Privacy Policy Template for Email Marketing & Newsletters

If you’re part of the vast majority of marketers and business owners who invest in email marketing, you’re legally required to have a privacy policy that details what you do with the email addresses and other personal data of your users.

Failure to do so can result in massive penalties.

In this article, we provide you with a free privacy policy for email marketing, explain in detail why you need this legal document, and show real-world email privacy policy examples.

Table of Contents

Email Marketing Privacy Policy Template [Full Text and Download]
Why You Need a Clause for Emails in Your Privacy Policy
Laws that Require Email Clauses in Privacy Policies & Govern Email Marketing
Creating an Email Privacy Policy
Considerations for Email Newsletters
Examples of Email Privacy Policies & Compliant Marketing Emails
Conclusion

1. Email Marketing Privacy Policy Template [Full Text and Download]

Click the box below to see a privacy policy for your website — which includes the necessary clauses on email marketing — or click the button beneath it to download the privacy policy template in Microsoft Word and PDF formats.

Privacy Policy Template for Email Marketing [Text Format]

WEBSITE AND EMAIL PRIVACY POLICY TEMPLATE

Last updated [Date]

INTRODUCTION

[BUSINESS ENTITY NAME] (“we” or “us” or “our”) respects the privacy of our users (“user” or “you”). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website [name of website.com] [and our mobile application], including any other media form, media channel, mobile website, or mobile application related or connected thereto (collectively, the “Site”). Please read this privacy policy carefully. If you do not agree with the terms of this privacy policy, please do not access the site.

We reserve the right to make changes to this Privacy Policy at any time and for any reason. We will alert you about any changes by updating the “Last Updated” date of this Privacy Policy. Any changes or modifications will be effective immediately upon posting the updated Privacy Policy on the Site, and you waive the right to receive specific notice of each such change or modification.

You are encouraged to periodically review this Privacy Policy to stay informed of updates. You will be deemed to have been made aware of, will be subject to, and will be deemed to have accepted the changes in any revised Privacy Policy by your continued use of the Site after the date such revised Privacy Policy is posted. This template was created using Termly’s Privacy Policy Generator.

COLLECTION OF YOUR INFORMATION

We may collect information about you in a variety of ways. The information we may collect on the Site includes:

Personal Data

Personally identifiable information, such as your name, shipping address, email address, and telephone number, and demographic information, such as your age, gender, hometown, and interests, that you voluntarily give to us [when you register with the Site [or our mobile application,] or] when you choose to participate in various activities related to the Site [and our mobile application], such as online chat and message boards and subscription to newsletters and promotional emails. You are under no obligation to provide us with personal information of any kind, however your refusal to do so may prevent you from using certain features of the Site [and our mobile application].

Derivative Data

Information our servers automatically collect when you access the Site, such as your IP address, your browser type, your operating system, your access times, and the pages you have viewed directly before and after accessing the Site. [If you are using our mobile application, this information may also include your device name and type, your operating system, your phone number, your country, your likes and replies to a post, and other interactions with the application and other users via server log files, as well as any other information you choose to provide.]

Financial Data

Financial information, such as data related to your payment method (e.g. valid credit card number, card brand, expiration date) that we may collect when you purchase, order, return, exchange, or request information about our services from the Site [or our mobile application]. [We store only very limited, if any, financial information that we collect. Otherwise, all financial information is stored by our payment processor, [Amazon Payments,] [Authorize.Net,] [Braintree Payments,] [Chargify,] [Dwolla,] [Google Checkout,] [Paypal,] [SafeCharge,] [Stripe,] [WePay,] [2Checkout,] [other], and you are encouraged to review their privacy policy and contact them directly for responses to your questions.]

Facebook Permissions

The Site [and our mobile application] may by default access your Facebook basic account information, including your name, email, gender, birthday, current city, and profile picture URL, as well as other information that you choose to make public. We may also request access to other permissions related to your account, such as friends, checkins, and likes, and you may choose to grant or deny us access to each individual permission. For more information regarding Facebook permissions, refer to the Facebook Permissions Reference page.

Data From Social Networks

User information from social networking sites, such as [Apple’s Game Center, Facebook, Google+, Instagram, Pinterest, Twitter], including your name, your social network username, location, gender, birth date, email address, profile picture, and public data for contacts, if you connect your account to such social networks. [If you are using our mobile application, this information may also include the contact information of anyone you invite to use and/or join our mobile application.]

Mobile Device Data

Device information, such as your mobile device ID, model, and manufacturer, and information about the location of your device, if you access the Site from a mobile device.

