Note: This advice is given by the CAP Executive about non-broadcast advertising. It does not constitute legal advice. It does not bind CAP, CAP advisory panels or the Advertising Standards Authority.
For the purposes of the Code, database practice concerns the buying, selling, renting, use and administration of databases for direct marketing purposes. Those databases typically store contact or other information about individual consumers or businesses. This advice should be read in conjunction with the Direct Marketing Rules of the CAP Code.
Marketers should comply with all relevant data protection legislation, including the Data Protection Act 1998 and the Privacy and Electronic Communications Regulations 2003. Guidance on the legislation is available from the Information Commissioner’s Office (www.ico.gov.uk). The Code’s specific rules on database practice broadly reflect the legislation and should be observed in conjunction with it; they do not replace it. The Direct Marketing Association offers guidance to its members; see its website, www.dma.org.uk.
In brief, the Code requires marketers collecting data to inform consumers who is collecting that data, why it is being collected and what it is going to be used for. Consumers should be informed in advance if the data is going to be disclosed to third parties or be put to a significantly different use. Customers must be offered opportunities to refuse (opt-out) or actively accept (opt-in): (1) marketing communications from the marketer collecting the data and 2) having their data passed on to third parties. In general, the rules relate to the need to obtain consent for the relevant method of communication, the rights of consumers not to be contacted if they have so indicated and their right not to be exposed to marketing communications that they do not want to see. The Code outlines the rights of individuals to privacy and to have their data suppressed on request.
The Code requires marketers using data to ensure that the information they hold is accurate, that they have relevant consent and that their marcoms are suitable for recipients. Personal data should be relevant, held safely and kept no longer than is necessary for purpose. Marketers transferring data to countries outside the European Economic Area (EEA), the 27 Member States of the European Union plus Iceland, Lichtenstein and Norway, might need to take special precautions.
Marketers should read the other entries on Database Practice and Rules 9 & 10.
See ‘Recognising Marketing Communications’.
Last modified : 29 June 2010