HelloFresh says it has changed its text and email marketing policy after being fined £140,000 by the Information Commissioner’s Office (ICO) for sending 79 million spam emails and a million spam texts to customers over a seven-month period.
The fine relates to direct marketing messages sent to subscribers of the meal kit brand between August 2021 and February 2022, which the ICO found “lacked proper consent”.
The marketing messages were sent based on an opt-in statement which made no reference to texts, and which was “included in an age confirmation statement which was likely to unfairly incentivise customers to agree” the ICO said.
Customers were also not given sufficient information their data would continue to be used for marketing purposes for up to 24 months after cancelling their subscriptions.
“Customers weren’t told exactly what they’d be opting into, nor was it clear how to opt out. From there, they were hit with a barrage of marketing texts they didn’t want or expect, and in some cases, even when they told HelloFresh to stop, the deluge continued,” said Andy Curry, head of investigations at the ICO.
“In issuing this fine, we are showing we will take clear and decisive action where we find the law has not been followed. We will always protect the right of customers to choose how their data is used,” he added.
The investigation was launched after the ICO received 14 complaints about unauthorised SMS messages from HelloFresh and three complaints about marketing emails.
”Customers are at the centre of everything we do and we take our data protection obligations extremely seriously,” a HelloFresh spokesman said. “Of the emails sent, the ICO only received three complaints. We have worked closely with the ICO, we have carefully considered their feedback and have made changes to our SMS and email policy.”