Alex is Sprintlaw's co-founder and principal lawyer. Alex previously worked at a top-tier firm as a lawyer specialising in technology and media contracts, and founded a digital agency which he sold in 2015.
Contents
If you run a small business in New Zealand, email marketing can feel like the “lowest cost, highest return” channel you can control. But it also comes with a big question: can you email customers without consent?
This is where the idea of soft opt-in email marketing comes up. It’s a term many business owners use (especially if you’re building a list at checkout, taking online orders, or collecting enquiries), but it can be easy to get wrong because New Zealand law doesn’t create a separate “soft opt-in” category. Instead, the rules turn on whether you have consent (often inferred consent) and whether you meet the Act’s other requirements.
Below, we’ll break down what people usually mean by soft opt-in, when it can apply in New Zealand, the rules you need to follow, and how to set up your systems so you’re protected from day one.
What Is Soft Opt-In Email Marketing (And Why Do Small Businesses Care)?
Soft opt-in email marketing is a commonly used way of describing situations where you send marketing emails without getting an express “yes” (like an explicit opt-in tick box), because you believe you can rely on inferred consent from an existing customer relationship.
In plain English, it usually looks like this:
- Someone buys from you (online or in-store), or they’ve dealt with you in a way that creates an ongoing customer relationship.
- You collect their email address as part of that transaction.
- You then send them marketing emails about similar products/services they’d reasonably expect to hear about.
- You give them a clear unsubscribe option every time.
For a growing business, this matters because it affects how you can:
- promote repeat purchases and customer loyalty;
- launch new products to existing customers quickly;
- follow up abandoned carts or past orders (carefully);
- reduce reliance on paid ads.
But the key is this: “soft opt-in” isn’t a free pass to email anyone whose address you’ve collected. Your emails still need a proper consent basis (often inferred consent) and must comply with the rest of New Zealand’s anti-spam rules.
What Does New Zealand Law Say About Email Marketing Without Consent?
In New Zealand, the main law that governs commercial email marketing is the Unsolicited Electronic Messages Act 2007 (often called the “Anti-Spam” law).
Under that law, you generally must not send an unsolicited commercial electronic message (for example, a marketing email) unless the recipient has consented in some form.
Consent in this context can include:
- Express consent: the person actively opted in (for example, they ticked a box or signed up).
- Inferred consent: based on an existing business relationship and the person’s conduct.
- Deemed consent: where someone conspicuously publishes or provides an address in a way that indicates they’re okay receiving messages relevant to their role (this is often misunderstood and should be approached cautiously).
What many people call “soft opt-in” usually relies on inferred consent. This is why your processes matter so much: if you can’t show you had a legitimate basis to infer consent (and that your message content matched what the person would reasonably expect), your marketing email may be treated as unsolicited.
If you’re building an email marketing program and want to sanity-check your approach, it helps to understand the practical rules around email marketing laws so you’re not guessing.
When Does Soft Opt-In Email Marketing Apply In Practice?
Soft opt-in email marketing can work where the recipient is genuinely an existing customer (or has an existing relationship with your business) and the marketing is connected to that relationship.
As a small business, common situations where you might rely on soft opt-in include:
1. You Collected The Email During A Sale Or Booking
If someone bought something from you and you collected their email to send an invoice, confirm a booking, provide delivery updates, or provide after-sales support, that can be a starting point for inferred consent.
The risk is when you later treat every collected email as a marketing subscriber, even if the person only provided it for a one-off transaction and you didn’t make it clear you’d also use it for marketing.
2. Your Marketing Is About Similar Products Or Services
A good “gut check” is: if the customer received your email, would they reasonably think, “Yep, this makes sense based on what I bought”?
Examples:
- Someone buys skincare from you, and you email them about other skincare ranges or refills.
- Someone books a haircut, and you email them about haircare products or related services (like colour appointments).
- Someone purchases gym classes, and you email them about a membership upgrade or related programmes.
