Optimizely is a partner of the Certified Senders Alliance (CSA) and takes part in their allowlisting program, which complies with GDPR and ensures legal conformity of the sender's email marketing processes. CSA allowlisting offers preferred delivery and better inbox placement at participating Internet Service Providers. Participation in the program involves technical and legal standards that are decisive pillars of the program, which must be fulfilled by each sender. The following sections provide an overview of the CSA’s legal standards and how to implement them.
Opt-in requirements
Newsletters based on GDPR article 6
Generally, marketing emails that contain any type of advertising and aim at a sale need the recipient's consent. Double opt-in (DOI) is a requirement for Optimizely Campaign to comply with GDPR and CSA documentation requirements because it is the only procedure that grants traceability to ensure that only authorized user can subscribe.
Product recommendations based on EU directive 2002/58/EC (41)
Alternatively, recommendations about similar products and services may be sent to customers who made a purchase without their explicit consent. However, because this type of email is usually a source of spam complaints, stricter formal requirements apply.
Newsletter registration form requisites
Must haves
- Consent must be given actively; pre-checked check boxes are not allowed.
- Consent must not be coupled with subscriptions to other services.
- It must be clear from whom the subscriber is going to receive what content.
- A remark indicating that unsubscription is possible at any time and by which methods, at least an Unsubscribe link and email address, must be clearly visible when the email address is collected.
- A maximum of 10 third parties, including sponsors, must be explicitly named.
- The email address is the only mandatory field; all other fields must be optional. (This refers to pure newsletter registration forms only; account registration or checkout forms may have more mandatory fields.)
Nice to haves
- A link to the privacy policy in every contact acquisition form.
- The recipient should be informed about the newsletter frequency.
Newsletter content
- A full legal imprint needs to be in the email footer including: physical address, email address, phone number, authorized representative and business registration number.
- Unsubscribe and privacy policy links need to be in the email footer.
Customer relationship requisites for checkout acquisition forms
Must haves
- The address was acquired through a purchase; a transaction was made, and the product was not returned.
- The address is used for direct advertising of own similar goods or services.
- The customer has not objected to this use, meaning there was no previous unsubscribe from commercial emails.
- A remark stating that emails about similar products or services will be sent must be clearly visible when the email address is collected.
- The form must contain information that one can unsubscribe at any time “without costs other than the transmission costs pursuant to the basic rates being incurred in this regard” or similar and by which methods, at least unsubscribe link and email address.
Nice to haves
- Include a link to the privacy policy in every contact acquisition form.
- Inform the recipient about the newsletter frequency.
Product recommendation content
- The products advertised need to be similar to the product purchased. “Similar” means they have the same sense and can be used in the same way. No other advertising must be included.
- A full legal imprint is in the email footer: physical address, email address, phone number, authorized representative and business registration number.
- Unsubscribe and privacy policy links are in the email footer.
- The email also contains information that one can unsubscribe from it "without costs other than the transmission costs pursuant to the basic rates being incurred in this regard".
Requisites for combining newsletters and product recommendations
If you want to send both newsletters with opt-in (GDPR article 6) and product recommendations without opt-in (EU Directive 2002/58/EC (41)), the CSA requires the following format: An opt-in checkbox for the newsletters, and an opt-out checkbox for product recommendations based on a purchase.
You may send emails with a wide range of content to recipients with an opt-in. You may only send emails with advertising for similar products and non-promotional emails to recipients without an opt-in who have not opted-out to product recommendations.
All other requirements mentioned above remain in place.
Imprint requisites
- An imprint page must be present on the website and accessible.
- The imprint page must contain: physical address, email address, phone number, VAT identification number, and authorized representative.
Privacy policy requisites
Must haves
- A privacy policy page must be present on the website and accessible.
- The recipient must be informed from which sender he or she is going to receive which type of emails.
Newsletter
- A remark must be present that indicates that unsubscription is possible at any time and by which methods (at least unsubscribe link and email).
- A maximum of 10 third parties, including sponsors, must be explicitly named.
Customer relationship
- A remark stating that emails about similar products or services will be sent must be clearly visible.
- The privacy policy must contain the information that one can unsubscribe at any time “without costs other than the transmission costs pursuant to the basic rates being incurred in this regard” or similar and by which method, at least unsubscribe link and email address.
Nice To haves
- The recipient should be informed about the frequency of the newsletters or product recommendations.
Unsubscribe requisites
- Unsubscription must be easy and requires no more than two clicks.
- Unsubscription must be free.
- No further login must be required.
- No persuasive language must be used.
Registration data requisites
Must haves
- Context of contact acquisition (newsletter, customer relationship and so on).
- URL / screenshot of online registration form or scan of offline registration form / contract.
- Type of opt-in given, if applicable (double opt-in, single opt-in and so on).
- Date and time of registration, and DOI confirmation.
Newsletter
- Declaration of consent as presented when email address is collected.
Customer relationship
- Remark informing recipient that contradiction to this type of advertising is possible at any time as presented .
- Purchase data.
Nice to haves
- IP address of registration and of DOI confirmation
Bounce management
The sender must remove an e-mail address from the recipient list if a mailbox cannot be reached. This must happen at the latest if three hard bounces have occurred. This is the default setting in your Optimizely Campaign client. If your messages show a high hard bounce rate, our support team will contact you to take additional actions to prevent reputation loss or blocking of your sending domain.
Please sign in to leave a comment.