Sending commercial communications to fidelity card holders

| Insights

The Guarantor for the protection of personal data, with the newsletter no. 456 of 22 July 2019, stresses the illegality of sending commercial communications (so-called spam) addressed to holders of fidelity cards that have not expressed a specific and free consent to the use of their data for marketing purposes.

The provision of the Guarantor of 20 June 2019 was adopted following the violations reported by some customers of an important chain of stores (“Company“) and confirmed by an inspection carried out by the Guarantor with the help of the special privacy unit of the Guardia di Finanza.

The customers had reported the continuous and unwanted receipt by e-mail of commercial offers by the Company of which they held a fidelity card. Moreover, the interested parties had repeatedly asked the Company, either by telephone or by automated procedures, to delete their address from the advertising mailing list, but without obtaining any results.

It was found that the consent to the processing of data for sending commercial communications – acquired through the old forms for joining the fidelity program (used from 2001 to 2009) – could not be considered valid, as customers were forced to issue it in order to obtain the services offered with the fidelity card.

Moreover, the Company’s information system was not able to adequately track and manage requests to exercise the rights of those concerned.

In particular, to oppose the processing for marketing purposes, and to interrupt, as a result, the sending of spam.

In the above mentioned measure, the Guarantor therefore prescribed measures to adapt to the new provisions on the protection of personal data and, exercising for the first time the new corrective powers offered by the EU Reg. 2016/679, “warned” the Company not to use any more, for marketing purposes, the personal data of the persons concerned, collected through the forms relating to the contested fidelity card.

It also prohibited the use, for the same purposes, of the data of any data subject, in the absence of proven free and specific consent.

Finally, the Company was ordered to implement adequate organisational and technical measures to guarantee the correct management of the rights of the interested parties, also ensuring the punctual tracking of the requests received from the clients, and in this way to be able to prove the respect (accountability) of the privacy obligations.

In conclusion, the Guarantor, through the newsletter no. 456 of 22 July 2019, which recalls the principles contained in the provision of 20 June 2019, provides that the sending of commercial communications addressed to holders of fidelity cards who have not expressed adequate consent to the use of their data for marketing purposes, is illegal.