Skip to main content
Anti-spam policy

Safeguarding Your Data

Anti-spam policy

Contacts and permissions

Before adding new recipients to your contact list, you need to ensure that you have the proper permission for each and every recipient on your list.

Without proper permission, you run the risk of getting reported for spam, or worse, being sued or facing monetary penalties under anti-spam laws.

The basic principle of permission is that you can only email people who have explicitly given you permission to contact them, and only about topics or subjects that they have specifically agreed to. Failure to ensure that all your recipients fall into the “Acceptable Use” category below will result in immediate termination of your account.

Acceptable Use

Explicitly opted in with you online

A recipient subscribed to your list online and opted in for one or several types of mailings, for example by clicking one or more subject-related checkboxes that were unselected by default. Co-registration on a partner’s site is OK as long as there are separate opt-in options for each list and it is clear to users that they are subscribing to your list. If you haven’t sent the recipient email in over 6 months, we recommend a reintroduction message reminding them what they subscribed to, and when.

Explicitly opted in with you offline

A recipient completed your offline form, survey or participated in your contest and gave their express permission to be contacted by email about specific subject(s), for example by ticking an empty checkbox.

Gave you their business card

If it’s absolutely clear that by giving their card the recipient would be added to a list with a particular subject matter, you have permission. We recommend an introductory message reminding them what they subscribed to, and when.

Explicitly opted in for the subject you are contacting them about

When opting in, it should be clear to the recipient what the nature of the mailings will be. For example, just because someone opted in for updates about a specific product doesn’t mean you can also add them to your general newsletter or promotional mailings for other products.

Implied consent through an existing business relationship

You must obtain explicit consent from these recipients within 6 (six) months if they have not effected a purchase with your business or within 2 (two) years if they have effected a purchase with your business.

Unacceptable Use

Email address copied from the Internet or other source

Just because someone published an email address online, in a directory or on a business card, doesn’t mean they’ve given permission to be added to your mailing list.

No email sent to recipient’s address in over 2 years

Even when proper permission is granted, it doesn’t last forever. When too much time goes by, people forget they opted in and will consider your email to be spam. The industry norm is that permission expires after 2 years of no contact.

Email address obtained from a third party

If you purchased, rented, borrowed or otherwise acquired a list from another party, even if it’s an opt-in list, the recipients didn’t give their permission to hear from you specifically.

Recipient is a customer but hasn’t opted in

Just because someone was your customer doesn’t give you explicit permission to send them email marketing messages. They would first have to opt in for the specific subject about which you are contacting them.

Email address is generic and used by several people

You cannot email to generic email addresses like sales@domain.com, admin@domain.com or webmaster@domain.com because they are often role-based and the users of such addresses change frequently. The only exception to this rule would be if you knew the recipient and were sure that it was their permanent individual email address.

Email address is a distribution list or mailing list

You cannot send email to any address that forwards to more than one person because it is impossible to determine whether all recipients have given permission, and there is no way for them to unsubscribe individually.

Mandatory content

Every email you send using EspecialMail must include the following:

  • A unsubscribe link that instantly removes the subscriber from your list
  • The name and physical address of the sender
Compliance under Canada’s Anti-Spam Law (“CASL”)

If you send emails to Canadian recipients, whether you are located in Canada or not, as of July 1, 2014 you may be subject to An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act (informally known as Canada’s Anti-Spam Law, CASL).

If you send Commercial Electronic Messages to Canadian recipients, you are most likely subject to CASL regulation. Commercial Electronic Messages (“CEM”s) are defined as any electronic messages including emails which encourage participation in a commercial activity, without regard to an expectation of profit. There are certain exceptions, but they are limited. IT IS YOUR RESPONSIBILITY TO DETERMINE WHETHER THE EMAILS YOU SEND USING ESPECIALMAIL ARE SUBJECT TO CASL REGULATION. Failure to comply with CASL may result in severe administrative monetary penalties (up to $10,000,000 for organizations).

As specified in the Terms of Use, EspecialMail shall in no way be held responsible for your violation(s) of CASL. If you are unsure whether your emails are subject to CASL, we suggest you consult an attorney. More information about CASL generally can also be found in EspecialMail’s Knowledge Base and at the Government of Canada’s Anti-Spam website. Compliance under CASL is more stringent than under other anti-spam laws, and more stringent than the general guidelines given further up in this Policy.

