not an offence that carries a financial penalty.

Unsolicited direct marketing phone calls, emails or text messages to your phone are offences and each such call or message can attract a fine of up to €5,000 on summary conviction. If convicted on indictment, the fines range from €50,000 for a natural person to €250,000 if the offender is a body corporate.

Unsolicited direct marketing phone calls can be stopped by placing your phone number on what is known as the National Directory Database (NDD) opt-out register. This also applies to stopping unsolicited direct marketing faxes.

Back to Menu

4.4 I am receiving nuisance/threatening phone calls

This is a matter for your phone provider and the Gardaí to examine. Your data protection rights relate to calls for direct marketing purposes. If there are subsequent concerns in relation to the manner that your phone number became known to the person making the calls then there may be a data protection issue that this Office can pursue.

Back to Menu

4.5 Frequently Asked Questions about Marketing Calls and the National Directory Database Opt-Out Register – a Subscriber's Guide

Back to Menu

4.6 Can my mobile phone be targeted for marketing phone calls?

Under SI 336 of 2011 marketing calls to mobile phones are prohibited unless (i) the caller has been notified by the subscriber or user that he or she consents to the receipt of such calls on his or her mobile telephone, or (ii) the subscriber or user has consented generally to receiving marketing calls and that such consent to receive marketing calls is recorded in the NDD in respect of his or her mobile telephone number.

In relation to email and mobile phone text based direct marketing, it is an offence to send such communications to you without your clear consent in advance. In the case of businesses, messages can be sent until such time as the sender is asked to stop and any subsequent messages from that sender would then be an offence. More extensive information on this is available here:

(Guidance on email and mobile phone text-based direct marketing).

Back to Menu

4.7 How do I know what preference has been recorded?

Any subscriber has a right to ask his/her service provider for a copy of his/her listing in the NDD. The service provider has a right to charge a fee for this service.

Back to Menu

4.8 If my Line Provider fails to record my preference to be placed on the opt-out register of the NDD, what can I do?

This is a matter for Comreg which takes it seriously and you should contact ComReg at 1890-229-668 or visit their website at www.askcomreg.ie

Back to Menu

4.9 Will I still receive marketing calls from people I do business with?

Unless you instruct these people that you do not wish to receive marketing from them, they can rely on consent arising from any consent you may have given as part of that existing relationship to market you regardless of what preference may be recorded in the NDD.

Back to Menu

4.10 How do I remove a deceased person from a direct marketing database?

This should be done in the standard way by writing to the data controller and explaining the circumstances. In the vast majority of cases this will be respected as the data controller will have no business case for continuing to send direct marketing in such cases. As the Data Protection Acts only provide a right to object to the receipt of direct marketing to living individuals there is no express provision to object to such mail addressed to a deceased person. However, where there is reason to believe that a reasonable request for the removal of a deceased person's details is being ignored for the purpose of continuing to send mail to the home in question, then there may be rights under the Acts in such circumstances for a living individual in that home to object to its receipt

Back to Menu

4.11 To whom do I complain?

A complaint can either be made to this Office (who will prosecute persistent offenders) or to the Commission for Communication Regulation (who can issue enforceable directions against certain bodies).
Those wishing to complain to ComReg should phone their consumer line at 1890-229 668 or visit their website at www.askcomreg.ie.

Back to Menu

4.12 Can I ask my customers to provide the electronic contact details of friends as part of a "refer a friend" scheme so that I can market them about my products and services?

It is an offence under the provisions of SI 336 of 2011 to send an unsolicited marketing message to someone where there is no existing customer relationship. The onus is on the sender to show that the recipient has consented to the receipt of such messages. It is difficult to see how the operation of a "refer a friend" facility could meet this requirement.

Back to Menu

4.13 Can I ask my customers to inform their friends via my website as part of a "tell a friend" scheme about my products and services?

This depends on the way the scheme operates. It is more likely to be acceptable if the content of the message is determined solely by the sending customer.

