Setting up Yotpo SMS & Email to Comply with GDPR

      Setting up Yotpo SMS & Email to Comply with GDPR

        Article summary


        SMS & Email
        Supported plans

        Free, Starter, Pro, Premium

        eCommerce Platform

        Shopify, Shopify Plus

        This information is not legal advice. While we do our best to provide useful information as a starting point, Yotpo SMS & Email advises all merchants to obtain professional legal advice to ensure that all marketing campaigns are sent in full compliance with all applicable laws.

        If you plan to send SMS or email marketing messages to citizens of the European Union, you must adhere to the GDPR. To do so, you must follow a couple of simple and easy steps presented in the following article.  

        What is the GDPR?

        GDPR stands for the General Data Protection Regulation that went into effect in May 2018. It protects the privacy and personal data of individuals within the European Union and addresses data protection and privacy in the European Union and the European Economic Area.

        GDPR centralizes the rules and processes businesses must follow in order to protect and respect the interests of European citizens.

        How to stay compliant with the GDPR

        When sending marketing messages to EU citizens, you must:

        • Obtain explicit consent. 
        • Include a free and available opt-out mechanism at all times.
        • Explicitly state your Privacy Policy on your checkout page and all subscriber collection methods.

        Obtaining consent 

        According to the GDPR, shoppers must explicitly agree to receive promotional text or email marketing messages from you. When collecting phone numbers and email addresses on your website through a pop-up or another subscriber collection method, you must clearly state that the individual agrees to receive recurring marketing messages. You must mention that consent is not a condition of purchase and provide links to your Terms of Service and Privacy Policy

        A consumer opt-in to receive messages should not be transferable or assignable, and message senders should not use opt-in lists that have been rented, sold, or shared.

        With Yotpo SMS & Email, consent can be obtained at your store’s checkout or via our various subscriber collection tools. All of them are built-in for compliance with all legal regulations and include the required legal verbiage.

        Checkout example

        Remember that having consent for SMS doesn’t apply to sending other types of promotional messages (i.e., email). 

        Providing an opt-out method

        The GDPR requires you to honor their “right to be forgotten” and give customers clear instructions on how to opt out, such as an opt-out link in your text messages or unsubscribe link in your emails. It is important to remember that opting-out must be free and available at all times.

        The Yotpo SMS & Email campaign text editor automatically includes an opt-out link to all your text and email messages and ensures compliance at all times. If a customer requests to have their personal data deleted from our servers, please forward their number or email address to support, and we will act on it.


        Keeping your privacy policy up to date

        Your Privacy Policy should be explicitly stated on your checkout page and all subscriber collection methods. There are a few things you must mention in your store’s Privacy Policy to stay GDPR compliant:

        • How your brand is collecting and using customers’ data. 
        • How that data is being secured by you and by any data processors (i.e., Yotpo SMS & Email) you're working with. 
        • How you enable and support your customers’ rights to understand and control their personal data. 
        Please note that, if you haven’t already done so, Shopify will require you to set up your terms of service and privacy policy in your legal settings for your store to be fully compliant. In order to do it, click on the link in the blue box below the checkbox, or go to your Shopify Admin → Settings → Policies and insert the full compliance text in the Terms of Service and Privacy Policy sections from our dedicated Knowledge Base article.

        This was our quick guide on staying compliant with the GDPR before sending marketing messages to EU citizens. Don’t hesitate to go to our Knowledge Base for more useful articles, or contact us if you have any questions or feedback.

        Was this article helpful?