As a general rule, to be compliant under CASL you must: (1) have obtained valid consent to send a recipient a CEM and (2) your CEM must contain certain information, including an unsubscribe mechanism with certain requirements. To visit the CRTC Anti-Spam portal, please visit: http://fightspam.gc.ca To get more information about the CAN-SPAM Act, visit https://www.ftc.gov/tips-advice/business-center/guidance/can-spam-act-compliance-guide-business To get more information about the EU Data Protection Reform, visit http://ec.europa.eu/justice/data-protection/reform/index_en.htm

Valid Consent under CASL

When collecting an email address (for example via a web form or paper form) for your mailing list, the following information must be present for the consent to be valid under CASL:

  • The name of person or organization asking for consent;
  • The specific purpose for which you are obtaining consent (e.g. “receive offers from Company Name”, “Receive Company Name’s newsletter”);
  • A notice that the subscriber can withdraw their consent at any time; and
  • Contact information, which must include a physical mailing address AND an electronic communications method, whether email or phone or a web page contact form. A hyperlink to a web page with all this contact information is acceptable.

If you are seeking consent on behalf of another organization, that third party organization must be identified as well.

Content Requirements for a CEM under CASL

Every CEM sent must include the following information:

  • The name of the person or organization sending the CEM, or if the CEM is being sent on behalf of another person / organization, the name of the person / organization on whose behalf the CEM is sent;
  • If the CEM is sent on behalf of another person / organization, a statement saying so;
  • Contact information, which must include a physical mailing address AND an electronic communications method, whether email or phone or a web page contact form. A hyperlink to a web page with all this contact information is acceptable; and
  • A valid unsubscribe mechanism.

Valid Unsubscribe Mechanism

In order for the unsubscribe mechanism to conform to CASL requirements, it must:

  • Enable the recipient (at no cost) to readily remove themselves from the mailing list;
  • Stay valid for a minimum of 60 days after the CEM has been sent; and
  • Process requests without delay and be effective not more than 10 business days after the request is made.

If you use the unsubscribe mechanism provided by EspecialMail, it will conform to these requirements. If you have determined that your emails are subject to CASL regulation, you must adhere to all these requirements.

Compliance with GDPR

If you send emails to Canadian recipients, whether you are located in Canada or not, as of July 1, 2014 you may be subject to An Act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act (informally known as Canada’s Anti-Spam Law, CASL).

If you send Commercial Electronic Messages to Canadian recipients, you are most likely subject to CASL regulation. Commercial Electronic Messages (“CEM”s) are defined as any electronic messages including emails which encourage participation in a commercial activity, without regard to an expectation of profit. There are certain exceptions, but they are limited. IT IS YOUR RESPONSIBILITY TO DETERMINE WHETHER THE EMAILS YOU SEND USING ESPECIALMAIL ARE SUBJECT TO CASL REGULATION. Failure to comply with CASL may result in severe administrative monetary penalties (up to $10,000,000 for organizations).

As specified in the Terms of Use, EspecialMail shall in no way be held responsible for your violation(s) of CASL. If you are unsure whether your emails are subject to CASL, we suggest you consult an attorney. More information about CASL generally can also be found in EspecialMail’s Knowledge Base and at the Government of Canada’s Anti-Spam website. Compliance under CASL is more stringent than under other anti-spam laws, and more stringent than the general guidelines given further up in this Policy.

As a general rule, to be compliant under CASL you must: (1) have obtained valid consent to send a recipient a CEM and (2) your CEM must contain certain information, including an unsubscribe mechanism with certain requirements. To visit the CRTC Anti-Spam portal, please visit: http://fightspam.gc.ca To get more information about the CAN-SPAM Act, visit https://www.ftc.gov/tips-advice/business-center/guidance/can-spam-act-compliance-guide-business To get more information about the EU Data Protection Reform, visit http://ec.europa.eu/justice/data-protection/reform/index_en.htm

Valid Consent under CASL

When collecting an email address (for example via a web form or paper form) for your mailing list, the following information must be present for the consent to be valid under CASL:

  • The name of person or organization asking for consent;
  • The specific purpose for which you are obtaining consent (e.g. “receive offers from Company Name”, “Receive Company Name’s newsletter”);
  • A notice that the subscriber can withdraw their consent at any time; and
  • Contact information, which must include a physical mailing address AND an electronic communications method, whether email or phone or a web page contact form. A hyperlink to a web page with all this contact information is acceptable.

If you are seeking consent on behalf of another organization, that third party organization must be identified as well.

