Setting up Yotpo SMS & Email to Comply with GDPR
    • Dark
      Light

    Setting up Yotpo SMS & Email to Comply with GDPR

    • Dark
      Light

    Article summary

    Products


    SMS & Email

    Supported plans

    All Plans

    eCommerce Platform

    Shopify, Shopify Plus

    Disclaimer

    This information is not legal advice. While we do our best to provide useful information as a starting point, Yotpo SMS & Email advises all merchants to obtain professional legal advice to ensure that all marketing campaigns are sent in full compliance with all applicable laws.

    GDPR Compliance Overview

    If you plan to send SMS or email marketing messages to citizens of the European Union, you must adhere to the GDPR. To do so, you must follow a couple of simple and easy steps presented in the following article.  

    GDPR stands for the General Data Protection Regulation that went into effect in May 2018. It protects the privacy and personal data of individuals within the European Union and addresses data protection and privacy in the European Union and the European Economic Area.

    GDPR centralizes the rules and processes businesses must follow in order to protect and respect the interests of European citizens.

    GDPR Legal Documentation

    Complying with the GDPR for SMS and Email Marketing

    Compliance Basics

    When sending marketing messages to EU citizens, you must:

    • Obtain explicit consent. 

    • Include a free and available opt-out mechanism at all times.

    • Explicitly state your Privacy Policy on your checkout page and all subscriber collection methods.

    Obtaining Consent 

    According to the GDPR, shoppers must explicitly agree to receive promotional text or email marketing messages from you. When collecting phone numbers and email addresses on your website through a pop-up or another subscriber collection method, you must clearly state that the individual agrees to receive recurring marketing messages. You must mention that consent is not a condition of purchase and provide links to your Terms of Service and Privacy Policy

    SMS Marketing Consent

    When collecint phone numbers on your website through a pop-up or another subscriber collection method, you must clearly state that the individual agrees to receive recurring marketing messages. You must mention that consent is not a condition of purchase and provide links to your Terms of Service and Privacy Policy.

    SMSConsent

    Important

    SMS consent doesn’t apply to sending other types of promotional messages (i.e., email).

    Email Marketing Consent

    As with collecting phone numbers, the same requirements apply when collecting email addresses. Your collection method must clearly state that the individual agrees to receive recurring marketing messages and that consent is not a condition for purchase. You must also provide links to your Terms of Service and Privacy Policy.

    EmailConsent

    Additionally, consumer opt-in to receive messages should not be transferable or assignable, and message senders should not use opt-in lists that have been rented, sold, or shared.

    With Yotpo SMS & Email, consent can be obtained at your store’s checkout or via various subscriber collection tools. All of them are built-in for compliance with all legal regulations and include the required legal verbiage.

    ShopifyCheckoutConsent

    Providing an Opt-out Method

    The GDPR requires you to honor their “right to be forgotten” and give customers clear instructions on how to opt out, such as an opt-out link in your text messages or unsubscribe link in your emails. It is important to remember that opting-out must be free and available at all times.

    The Yotpo SMS & Email campaign text editor automatically included an opt-out link to all your text and email messages and ensures compliance at all times. If a customer requests to have their personal data deleted from our servers, please forward their number or email address to Yotpo Support, and we will act on it.

    SMS Opt-out Link

    SMSOptOut

    Email Opt-out Link

    EmailOptOut

    Keeping Your Privacy Policy Up-to-Date

    Your Privacy Policy should be explicitly stated on your checkout page and all subscriber collection methods. There are a few things you must mention in your store’s Privacy Policy to stay GDPR compliant:

    • How your brand is collecting and using customers’ data. 

    • How that data is being secured by you and by any data processors (i.e., Yotpo SMS & Email) you're working with. 

    • How you enable and support your customers’ rights to understand and control their personal data. 

    Important

    Shopify requires you to set up your terms of service and privacy policy in your legal settings for your store to be fully compliant. In order to do it, go to your Shopify Admin > Settings > Policies and insert the full compliance text in the Terms of Service and Privacy Policy sections from our dedicated Help Center article.

    This was our quick guide on staying compliant with the GDPR before sending marketing messages to EU citizens. Don’t hesitate to go to our Knowledge Base for more useful articles, or contact us if you have any questions or feedback.


    Was this article helpful?