Marketing Consent in New Zealand

Marketing consent sounds simple, but it is where a lot of New Zealand businesses trip up. A founder collects email addresses at checkout, imports a contact list from an old business, or adds everyone who made an enquiry into a newsletter without asking clearly enough first. Those are common mistakes, and they can create complaints, unsubscribe problems, and privacy risk long before a campaign starts working.

The main issue is that marketing rules do not sit in one tidy place. Your approach to email, text messages, customer data, website forms, and promotional wording can be affected by privacy law, electronic messaging rules, and fair trading obligations. If you get the consent piece wrong, the problem is not just annoyance, it can also be poor record keeping, misleading sign up language, and weak internal processes.

This guide explains what marketing consent means in New Zealand, when your business needs it, where founders often get caught, and what practical steps to put in place before you spend money on ads, email software, or customer acquisition.

Overview

Marketing consent is usually about whether a person has knowingly agreed to receive promotional messages, and whether your business can prove that agreement. In New Zealand, that question often overlaps with the Unsolicited Electronic Messages Act 2007, the Privacy Act 2020, and the Fair Trading Act 1986.

A good process is clear, specific, easy to withdraw from, and properly documented. Businesses get into trouble when consent is bundled into other terms, assumed from silence, or reused for wider marketing than the customer expected.

  • Check whether you are sending a commercial electronic message by email, SMS, or similar channels.
  • Work out whether you have express consent, inferred consent, or deemed consent, and whether that conclusion is realistic on the facts.
  • Make sure your sign up wording clearly says what the person is agreeing to receive.
  • Keep records of when, how, and what consent was given.
  • Include a working unsubscribe facility and act on opt out requests promptly.
  • Review your privacy collection statements and privacy policy so people know how their contact details will be used.
  • Do not buy, scrape, or recycle contact lists without checking whether the original consent actually covers your use.

Marketing consent means permission to send promotional communications, but the exact legal question depends on the channel, the message, and how you collected the person’s details.

For most SMEs, the biggest issue is electronic direct marketing. If you send newsletters, promotional emails, discount texts, launch announcements, or sales follow ups, you need to think about whether those messages are unsolicited commercial electronic messages.

New Zealand businesses usually need to consider three areas at once.

  • Unsolicited Electronic Messages Act 2007: This regulates unsolicited commercial electronic messages with a New Zealand link. It focuses on consent, sender identification, and unsubscribe functions.
  • Privacy Act 2020: This affects how you collect, store, use, and share personal information, including customer contact details and marketing preferences.
  • Fair Trading Act 1986: This matters if your sign up wording, promotional claims, or preference settings are misleading or likely to create a false impression.

You may also have contractual obligations through platform terms, agency arrangements, supplier agreements, or co marketing deals. That matters before you sign a contract with a mailing platform or data partner, especially if customer data will be shared between businesses.

Consent is not just a box on a form. It needs to be real, informed, and connected to the type of marketing you plan to send.

In practice, New Zealand businesses often think about consent in three ways:

  • Express consent: The person clearly agrees, such as ticking an optional marketing box, filling in a newsletter form, or asking to receive offers.
  • Inferred consent: You infer permission from the relationship and the person’s conduct, but only where that inference is genuinely reasonable.
  • Deemed consent: In some situations, the law may treat consent as existing, but businesses should be cautious about relying on this without checking the facts carefully.

Express consent is usually the safest position. If someone actively opted in to receive your promotions from your business, and your records show that clearly, you are in a much stronger position if a complaint arises.

A customer who agrees to receive order updates has not necessarily agreed to receive weekly specials. A person who downloads a free guide has not automatically agreed to be added to every marketing campaign across your group.

This is where founders often get caught. The collection point feels related to marketing, but the wording did not actually say enough. If your form says you will contact the person about their enquiry, that does not always support broader promotional messaging later.

You can have a privacy statement and still have weak marketing consent. You can also have a marketing tick box and still mishandle personal information.

Your privacy documents should explain what personal information you collect, why you collect it, how it will be used, and whether it will be shared. Your marketing consent wording should separately make it clear what promotional communications the person is signing up for. Keeping those concepts distinct usually leads to better forms and fewer disputes.

When This Issue Comes Up

Marketing consent comes up whenever your business wants to use contact details for promotion, especially where the person did not clearly request that kind of messaging.

It is not only a problem for large online brands. It shows up for trades businesses, consultants, retailers, SaaS founders, event operators, eCommerce stores, franchised businesses, and service providers with customer databases built over time.

Email newsletters and promotions

This is the most obvious example. If you collect email addresses through a website pop up, online checkout, lead magnet, enquiry form, quote request, or event registration, you need to ask whether the person has agreed to promotional email, not just operational contact.

