Helpful Information
 
 
Category: Business Help
Legality of using collected information

One of the sites that I manage uses a login type system before users are able to download product information.
It's just a form asking for their name and contact details.

Currently, this information is passed onto the company's sales department who then contact the user for potential sales purposes, regardless of the user wishing to be contacted or not.

Legally (and ethically) is this allowed?
The company also uses the email information gathered as a source of contacts for it's monthly newsletter? I know this isn't allowed after 31st October, so I was wondering about actually contacting people, even though they haven't requested it?

Cheers
Alex.

Currently, this information is passed onto the company's sales department who then contact the user for potential sales purposes, regardless of the user wishing to be contacted or not.
If people have expressedly asked not to be contacted, then you must not contact them. If you have a privacy policy on your site and violate it, then you can be sued.

The company also uses the email information gathered as a source of contacts for it's monthly newsletter? I know this isn't allowed after 31st October, so I was wondering about actually contacting people, even though they haven't requested it?
You must not send people unsolicited bulk email. This will be illegal after 31st October, but until then, your mail server will most probably be blacklisted if it is found to be a source of large amounts of unsolicited bulk email. If you don't own this mail server, then you can potentially get into a lot of legal trouble with the owner, as this almost certainly violates their acceptable use policy. Of late, there have been several highly publicised cases (see www.theregister.co.uk) of ISP's suing spammers for five and six-figure sums for abuse of their mail servers, so if you're tempted to do this - think twice.

Originally posted by alexgreg
If people have expressedly asked not to be contacted, then you must not contact them. If you have a privacy policy on your site and violate it, then you can be sued.

Thanks alexgreg. :)

Users are not actually given a chance to state whether they want to be contacted or not and the site doesn't have a privacy policy at present, so I assume this is just as bad as violating the rules anyway?! :(

Not that i agree with this, but I don't think that there is any legal issue involved with a website saying for you to login and download stuff or use resources on our website you have to receive our monthly newsletter. Ethically it may not be right but basically they are saying you can not get our monthly mailing but in that case you can't access certain resouruces on our website.

the way i understood it is:
1. you HAVE TO have a privacy policy on your site. if not, you can get in a lot of trouble with your local equivelant of the FCC.
2. you should have a box below the email address form that users can tick to say they don't want the ifnormation
3. at the bottom of every email you send, there should be a link that allows users to completely remove their details from your database










privacy (GDPR)