tl;dr: Theres a list at the bottom of the requirements to send emails in the UK, and I need advice on it's accuracy
I'm attempting to formalise the rules which we present to our clients and partners to help them meet both the requirements for sending emails with Campaign Monitor (as per the CM site) and also for the UK's Privacy and Electronic Communications Directive (which specifies a few additional/alternate rules for consent and has a few impacts on Campaign Monitor such as requiring the user to be notified of tracking). A fair amount of it is absorbed from http://www.york.ac.uk/recordsmanagement/dpa/privacyregs.htm
However, its a bit of a minefield, so I figured that as you're all probably a little more up-to-date with these rules, would be extremely helpful if any of you experts would cast an eye over this, especially with regards to the 'soft opt-in' (option c). Theres also a question on what opt-in is required for charities and for when an organisation is not selling something, which is unclear from the legislation itself, if anyone can shed any light on what charities must do vs. what businesses must do that would be helpful.
I can't guarantee it's accuracy (IANAL) but feel free to steal & use!
Legal Restrictions from the Privacy and Electronic Communications Directive:
• You must not conceal your identity in an email
• You must give a valid address for opt-out requests
• You must only send messages relating to your products/services/events
• You must have prior consent, which can be any of the following:
a) The user has filled in a form specifically for (and only for) newsletter signup (without a checkbox)
b) The user has ticked an opt-in checkbox
c) The user has read an obvious 'active consent' statement with an opt-out checkbox (both placed before the submit button) and you are contacting regarding commercial services (rather than charity, political messages or promoting aim instead of promoting a product)
Additional Restrictions for use of the Campaign Monitor service:
• You may not send to people who you have not had contact within the past 2 years
• You may not send to people who have used an opt-out checkbox (option c above) but have not purchased something from you in the previous 2 years
• You must include an unsubscribe link on each email
• You must include your business name and physical contact address
* The email addresses must come from your own data collection
Looks like http://www.ico.gov.uk/for_organisations/privacy_and_electronic_communications/the_guide/electronic_mail.aspx clarifies the 'soft opt-in' question for charities/not-for-profits/etc:
You can only use soft-opt in if you are contacting regarding commercial services.
is it commercial service which you are giving?
I deal with both commercial and non-commercial organisations (and not-for-profits with trading arms), so I'm trying to get something which would apply to both.