PCPD - Personal Data Privacy and the Internet -A Guide for Data Users

Publications and Videos

Leaflet & Form

Personal Data Privacy and the Internet - A Guide for Data Users

Direct marketing activities on the Internet

Section 34 of the Ordinance (which is set out at the end of this Guide) requires a data user, on the first occasion it uses personal data for direct marketing, to offer the opportunity to the individual who is the subject of the data, at no cost, to opt-out of receiving further promotional or marketing contacts. This requirement also applies to Internet marketing activities, i.e. when an organisation sends unsolicited promotional and marketing mails to individuals over the Internet.

=>State that direct marketing is a purpose of use of personal data at the time of collection. DPP1 sets out the information an organisation must give to an individual when collecting personal data from that individual. An acceptable means to do this is by way of providing a PIC statement as an on-line notice (see section on "Collecting personal data on the Internet"). If personal data are collected that may subsequently be used for direct marketing purposes, this purpose of use must be clearly stated in the PIC statement. The directing marketing purpose must be specific, clear and relevant to the functions and activities of the organisation.

[Image of image]
Provide an "opt-out" choice to the individual when sending direct marketing e-mails.

=>Provide an opt-out choice to the individual. When an organisation uses personal data to send direct marketing mails over the Internet, it must provide a prominent message to offer the recipients an opportunity to opt-out from receiving any further mailings. The message should clearly and accurately inform the recipients of their opt-out choices along the following lines: "If you do not wish to receive further marketing mails from us, please write to us or send us an e-mail." The opt-out choice should also enable the recipients to op-out from sources other than the marketer's own database, such as external lists or databases rented by the marketer.

=>Maintain an opt-out list. To comply with opt-out requests, it is necessary to maintain a record of the individuals who have requested an opt-out from further marketing approaches. The record should be updated regularly as and when new opt-out requests are received. If the data source is the marketer's own customer database, it should place a suppression marker against the individual's data upon receiving the individual's opt-out request.

=>Set a policy on unsolicited advertising e-mails (spamming). An organisation should be open about its policy on sending unsolicited advertising e-mails to prospective consumers. In drawing up the policy, the following factors should be considered:

the right of the individual to opt-out from receiving future unsolicited advertising e-mails;
the channels available, whether by an e-mail, postal or telephone contact, to permit the individual to make an opt-out request;
the system or procedures that are in place to comply with an individual's op-out request.

[Image of Previous Page][Image of image][Image of Next Page]

End of Page

[Annual Report] [Code of Practice/ Guideline & Explanatory Booklet] [Consultation Document/ Report] [Newsletter] [Guidance Note & Fact Sheet] [Leaflet & Form] [Opinion Survey] [Others] [Investigation Report / Inspection Report] [Information Book]

[About PCPD] [The Ordinance] [PCPD Activities] [Information Centre] [Privacy Zone for Youngsters (Games)]
[Publications & Videos] [Enquiries & Complaints] [Case Notes] [Contact Us] [Search] [Site Directory] [Graphical Version]
[Chinese Version]