PCO Office of the Privacy Commissioner for Personal Data, Hong Kong imagebanner image
Privacy Policy StatementSearchSite DirectoryText Only VersionChinese  
image
About PCPD
image
The Ordinance
image
Review of the Ordinance
image
PCPD Activities
image
Information Centreimage
 Liberal Studies
image
Privacy Zone for Youngsters (Games)
image
Publications and Videos
image
Enquiries and Complaints
image
Case Notes
image
Contact Us
image
Annual ReportCode of Practice & Explanatory BookletConsultation Document/Report
NewsletterGuidance Note & Fact SheetLeaflet & FormOpinion Survey
OthersInvestigation Report / Inspection ReportInformation Book
image

Publications and Videos
Leaflet & Form
 

Personal Data Privacy and the Internet - A Guide for Data Users

Direct marketing activities on the Internet

Section 34 of the Ordinance (which is set out at the end of this Guide) requires a data user, on the first occasion it uses personal data for direct marketing, to offer the opportunity to the individual who is the subject of the data, at no cost, to opt-out of receiving further promotional or marketing contacts. This requirement also applies to Internet marketing activities, i.e. when an organisation sends unsolicited promotional and marketing mails to individuals over the Internet.

=>State that direct marketing is a purpose of use of personal data at the time of collection. DPP1 sets out the information an organisation must give to an individual when collecting personal data from that individual. An acceptable means to do this is by way of providing a PIC statement as an on-line notice (see section on "Collecting personal data on the Internet"). If personal data are collected that may subsequently be used for direct marketing purposes, this purpose of use must be clearly stated in the PIC statement. The directing marketing purpose must be specific, clear and relevant to the functions and activities of the organisation.

image
Provide an "opt-out" choice to the individual when sending direct marketing e-mails.

=>Provide an opt-out choice to the individual. When an organisation uses personal data to send direct marketing mails over the Internet, it must provide a prominent message to offer the recipients an opportunity to opt-out from receiving any further mailings. The message should clearly and accurately inform the recipients of their opt-out choices along the following lines: "If you do not wish to receive further marketing mails from us, please write to us or send us an e-mail." The opt-out choice should also enable the recipients to op-out from sources other than the marketer's own database, such as external lists or databases rented by the marketer.

=>Maintain an opt-out list. To comply with opt-out requests, it is necessary to maintain a record of the individuals who have requested an opt-out from further marketing approaches. The record should be updated regularly as and when new opt-out requests are received. If the data source is the marketer's own customer database, it should place a suppression marker against the individual's data upon receiving the individual's opt-out request.

=>Set a policy on unsolicited advertising e-mails (spamming). An organisation should be open about its policy on sending unsolicited advertising e-mails to prospective consumers. In drawing up the policy, the following factors should be considered:

  • the right of the individual to opt-out from receiving future unsolicited advertising e-mails;

  • the channels available, whether by an e-mail, postal or telephone contact, to permit the individual to make an opt-out request;

  • the system or procedures that are in place to comply with an individual's op-out request.

Previous PageimageNext Page

  imageNotice/ Copyright 2001 Office of the Privacy Commissioner for Personal Data, Hong Kong. All rights reserved. Disclaimer