Third-Party Data

Information from third parties, such as personal information or network friends, if you connect your account to the third party and grant the Site permission to access this information.

Data From Contests, Giveaways, and Surveys

Personal and other information you may provide when entering contests or giveaways and/or responding to surveys.

Mobile Application Information

If you connect using our mobile application:

Geo-Location Information. We may request access or permission to and track location-based information from your mobile device, either continuously or while you are using our mobile application, to provide location-based services. If you wish to change our access or permissions, you may do so in your device’s settings.
Mobile Device Access. We may request access or permission to certain features from your mobile device, including your mobile device’s [bluetooth, calendar, camera, contacts, microphone, reminders, sensors, SMS messages, social media accounts, storage,] and other features. If you wish to change our access or permissions, you may do so in your device’s settings.
Mobile Device Data. We may collect device information (such as your mobile device ID, model and manufacturer), operating system, version information and IP address.
Push Notifications. We may request to send you push notifications regarding your account or the Application. If you wish to opt-out from receiving these types of communications, you may turn them off in your device’s settings.

USE OF YOUR INFORMATION

Having accurate information about you permits us to provide you with a smooth, efficient, and customized experience. Specifically, we may use information collected about you via the Site [or our mobile application] to:

Administer sweepstakes, promotions, and contests.
Assist law enforcement and respond to subpoena.
Compile anonymous statistical data and analysis for use internally or with third parties.
Create and manage your account.
Deliver targeted advertising, coupons, newsletters, and other information regarding promotions and the Site [and our mobile application] to you.
Email you regarding your account or order.
Enable user-to-user communications.
Fulfill and manage purchases, orders, payments, and other transactions related to the Site [and our mobile application].
Generate a personal profile about you to make future visits to the Site [and our mobile application] more personalized.
Increase the efficiency and operation of the Site [and our mobile application].
Monitor and analyze usage and trends to improve your experience with the Site [and our mobile application].
Notify you of updates to the Site [and our mobile application].
Offer new products, services, [mobile applications,] and/or recommendations to you.
Perform other business activities as needed.
Prevent fraudulent transactions, monitor against theft, and protect against criminal activity.
Process payments and refunds.
Request feedback and contact you about your use of the Site [and our mobile application].
Resolve disputes and troubleshoot problems.
Respond to product and customer service requests.
Send you a newsletter.
Solicit support for the Site [and our mobile application].
[Other]

DISCLOSURE OF YOUR INFORMATION

We may share information we have collected about you in certain situations. Your information may be disclosed as follows:

By Law or to Protect Rights

If we believe the release of information about you is necessary to respond to legal process, to investigate or remedy potential violations of our policies, or to protect the rights, property, and safety of others, we may share your information as permitted or required by any applicable law, rule, or regulation. This includes exchanging information with other entities for fraud protection and credit risk reduction.

Third-Party Service Providers

We may share your information with third parties that perform services for us or on our behalf, including payment processing, data analysis, email delivery, hosting services, customer service, and marketing assistance.

Marketing Communications

With your consent, or with an opportunity for you to withdraw consent, we may share your information with third parties for marketing purposes, as permitted by law.

Interactions with Other Users

If you interact with other users of the Site [and our mobile application], those users may see your name, profile photo, and descriptions of your activity, including sending invitations to other users, chatting with other users, liking posts, following blogs.

Online Postings

When you post comments, contributions or other content to the Site [or our mobile applications], your posts may be viewed by all users and may be publicly distributed outside the Site [and our mobile application] in perpetuity.

Third-Party Advertisers

We may use third-party advertising companies to serve ads when you visit the Site [or our mobile application]. These companies may use information about your visits to the Site [and our mobile application] and other websites that are contained in web cookies in order to provide advertisements about goods and services of interest to you.

Affiliates

We may share your information with our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates include our parent company and any subsidiaries, joint venture partners or other companies that we control or that are under common control with us.

Business Partners

We may share your information with our business partners to offer you certain products, services or promotions.

[Offer Wall

Our mobile application may display a third-party hosted “offer wall.” Such an offer wall allows third-party advertisers to offer virtual currency, gifts, or other items to users in return for acceptance and completion of an advertisement offer. Such an offer wall may appear in our mobile application and be displayed to you based on certain data, such as your geographic area or demographic information. When you click on an offer wall, you will leave our mobile application. A unique identifier, such as your user ID, will be shared with the offer wall provider in order to prevent fraud and properly credit your account.]