Common examples include:

  • adding purchasers to a general marketing list after a sale
  • sending discount campaigns to people who only asked for a quote
  • using a competition entry form to sign people up without making that clear
  • importing contacts from an old CRM into a new platform

Text message marketing

SMS campaigns can perform well, but the consent standard should be treated carefully because text messages feel more intrusive. A vague clause buried in terms and conditions is more likely to create complaints here.

If you plan to use text reminders plus promotional offers, separate those purposes clearly. A customer may expect appointment reminders, but not weekend specials.

Lead generation and purchased lists

Third party data is a major risk area. If a lead generator says it has consent, that does not automatically mean your business can safely market to those contacts.

Before you spend money on setup or buy a list, check:

  • who collected the contact data
  • what wording was used at the point of collection
  • whether your business was named or clearly covered
  • whether consent was for one contact, ongoing promotions, or partner offers
  • whether the records are detailed enough to prove consent later

If you cannot verify those points, the list may be more trouble than it is worth.

Online stores and customer accounts

eCommerce businesses often gather data at several points, including account creation, checkout, abandoned cart flows, loyalty programmes, and reviews. The more touchpoints you add, the easier it is for consent language to become messy or inconsistent.

This is especially relevant before you launch online or redesign your checkout. Your web developer, CRM provider, and marketing team may each set up fields and automations, but the legal responsibility still sits with the business.

Events, networking, and offline collection

Dropping a business card in a bowl or scanning a badge at an expo does not always mean the person agreed to a full marketing sequence. Context matters.

If you meet someone at a trade show and follow up once about that conversation, that may be easier to justify than adding them to ongoing campaigns indefinitely. The wider and longer the marketing use, the more clearly you should obtain permission.

Consent problems often arise when data moves between businesses. A customer may have consented to hear from one brand, but not its franchisees, parent company, reseller, or referral partners.

Before you sign a contract with an agency, affiliate partner, software provider, or white label operator, check who is the sender, who controls the database, and who is allowed to use the contact details for future campaigns.

Practical Steps And Common Mistakes

The best approach is to design consent into your marketing systems from the start, with clear wording, good records, and a simple unsubscribe process.

Most legal risk here comes from ordinary business shortcuts. A campaign gets rushed, a list is copied across systems, or a form was written by a developer without much thought about the difference between service communications and promotions.

Use clear opt in wording

Your sign up language should say what the person will receive and who it will come from. Plain wording usually works better than legalistic wording.

A consent request should cover points such as:

  • the name of the business sending the marketing
  • the type of content, such as news, offers, promotions, or product updates
  • the channel, such as email or SMS
  • how often messages may be sent, if that can be stated honestly
  • that the person can unsubscribe at any time

Pre ticked boxes are risky. Silence or inactivity is also weak. If you want a stronger consent position, ask for a genuine positive step.

Separate marketing from core terms

Do not bury consent deep inside website terms, sale terms, or customer terms where the customer is mainly trying to place an order. Consent is stronger when it is presented separately and clearly.

This matters before you print forms, build a landing page, or update your app registration flow. A bundled clause may look efficient, but it often produces a poor evidence trail later.

If someone complains, your business needs more than a general statement that people usually tick a box. You should be able to show what happened for that person.

Useful records include:

  • the date and time of sign up
  • the source, such as website form, checkout, event, or paper form
  • the wording shown at the time
  • whether the box was optional or mandatory
  • the IP address or system record where relevant
  • any later preference changes or unsubscribe actions

If your systems do not store this properly, fix that before your list gets larger.

Make unsubscribing easy

A working unsubscribe tool is not optional for electronic marketing. It should be easy to use, clear to understand, and honoured quickly.

One common mistake is offering unsubscribe in theory but making it difficult in practice, for example by requiring a login, sending people to a broken page, or asking them to contact support manually. Another mistake is removing them from one list but leaving them active in another system.

Founders often assume that any customer relationship creates marketing consent. That is too broad.

You may sometimes infer consent from an existing relationship, but the safer question is this: would the person reasonably expect this kind of message from your business, based on what they actually did and what you told them at the time? If the answer is uncertain, obtain express consent instead.

Be careful with old databases

Legacy contact lists are often full of weak consent. The business may have changed name, structure, ownership, product line, or branding. You might have started as a sole trader, then moved to a company structure, or expanded into new services.

That is a good moment to review privacy settings, contracts with marketers, and trade mark use in your campaigns. It is also a good time to clean your list rather than assuming old records remain usable.

Train staff and agencies

Consent problems are often operational, not deliberate. Sales staff collect details one way, the website says something else, and the agency loads everyone into an automated funnel.

Make sure the people handling customer data understand:

  • which forms can be used for marketing sign up
  • how to record verbal or paper based consent
  • when a customer should be added to a promotional list
  • how to process opt outs
  • what promises the business makes in its privacy statement

Avoid misleading sign up incentives

If you offer a discount, free download, or prize draw in exchange for details, be transparent about what happens next. The main risk is that the promotion attracts sign ups, but the customer does not realise they are joining an ongoing marketing list.