Back to Menu

4.14 What is the difference between the Full Electoral Register and the Edited Electoral Register?

Since 2004, registration authorities are required to publish two versions of the Electoral Register – the 'Full' Register and the 'Edited' Register. The 'Full Register' lists everyone who is entitled to vote and can only be used for an electoral or other statutory purpose.
The 'Edited Register' contains the names and addresses of persons whose details can be used for a purpose other than an electoral or other statutory purpose, e.g. for direct marketing use by a commercial or other organisation.

Back to Menu

4.15 Advice to Charities in relation to engaging the public for "TEXT" (SMS) donation canpaigns and the collection of consent for further contact.

Donations to Charities by SMS

The Data Protection Commissioner has received several queries in recent months in relation to the collection by charities of donations via SMS (text message) on mobile phone accounts. Given the growth in interest in this form of soliciting donations to charity, the Commissioner considers it opportune to publish the following advices for charities and for members of the public in relation to the data protection issues which arise in this area.

If the sole purpose of the donation campaign is to collect donations by text message, then it is unlikely that any data protection issues would arise. However, should the SMS transmitting the donation on behalf of the phone subscriber automatically place the phone subscriber into a position that they are assumed to be automatically consenting to being further contacted (apart from being sent an SMS receipt for the donation), then this use of telephone numbers contravenes the Data Protection Acts 1988 & 2003 and SI 336 of 2011 (Privacy and Electronic Communications Regulations). It is important that charities to whom SMS donations are made, as data controllers, comply with the law concerning marketing communications.

The issues from a data protection perspective are as follows:

Firstly, it is perfectly legitimate for charities to seek to collect donations by means of an SMS service. Once a donor decides that they wish to contribute to the charity concerned by means of a text message (involving a deduction of the amount of the donation from the mobile phone account), they can proceed to do so in an easy manner by texting the advertised word to the five digit short code. In those circumstances, the minimum amount of personal data is required to be processed in order to process the actual donation. Once the service provider / third party processor, operating the short code notifies the relevant mobile phone company of the donation and the donation is then processed on the mobile phone account, there is no further data processing required. There is no obvious requirement for the charity concerned to receive anything other than the monetary donation in those circumstances and this Office would not expect the charity to receive details of the donating mobile phone number.

However, it has come to the attention of this Office that the advertising used by some charities indicates that phone numbers will be added to a marketing/promotional database. This suggests, processing of personal data of a more extensive nature and, in that context, the requirements of both the Data Protection Acts and SI 336 of 2011 must be met.

As far as data protection law is concerned, the use of the phone numbers of donors for further electronic contact ( by Phonecall, SMS, E-mail or otherwise) or to be put on a marketing database, may take place only where the phone subscriber concerned has actively opted in, to such use of their phone number in the knowledge that it will be used to contact them for direct debit and /or marketing/promotional purposes. It is not acceptable or lawful for a charity to place a donor's phone number on a marketing database, solely on the basis that the phone subscriber concerned made a donation to the charity using the SMS method.

In short, advertising which states "by texting you are consenting to be contacted by us" (or wording of a similar nature) does not meet the requirements of the law. If a charity was to contact the donor's number or add the number to a marketing/promotional database on that sole basis and without specific ‘opt in’ consent, firstly the charity concerned would breach the Data Protection Acts by so doing and, secondly, if it were to make follow up marketing contact by text message or phone call to the donor concerned, it would commit a criminal offence under the Regulations which apply to unsolicited marketing communications.

In terms of SI 336 of 2011, the charity must have unambiguous (fully informed and voluntary) consent to send marketing or promotional messages or to make marketing or promotional phone calls to mobile phone numbers. ‘Opted-in’, phone subscribers must also be given the opportunity to ‘opt-out’ of marketing in each, marketing communication which is subsequently sent to them.

From our communications with charities, we are aware that the general practice is that a receipt issues by SMS once the donation is received. The view of this Office is that it would then be possible to collect unambiguous consent by means of appropriate text in that same receipt message along the following lines or similar - "If you wish to receive further information and join our marketing database / create a direct debit, to receive future SMS messages and/or phone calls / emails,(or any other electronic communication) please text "OPTIN" to 5XXXX."

