Retailers who obtain information from customers through loyalty schemes, competitions or online registration forms must be aware of their responsibilities under the Data Protection Act 1998 (as amended in 2003.) In such instances the Retailer is recognized as a "data controller" and as such must comply with the Act in how they collect and use information. The basic rule applied is that the consent of an individual is required before their personal data may be used for direct marketing purposes. The information must be obtained fairly. Customers (or potential customers) must be informed that you intend to use their data for the purpose of marketing and opportunity for them to refuse such use must be given. Electronic marketing tools such as texts or e-mails can be sent to existing customers so long as an "opt-out" option is provided. Whilst non-existing customers must provide their explicit consent before any contact can be made. All collected data must be kept securely and should not be kept for longer than is necessary for the purpose required. If you are running a raffle, you can only collect the data for the raffle period unless you get clear consent to ongoing use.  If a company ceases to trade, data collected should be deleted and not held for a future venture. Retailers can not abide by a "just in case" mentality - in legal terms the use of data is strictly confined to the purpose for which it is collected. If you have concerns let us know – it is not as complicated as you fear!

Disclaimer
This publication is for guidance purposes only. It does not constitute legal or professional advice. No liability is accepted by Leman Solicitors for any action taken or not taken in reliance on the information set out in this publication. Professional or legal advice should be obtained before taking or refraining from any action as a result of the contents of this publication. Any and all information is subject to change.