[Social Media Contacts

If you connect to the Site [or our mobile application] through a social network, your contacts on the social network will see your name, profile photo, and descriptions of your activity.]

Other Third Parties

We may share your information with advertisers and investors for the purpose of conducting general business analysis. We may also share your information with such third parties for marketing purposes, as permitted by law.

Sale or Bankruptcy

If we reorganize or sell all or a portion of our assets, undergo a merger, or are acquired by another entity, we may transfer your information to the successor entity. If we go out of business or enter bankruptcy, your information would be an asset transferred or acquired by a third party. You acknowledge that such transfers may occur and that the transferee may decline honor commitments we made in this Privacy Policy.

We are not responsible for the actions of third parties with whom you share personal or sensitive data, and we have no authority to manage or control third-party solicitations. If you no longer wish to receive correspondence, emails or other communications from third parties, you are responsible for contacting the third party directly.

TRACKING TECHNOLOGIES

Cookies and Web Beacons

[We may use cookies, web beacons, tracking pixels, and other tracking technologies on the Site [and our mobile application] to help customize the Site [and our mobile application] and improve your experience. When you access the Site [or our mobile application], your personal information is not collected through the use of tracking technology. Most browsers are set to accept cookies by default. You can remove or reject cookies, but be aware that such action could affect the availability and functionality of the Site [or our mobile application]. You may not decline web beacons. However, they can be rendered ineffective by declining all cookies or by modifying your web browser’s settings to notify you each time a cookie is tendered, permitting you to accept or decline cookies on an individual basis.]

[We may use cookies, web beacons, tracking pixels, and other tracking technologies on the Site [and our mobile application] to help customize the Site [and our mobile application] and improve your experience. For more information on how we use cookies, please refer to our Cookie Policy posted on the Site, which is incorporated into this Privacy Policy. By using the Site, you agree to be bound by our Cookie Policy.]

Internet-Based Advertising

Additionally, we may use third-party software to serve ads on the Site [and our mobile application], implement email marketing campaigns, and manage other interactive marketing initiatives. This third-party software may use cookies or similar tracking technology to help manage and optimize your online experience with us. For more information about opting-out of interest-based ads, visit the Network Advertising Initiative Opt-Out Tool or Digital Advertising Alliance Opt-Out Tool.

Website and Email Analytics

We may also partner with selected third-party vendors[, such as [Adobe Analytics,] [Clicktale,] [Clicky,] [Cloudflare,] [Crazy Egg,] [Flurry Analytics,] [Google Analytics,] [Heap Analytics,] [Inspectlet,] [Kissmetrics,] [Mixpanel,] [Matomo,] and others], to allow tracking technologies and remarketing services on the Site [and our mobile application] through the use of first party cookies and third-party cookies, to, among other things, analyze and track users’ use of the Site [and our mobile application] , determine the popularity of certain content and better understand online activity. By accessing the Site[,our mobile application,], you consent to the collection and use of your information by these third-party vendors. You are encouraged to review their privacy policy and contact them directly for responses to your questions. We do not transfer personal information to these third-party vendors. However, if you do not want any information to be collected and used by tracking technologies, you can visit the third-party vendor or the Network Advertising Initiative Opt-Out Tool or Digital Advertising Alliance Opt-Out Tool.

You should be aware that getting a new computer, installing a new browser, upgrading an existing browser, or erasing or otherwise altering your browser’s cookies files may also clear certain opt-out cookies, plug-ins, or settings.

THIRD-PARTY WEBSITES

The Site [and our mobile application] may contain links to third-party websites and applications of interest, including advertisements and external services, that are not affiliated with us. Once you have used these links to leave the Site [or our mobile application], any information you provide to these third parties is not covered by this Privacy Policy, and we cannot guarantee the safety and privacy of your information. Before visiting and providing any information to any third-party websites, you should inform yourself of the privacy policies and practices (if any) of the third party responsible for that website, and should take those steps necessary to, in your discretion, protect the privacy of your information. We are not responsible for the content or privacy and security practices and policies of any third parties, including other sites, services or applications that may be linked to or from the Site [or our mobile application].

SECURITY OF YOUR INFORMATION

We use administrative, technical, and physical security measures to help protect your personal information. While we have taken reasonable steps to secure the personal information you provide to us, please be aware that despite our efforts, no security measures are perfect or impenetrable, and no method of data transmission can be guaranteed against any interception or other type of misuse. Any information disclosed online is vulnerable to interception and misuse by unauthorized parties. Therefore, we cannot guarantee complete security if you provide personal information.