For the sake of clarity, breaches of SI 336 of 2011 are criminal offences. Such offences may be prosecuted in the District Court where, on summary conviction, fines of up to
€5,000 per offence may be handed down. If prosecuted on indictment, fines not exceeding €250,000 per offence may be imposed. It is in each charity’s interest, therefore, to ensure that before it commences any marketing activity to phone numbers that have been used to make donations on foot of advertising, that the unambiguous consent of each telephone subscriber concerned for such marketing is obtained - in effect, that means that each targeted subscriber must have opted-in to receive such marketing contact. Charities that are in any doubt about the consent issue, should avoid making contact with the donors concerned.

Please also see:

Guidance on direct marketing for Data Controllers:
https://www.dataprotection.ie/docs/DIRECT_MARKETING_-_A_GENERAL_GUIDE_FOR_DATA_CONTROLLERS/905.htm

Guidance note on Data Protection in the Voluntary and Charity Sector:

https://www.dataprotection.ie/viewdoc.asp?m=m&fn=/documents/guidance/Charity_Guidance.pdf

Finally, if a data processor is collecting and processing information from inpidual donators who have "opted in" to the charity’s promotional database then that data processor, is acting on behalf on the charity who is the data controller. In this situation a written contract must be in place between both parties to ensure compliance with Section 2C of the Acts which states:

"(3) Where processing of personal data is carried out by a data processor on behalf of a data controller, the data controller shall -

(a) ensure that the processing is carried out in pursuance of a contract in writing or in another equivalent form between the data controller and the data processor and that the contract provides that the data processor carries out the processing only on and subject to the instructions of the data controller and that the data processor complies with obligations equivalent to those imposed on the data controller by section 2(1)(d) of this Act,

(b) ensure that the data processor provides sufficient guarantees in respect of the technical security measures, and organisational measures, governing the processing, and

(c) take reasonable steps to ensure compliance with those measures. "

Furthermore, a third party processor which carries out marketing campaigns (e.g. phone or text message / email campaigns) on behalf of the charities concerned could themselves face prosecution if they target donors who have not unambiguously consented to the receipt of such communications or calls. Charities, as a Data Controller are strongly advised to carry out robust due diligence on Third Party Data Processors before they conduct promotional campaigns to donor lists created in the first instance on foot of donations made by SMS.

Back to Menu

4.16 Advice for members of the public who wish to make a charitable donation by “Tet” (SMS)

The text donation is normally a once off transaction whereby your phone bill will be charged with the €xx donation and that is the end of the matter. You will normally receive an immediate return text confirming that your donation has been received by the charity to which you donated. Your contact number will not and should not, be used for any other purpose by the charity or the third party processor engaged by the charity to provide the SMS service.

However, in some receipt texts, you may be invited to "Opt-in" to create a direct debit or to receive further information and updates from the charity by text message, by phone-call or by email etcetera. Should you wish to receive further contact from the charity then you may "Opt-in" by responding with the ‘opt in’, keyword to the relevant number 5XXXX. In the event that you do not wish to receive any further communication from the charity then you do not have to do anything. The charity must not communicate any further with you on foot of your text donation.

If the charity does not respect your right, not to be contacted further but instead initiates further contact with your phone number, you have two options available to you as follows:-

1. You may write to the charity directly [pursuant to, Section 2 (7) (b) (i) & (ii) of the Data protection Acts 1988 and 2003] to request that the charity cease processing your personal data and erase the data. The Charity should satisfy this request within 40 days and provide you with written notification that it has been completed. After that the Charity should not contact you again unless you specifically authorise it to do so.

2. You may report the incident of marketing, to this Office for investigation, giving full details of all correspondence and the content of the communication, as well as the time and date on which it was received.

In cases where you have elected to ‘Opt-In’, to receive further communications from a charity after receiving an invitation to do so, in the receipt text confirming your donation. Then the charity concerned may legally and validly contact you, based on your prior consent within the following twelve month period. The charity may keep that consent up-to-date on a rolling twelve month basis by offering you an ‘opt out’, in each marketing communication it makes to you. Once you exercise that opt out, the charity must remove your details from its marketing database. If the charity fails to respect that opt-out request then you may avail of either of the above two options.

Back to Menu