Right, it's a bit complicated being electronic information (although personally Idon't see why there should be a difference!) Remember in most legal cases a point can be argued either way, even using statutes. Anyway.
Electronic Commerce (EC Directive) Regulations 2002,
8. A service provider shall ensure that any unsolicited commercial communication sent by him by electronic mail is clearly and unambiguously identifiable as such as soon as it is recieved.Judging by that, it is permissable for someone to send you stuff of a commercial nature without you giving permission, and as such having had no dealings with them in the past.
This doesn't say much about where they got the info from though, but you could invoke your rights by requesting all information they hold on you under the
Freedom of Information Act, they would then have to give you
everything they hold on you. If they omit to give you even a single piece of info. including where they got the information on you from they would be breaking the law. Bear in mind though, that they can ask you to pay a
reasonable administration charge for the time and materials taken for doing this for you. (I don't agree with the charge but can't do anything about it!). So if there's any doubt where the info has come from this should provide it.
The provider may have written into their contract that they can use your information in this way and pass it on, however if they don't appy an opportunity to exclude yourself (i.e. a tick box saying you don't want your information used in this way even if you've agreed to the contract, that particular clause would probably come under the
Unfair Terms in Consumer Contracts Regulations 1999 - especially Sections 5 (1), (2), (3), & (4). The effect of this unfair term would come at section 8 (1) & (2) which basically says that the unfair term is then not binding, but also that the contract cannot be repudiated if it is capable of continuing with the clause being removed. So basically, if the above scenario were to be the case you could request that they stop using your info like this and they would have no choice but to stop. If they then continued you could raise an injunction against them. If however, the option was there to participate or not and you just missed it, unless the term were extremely prejudicial in nature with regards your rights and obligations in comparison to theirs, you'd be pretty much screwed and they could continue using your info. in that way.
In comparison though, there is Drective 2000/31/EC (e-commerce) which is a European Directive and in section (14) it goes into a lot of depth re: this subject. There is too much to quote but basically it's talking about the implementation of the directive for allowing free'er movement of information without so much red-tape
but does emphasize that
"the implementation and application of this directive should be made in full compliance with the principles relating to the protection of personal data, in particular as regards unsolicited commercial communication and the liability of intermediaries." The important part there is the liability of the intermediaries, which basically says that intermediaries who pass on personal info. are liable for their actions. Later though, their is a loophole which says that
"this directive cannot prevent the anonymous use of open networks such as the internet." What this basically means is that an organisation may have an agreement that is undocumented and untraceable, and information is passed from an anonymous (and I use that term sarcastically) source, making it impossible to apply the directive to them. It's basically a way of them avoiding their responsibilities.
Data Protection Act could apply, but you have to remember that a lot of things are excluded or not applicable to Electronic information. It's a bit of a mess really.
Basically, the above gives you an idea though of some of the legislation that covers what you mentioned. Don't know if it's much use to you, but I hope it is. Just shows that there are different ways to apply the legislation under different Acts, Directives etc.
Hope that's a help, and the invoice is in the post!