Email compliance self-assessment – Emarsys

For you to enjoy all the benefits of email sending via the Emarsys infrastructure, we need to know that all the relevant aspects of your digital marketing strategies are compliant with our standards and with international legislation.

For this we ask you to fill out our Email channel setup form.

This article is to help you conduct your own audit, by drawing your attention to the areas where you need to be most careful. We ask you to read through it and send us a summary of your findings.

Important note

With increasing pressure on data and marketing compliance, please let us know if there are any elements of your marketing program which you feel need to be improved – our experienced teams are here to help. During the email onboarding process your emails are scrutinized more than ever, so giving us early visibility of potential issues helps us tailor a migration and ramp-up plan which will work for you.

Compliance responsibilities

Legal compliance
Your marketing program complies with local data protection, privacy, marketing and advertising laws.	Yes / No
Your marketing team is given the training, monitoring and support necessary to understand and comply with local laws.	Yes / No

Digital marketing self-assessment

Our self-assessment process helps you understand how to make your digital marketing program more successful and tells us what we need to know so that we can deliver your emails more effectively.

You may need to involve your technology, marketing and website teams, and make sure you verify your answers before you submit them.

Use of personal data
You have an internal data retention policy or a customer lifecycle process which defines when customer data should be deleted.	Yes / No
You explain your data lifecycle or data retention policy to your customers, either when collecting data or via an easily-accessible section of your Privacy Policy.	Yes / No
You have processes in place to delete data when it is no longer needed.	Yes / No

Your email marketing lists		Specific answers
You can differentiate between active and inactive recipients	Yes/No	How do you define 'active'?
Mailing list volumes, based on your definition	Full mailing list
	Active contacts
	Inactive contacts
	Unknown

Your emails and marketing campaigns
All your marketing emails contain an easy-to-use unsubscribe link.	Yes / No
All your email content is in line with the expectations of the recipients.	Yes / No
All your emails identify your brand which your recipients can recognize: The From name and From email address identify your brand. Links go to your website. The branding reflects your website branding. The email footer information satisfies local legal requirements. When sending third party content, relevant explanatory information is included.	Yes / No

Sign-up, registration forms and opt-in processes
Marketing consent is optional and has all of the following: It is managed separately from other agreements. It requires a “positive action”, such as an optional email field which is labelled as being for marketing purposes, an un-checked box or radio button, or some other separate and distinct action indicating consent.	Yes / No
For customer “soft-opt-in”, where an email address is collected as part of the sales process: Marketing consent is optional during the checkout process and it is easy to opt out. All future marketing consent is related only to that specific sale, product or service.	Yes / No
All the information collected is necessary. There are no unnecessary mandatory fields. It is clear why each piece of personal information is collected.	Yes / No
Opt out Customer can easily opt out of marketing emails.	Yes / No

Privacy Policy / Privacy Notice
Your Privacy Policy is easily accessible during your sign-up and account creation processes. The Privacy Policy is easy to find. The Privacy Policy can be accessed without interrupting the sign-up or account creation process.	Yes / No
Your Privacy Policy is easy to read. The Privacy Policy can be read on a mobile device. Privacy information is written in language appropriate for the audience. The layout is easy to navigate.	Yes / No
Your Privacy Policy explains how you use marketing data. Marketing communications are explained. If you collect other personal, demographic or behavioral information, that usage is explained. If you share marketing data, that sharing is explained.	Yes / No
Your Privacy Policy explains data subject rights. You provide contact details for your company and your Data Protection Officer. The different marketing unsubscribe options and preferences are explained. Rights relating to data erasure and processing are explained. If you share marketing data, rights relating to that sharing is explained.	Yes / No

CSA allowlist

As an Emarsys customer you can take advantage of our CSA certification. This certification is evidence of the highest standard in responsible digital marketing.

CSA-certified senders like Emarsys must agree to comply with strict legal and technical quality standards for email. In return, their IP ranges are added to allowlists and receive priority inbox placement from the ISPs that respect these allowlists.

What is CSA certification?

To learn more about what the CSA is, watch this short video.

What do I need to do?

Read through the checklist below and verify that you meet the required standards.
Complete and sign (or digitally sign) the application form and return the application form (fees apply*).
Emarsys will then perform a CSA assessment.
Passing the assessment allows Emarsys to assign you to a segregated delivery platform offering for certified senders, giving the very best delivery service.
Should you be unsuccessful, Emarsys will explain what needs to be implemented to reach the CSA requirements.

CSA assessment fees

Initial CSA assessment: €500.
Annual re-assessment, required for continued allowlist membership: €200.

If your email marketing processes are not ready for CSA, you can still start sending with Emarsys without delay and defer the CSA assessment until you are ready.

CSA / Platinum Sender - additional requirements
In addition to what is described in Your emails and marketing campaigns, above, your emails templates must use one-click List-unsubscribe.	Yes / No
In addition to what is described in Sign-up, registration forms and opt-in processes, above, your sign-up forms must contain: Text describing the unsubscribe process next to the collection of email address and opt-in. A description of the type and content of the emails that are being subscribed to. No mandatory fields other than email address for purely email opt-in The names of any companies (up to 10) that you send emails on behalf - not just a reference to “other trusted partners” or similar.	Yes / No
In addition to what is described in Privacy Policy, above, this document must contain: Your company name (not just brand name), address and VAT/Sales tax number. Your contact details (physical address, email address, phone number). The contact details of your Data Protection Officer or other authorized representative. The names of any companies (up to 10) that you send emails on behalf - not just a reference to “other trusted partners” or similar. The names of any third parties who process data for you, if that is the case. A clear statement that no data is shared with any other third parties, if that is the case.	Yes / No

Legal compliance
Your marketing program complies with local data protection, privacy, marketing and advertising laws.	Yes / No
Your marketing team is given the training, monitoring and support necessary to understand and comply with local laws.	Yes / No

Sending via a CSA allowlist member IP range is expected by ISPs in Germany, Austria and Switzerland. Failure to do so may harm inbox placement rates.

For senders outside this region, having CSA allowlist membership is certainly an advantage because globally, ISPs will always be inclined to give preferential treatment to senders who have made the effort to be seen to be compliant.

Resources and references

Our guide to best practice for opt-in: https://help.emarsys.com/hc/en-us/articles/115004924925-Best-Practices-for-opt-in
Our guide to best practices for the Privacy Policy: https://help.emarsys.com/hc/en-us/articles/360005406913-Best-Practices-for-your-Privacy-Policy
CSA admission requirements and recommendations: https://certified-senders.org/wp-content/uploads/2017/07/CSA_Admission_Criteria.pdf
Pre-GDPR, the differences in legal requirements for email marketing in Germany, Austria and Switzerland: https://certified-senders.org/wp-content/uploads/2017/07/The-legal-situation-for-email-marketing-in-Germany-Austria-and-Switzerland.pdf
UWG https://www.gesetze-im-internet.de/englisch_uwg/englisch_uwg.html#p0100

First Steps