Your Privacy Policy is where you can explain to your customers exactly how you collect, store and manage your data, and how they can exercise their rights under GDPR and other data protection legislation.
In this article we offer guidelines on what to include in your Privacy Policy both in general and specific to each Emarsys product, and suggest standard texts that you can copy and use.
Emarsys is not a law firm specializing in data security legislation, and we do not offer legal advice. We want to help you to understand how this legislation can affect you as an Emarsys customer, and this article assumes that you are using the Emarsys Marketing Platform properly, according to our documentation.
You should always refer to a qualified legal source when it comes to checking whether or not you are compliant in any given situation.
Contents
Introduction
Legislation governing the sending of marketing material varies globally, so you should make sure that the texts you use are suitable for the regions in which you are operating.
However, since you cannot control where a customer will open an email or register on your site, it is a good idea to protect yourself by complying with the most restrictive legislation.
These guidelines were prepared for our customers operating in the German-speaking parts of Europe and are compliant with German email marketing legislation. Since this is among the strictest in the world, we consider them to be a benchmark for best practice policy.
General guidelines
Your Privacy Policy outlines how your company gathers, uses, discloses, and manages your customers' data. This should be made available by a clearly visible link on your website and next to your registration forms. It is also a good idea to include it in the footers of your marketing emails.
Below are some examples of what to include in your Privacy Policy.
On your company
You should include the following information on your company:
- Physical address
- Email address
- Telephone number
- Tax ID number (where applicable)
- Authorized representative
You should also include details on how to contact you on matters relating to data protection, and mention your data protection officer, if you have one.
On email newsletters
Regarding email newsletters, the most important factors are openness about the content they will receive, and reassurance that they can easily opt out.
Your Privacy Policy should contain the following information:
- A description of the content that they will receive in the newsletter, such as new products, valuable tips, company news and exclusive offers.
- A description of the subscription process, e.g. if they will receive a confirmation email with an activation link to start receiving the newsletter.
- A description of the unsubscribe process in detail, giving the location of your unsubscribe link.
- Details of who will be sending the recipient what type of emails, and at what frequency.
Suggested text explaining your policy for email newsletters
By subscribing to our free newsletter you will be the first to learn about new products, valuable tips and news as well as exclusive offers. After signing up you will receive a confirmation email with an activation link to start receiving the newsletter. If you no longer wish to receive our newsletter you can unsubscribe at any time, simply by clicking the “Unsubscribe" link in the footer of any of our newsletters or by sending an email to email@company.com.
On product recommendations via email, based on UWG §7 (3)
After a customer has bought a product, it may be in their interest to receive further information relating to that product, even if they have not explicitly opted in for such content. This is a gray area which this German law attempts to clarify.
Where relevant, your Privacy Policy should contain the following information:
- If local legislation permits the unsolicited sending of certain types of content, mention this explicitly in a separate section.
- Clearly state that the contact can also opt out of these at no additional cost (beyond the costs of a working Internet connection) and give the location of the unsubscribe link and any additional unsubscribe methods.
Suggested text explaining your policy on sending product recommendations via email, based on UWG §7 (3)
According to Section 7 para. 3 Act Against Unfair Competition (UWG) of the Federal Republic of Germany we are entitled to use the email address specified during a purchase in our shop for direct marketing activities for our own similar products or services. If you do not wish to receive our product recommendations any longer, you can unsubscribe from them at any time without costs other than the transmission costs pursuant to the basic tariffs being incurred in this regard. Unsubscription can simply be done by clicking the “Unsubscribe" link in the footer of any of our product recommendations or by sending an email to email@company.com.
On web data collection
For a detailed explanation of how our web tracking works, please read:
The most important goal for you in this regard is to explain to the reader that data is collected for their benefit, so that you can send them only relevant information, tailored to their preferences.
Cookies
Your Privacy Policy should already contain a passage relating to cookies, what they do and how to disable them. You may want to mention that you use third-party cookies to track visitors across your site and offer them tailored content based on their browsing history.
Suggested text for third-party cookies
Our website uses cookies from 3rd-party service providers that allow us to improve the quality of the content we offer you during your visit. These cookies may collect your IP address and non-personal data about your visits. This is completely anonymous and does not include your name, address, email address or other personal information. In the case of logged-in visitors, we collect only a single encrypted identifier that cannot be used to identify you. Additionally, these cookies are used to gather anonymous statistical information on how the website is browsed. These cookies will expire after 1 year.
Web data collection scripts
The Web Extend commands are what update a contact profile with the data collected during their visits. You should explain this and offer the visitor a chance to opt out of the profile enrichment.
Suggested text for profile enrichment
In the case of logged-in visitors, our website also uses JavaScript commands to collect browse and purchase data. This data is used to enrich your customer profile and helps us to provide a personalized experience for you across all our touchpoints. You can opt out of this profile enrichment by [give details of your data collection out-out process].
On data sharing with third parties
Your Privacy Policy should contain the following information:
- Make it clear that personal data given upon registration will be used to send personalized newsletters.
- Explicitly state that no data will be shared with third parties. If data will be shared (for example for affiliate marketing, or for Emarsys partners, see below), name each party (max. 10).
- Mention local legislation by name that you know that your privacy policies are in accordance with, for example the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG) of the Federal Republic of Germany.
Explaining your policy is you share no data with third parties
If you have signed up for the newsletter, your personal data that you gave upon registration will be used to send you personalized newsletters. No data will be shared with third parties. Our privacy policies are in accordance with the Federal Data Protection Act (BDSG) and the Telemedia Act (TMG) of the Federal Republic of Germany.
Suggested texts for specific Emarsys products
Below are some suggested texts relating to Emarsys products which pass data of any sort to third parties. Text in bold should be replaced or deleted as appropriate.
CRM Ads
“We use [please specify: Facebook Audience Manager, Google Customer Match or other third party advertising network] to target you with advertising which we think is the most relevant to you from time to time. This feature allows us to target ads to you as part of a specific set of people, based on your preferences. We do not transfer any of your [personal data/personally identifiable information (PII)], such as name or email address, to such third party network(s). These networks only receive a unique identifier. You can manage your privacy settings in the privacy tab of your account(s) with such third parties. You can find further details on [Facebook Audience Manager, Google Customer Match or other third party advertising network] here [link to Facebook Audience Manager, Google Customer Match or other third party advertising network feature description and privacy policy].”
Emarsys products which do not need to be included
Covered by the core Platform functionality
The following products do not share data outside the Emarsys Marketing Platform:
- Email Channel, including
- Inbox Preview
- Triggered Email
- Send Time Optimization
- Incentive Recommendation
- Open Time Content
Covered by Web Extend
The following products are covered by whatever you include on web data collection and do not need to be included in your Privacy Policy:
- Smart Insight
- Predict, including:
- Email Recommender
- Web recommender
- Web Channel