Content Requirements for a CEM under CASL

Every CEM sent must include the following information:

  • The name of the person or organization sending the CEM, or if the CEM is being sent on behalf of another person / organization, the name of the person / organization on whose behalf the CEM is sent;
  • If the CEM is sent on behalf of another person / organization, a statement saying so;
  • Contact information, which must include a physical mailing address AND an electronic communications method, whether email or phone or a web page contact form. A hyperlink to a web page with all this contact information is acceptable; and
  • A valid unsubscribe mechanism.

Valid Unsubscribe Mechanism

I

If you send emails to European recipients, whether you are located in Europe or not, you may be subject to the provisions set forth in the General Data Protection Regulation (GDPR).

 

By using our platform, you confirm that you will handle and process personal data in accordance with the GDPR’s requirements, including but not limited to obtaining valid consent, providing data subject rights, implementing appropriate security measures, and facilitating the lawful transfer of data.

 

You agree to assume full responsibility for ensuring your compliance with the GDPR and any other applicable data protection laws. We reserve the right to verify your compliance with these regulations, and failure to comply may result in the suspension or termination of your account without prior notice.

Determine a Data Controller

You acknowledge and agree that an individual will be deemed Data Controller. If no such person is determined, the person with the highest rank at the sender’s corporation will be deemed the Data Controller.

Data Processing Agreement

In accordance with the requirements of the GDPR, we offer a Data Processing Agreement (DPA) that outlines our responsibilities as a data processor and your responsibilities as a data controller. By using our Services, you agree to enter into a DPA with us if required by the GDPR. For mor information, and to see the Agreement, please refer to the Privacy Policy

 

Data Subject Rights

You acknowledge and agree that the data controller is responsible to respond to requests from data subjects exercising their rights under the GDPR, including but not limited to the rights of access, rectification, erasure, restriction of processing, data portability, and objection. We will assist you in fulfilling these requests to the extent reasonably possible.

 

Lawful Basis for Processing

You represent and warrant that you have a lawful basis for processing personal data under the GDPR. You shall ensure that any personal data provided to us for processing is done so in compliance with the GDPR’s requirements for lawful processing, including obtaining valid consent when necessary.

 

Security Measures

You agree to implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk involved in the processing of personal data. This includes protecting personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

 

Data Breach Notification

In the event of a personal data breach, you agree to notify us without undue delay. We will cooperate with you and assist you in fulfilling your obligations under the GDPR regarding data breach notification to the relevant supervisory authority and affected data subjects.

 

Data Transfers

If personal data is transferred from the European Economic Area (EEA) to a country outside the EEA, you agree to ensure that appropriate safeguards are in place, such as using standard contractual clauses or relying on an adequacy decision, to protect the personal data in accordance with the GDPR’s requirements.

 

Data Retention and Deletion

You shall only retain personal data for as long as necessary to fulfill the purposes for which it was collected or as required by applicable laws. You agree to comply with requests from data subjects for the erasure of their personal data, subject to any legal obligations to retain certain data.

 

Subprocessors

You acknowledge and agree that we may engage subprocessors to process personal data on our behalf. We will ensure that any subprocessors we engage provide sufficient guarantees regarding their technical and organizational measures to protect personal data in accordance with the GDPR.

 

Audit and Compliance

We may, at our discretion, conduct audits or assessments to verify your compliance with the GDPR and these Terms of Use. You agree to cooperate with us in any such audits or assessments and provide us with any information or documentation reasonably requested.

 

Changes to GDPR Requirements

In the event that there are changes or updates to the GDPR or other applicable data protection laws, we reserve the right to modify these Terms of Use to ensure compliance. We will notify you of any material changes to these Terms of Use or our data processing practices as required by applicable law.

Other Anti-Spam Legislation

Depending on where you operate, you may be subject to additional anti-spam laws in force in certain countries. It is your responsibility to determine whether you are subject to your national anti-spam legislation, and if you are, to be compliant with said legislation. As outlined in the Terms of Use, EspecialMail shall in no way be held responsible for your violation of any anti-spam law which may be applicable to you, and may terminate your account for violation(s) of said laws.

US CAN-SPAM Act

Law 25 in Quebec

California Consumer Privacy Act

Unsubscribe

If you have received an email from one of our clients and wish to be unsubscribed, please forward it to questions@especialmail.com.

Copyright © 2023 Especial Mail

Site Credits: Design4Conversion