Where you can get into trouble is emailing customers about something unrelated (or significantly different) to what they purchased, especially if it feels like you’re using their email address opportunistically.
3. You Gave Them A Clear Chance To Opt Out
Even if you think inferred consent applies, you still need to make sure the customer had a real opportunity to say “no thanks” around the time you collected their email address (and every time you email them after that).
If you’re collecting emails through your website, you should also make sure your broader legal documents match what you’re doing in practice (for example, your Privacy Policy should accurately describe how you use customer contact details for marketing).
What Rules Do You Need To Follow For Soft Opt-In Email Marketing?
To run soft opt-in email marketing safely, you want to build your process around the key compliance requirements that typically apply under New Zealand’s anti-spam rules.
Here are the core points to get right.
1. Don’t Hide Who You Are
Your emails must clearly identify:
- who is sending the message (your business name); and
- how the recipient can contact you.
This sounds obvious, but it can get messy if you’re using multiple trading names, staff emails, or third-party sending tools.
2. Always Include A Functional Unsubscribe Option
Every marketing email should include a clear unsubscribe function that works.
Practically, that means:
- a visible unsubscribe link (not hidden in tiny font);
- an unsubscribe process that’s quick and straightforward;
- unsubscribe requests are actioned promptly (the Act generally requires this within 5 working days);
- you don’t charge a fee or make people jump through hoops to unsubscribe; and
- the unsubscribe option remains functional for a reasonable period (commonly at least 30 days after the message is sent).
If someone unsubscribes and you keep emailing them, you’re creating a compliance problem and a customer trust problem.
3. Be Careful With How You Collect Emails
Soft opt-in email marketing often succeeds or fails at the collection point.
Good practice includes:
- telling the customer you may send marketing emails;
- giving a clear opt-out at collection (for example, “Tick here if you don’t want offers by email” or a separate marketing opt-in box);
- keeping a record of what the customer saw and when they provided their email.
If you collect emails through an online store, make sure your checkout flow and legal pages line up. For example, your Website Terms And Conditions can help set expectations about how your online services work (though they won’t replace consent rules, they can support clarity and reduce disputes).
4. Keep Your Marketing “Within Reason” Of The Customer Relationship
Inferred consent is about what the recipient would reasonably expect based on their relationship with you.
So, it helps to keep an eye on:
- content relevance (are you emailing about similar products/services?);
- timing (did they buy two years ago, or last week?);
- frequency (are you sending occasional updates, or hammering them daily?).
If your customer list is old, or if your emails drift into unrelated promotions, it may be safer to run a re-permission campaign (asking people to opt in properly) rather than relying on inferred consent indefinitely.
How Do Privacy Rules Affect Soft Opt-In Email Marketing In NZ?
Even if you’re comfortable you have consent (including inferred consent) under the anti-spam rules, you also need to think about privacy compliance.
In New Zealand, the key legislation is the Privacy Act 2020. If you collect and use personal information (and an email address can be personal information), you need to handle it in a way that’s fair, transparent, and secure.
For small businesses, this usually means focusing on a few practical areas.
Collection: Tell People What You’re Doing
When you collect an email address, you should be upfront about:
- why you’re collecting it (e.g. order confirmations, customer support);
- whether you’ll also use it for marketing; and
- who you might share it with (e.g. an email sending provider).
This is one reason having a tailored Privacy Policy matters. It’s not just a box-ticking exercise - it helps you set expectations clearly and reduces the chance of complaints.
Storage And Security: Protect Your Customer List
Your email list is valuable, and it’s also sensitive business data.
Reasonable steps might include:
- restricting staff access to your mailing list;
- using strong passwords and two-factor authentication;
- having processes for removing unsubscribed contacts;
- keeping your customer database tidy (only keep what you need).
If you suffer a data breach, you may have obligations to respond appropriately (and in some cases notify affected people and/or the Privacy Commissioner).
Online Tracking And Cookies
If your email marketing links to website tracking (for example, tracking conversions or behaviour after someone clicks an email), that can raise additional privacy considerations.
