Direct marketing guidelines


This document provides key guidelines with respect to serving commercial communications (i.e. content that advertises or promotes a commercial product or service, including content on a website operated for a commercial purpose; hereinafter "Communications") through live calls, texts and emails.



In text messages and emails –


The promotion of the Communication is subject to the fulfillment of either of the following conditions ((a) or (b)):


Opt-in consent: the recipient has provided a freely given, specific, informed and affirmative consent to receive the Communication from the sender (for example, by ticking a box paired with the following prominent message "I agree to receive promotional emails from the *NAME OF SENDER*"):


The recipient's contact details were obtained directly by the sender in the course of a sale (or negotiations for a sale) of a product or service to the recipient; and


Indirectly (to a third party), provided that the sender was specifically named.


Soft opt-in consent: all of the following conditions have been met:


The recipient's contact details were obtained directly by the sender in the course of a sale (or negotiations for a sale) of a product or service to the recipient; and


The Communication promotes the sender’s similar products or services; and


The recipient has been given a simple opportunity to refuse or opt out of the marketing when first collecting the contact details and in all Communications.

In live calls –


Telephone numbers must be screened against the applicable national Do Not Call ("DNC") or Telephone Preference Service ("TPS") registries prior to the delivery of Communication – live marketing calls must not be made to any number registered with the DNC/TPS unless the recipient has specifically consented to receiving the marketing calls, directly from the sender.


Maintain an effective audit trail of how and when consent was given, including:


Keeping a record of when and how consent was obtained from the individual – such as by using an appropriate cryptographic hash function to support data integrity.


demonstrate the following:


Who consented: the name or other identifier of the individual (e.g., online user name, session ID, CID, etc.).


When they consented: online records that include a timestamp;


What they were told at the time: data capture form containing the consent statement in use at that time, along with any separate privacy policy, including version numbers and dates matching the date consent was given. If consent was given online, the records should include the data submitted as well as a timestamp to link it to the relevant version of the data capture form.


Whether they have withdrawn consent: and if so, when.


Managing consent– consents should be regularly reviewed to check that the relationship, the processing and the purposes have not changed (e.g. refreshing consent at appropriate intervals, using privacy dashboards or other preference management tools, acting on withdrawals of consent as soon as we can, not penalizing individuals who wish to withdraw consent, etc.).



Maintain a publicly available, accessible and intelligible privacy policy, clearly explaining your data processing activities, including the collection of contact details for the purpose marketing purposes and the right of the individual to object to receiving direct marketing at any time, including the methods to exercise such right.



The Communication must include an opt-out mechanism– the Communications must contain a clear and conspicuous notice of the opportunity to opt out of receiving future Communications, in an easy manner, through all of the following means: (1) responding directly to the Communication; (2) clicking on a clear and conspicuous notice of the opportunity to opt out of receiving future Communications noticeable (e.g. "unsubscribe" button).


The opt-out mechanism should not require the recipient to take any step other than sending a reply (via text message or email, or responding verbally) or visiting a single page on an Internet website as a condition for honoring an opt-out request.


Opt-out requests should be respected within at least ten days as of receipt of notice.


The email must not be promoted to a recipient who communicated to the sender its choice not to receive future emails.



The Communication should not contain materially false or materially misleading information, including deceptive subject lines.

In emails, the subject line must accurately reflect the content of the message.


The Communication should not contain false or misleading header information.

In emails, the "From", "To", "Reply To" and routing information, including the originating domain name and email address, should be accurate and identify the person or business who initiated the message.


The Communication must contain:

A clear and conspicuous identification that it is an advertisement or solicitation, in the header (e.g. "Promotion", "Advertisement", etc.).

Valid contact details of the Sender:

In emails – a valid physical postal address or PO Box must be included. See example below:
“This email was sent to you by [enter name of company] (“Company”). The Company is registered in [enter name of country] and its registered office is at [enter physical address and P.O. box (if available)].”

In live calls - the caller must identity itself and allow its number (or an alternative contact number) to be displayed to the recipient receiving the call.

Email tracking notice (see example below):
“The Company uses cookies, tracking tags and similar technologies in our emails, in order to improve our communications with you. These tracking technologies help us better understand how you interact with our emails, and are used to improve our future email communications to you. For more information please visit our Privacy Policy.”