Legitimate Interests as the Basis for Data Processing – How to Effectively and Legally Use Email Marketing in an Online Store?
In the world of e-commerce, effective customer communication is key to success. Sending the right messages at the right time can significantly impact customer loyalty and increase sales. But how can businesses legally manage email communications with individuals who are not necessarily newsletter subscribers or whose status is unknown? The answer may lie in legitimate interests, which allow for the processing of personal data, including email addresses, under certain conditions.
Legitimate Interests: The Foundation of Effective Communication
According to GDPR, one of the legal bases for processing personal data is the legitimate interest of the data controller (Article 6(1)(f)). In the context of online stores, this means that processing customer data, such as email addresses, may be justified from a business perspective, provided that these interests do not override the rights and freedoms of the individuals whose data is being processed.
Example: Marketing Own Services and Products:
Suppose an online store wants to send promotional offers to customers who have made a purchase but have not subscribed to the newsletter. In this case, one could argue that the company has a legitimate interest in promoting its products and services to individuals who have already expressed interest by making a purchase.
However, the situation becomes more complex when dealing with users whose status is unknown—for example, those who abandoned the purchase process before completing it. Sending marketing content to such individuals may be risky and may require explicit consent.
Non-Marketing Content: What Messages Can Be Sent?
Non-marketing messages do not directly promote products or services but aim to inform customers about important matters related to their interactions with the company. Examples include:
Transaction Notifications (e.g., order confirmations, invoices, payment confirmations).
Security Alerts (e.g., suspicious activity on an account, data breach notifications).
Regulatory and Legal Communications (e.g., changes to terms and conditions, legally required notifications).
Operational Information (e.g., changes in opening hours, planned technical maintenance).
Service Quality Surveys (e.g., customer satisfaction surveys after a transaction).
Technical Updates (e.g., software updates, discontinuation of product support).
Account-Related Notifications (e.g., inactivity reminders, subscription renewal notices).
The 90/10 Rule for Balancing Non-Marketing and Marketing Content
A common question is whether marketing content can be included in messages that primarily contain non-marketing content. A recommended balance is 90% non-marketing content and 10% marketing content.
Example 1: A notification about changes in terms and conditions may include information about a new promotion.
Example 2: A cart abandonment reminder may include a discount code.
The Balancing Test: A Key Element of Legal Data Processing
To ensure that processing personal data based on legitimate interests complies with the law, every online store should conduct a balancing test.
Example Balancing Test for an Online Store: Abandoned Cart Reminder
Identifying the Legitimate Interest – The store wants to remind users about abandoned purchases, which can increase conversion rates.
Necessity of Processing – Sending a reminder is directly related to the user's shopping intent.
Assessment of Privacy Impact – The processed data includes the user's email address and cart contents, which pose minimal privacy risks.
Implementing Safeguards – Reminders should be sent only once or twice, and users should have the option to opt out.
Documenting the Balancing Test – The company should keep records of the test results.
Right to Object – Users must be informed about their right to opt out of such messages.
How Can Modern Marketing Automation Help?
Marketing automation tools can simplify communication management by automating message delivery and consent tracking. These tools help businesses:
Identify customers who have made purchases and send them personalized offers,
Restrict contact with users of unknown status to non-marketing content,
Track and document user consents and objections,
Ensure compliance with GDPR and European Data Protection Board (EDPB) guidelines.
Need more help?
If you have any further questions about transactional and marketing messages, please do not hesitate to contact us at hello@edrone.me