POLICY FOR CHILDREN

We do not knowingly solicit information from or market to children under the age of 13. If you become aware of any data we have collected from children under age 13, please contact us using the contact information provided below.

CONTROLS FOR DO-NOT-TRACK FEATURES

Most web browsers and some mobile operating systems [and our mobile applications] include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Policy./Most web browsers and some mobile operating systems [and our mobile applications] include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. If you set the DNT signal on your browser, we will respond to such DNT browser signals.

OPTIONS REGARDING YOUR INFORMATION

[Account Information]

You may at any time review or change the information in your account or terminate your account by:

Logging into your account settings and updating your account
Contacting us using the contact information provided below
[Other]

Upon your request to terminate your account, we will deactivate or delete your account and information from our active databases. However, some information may be retained in our files to prevent fraud, troubleshoot problems, assist with any investigations, enforce our Terms of Use and/or comply with legal requirements.]

Emails and Communications

If you no longer wish to receive correspondence, emails, or other communications from us, you may opt-out by:

Noting your preferences at the time you register your account with the Site [or our mobile application]
Logging into your account settings and updating your preferences.
Contacting us using the contact information provided below

If you no longer wish to receive correspondence, emails, or other communications from third parties, you are responsible for contacting the third party directly.

CALIFORNIA PRIVACY RIGHTS

California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.

If you are under 18 years of age, reside in California, and have a registered account with the Site [or our mobile application], you have the right to request removal of unwanted data that you publicly post on the Site [or our mobile application]. To request removal of such data, please contact us using the contact information provided below, and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Site [or our mobile application], but please be aware that the data may not be completely or comprehensively removed from our systems.

CONTACT US

If you have questions or comments about this Privacy Policy, please contact us at:

[Company Name]

[Street Address]

[City, State Zip]

[Phone Number]

[Fax Number]

[Email]

2. Why You Need a Clause for Emails in Your Privacy Policy

Numerous laws worldwide govern what businesses can do with the personal data of their users, and email addresses are considered personal data.

Running afoul of these laws can result in large fines, such as the $56 million Google GDPR fine for the inappropriate processing of users’ personal data.

At the heart of most data processing laws is consent — your users need to consent to receive marketing emails and newsletters. You’re also required to provide users with the option of opting out of (i.e., unsubscribing from) promotional emails at any time.

When obtaining consent for email marketing, you must be upfront about the purpose of email address collection. You cannot assume that consent obtained for a specific purpose (e.g., “sign me up for your monthly newsletter”) extends to other activities (e.g., daily or weekly promotional emails).

Create an Email Marketing Privacy Policy Using Termly

Here’s how you can use Termly’s generator to create a comprehensive and compliant privacy policy for your email marketing.

Step 1: Go to Termly’s privacy policy generator.

Step 2: Answer a few simple prompts and questions, and go through all of the steps until you reach “Final Details.”

Step 3: Once you’ve filled in everything and you are satisfied with the preview, click “Publish.” You will then be prompted to create an account on Termly so you can save and edit your privacy policy further.

3. Laws that Require Email Clauses in Privacy Policies & Govern Email Marketing

The internet opens up your business to customers worldwide, but it also increases legal compliance challenges, as your users can be located anywhere around the world.

Some laws, such as the General Data Protection Regulation (GDPR) and the California Online Privacy Protection Act (CalOPPA), have extraterritorial scope. This means that your company, no matter its location, is subject to those laws if your users are residents of the EU or California, respectively.

For this reason, make sure your marketing efforts satisfy the requirements of the strictest laws worldwide (or at least the strictest laws in the territories you intentionally target users) to minimize noncompliance risks.

Below are summaries of the strictest and most prominent laws that directly affect your email marketing newsletters and campaigns.

The General Data Protection Regulation & ePrivacy Directive

Under the GDPR, personal data is defined as any data that can be used to identify an individual, such as first and last names and email addresses.

As touched upon earlier, the GDPR has extraterritorial scope, meaning that if you target users in the EEA, your company needs to comply with this law no matter where it’s located.

The ePrivacy Directive is another EU law that regulates (among many other things) email communications, particularly unsolicited business communications (aka spam). This directive makes it illegal to send promotional emails to users in the EU without their consent.

The GDPR primarily governs how you obtain consent and how you process personal data, whereas the ePrivacy Directive complements the GDPR by establishing rules for direct marketing.

