Permission for sending your emails: what you need to know

Estimated reading time: 5 minutes (Too long? Email me this article)
6, April 2020

Do you need specific permission from customers? And what kind of content can you send to people who are not customers? In this article, we will explain the specifics about opt-in for email communication when you do or do not have a customer relationship. Additionally, we will address emailing B2B contacts as well. 

At the very least, make sure your permission requests meet de GDPR requirements and you’re able to provide proof you actually obtained these permissions. 

No customer relationship: opt-in for emails required

What is a customer relationship? You form a customer relationship with someone when they actually buy something from you and pay you for this. It does not apply to free products or services.

If you do not have a customer relationship with someone, they must consent to receiving your email newsletters.

Under the GDPR, a person’s consent must be a “freely given, specific, informed and unambiguous indication” of their agreement, given via “a clear affirmative act.” This can be done by e.g. entering one’s email address and then clicking a button marked “Sign up” or by deliberately checking a checkbox. 

Double opt-in: not a requirement

A single opt-in is not enough to verify whether an email address was submitted by its owner or a third party. That makes it harder to prove that you received proper consent, which was – and will continue to be – mandatory.

If you want to play it safe, you can use a double opt-in for email communication. You can then easily prove who consented to what and when via your email service provider (e.g. Webpower). You should also keep the other advantages of a double opt-in in mind. Examples are a reduced bounce rate and fewer spam complaints. In the end, your database will be of a higher quality.

Note that the GDPR allows you to choose either method (opt-in or double opt-in) to collect email addresses and consent, as long as you can meet your burden of proof. 

Offline contact with a potential customer

In practice, it is common to acquire email addresses offline, e.g. via business cards given to you during a tradeshow. You are allowed to use these email addresses for direct marketing purposes if you can prove that you received consent to do so.

An example:

Imagine you own a bicycle shop and you set up a promotion in which people can win a bike. You (also) want to send participants commercial emails from your company.

Participants write down their email address and their slogan on a form, which they drop in a special bin. It is important to make sure that participants check a box on this form with which they consent to receiving your commercial emails. 

You can take a picture of the situation and the relevant conditions and save all offline forms, but once again, it is much easier to use a double-opt-in procedure. In other words: you send the participants a confirmation email (double opt-in) with which they can confirm their consent to receiving your commercial emails. Make sure to list the relevant conditions as well. Doing so ensures your digital burden of proof is in order.

Conclusion: if you do not have a customer relationship with someone, they have to opt in to receiving your emails. We recommend using a double-opt-in process, even though it is not a requirement.

You do have a customer relationship? Mind the type of communication

The rules regarding the sending of emails to existing customers are more lenient compared to situations in which no customer relationship exists.

In concrete terms, this means that you can ask for consent in a passive manner. In our field, that means offering customers an opt-out option. Of course, you must always act within the applicable frameworks, which we will explain below with examples for B2B and B2C customers.

An example:

Imagine you own a webshop and you want an easy way to ask new customers for consent to send them your newsletter. During the final phase of the purchase process, you can include a checkbox that is checked by default.

This lets a new webshop customer decide if they want to withdraw their consent by unchecking the box (opt-out) to indicate that they do not wish to receive your commercial emails. Note that this only applies to the final phase of the order process, when an existing customer relationship has already been formed.

B2B customer relationship

If an organisation enters into an agreement with another organisation, this usually results in multiple customer relationships within that business. In that case, make sure to determine whom you are forming what type of relationship with and adjust your communication accordingly.

For example, you form a customer relationship with the company’s decision-maker, but indirectly with the employees who use your product or service as well.

An example:

Suppose you own a wholesale company that sells car parts, and many of your customers are workshops. You maintain contact with the owners of these workshops, who purchase your products and services. You can send the owner of a workshop emails about offers and new products or services. However, you are not allowed to include all employees of all workshops in your database for commercial emails.

Note that you must have given the buyer the option to opt out of, or object to, receiving your emails. A pre-checked checkbox is not the only way to acquire opt-out consent; you can also send your relations a neutral email in which you inform them about your sending of commercial messages. In this email, you can let them know how they can opt out of receiving these messages.

In short: you are allowed to send B2B emails that suit the type of customer relationship you have with them. You are only allowed to send commercial emails to all other employee email addresses in the organisation if the owners of these addresses have given you their consent via an opt-in.

Service emails versus service-related emails

Be careful not to confuse the term “service emails” under the GDPR with emails that you perceive as services related to your product or service. Under the GDPR, service emails are e.g. track & trace emails or text messages or emails that inform customers that their flight is delayed. You are always free to send such messages.

However, if you offer free clothing advice through your webshop for example, that is considered a service rendered by your business. You can only send customers emails about such matters if you follow the aforementioned rules.

Conclusion: you do not need an opt-in for email communication if there is an existing customer relationship. Although it would be the decent thing to do, it is sufficient to offer customers an opt-out option as long as you operate within the applicable frameworks. If you send B2B emails, you do not necessarily need an opt-in (or opt-out). Just keep in mind that the messages you send must suit the type of relationship you have with a customer.

Do you want to email as securely as possible?

Our experts would love to introduce you to the power of Webpower.

Contact us

It is important to us to handle privacy legislation correctly. The contents of this blog have therefore been verified by ICTRecht. We provide this information so you can gain a better understanding of what the GDPR can mean to marketers. The purpose of this blog article is to share knowledge and it should not be viewed as official legal advice. In reading this article, you safeguard Webpower, ICTRecht and the author against any legal implications. We recommend always consulting a legal adviser before implementing any GDPR-related measures in your organisation.

 

Share this article