A data subject can object to his/her personal data being processed for direct marketing purposes at any time.

Pursuant to the Regulation of Electronic Communications and Postal Services (Law 112(I)/2004, as amended), automated calling and communications systems without human intervention, fax and electronic mail may be used for direct marketing purposes only where a subscriber who is a natural person has consented to such use in advance.

Notwithstanding the above, where a natural or legal person obtains contact details for electronic mail directly from customers in the context of the sale of a product or service, such person may use those details for the direct marketing of its own similar products or services, provided that customers are given the opportunity to object clearly and distinctly, free of charge and in an easy manner, to such use of electronic contact details both at the time they are collected and on the occasion of each message, where the customer has not initially refused such use.

Below are the national law consent requirements for sending business-to consumer ('B2C') and business-to-business ('B2B') email marketing.

For the purposes of interpreting the below:

• ‘Opt-in’ means sending marketing to the recipient only where it has taken an unambiguous positive action to consent (e.g., ticking a box, clicking an "agree" button, or confirming consent in writing).
• ‘Opt-out’ means sending marketing to the recipient unless they take an action to refuse or unsubscribe from marketing (e.g., ticking an “opt out” box or clicking an unsubscribe link).
• 'Soft Opt-in' means that the sending of e-marketing to the recipient is permitted on an Opt-out basis if:

o    the recipient's details were originally collected "in the context of a sale";

o    the entity sending the marketing is the same legal entity that collected the recipient's details initially;

o    the marketing relates to "similar" products and/or services for which the recipient's details were originally obtained; and

o    the recipient is given the opportunity, free of charge, to object to the e-marketing, both at the time their details were collected and in each subsequent communication.

• 'Transaction required' or 'Transaction not required' indicates whether a completed sale transaction (e.g., the exchange of money for goods or services) is necessary in order to satisfy the Soft Opt-in requirement that the recipient's details are collected "in the context of a sale". Where a transaction is not required, a commercial relationship with the recipient must generally still exist in order to be able to rely on Soft Opt-in (e.g., the recipient has submitted a product enquiry or requested a quote from the business). 

National interpretation of "in the context of a sale" for purposes of applying the Soft Opt-in (i.e. is a sale transaction necessary?):  A sale transaction would be required.

In Cyprus the following specifically apply for email marketing purposes:

First party e-marketing (i.e. the entity that collects the data will send the e-marketing itself:         

B2C: Opt-in. Opt-out permitted where Soft Opt-in applies.

B2B: Opt-in. 

Third party e-marketing (i.e. the entity that collects the data will share with third party partner for e-marketing):

B2C: Opt-in.

B2B: Opt-in.