PECR Direct Marketing Compliance Policy

1. Overview
vapeMons Limited, along with all affiliated entities (hereafter referred to as “the Company”), ensures compliance with the Privacy and Electronic Communications Regulations 2003 (PECR) concerning direct marketing practices. The Company is committed to upholding legal, regulatory, and statutory obligations in relation to the use of direct marketing tools, including email, SMS, direct mail, telephone communications, and any form of electronic marketing. This policy outlines the processes, procedures, and standards we adopt to ensure compliance and protect individual privacy.

2. Policies and Procedures
To adhere to PECR requirements, the Company has implemented the following policies and procedures:

• Data Protection Policy (Available upon request)

• Data Breach Policy (Available upon request)

• Cookie Policy

• PECR Policy

• Privacy Policy

The Company employs a Direct Marketing Compliance Checklist to ensure each marketing initiative is compliant with PECR regulations.

Key Compliance Measures:

• Consent is explicitly obtained for all direct marketing.

• Clear, transparent, and understandable consent requests are used to avoid ambiguity and jargon.

• Individuals have the right to withdraw consent or opt out of marketing at any time.

• Simple, user-friendly mechanisms for opting out or unsubscribing are provided.

• All marketing communications include an unsubscribe option.

• Marketing materials contain links to the Privacy Policy, detailing the processing of personal data and individual rights.

• Automated marketing calls are only made with explicit consent.

• A ‘Do Not Contact’ list is maintained and utilized to screen marketing communications.

• All marketing methods are fully compliant with PECR provisions, ensuring the necessary contact information is included (company name, address, telephone number).

3. Policy Statement
This policy governs the use of email/SMS/e-marketing, direct mail, and telephone marketing by the Company. As part of our commitment to compliance with the PECR, we ensure that adequate policies, procedures, and controls are in place to meet direct marketing requirements.

4. Purpose of the Policy
This policy serves to ensure that all staff within the Company are aware of, and comply with, the legal obligations set out by the PECR in relation to direct marketing. It aims to outline the standards and best practices for handling personal data in compliance with PECR and the UK GDPR.

5. Scope
This policy applies to all employees of the Company, including permanent, fixed-term, temporary staff, third-party representatives, sub-contractors, and any other relevant parties engaged in the UK or internationally. Full adherence to this policy is mandatory.

6. Definition of Direct Marketing
Under the PECR, direct marketing is defined as any advertising or promotional material directed to specific individuals, including communications via phone, fax, email, SMS, or other electronic channels. Specific rules are applied to different communication methods.

7. PECR and UK GDPR Compliance
The PECR operates alongside the UK GDPR, and both are applicable when processing personal data for direct marketing. The Company acknowledges its obligations under both sets of regulations and ensures that all marketing practices meet the following requirements:

• Individuals have the right to object to processing for direct marketing purposes.

• Consent must be clear and explicit for all forms of direct marketing.

• Individuals can withdraw consent at any time with simple, accessible methods.

8. Objectives
The objective of this policy is to ensure that the Company’s marketing practices adhere to PECR and UK GDPR requirements. Specific objectives include:

• Ensuring transparency in marketing communications.

• Providing clear and easily accessible consent mechanisms.

• Enabling individuals to opt-out of marketing at any time.

• Providing regular training and updates for employees to stay compliant with evolving regulations.

9. Procedures and Guidance

The Company sends direct marketing via the following channels:

• Email

• SMS

• E-marketing (via CRM or marketing systems)

• Direct mail

• Telemarketing (where applicable)

Key Guidelines for Direct Marketing:

• Consent: The Company seeks explicit consent for marketing communications from individuals in accordance with PECR and UK GDPR.

• Clear Communication: All marketing communications include clear, accessible information on how personal data is processed and provide an opt-out mechanism.

• Electronic Communications: Marketing emails and texts are only sent to individuals who have consented to receive them or are existing customers who have previously engaged with our products or services.

• Telephone Marketing: In the event of future telephone marketing, the Company will use the Telephone Preference Service (TPS) and Corporate Telephone Preference Service (CTPS) to ensure compliance with the PECR rules regarding unsolicited calls.

10. Consent and Legitimate Interests
In general, consent is the primary basis for sending direct marketing communications. However, in certain cases, the Company may rely on legitimate interests for direct marketing, provided that:

• The communication is relevant and beneficial to the recipient.

• The recipient has a reasonable expectation of receiving such communications.

• The content is non-intrusive and does not compromise the individual’s rights.

• Clear opt-out options are provided at all times.

Third-Party Processors
Where third parties are involved in direct marketing, the Company ensures compliance through rigorous due diligence, Service Level Agreements (SLAs), and regular audits.

11. Audits and Monitoring
The Company carries out regular audits to ensure compliance with PECR and UK GDPR. This includes:

• Reviewing internal policies and practices.

• Verifying that marketing communications comply with the required standards.

• Testing and assessing the effectiveness of privacy protections and opt-out mechanisms.

• Identifying potential risks or breaches of compliance and recommending solutions.

12. Training and Employee Responsibilities
To foster a culture of compliance, the Company provides ongoing training to all staff involved in direct marketing. This includes:

• Initial and refresher training on PECR and UK GDPR.

• Access to relevant policies and guidelines.

• Practical assessments, coaching, and support to ensure staff can confidently adhere to regulations.

The Data Protection Officer (DPO) holds overall responsibility for overseeing compliance and ensuring that marketing practices are regularly reviewed and updated.

13. Conclusion
The Company is fully committed to ensuring compliance with the PECR and UK GDPR in all aspects of its direct marketing activities. By following these established guidelines, we strive to protect the privacy of individuals while promoting transparency and ethical marketing practices. Regular training, audits, and a clear framework of policies ensure that we meet the evolving regulatory requirements.