Commercial prospecting allows companies to retain their customers or recruit new prospects in various forms. The abuse of these approaches is the source of many complaints.
Points of attention: to be compliant, commercial prospecting, based on the person’s consent, must respect a certain number of rules of validity:
- Informing peopleabout the collection of data on their use for commercial communication purposes in a clear and readable manner;
- Specific manifestation of a will that corresponds to an active and explicit step of the person:
- In the case of postal and telephone prospecting: the person must be informed at the time of data collection of their use and must be able to refuse their use for commercial purposes (= OPT OUT),
- In the case of email, SMS/MMS prospecting: the individual must be informed at the time of data collection of their use and must specifically give consent to their use for commercial purposes (= OPT IN);
- Freedom to consent/refuse without the choice impacting the originally intended processing (e.g.: online shopping, insurance purchase etc.);
- Consent must be provable by the data controller of the collection;
- Opposition to commercial prospecting must be able to be carried out in a comprehensible, easy and effective way;
- The deletion of data in the absence of prospect activity on the sending of prospecting for 3 years from the last action (ex: link opening).
Recommendations: control the appearance of information on each data collection form, be able to trace consent (date, time, place, form), set up an opt-out list or mechanisms to allow the withdrawal of consent to be automatically reflected in the database, respect the retention periods of consent.
For more information: Practical sheet on consent and disclosures.
Reminder of CNIL sanctions handed down for non-compliance with consent: Brico Privé(€500,000), Nestor(€20,000), Performclic(€7,300).