To ensure that your email marketing efforts are not in conflict with the GDPR or the ePrivacy Directive, you need to:

Obtain free and informed consent for email marketing

Consent is especially important for individuals who are not yet your customers. Some legal analysts hold that emailing existing customers does not require user consent, as the company can cite the legal basis of GDPR legitimate interest. Nevertheless, as long as the ePrivacy Directive is in effect, you need to obtain consent prior to sending any form of email marketing to individuals in the EEA.

Provide an opt-out method

Under the GDPR, users have the right to object to the processing of their personal data. One way to enable your users to exercise this right is by including an unsubscribe link in all of your marketing emails (and then, of course, by honoring the unsubscribe request).

Identify yourself

To satisfy ePrivacy Directive rules, the sender (your company) should identify itself clearly. Within the email, you should also include a valid contact address (postal or email) where users can direct any requests or complaints.

Keep in mind that the implementation of these rules may differ from country to country. According to EU law, unlike regulations (e.g., the GDPR), directives state only objectives (e.g., to prevent spam).

The methods used to achieve objectives are left to the discretion of the individual EU members. For example, the UK implements the ePrivacy Directive through the Privacy and Electronic Communications Regulations (PECR) Act.

Act on data subject access requests (DSARs)

The GDPR affords EEA residents the right to review their personal data held by companies. Users also have the right to request that companies delete this data. You should have a mechanism in place to handle such requests, as email marketing — by definition — involves the processing of personal data.

Include a privacy policy link in your emails

The privacy policy URL can lead to either a general privacy policy for your website (with specific clauses on email marketing) or a designated privacy policy for your email marketing campaigns. In either case, the privacy policy should specify the following:

How you process user’s personal data (including email addresses)
Whether that data may be shared with any third parties
How the user can opt out of further marketing communications
Other details necessary for a GDPR privacy policy

Although the law only requires your website to carry the policy, it’s good practice to include it in your emails and in your email sign-up page/module.

Click the image to go on a journey around the world… in privacy laws!

The California Online Privacy Protection Act

The California Online Privacy Protection Act (CalOPPA), one of the earliest personal data protection regulations in the US, states that websites which process the personally identifiable information (PII) of any California resident need to have a privacy policy.

Similar to a GDPR-friendly privacy policy, this policy needs to state:

What PII is collected
How PII is processed
Whether PII is shared with third parties
How users can request to have their PII deleted

Because email addresses are considered PII, your privacy policy should include clauses about your email address collection and email marketing activities.

The Controlling the Assault of Non-Solicited Pornography and Marketing Act

The Controlling the Assault of Non-Solicited Pornography and Marketing Act (CAN SPAM Act) regulates commercial emailing at the federal level within the United States. Its key rules are as follows:

Adopt honest practices: Use non-deceptive subject lines and “from” addresses
Label ads: Promotional emails need to be labeled as such, clearly and conspicuously
Warn of explicit content: If your email contains any explicit content, the subject line needs to start with the phrase “SEXUALLY EXPLICIT”
Assume responsibility: Even if you’ve outsourced your marketing or promotional activities to a third party, your business is still primarily responsible for complying with the law

In addition, similar to the rules under the GDPR/ePrivacy directive, you need to:

Identify yourself
Provide an opt-out method

Canada’s Anti-Spam Legislation

Similar to the CAN-SPAM act, Canada’s Anti-Spam Legislation (CASL) regulates digital marketing activities in Canada.

As with the other laws mentioned above, CASL requires the following:

Obtain informed user consent before sending promotional emails
Provide an opt-out mechanism within marketing emails
Include a postal address — as well as an email, phone number, or website address — within marketing emails

A unique feature of CASL is that consent obtained is valid only for 2 years, following which it must be renewed, and any opt-out (unsubscribe) requests must be fulfilled within 10 business days.

4. Creating an Email Privacy Policy

If your business targets users worldwide, your marketing practices must be compliant with both:

the laws where your business is registered, and
the laws of your target territories

To help you with this rather large compliance challenge, we’ve put together a checklist that summarizes the privacy policy requirements of the aforementioned laws — namely, the GDPR, ePrivacy Directive, CalOPPA, CAN-SPAM, and CASL.

Your email privacy policy should state:

What personal data you collect (e.g., email addresses, first names, last names)
How this personal data might be used (e.g., to send promotional emails)
Whether this personal data might be shared with any third parties (e.g., MailChimp, Google Analytics)
How a user can opt out of promotional emails (e.g., clicking the unsubscribe link in the email or by writing to a specified email or postal address)
How a user can contact the sender of the promotional emails (e.g., a postal address or a valid email address)
Whether email analytics are tracked (and if yes, which)

Our free email privacy policy template above meets all of these criteria. Download it now, or generate one using our privacy policy generator.

