My company ships very large, very heavy products to the homes of everyday consumers (think big home renovation materials). Currently, we provide the customer’s name, shipping address, and phone number to the factory. The factory then provides that information to a freight company who will then provides it to a final-mile delivery company.
The final-mile delivery company wants us to provide the customer’s email address so they can improve the delivery time frame. Customers are significantly more likely to respond to an email than they are to a phone call. Text messaging isn’t, apparently, effective enough either, because there are still land lines in play.
We ship only to the continental United States, so we don’t fall immediately under the GDPR umbrella, but my concern is that providing this email address to other businesses in our manufacturing and delivery pipeline will have PCI compliance consequences.
It would be simple if I could just add a disclaimer into our Terms and Conditions that explains that we will give the customer’s email address to other entities for the purposes of shipping and delivery, but that information won’t be used for marketing purposes, but I’m afraid that there are implications I’m not considering.
Can anyone provide any insights about how I should approach this problem?