Can a company receive data from natural persons who are referred to it?

[shukla7789]

The treatment of personal information requires the application of certain codes of conduct that allow for a correct alignment between our usual work activities and the context of the legal regulations established by the state. In this sense, we will focus in this Blog on what refers to the management of referral information that an organization can usually receive from its clients during the commercial processes it develops.

Referrals are often given because some customers are interested in having their family or acquaintances access promotions or portfolio benefits offered by a certain organization; therefore, such customers will provide the seller with the name and contact phone number of a person they believe would be interested in the company's products or services.

This is where the question arises: what should the seller do when receiving this data from his client's referrals? Can he make a call to offer the products or services he handles? If it is possible to do so, how can this first call be handled correctly?

To answer the above, we must first refer to Law 1581, which establishes the right to privacy of the person; that is, not to be called or bothered, especially so that they are not offered products or job seekers database from an organization they do not know. Likewise, the Law establishes the obligation, on behalf of all companies, to obtain authorization to use the data of a Holder before processing them; that is, before carrying out any type of written, electronic or voice communication.

In this way, a seller, on behalf of the company, will not be able to legally contact the referred party, because the latter has never given consent to be contacted; and this is totally consistent with the principle of purpose cited in the same Law, which indicates that the data collected must have a specific purpose, and in the case presented, it would not be understood what the purpose of obtaining data from referrals is to complete the sale and delivery of a product or service.

Now, what about the data given to the seller?

Law 1581 itself is very clear in this regard: the personal data protection regime will not be applicable to databases or files kept in an exclusively personal or domestic setting; that is, the client is a person who, in a liberal manner and without being asked, has decided to transmit the information to another person because he or she considers it pertinent for that person to make contact that allows that family member, friend or acquaintance to receive a benefit.

So what could the seller do?

In this instance, the person cannot present himself as a seller, but rather as a natural person who makes the communication at the request of the person who refers. He must explain the intention of the person who refers to him in providing this personal data to a third party, and he must ask his interlocutor if he is interested in accessing the benefits that the person who refers to him considers convenient. If the answer is affirmative, then the seller must adequately guide the person referred to a valid channel that allows obtaining his consent to process his personal data, in this way the commercial relationship with the company for which the seller works can be initiated. This first contact call with a person referred must be approached with extreme caution and respect for privacy, remembering that it is imperative to obtain the explicit authorization of the person referred to process his data, otherwise a violation of the Law would be committed.