The Problem: Building email marketing lists is difficult. Asking a potential client whether they want to be added to your list does not come easily in the daily patter of selling holidays in your shop or on the phone

Many agents therefore do not add email addresses to marketing lists when someone makes an enquiry. If the enquiry does not convert and you don’t have that person on an email list you have no way to be able to send them enticing offers and try to sell them a holiday in the future.

Your business does not grow as quickly as it could 🙁

The Historical Concequence: Online travel sites, which have been better at collecting email addresses when a user makes an enquiry , have thrived. Companies such as Travelzoo, Travel Republic and the like have built huge lists and market frequently to these lists. This has made it more difficult for you to be able to compete as your database does not grow as quickly.

Google analysis shows that a potential client goes to 20 different travel sites before purchase. If any of those are doing well at adding email addresses your potential client will be marketed to by them first ( because you have not managed to get their email address on a list)

The Solution: GDPR is going to help you build your email database. This is one of the most positive aspects of GDPR because you have to let a potential client have access to your Privacy Policy at their first point of contact – so you are going to have to send them an email anyway ( unless you want to print out copies of your policy to give to the enquirer in person).

Putting an automated sign up solution in place will ensure that you build your email marketing list every day. 

The videos below use our TraveltractionCRM as an example – but you can implement this system in any business ( automated software solutions take out the headache on a daily basis)

When a potential client has taken the trouble to get in touch with you because they liked the look of your business (either because they walked past your shop, had a recommendation or found you online) and then ask for e.g. a quote for a 2 week multi centre holiday to America, then you are carrying out some work for them ( albeit for free, by providing a quote). You may be able to provide this verbally directly from a brochure or perhaps they require more options and you spend sometime doing research and prepare a quote to forward by email. Did you know that under GDPR and the PECR rules, you do not require consent to email market to these potential customers. You have a lawful basis for adding these leads to your marketing list under Article 6 ‘Legitimate Interest’ clause. Because they have asked you to provide a service (ie a quote) you now have what is considered to be an existing relationship for ‘Legitimate Interest’ and the potential customer would therefore not be surprised to hear from you in relation to similar products and services i.e. holidays. 

It is important to note however, that although you do not need to gain and record consent, you need to satisfy the following rules of the e-privacy Directive:

Individual’s contact details must be:

– collected in the context of a sale, or negotiations for a sale (e.g. requesting and receiving a quote);

-the marketing contact being made now relates to similar products/services; and

-the individual was given the ability to opt-out at the time when the data was collected, but didn’t opt-out, and is given a simple way to opt out in future messages. If these conditions are met, then first party email and SMS marketing is possible on an opt-out basis, the so called ‘soft opt-in’.

NB It will also be necessary to complete a Legitimate Interest Assessment for your direct marketing which we discuss in the next module.

So, you can see that if you do not collect an email address or do not collect it in the compliant fashion (ie with the ability to opt out given at the time the data is collected) you are missing the opportunity to stay in contact with an important future customer who has already expressed a strong interest in your products and services. This is what is commonly called a ‘warm lead’ in sales terms. If the quote does not lead to a booking this time for whatever reason you are effectively back to square one in terms of trying to win back that potential customer’s interest. Not to mention the cost of the time taken to prepare the quote for zero return. A modern customer might even perceive this lack of communication as your lack of interest in their business and seek out a more meaningful customer relationship with someone else.

It is therefore important to review your processes for preparing quotes in order not to lose out. Don’t forget that in asking you to prepare a quote it should not seem unreasonable to provide contact details (we have heard of examples where agents have happily given their time to providing a quote for a walk in without even asking a name!). Of course you will need to consider an effective way to do this without stepping into the uncomfortable territory of feeling like you are coercing a reluctant sign up. You might be considering the use of a CRM as a more secure data management system for collecting the data needed to prepare and communicate quotes to enhance your GDPR compliance. This would provide an easy, useful way to manage your personal data. Our own TravelTractionCRM also links with our email software automating the sending of an email immediately welcoming the enquirer to your client database together with the opportunity to opt out.


What is your Legitimate Interest?

It would be easy to imagine that claiming Legitimate Interest could provide a catch-all reason for processing any data to suit your own business purposes but it ‘s not quite as simple as that! If you are relying on Legitimate Interest as your lawful basis for processing/holding personal data under Article of the GDPR you will need to identify and document what that legitimate interest is and include this in your privacy policy too. The GDPR specifically mentions use of client or employee data, marketing, fraud prevention, intra-group transfers, or IT security as potential legitimate interests, but this is not an exhaustive list. You can rely on legitimate interests for marketing activities if you can show that how you use people’s data is proportionate, has a minimal privacy impact, and people would not be surprised or likely to object.

The way to do this is by undertaking a Legitimate Interest Assessment or LIA.

This can be broken down into a three-part test:

  1. Purpose test: are you pursuing a legitimate interest?
  2. Necessity test: is the processing necessary for that purpose?
  3. Balancing test: do the individual’s interests override the legitimate interest?

In some cases an LIA will be quite short, but in others there will be more to consider. As a small travel business, we would suggest you will at least need to prepare LIAs for your Direct Marketing (including email and text where applicable), the retention of personal details on your contacts list e.g. suppliers and also for your marketing suppression list.

First, identify the legitimate interest(s). Consider:

  • Why do you want to process the data – what are you trying to achieve?
  • Who benefits from the processing? In what way?
  • Are there any wider public benefits to the processing?
  • How important are those benefits?
  • What would the impact be if you couldn’t go ahead?
  • Would your use of the data be unethical or unlawful in any way?

Second, apply the necessity test. Consider:

  • Does this processing actually help to further that interest?
  • Is it a reasonable way to go about it?
  • Is there another less intrusive way to achieve the same result?

Third, do a balancing test. Consider the impact of your processing and whether this overrides the interest you have identified. You might find it helpful to think about the following:

  • What is the nature of your relationship with the individual?
  • Is any of the data particularly sensitive or private?
  • Would people expect you to use their data in this way?
  • Are you happy to explain it to them?
  • Are some people likely to object or find it intrusive?
  • What is the possible impact on the individual?
  • How big an impact might it have on them?
  • Are you processing children’s data?
  • Are any of the individuals vulnerable in any other way?
  • Can you adopt any safeguards to minimise the impact?
  • Can you offer an opt-out?

You then need to make a decision about whether you still think legitimate interests is an appropriate basis. There’s no foolproof formula for the outcome of the balancing test – but you must be confident that your legitimate interests are not overridden by the risks you have identified.

We adapted The Data Protection Network LIA Template to help you create your own LIAs.

Access LIA Template Here >>

For more information on Legitimate interests from the ICO click here >>

If you are an ABTA member you can read their Legitimate Interests and Direct Marketing Guidance document on their Member Resources page.