Personal Data Privacy
Do I need written consent to share my customer list with a marketing partner?
November 7, 2025
Personal Data Privacy

Do I need written consent to share my customer list with a marketing partner?

November 7, 2025
Do I need written consent to share my customer list with a marketing partner?
November 7, 2025
Frequently Asked Questions
What is the difference between a tenancy and a licence?
How can a company be deregistered in Hong Kong?
What are the requirements for incorporating a Hong Kong Limited Company?
How do I register a company in Hong Kong?
Neighbourhood and Building Management
Bankruptcy / Insolvency
Fraud / Online Telephone Scam
Defamation and Slander
Consumer Protection and Contract Law
Immigration and Nationality Law
Criminal Law
Family and Matrimonial Law
Wills and Probate
Civil Claims / Small Claims Tribunal
Road Traffic Accidents
Personal Injuries / Workers Compensation
Supply of service
Personal Data Privacy
Tutorials
General Resources
Templates
Intellectual Property Law
Taxation Law
Property and Leasing
Employment Law
Business / Company Law
Neighbourhood and Building Management

Understanding Fire Insurance in Hong Kong - Scope, Responsibility and Key Facts

Understanding Fire Insurance in Hong Kong - Scope, Responsibility and Key Facts

Popular articles

Do Unit Owners Need Their Own Fire Insurance If the Building Already Has a Fire Insurance Policy?

Do Unit Owners Need Their Own Fire Insurance If the Building Already Has a Fire Insurance Policy?

How can homeowners recover their losses when a high-rise residential building is undergoing renovation and a fire breaks out?

How can homeowners recover their losses when a high-rise residential building is undergoing renovation and a fire breaks out?

Novation Agreement

Novation Agreement

This is some text inside of a div block.
Got Legal Issues? Try Ask.Legal
Try for Free
Unlock instant access to 100,000 free tokens. No credit card required
Follow us on social media:

Do I need written consent to share my customer list with a marketing partner?

Yes. A data user should not provide personal data to another person for use by that person in direct marketing unless the data subject’s written consent is obtained. This requirement applies to all transfers of personal data, including those to a parent company, subsidiary, or associated company.

Under the Personal Data (Privacy) Ordinance (Cap. 486), a data user who intends to provide the data subject’s personal data to another person is required to provide the data subject with the prescribed information in writing and obtain his/her written consent. Verbal consent

is not sufficient. In addition, if the personal data is transferred for gain (i.e., in return for money or other property), data subjects must also be explicitly informed in writing about this.

Not sure whether your email marketing campaign complies with data privacy laws? Take a look at our Guide to Email Advertising Management!

What to Include in the Written Notice?

  1. The data user intends to provide the personal data of the data subject to another person for use by that person in direct marketing
  2. The data user may not so provide the data unless it has received the data subject’s written consent to the intended provision
  3. The provision of the data is for gain (if applicable)
  4. The kinds of personal data to be provided (e.g., name, email, phone number)
  5. The classes of persons to whom the data are to be provided
  6. The classes of marketing subjects (e.g., beauty products) in relation to which the data is to be used
  7. The response channel through which the data subject may, without charge by the data user, communicate the data subject’s consent to the intended provision in writing.

Example

A customer applied for an account with a bank and consented to the bank’s use of his/her personal data for marketing its banking products. If an insurance company which belongs to the same holding company wants to use the customer’s personal data for direct marketing, a new consent has to be obtained.

Summary

Always get explicit written consent before sharing personal data for direct marketing. Non-compliance can result in fines of up to HKD 1 million and imprisonment for up to five years. 

Need help navigating this issue? Check out Ask.Legal — our AI-powered legal assistant is ready to help 24/7.

Related articles

Browse all articles
Road Traffic Accidents

What to Do If You Encounter a Traffic Accident in Hong Kong – A Practical Legal Guide

What to Do If You Encounter a Traffic Accident in Hong Kong – A Practical Legal Guide
Wills and Probate

What if a person died without a Will? Hong Kong Intestacy Rules – Guide to Estate Distribution and Priority

What if a person died without a Will? Hong Kong Intestacy Rules – Guide to Estate Distribution and Priority
Criminal Law

Theft in Hong Kong: What Counts as Stealing? A Clear Guide to the Law, Penalties & Defences

Theft in Hong Kong: What Counts as Stealing? A Clear Guide to the Law, Penalties & Defences