That can create both privacy concerns and fair trading concerns. The remedy is usually simple: say clearly what the person gets now, what messages they are agreeing to receive, and how they can opt out later.

Match your documents and systems

Your forms, privacy policy, customer terms, CRM settings, and outsourced marketing contracts should all tell the same story. Inconsistency is a red flag.

For example, if your privacy statement says information is used for service delivery only, but your forms feed customers into promotional campaigns, your paperwork and your actual practice are out of step. That is the kind of mismatch worth fixing before you scale.

FAQs

Not always, but express consent is usually the safest and clearest basis. Some businesses rely on inferred or deemed consent in limited situations, but that depends on the relationship, the context, and what the person would reasonably expect.

Can I email existing customers about similar products or services?

Sometimes, but do not assume every past sale creates ongoing permission. Look at what the customer was told when their details were collected, how recent the relationship is, and whether the message fits their expectations.

No. A privacy policy helps explain how personal information is collected and used, but it does not automatically create valid consent for promotional messaging. Your sign up process should clearly ask for or support the specific marketing use.

Can I use a purchased marketing list?

You should be very cautious. Unless you can verify how the data was collected and whether the consent clearly covers marketing from your business, using a purchased list may create legal and reputational risk.

What should I do before launching a new campaign?

Review where the contacts came from, what consent wording was used, whether your unsubscribe tool works, and whether your privacy statement and internal processes match the campaign. That check is worth doing before you sign with an agency or spend money on ad creative.

Key Takeaways

  • Marketing consent in New Zealand usually sits across electronic messaging rules, privacy obligations, and fair trading requirements.
  • Express consent is generally the strongest basis for email and SMS marketing, especially where messages are clearly promotional.
  • Consent should be specific, easy to understand, and matched to the type of marketing you actually plan to send.
  • Keep detailed records showing when and how consent was obtained, and what wording the customer saw at the time.
  • Make unsubscribe mechanisms simple and reliable, and ensure opt out requests are reflected across all systems.
  • Be cautious with purchased lists, old databases, event contacts, and shared data arrangements between related businesses.
  • Review your forms, privacy materials, customer communications, and marketing contracts together so they are consistent in practice.

If your business is dealing with marketing consent and wants help with privacy collection wording, marketing terms, customer sign up processes, and agency or data sharing contracts, you can reach us on 0800 002 184 or team@sprintlaw.co.nz for a free, no-obligations chat.

Alex Solo
Alex SoloCo-Founder

Alex is Sprintlaw’s co-founder and principal lawyer. Alex previously worked at a top-tier firm as a lawyer specialising in technology and media contracts, and founded a digital agency which he sold in 2015.

Get your customer-facing terms right

Get in touch with our team

Tell us what you need and we'll come back with a fixed-fee quote - no obligation, no surprises.

Keep reading

Related Articles

Website Terms and Privacy for Construction Project Management Businesses

Website Terms and Privacy for Construction Project Management Businesses

Construction project management websites can create legal risk long before a client signs. This guide explains how New Zealand businesses should approach

8 Jul 2026
Read more
What Is An “Agency” Under The Privacy Act 2020?

What Is An “Agency” Under The Privacy Act 2020?

If you run a small business in New Zealand, you probably collect personal information more often than you realise - customer names, emails, delivery addresses, staff records, CCTV footage, website enquiries, even...

7 Jul 2026
Read more
Privacy Policy Requirements for Caravan Hire Businesses in New Zealand

Privacy Policy Requirements for Caravan Hire Businesses in New Zealand

Caravan hire businesses in New Zealand often collect driver licence details, payment information, booking records, and sometimes GPS or CCTV data. This

4 Jul 2026
Read more
Website And Business Disclaimer Examples In New Zealand

Website And Business Disclaimer Examples In New Zealand

If you run a small business, you’ve probably seen disclaimer text on websites, quotes, emails and social media bios - and wondered whether you need one too. A well-drafted business disclaimer can...

2 Jul 2026
Read more
Leasing Equipment in New Zealand: Legal Essentials

Leasing Equipment in New Zealand: Legal Essentials

Leasing equipment can help New Zealand businesses preserve cash flow, but the legal terms often decide whether the deal is useful or costly. This guide

2 Jul 2026
Read more
What Age Can Children Consent To Data Collection In NZ?

What Age Can Children Consent To Data Collection In NZ?

If your business collects customer information online (or even in person), you’ve probably wondered where children fit into the rules. Maybe you run an e-commerce store with a loyalty programme, a tutoring...

2 Jul 2026
Read more
Need support?

Need help with your business legals?

Speak with Sprintlaw to get practical legal support and fixed-fee options tailored to your business.