Your Privacy Policy is where you can explain to your customers exactly how you collect, store and manage your data, and how they can exercise their rights under GDPR and other data protection legislation.
In this article we offer guidelines on what to include in your Privacy Policy both in general and specific to each Emarsys product.
Emarsys is not a law firm specializing in data security legislation, and we do not offer legal advice. We want to help you to understand how this legislation can affect you as an Emarsys customer, and this article assumes that you are using the Emarsys Marketing Platform properly, according to our documentation.
You should always refer to a qualified legal source when it comes to checking whether or not you are compliant in any given situation.
Introduction
Legislation governing the sending of marketing material varies globally, so you should make sure that the texts you use are suitable for the regions in which you are operating.
However, since you cannot control where a customer will open an email or register on your site, it is a good idea to protect yourself by complying with the most restrictive legislation.
These guidelines were prepared for our customers operating in the German-speaking parts of Europe and are compliant with German email marketing legislation. Since this is among the strictest in the world, we consider them to be a benchmark for best practice policy.
General guidelines
Your Privacy Policy outlines how your company gathers, uses, discloses, and manages your customers' data. This should be made available by a clearly visible link on your website and next to your registration forms. It is also a good idea to include it in the footers of your marketing emails.
Below are some hints of what to include in your Privacy Policy.
On your company
You should include the following information on your company:
- Physical address
- Email address
- Telephone number
- Tax ID number (where applicable)
- Authorized representative
You should also include details on how to contact you on matters relating to data protection, and mention your data protection officer, if you have one.
On email newsletters
Regarding email newsletters, the most important factors are openness about the content they will receive, and reassurance that they can easily opt out.
Your Privacy Policy should contain the following information:
- A description of the content that they will receive in the newsletter, such as new products, valuable tips, company news and exclusive offers.
- A description of the subscription process, e.g. if they will receive a confirmation email with an activation link to start receiving the newsletter.
- A description of the unsubscribe process in detail, giving the location of your unsubscribe link.
- Details of who will be sending the recipient what type of emails, and at what frequency.
On product recommendations via email, based on UWG §7 (3)
After a customer has bought a product, it may be in their interest to receive further information relating to that product, even if they have not explicitly opted in for such content. This is a gray area which this German law attempts to clarify.
Where relevant, your Privacy Policy should contain the following information:
- If local legislation permits the unsolicited sending of certain types of content, mention this explicitly in a separate section.
- Clearly state that the contact can also opt out of these at no additional cost (beyond the costs of a working Internet connection) and give the location of the unsubscribe link and any additional unsubscribe methods.
On web data collection
For a detailed explanation of how our web tracking works, please read:
The most important goal for you in this regard is to explain to the reader that data is collected for their benefit, so that you can send them only relevant information, tailored to their preferences.
Cookies
Your Privacy Policy should already contain a passage relating to cookies, what they do and how to disable them. You may want to mention that you use third-party cookies to track visitors across your site and offer them tailored content based on their browsing history.
Web data collection scripts
The Web Extend commands are what update a contact profile with the data collected during their visits. You should explain this and offer the visitor a chance to opt out of the profile enrichment.
On data sharing with third parties
Your Privacy Policy should contain the following information:
- Make it clear that personal data given upon registration will be used to send personalized newsletters.
- Explicitly state that no data will be shared with third parties. If data will be shared (for example for affiliate marketing, or for Emarsys partners, see below), name each party (max. 10).
- Mention local legislation by name that you know that your privacy policies are in accordance with, for example the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG) of the Federal Republic of Germany.
Emarsys products which do not need to be included
Covered by the core Platform functionality
The following products do not share data outside the Emarsys Platform:
- Email Channel, including
- Inbox Preview
- Triggered Email
- Send Time Optimization
- Open Time Content
Covered by Web Extend
The following products are covered by whatever you include on web data collection and do not need to be included in your Privacy Policy:
- Smart Insight
- Predict, including:
- Email Recommender
- Web recommender
- Web Channel