In New Zealand, commercial electronic messages are subject to the Unsolicited Electronic Messages Act 2007 (UEM) which is managed by the Anti-Spam Compliance Unit of the Department of Internal Affairs.

New Zealand's Unsolicited Electronic Messages Act 2007 dictates that you need permission from your prospective recipient before you can send a commercial electronic message. Under the Act, there are three types of acceptable consent - express, inferred and deemed.

You can get consent by direct request or to some extent it can be assumed by nature of your business and its relevance to the recipient. We've found it helps if you think of the three acceptable levels of consent as a set of traffic lights when it comes to how readily you can use them:

Express - Green - go ahead without a second thought.
Inferred - Orange - proceed but look carefully for reasons why you might need to stop.
Deemed - Red - stop, look and think hard before you proceed.

N.B. There's no innocent until proven guilty here. The UEM Act is civil law not criminal which means you have to prove you are innocent if the DIA ask you to. To prove consent make sure the source is recorded when you collect it.

Express Consent
They have asked you to send you this communication.
To have express consent you will have asked them to register for the specific message type. This is also known as Opt-In, sign- up, permission, registration etc. Allowing your recipients to alter their permission in a Preference centre is a best practice which means they can easily choose which of your publications they receive and how regularly they receive them.
Verbal consent is okay. There is no obligation in the Unsolicited Electronic Messages Act for the consent to be in writing but it's a good idea to keep a written record of verbal consent - as we'll see.

Inferred Consent
You're sending something that makes perfect sense to the recipient based on the relationship you have with them.
Inferred consent means you don't have express consent but you can infer permission if you are sending relevant business information such as customer service notifications, invoices, reminders, etc. Sending an invitation to connect again to a lapsed customer. The proviso is that you have a prior business relationship.
It's always a good idea to apply common sense and a customer view of the length of time a relationship remains valid. Don't send an email if it's not likely they will not easily remember the relationship you had. For example: If they stayed at your hotel three years ago it's not likely to make sense to start emailing them now. But if they buy a car from you every three years, then you could email them to check if they are ready to test drive the newest model.

Deemed Consent
This is like a cold-call and as such it's likely to be used by smaller rather than larger businesses. In essence, the recipient may not have ever heard of you or done business with you, but you think you've something useful and important to say to them, and your message is relevant to their role and business.
This is getting into "red light" territory. Copy and tone will help ensure your email doesn't cause anyone to get their back up. The Act clearly states that your email or publication must be relevant to the business of the recipient, for example, if you sell downpipes, you can email plumbers. If you sell cat doors you can't.
If you claim deemed consent you may send your message to an electronic address that has been published by a person in a business or official capacity - i.e. on a Company Website. To do this and not get prosecuted you'll need to be able to show how you got the address, so record where you sourced the email address from.

Getting consent right is a key part of staying on the right side of the legal requirements, but there are several more things you need to comply with too.