Login / Register

Are third parties allowed to obtain your customer’s contact details?

by | Aug 29, 2024 | Car Tips and Tricks

Dealerships wanting to share customer personal information with a third party (known as a Contractor) are sometimes faced with customers who demand to know why their personal information was shared without their permission.. 

The customer’s concerns often revolve around common misconceptions regarding POPIA (Protection of Personal Information Act) 

Lets clarify some common misconceptions based on clauses within POPIA.

Type of Communication – POPIA: Section 69

To place issues into perspective, it is important to point out that when it comes to telephonic communications, the provisions of section 69 with regards to unsolicited direct marketing through electronic communication do not apply to all forms of telephonic communication. They apply only to SMSs and automatic calling machines.

Telephone calls which involve live human intervention therefore do not fall under the provisions of this section, which is a common misconception when reference is made to consent for direct marketing. When conducting direct marketing through telemarketing, it is advisable to distinguish between the types of communication and apply the correct section of POPIA and other pieces of legislation such as the CPA (Consumer Protection Act) that may regulate the business practice in question.

The following sections of POPIA are worth considering when Telemarketing through telephone calls:

The Consent requirement – POPIA: Section 11

This section requires the responsible party to obtain consent before processing personal information of data subjects. There are, however, circumstances when it may not be possible for telemarketers to obtain this consent. The section makes provision for such circumstances and some of these provisions may apply to the telemarketing industry and any other responsible parties that engage in telemarketing as a business practice.

Circumstances which do not require consent are as follows:

  • Where processing protects a legitimate interest of the data subject; (Sec.11 1d)
  • If processing is necessary for pursuing a legitimate interest of the responsible party or a third party to whom the information is supplied. (Sect. 11 1f)

Calling (dealership) customers without their consent is therefore allowed in these circumstances unless the data subject objects as stated in section 11(3), in which case the responsible party will have to refrain from calling the data subject.

It is important to note that, unlike section 69, section 11 does not place a burden on the responsible party to–

  • contact the data subject only once;
  • provide an opt-out mechanism to the data subject. 

The responsibility lies with the data subject to object and ask the responsible party to stop calling them. This may only work if the responsible party does not have another legal basis which compels them to call the data subject, such as a contract that the data subject may be party to.

For call centres that make use of telephonic direct marketing, this means that as long as they meet the requirements of section 11(1)(d) and (f), they may contact the data subject–

  • without consent;
  • as many times as possible through telephone calls,

until such a time as the data subject objects, at which point the responsible party must stop calling the data subject.

It is also our conviction that these provisions must not be manipulated to harass the data subject but should instead be perceived as a window for pursuing a compliance framework informed by an ethical rather than a legal dependence.

Collection from the data subject – POPIA: Section 12 

Section 12 requires the responsible party to collect personal information directly from the data subject. There are also circumstances when this requirement can be waived:

  1. Section 12(2)(c): where collection from another source would not prejudice a legitimate interest of the data subject;
  2. Section 12(2)(d) (v): where collection from another source is necessary to maintain the legitimate interests of the responsible party or a third party to whom the information is supplied;
  3. Section 12(2)(f): compliance is not reasonably practicable in the circumstances or the particular case.

Notification to data subject when collecting personal information – POPIA: Section 18 

According to section 18, it is also a requirement to notify a data subject when their personal information is collected but there are some exceptions to this rule, some of which can be applied to the telemarketing industry and others that make use of telemarketing through telephone calls:

  1. Section 18(4)(b): if non-compliance would not prejudice the legitimate interests of the data subjects in terms of POPIA;
  2. Section 18(4)(d): if compliance is not reasonably practicable in the circumstances of the particular case

Other legislation that also regulates telemarketing

The above sections must be viewed in light of other pieces of legislation that regulate telemarketing, such as the Consumer Protection Act 68 of 2008, the Electronic Communications and Transactions Act and the National Credit Act, etc., which also require responsible parties to cease contact if the data subject requests it. It is reassuring to note that although there is a legislative maze to navigate through, POPIA offers an overarching guide for compliance.

SmartRestore has implemented the following compliancy checks:

  • Established a legal basis and rules for the categories of telephonic communications to be conducted in our business practices. 
  • Complied with with an independent  POPIA assessment from SERR ENERGY.
  • Awarded a certificate of compliancy for POPIA systems from SERR ENERGY
  • Formulated and implemented an effective procedure to facilitate receipt and records of requests from data subjects that request to be taken off the telemarketing list.
  • Avoids calling data subjects who have objected to telemarketing by keeping a record of “Do Not Calls” based on customer vehicle registration numbers only.
  • Maintains Service Level Agreements and Protection of Personal Information Agreements with all dealerships and dealership groups.
  • All staff and Operators such as IT companies sign a Protection of Personal Information Agreement.
  • All computers and and software firewall and protected and database information encrypted.

Conclusion

Although POPIA introduced further regulations for the telemarketing business practice, it is reassuring to notice that the role of telemarketing and the importance of call centres for the proper functioning and growth of the economy was taken into great consideration. 

SmartRestore remains 100% compliant with all aspects of POPIA.

With special thanks to the Author: Pedzisai Maririmba of SERR ENERGY