Direct marketing

Marketing to your own customers: the section 69(3) soft opt-in

Three legs: details obtained in a sale, marketing your own similar products, and an opt-out at collection and in every message.

Published Last reviewed 7 min read

Written by

Martin Kotze

Attorney, Conveyancer & Notary Public

About
Quick answer
Section 69(3) lets you send electronic marketing to your own customers without consent — if all three legs hold: you obtained their contact details in the context of the sale of a product or service; you are marketing your own similar products or services; and you gave a free, easy opportunity to object both when you collected the details and in every message since. Lose any leg and you are back in the consent regime.

On this page

The three legs — all of them, together

Source — the actual words

“A responsible party may only process the personal information of a data subject who is a customer of the responsible party in terms of subsection (1)(b)— (a) if the responsible party has obtained the contact details of the data subject in the context of the sale of a product or service; (b) for the purpose of direct marketing of the responsible party’s own similar products or services; and (c) if the data subject has been given a reasonable opportunity to object, free of charge and in a manner free of unnecessary formality, to such use of his, her or its electronic details— (i) at the time when the information was collected; and (ii) on the occasion of each communication with the data subject for the purpose of marketing if the data subject has not initially refused such use.”

Note — Paraphrased legs for the checklist: (1) contact details obtained “in the context of the sale of a product or service”; (2) marketing “the responsible party’s own similar products or services”; (3) a free, easy opportunity to object “at the time when the information was collected” and “on the occasion of each communication”.

Protection of Personal Information Act 4 of 2013, s 69(3)Read it on Dept of JusticePDF

Note the conjunction: and. The legs are cumulative. Details scraped from a directory fail leg one even if the person later becomes a customer-ish contact; an unrelated product fails leg two even for a genuine customer; and a signup form with no objection opportunity poisons leg three from the start — which is why the opt-out box belongs on the order form, not just in the emails.

What counts as “similar products or services”?

The Regulator’s Guidance Note answers with a concrete example: for a clothing retailer, “similar products include shoes, belts etc. A funeral insurance cover will not constitute a similar product.” The test is the customer’s reasonable expectation, anchored in what they bought: adjacent items in the same commercial universe pass; a leap into a different industry — however profitable the cross-sell — needs fresh consent. Groups should take particular care: the exception covers the responsible party’s own similar products, not the whole stable’s catalogue (see intra-group sharing).

The edge cases

Quote-only prospects are the commonest stumble: no sale, no leg one — use the once-off consent ask instead. Lapsed customers keep the relationship in law, but honour the spirit: a customer who hasn’t heard from you in five years experiences your “soft opt-in” as spam, and complaints — not statutes — start investigations. An initial refusal ends the exception: leg three only operates “if the data subject has not initially refused such use”. And every message, exception or not, must identify you and offer a cease-contact route (s 69(4)) — the suppression list is permanent infrastructure, not a courtesy.

Frequently asked questions

May I email customers who bought from me years ago?

The Act sets no expiry on the customer relationship, but the legs must still hold — details obtained in a sale, similar products, opt-out honoured throughout. The staler the relationship, the weaker the claim that recipients expect your mail; review dormant segments honestly.

Is someone who only requested a quote my "customer"?

The exception requires details obtained "in the context of the sale of a product or service". A pure enquiry that never became a sale is the weak case — the prudent route for quote-only prospects is the section 69(2) once-off consent ask.

Can I market a new product line to my existing customers?

Only if it is similar to what they bought. The Regulator’s example: for a clothing retailer, shoes and belts qualify; funeral insurance does not. Cross-selling into a different category needs consent.

Must every message have an unsubscribe link?

Yes — the third leg requires a free, easy objection opportunity "on the occasion of each communication", and section 69(4) separately requires sender identification and contact details for cease requests in every message.

Sources

See the full POPIA source library for every Act, regulation, guidance note and enforcement document cited across this hub.

Why you can trust this: Martin Kotze has been an admitted Attorney of the High Court of South Africa, registered Conveyancer, and Notary Public since 2014, practising from Pretoria. The firm is regulated by the Legal Practice Council under firm registration F17333.

This guide is general information, not legal advice for your specific matter.

Keep reading · Direct marketing

Related guides

Work with an attorney

Get POPIA right for your business

Martin Kotze advises on privacy and data protection — grounds mapping, privacy notices, operator agreements, marketing compliance and breach response. General guidance on this page is not a substitute for advice on your facts.

Talk to us about POPIAAsk a question on WhatsApp
Back to the POPIA hub