5. Considerations for Email Newsletters

When running an email newsletter campaign, follow these best practices to ensure that you’re on the right side of the law, and that you’re giving the necessary information and control to your users:

Obtain lawful, free, and informed opt-in consent: Your email newsletter sign-up should not contain any pre-checked consent boxes which does not count as GDPR consent. Ideally, place your privacy policy link beneath the sign-up module.

Example of a good newsletter sign-up (NYT Parenting newsletter). Note the privacy policy link beneath the sign-up button and the “Emails may include promotional content…” statement.

Include a privacy policy link: Ensure that your promotional emails carry a privacy policy link. The link should lead to your email or website privacy policy, detailing all the elements we’ve discussed in the previous section.
Make your business identity clear: Identify your business by using an appropriate sender name and by including a valid postal address.
Provide an unsubscribe link or button: Include in your email an easy way for users to opt out of future promotional emails.

Most of these elements are typically found in the footers of emails, as can be seen in the examples below.

Some laws, like CalOPPA, have specific rules against deceptive practices, such as making it difficult to view or click the unsubscribe link. We strongly recommend you don’t adopt such practices. Apart from being potentially illegal, such acts will damage your brand, as you’ll lose the trust and goodwill of your users.

6. Examples of Email Privacy Policies & Compliant Marketing Emails

The two examples that follow illustrate the legal requirements and best practices for email privacy policies and email newsletters.

The New York Times

Here’s the footer area of a New York Times (NYT) email newsletter:

Footer of an NYT newsletter containing an unsubscribe link, a privacy policy link, and its business identity and postal address.

Here’s what the NYT privacy policy contains:

List of sections in the NYT’s privacy policy.

Let’s compare this against Termly’s checklist from the previous section:

A compliant privacy policy should describe:

What personal data you collect [Sec. 1] ✔
What personal data you collect [Sec. 2] ✔
Whether this personal data would be shared with any third parties [Sec. 3] ✔
How the user can opt out of promotional emails (e.g., clicking the unsubscribe link in the email or by writing to a specified email or postal address) [Sec. 6] ✔
How the user can contact the sender of the promotional emails (e.g., a postal address or a valid email address) [on the page; not shown in image] ✔
Whether and which email analytics are tracked [Sec. 4] ✔

MailChimp Email Marketing

With nearly 69% of the market share, MailChimp is the current leader in email marketing technologies.

MailChimp would be a third party in the relationship between you and your users. Therefore, if you use MailChimp, you should declare it in your privacy policy.

A privacy policy listing all the third-party services the associated website uses, which includes MailChimp.

When using third-party services like MailChimp, you and MailChimp share the responsibility of complying with data protection and related laws.

For example, under the GDPR, you would be the data controller, and MailChimp would be the data processor, two entities with different legal obligations.

For this reason, MailChimp imposes rules on its users to help it comply with relevant laws. Therefore, in addition to the aforementioned rules and regulations, you should follow MailChimp’s anti-spam rules and its terms of use to ensure full compliance.

Other third-party newsletter and related service providers

MailChimp’s guidelines for email marketing also apply to any third-party service provider that you may use for that purpose. Examples of third-party service providers relevant to email newsletters include:

ActiveCampaign
Amazon Simple Email Service
AWeber
CampaignMonitor
ConstantContact
ConvertKit
Emma
GetResponse
Mandrill
Mailgun
SendGrid
SendinBlue

In brief, ensure that your privacy policy addresses your relationship with all third-parties that process your users’ personal data.

8. Conclusion

Despite the emergence and onslaught of social media and influencer marketing, email marketing remains an essential component of almost every company’s marketing arsenal. This isn’t surprising, given that:

99% of consumers check their email every day
85% of US retailers deem email marketing the most effective for customer acquisition
68% of millennials prefer business communications through email

Considering these eye-popping stats, if you aren’t already into email marketing, you should be, and if you are, you definitely need a privacy policy for email marketing. Download our template, or head on over to our privacy policy generator to create one in a matter of minutes.

1. Email Marketing Privacy Policy Template [Full Text and Download]

2. Why You Need a Clause for Emails in Your Privacy Policy

Create an Email Marketing Privacy Policy Using Termly

3. Laws that Require Email Clauses in Privacy Policies & Govern Email Marketing