Referrals (where one person recommends a business to another person) are recognised as an effective form of marketing.
But what about when a person gives a friend’s contact details to a business?
The business needs to consider whether it can use personal information about the friend without their consent.
If the person is on the Do Not Call Register it cannot call them.
It also needs to ensure that it does not contact the friend electronically (such as by email or SMS) as that would constitute spam.
ACMA says that one of the most common types of complaint it deals with comes from people who’ve received a marketing message to their personal email address from a business they’ve never heard of.
An unsolicited electronic message by a business is spam.
A business must not send an electronic message to a person unless they have consent.
What if you want the friend to make a referral from your website direct to their friend by using a plugin like ShareThis?
In 2012 ACMA issued a warning to McDonalds over a “refer a Friend” campaign that did not have the recipient’s consent. And the emails did not contain an unsubscribe facility.
McDonalds had a “Send to Friend” facility on its Happy Meal website which encouraged visitors to email links to promotional games on the website to their friends.
ACMA decided that McDonald’s had caused those messages to be sent by providing the facility, in circumstances where ACMA was not satisfied that the recipients of those messages had consented to receiving the messages.
In ACMA’s opinion
- Including your customer’s email address as the sending address for your message doesn’t absolve you of responsibility.
- Telling your customer that they should only send a message to someone they think would want it doesn’t prove that the recipient consented.
- The fact that two people know one another or have each other’s email address does not mean the recipient would reasonably expect to receive marketing emails about your business.
If you run refer-a-friend campaigns then you need to review them for Spam Act, Privacy Act and Do Not Call Register Act compliance.