Depending on how your website is set up, you might need to think about cookie disclosures and consent mechanisms. If you’re unsure what you need, a cookie pop-up can be part of good privacy hygiene for many websites.
A Practical Compliance Checklist For Small Businesses Using Soft Opt-In Email Marketing
If you’re trying to build a repeatable system (rather than “hoping” your emails are compliant), here’s a practical checklist you can work through.
Step 1: Map Where Emails Are Coming From
- Website checkout
- In-store POS / booking system
- Enquiry form
- Quotes and invoices
- Events, giveaways, loyalty programs
This matters because different collection points create different expectations (and different consent risks).
Step 2: Separate Transaction Emails From Marketing Emails
Transactional emails are things like receipts, delivery updates, booking confirmations, and essential service communications.
Marketing emails are promotions, offers, product launches, and newsletters.
Blurring these categories can create issues fast - especially if customers feel you “tricked” them into marketing by calling it a service message.
Step 3: Add Clear Opt-Out Language At Collection
At the point of collection (checkout, booking, form), include a clear statement such as:
- “We may email you with offers and updates. You can unsubscribe at any time.”
Where possible, give customers a choice (opt-in is best practice, even if you think inferred consent may apply).
Step 4: Make Unsubscribe Easy And Immediate
Test it yourself:
- Can you unsubscribe in one click?
- Does it actually remove you from future campaigns?
- Do you still get emails later through a different list segment?
Step 5: Keep Records
If a complaint ever comes in, you’ll want to be able to show:
- when and how you collected the email;
- what the customer was told at collection;
- the basis on which you relied on consent (e.g. inferred consent from a purchase);
- when you sent marketing emails; and
- that every email had an unsubscribe function and you honoured opt-outs within the required timeframe.
If you’re scaling up your marketing, it’s also smart to ensure your customer-facing terms are clear across the whole relationship. Depending on your business model, that might mean tightening up your online service terms and conditions (particularly if you sell subscriptions, memberships, or digital services).
Step 6: Don’t Forget The “Other” Marketing Laws
Email marketing doesn’t exist in a legal vacuum. You should also watch out for:
- Fair Trading Act 1986: your email claims must not be misleading or deceptive (including pricing, “limited time” claims, testimonials, and product performance claims).
- Consumer Guarantees Act 1993: if you’re selling to consumers, your products/services come with automatic guarantees - your marketing shouldn’t try to contract out of them in a way that’s not permitted.
If you run promos, giveaways, or referral campaigns through email, make sure you have proper competition terms and conditions in place, so the rules are clear and you’re not accidentally creating disputes.
Key Takeaways
- Soft opt-in email marketing isn’t a separate legal category in New Zealand - it’s usually shorthand for relying on inferred consent to email existing customers about products or services they’d reasonably expect to hear about.
- In New Zealand, email marketing is mainly regulated by the Unsolicited Electronic Messages Act 2007, so you need a valid form of consent (express, inferred, or deemed) to send commercial emails.
- Even if you rely on inferred consent, you must identify your business clearly and include a functional unsubscribe option in every marketing email.
- Unsubscribe requests generally need to be processed within 5 working days, and the unsubscribe method should be easy to use and remain available for a reasonable period (commonly at least 30 days).
- The safest setup includes a clear opt-out at the point of collecting the email, and marketing content that stays closely related to the customer’s original purchase or relationship with you.
- Don’t overlook the Privacy Act 2020 - you need to be transparent about how you use emails, keep customer data secure, and make sure your privacy documents reflect what you actually do.
- If you’re unsure whether you can rely on inferred consent for your email marketing, it’s worth getting legal advice early - fixing your systems upfront is far easier than dealing with complaints later.
If you’d like help reviewing your email sign-up flows or putting the right legal documents in place (like a Privacy Policy or online terms), you can reach us at 0800 002 184 or team@sprintlaw.co.nz.
