It is becoming increasingly common for retailers to ask customers if they would like an email copy of their receipt. The advantage for the customer is that they are less likely to lose an e-receipt and easier storage. For the retailer, the advantages are clear. They can use it to profile customers. This enables them to target marketing. This in turn (hopefully) means they sell more.
Data
As a retailer sending an e-receipt you will collect an email address which is personal information. You might at the same time collect other personal information such as a name and postal address.
Collecting Data? What is the Data used for?
When collecting personal information you need to clearly explain to customers what you will do with their data. You need to obtain your customer’s consent to use their information in that way. Simply asking the customer if they would like you to email them a receipt is not enough.
Consent must be freely and knowingly given. It must be specific to the purpose for which it is obtained and provide the customer with the option to change their mind and withdraw consent.
If you send out electronic marketing, you will need to comply with the Privacy and Electronic Communications Regulations. This requires a positive action i.e. customers must “opt-in” rather than “opt out”.
If you intend to sell or share the data with a third party you must inform your customer which organisations you will be selling/sharing their data with.
What if there is a problem?
If there is a problem you must be able to show that consent was obtained and how it was obtained.
Training your staff is key. They will be the ones collecting the information and so will need to obtain consent. Train them so they understand the importance of obtaining consent and make sure they know what they should be saying to your customers. Monitor them to ensure the correct message is being delivered.
Put in place procedures for your staff and train them so they know how to implement the procedure, making sure your staff follow your procedures.
Have a privacy policy which sets out in detail what information you collect and how it will be used. Also make sure that your staff are aware of the privacy policy and the information in it.
Security
You will also need to give consideration to storage of the data. Where is the data stored? Who has access to the data? How long is it stored for? These are all important matters to be considered to ensure you comply with your obligations under the Data Protection Act.
How can Nelsons help?
For more information in relation to the subjects discussed in this article, please contact a member of our Commerce & Technology team on 0800 024 1976 or via our online form, and they will be happy to assist.