GDPR Compliance

The General Data Protection Regulation is a European data protection and privacy regulation that was put in effect in May 25, 2018. GDPR stands to protect the privacy and personal data of individuals within the European Union, as well as addresses the export of data outside of EU borders. GDPR was designed designed to give EU citizens more control over their personal data by putting privacy in the hands of the citizens. GDPR aims at centralizing the rules and processes businesses must follow in order to guard and respect the interests of the European people. Below we explain how to send text messages to European Union citizens while being fully compliant with GDPR.

GDPR Compliance

To send text marketing and automation messages, first you need to legally collect the customer's phone numbers. Legally meaning simply that the customer has given you an explicit "Prior Written Consent" to do so. Cartloop enables 2 ways for merchants to legally collect the prior written consent.

  • Opt in through the website's checkout page — it's the most common way of collecting consent, as customers can opt in while placing an order.
  • Opt in through subscription forms — this refers to on-site popups, modals and other similar forms.

We'll be covering both ways below. Few things to keep in mind:

  • Customers need to agree to your Privacy Policy that needs to be explicitly stated on your website
  • All agreement forms must clearly be visible to customers prior to giving their consent.

Disclaimer: Cartloop is not a legal advisor, so the advice presented here has an informative purpose only. If you have any doubts, please consult with a lawyer who is specialized in GDPR, before using our texts.

I. Privacy Policy

Below let's see the steps you need to take to update your privacy policy so it complies with GDPR.

1. From the Shopify admin panel go to Settings -> Legal

2. In the Privacy Policy text box, you can add your own privacy policy — or click on 'Replace with template' to use a sample one. Copy and paste the text below:
Text Marketing Terms and Conditions:
We are using a text messaging platform, which is subject to the following terms and conditions. By opting-in for our text marketing and notifications in, you agree to these terms and conditions. By entering your phone number in the checkout and initialising a purchase, subscribing via our subscription form or a keyword, you agree that we may send you text notifications (for your order, including abandoned cart reminders) and text marketing offers. You acknowledge that consent is not a condition for any purchase. Your phone number, name and purchase information will be shared with our text messaging platform Elite Ventures LLC dba Cartloop, an US based company with office in Los Angeles, California. This data will be used for sending you personalized marketing messages and notifications. Upon sending the text messages, your phone number will be passed to the text messages operator to fulfill their delivery. If you wish to unsubscribe from receiving text messages at any time reply with STOP to any mobile message sent from us — or use the unsubscribe link we provided you with in any of our messages. You understand and agree that alternative methods of opting out, such as using alternative words or requests will not be accounted as a reasonable means of opting out. Message and data rates may apply. For any questions please text "HELP" to the number you received the messages from. You can also contact us for more information. If you wish to opt out please follow the steps above.
3. Save your changes by clicking the Save button.

II. Collecting consent at Checkout

1. Go to Settings -> Checkout

With your privacy policy updated, let's ensure next you rightfully collecting consent through the checkout page of your website.

2. In the Form options section under Shipping address phone number choose Optional.

3. Scroll to Checkout language section
4. Use CMD+F (or CTRL+F) shortcut find Checkout marketing section. Under Accept marketing checkbox label paste the following text:
Sign up for order updates and exclusive offers via text messages & email

5. Next, search for the Phone label setting on the page:
Under Phone Label and Optional Phone Label add the following text:
Phone for support, offers and updates from the team

6. Save the changes by clicking the Save button.

Way to go. Now your checkout page should be fully compliant with GDPR. Your checkout page should look like this:

III. Unsubscribing customers

Under GDPR, merchants are required to honour all opt out requests.

So you don't have to worry about opt out requests, Cartloop automatically unsubscribes all customers who reply to text messages with “STOP” or "UNSUBSCRIBE". You can also unsubscribe customers manually through the customer profile section, by looking up the phone number or customer name in the Cartloop platform.

Cartloop utilizes smart sending algorithms to send text messages only during the day time in the recipient's timezone. Cartloop adheres to the national DND (Do Not Disturb) register each time a message is sent.

Rest assured that no marketing campaigns will be sent unless they contain a clearly written text giving customers a way to opt out.

If a customer changes their mind and wishes to opt back in to receive text marketing again, they can respond to any of your text messages with “START” or "UNSTOP"