Cookies
- UK and EU privacy law requires that no cookies are dropped before consent is given unless the cookie is “strictly necessary”, which is quite a high bar. From the cookies you have mentioned to us (in Jonathan’s email) the following cookies are not likely to be “strictly necessary”:
- Analytics
- Recently Viewed Items
- That means users should be told about these cookies and asked to give consent to them before those cookies are set. We have included the relevant information in the cookie policy but please ensure you review that to check it is accurate and complete.
Direct marketing
- We suspect you may collect emails for marketing purposes. We’ve referred to that in the privacy policy and set out some general guidance below. We have assumed there won’t be live marketing calls and these rules apply to UK customers. Other markets may have different rules – for example, some EU markets don’t benefit from the “soft opt-in” rules we’ve set out below, which means explicit prior consent is required for email marketing.
- Strictly, consent is required before engaging in direct email (or SMS or social DM) marketing. However, for emails, texts and similar methods, the UK data protection regulator uses a rule it calls “soft opt-in”. Ie, for existing customers, such marketing is permissible without consent up front so long as (a) the marketing originates from you and is about products or services similar to what customers have already bought, (b) when you initially collect their details (i.e. as part of the order process) they are given a simple means of opting-out (this is typically done by having a box for the customer to check or un-check which explains “Please check this box if you do not want to receive marketing emails or SMS from us with news about our business and similar products and services”); and (c) customers are given the option to unsubscribe / withdraw consent on each communication.
- It’s possible to generically advertise the brand and its products on social channels to followers of the channels, although such advertising must disclose on the face of the post that it is an ad (#ad should be used). Additional rules are set out here.
- In accordance with the above rules, sending marketing messages by collecting the data of followers on a social channel isn’t permitted unless followers have already opted-in and are given the option to opt-out with each message.
- Across the above, it’s important to maintain a “do not market” list of individuals that have opted out of marketing communications.
