CSA guidelines

Optimizely is a partner of the Certified Senders Alliance (CSA) and takes part in their allowlisting The reverse of blocklisting. The practice to list trustworthy sender IP addresses to protect them from being rejected or sent to the junk mail folder. program, which complies with GDPR Stands for "General Data Protection Regulation" and ensures legal conformity of the sender's email marketing processes. CSA allowlisting offers preferred delivery and better inbox placement at participating Internet Service Providers. Participation in the program involves technical and legal standards that are decisive pillars of the program, which must be fulfilled by each sender. The following sections provide an overview of the CSA’s legal standards and how to implement them.

Opt-in requirements

Newsletters based on GDPR article 6

Generally, marketing emails that contain any type of advertising and aim at a sale need the recipient's consent. Double opt-in A practice in which a recipient consents to receiving email from the sender before any promotional email is sent. Recipients receive an email with a double opt-in link, which they must click to confirm their interest. (DOI) is a requirement for Optimizely Campaign to comply with GDPR and CSA documentation requirements because it is the only procedure that grants traceability to ensure that only authorized user can subscribe.

Product recommendations based on EU directive 2002/58/EC (41)

Alternatively, recommendations about similar products and services may be sent to customers who made a purchase without their explicit consent. However, because this type of email is usually a source of spam complaints, stricter formal requirements apply.

Newsletter registration form requisites

Must haves

  • Consent must be given actively; pre-checked check boxes are not allowed.
  • Consent must not be coupled with subscriptions to other services.
  • It must be clear from whom the subscriber is going to receive what content.
  • A remark indicating that unsubscription is possible at any time and by which methods, at least an Unsubscribe link and email address, must be clearly visible when the email address is collected.
  • A maximum of 10 third parties, including sponsors, must be explicitly named.
  • The email address is the only mandatory field; all other fields must be optional. (This refers to pure newsletter registration forms only; account registration or checkout forms may have more mandatory fields.)

Nice to haves

  • A link to the privacy policy in every contact acquisition form.
  • The recipient should be informed about the newsletter frequency.

Image: Example newsletter registration form

Newsletter content

  • A full legal imprint needs to be in the email footer including: physical address, email address, phone number, authorized representative and business registration number.
  • Unsubscribe and privacy policy links need to be in the email footer.

Image: Example newsletter footer

Customer relationship requisites for checkout acquisition forms

Must haves

  • The address was acquired through a purchase; a transaction was made, and the product was not returned.
  • The address is used for direct advertising of own similar goods or services.
  • The customer has not objected to this use, meaning there was no previous unsubscribe from commercial emails.
  • A remark stating that emails about similar products or services will be sent must be clearly visible when the email address is collected.
  • The form must contain information that one can unsubscribe at any time “without costs other than the transmission costs pursuant to the basic rates being incurred in this regard” or similar and by which methods, at least unsubscribe link and email address.

Nice to haves

  • Include a link to the privacy policy every contact acquisition form.
  • Inform the recipient about the newsletter frequency.

Image: Example checkout remark for product recommendations

Product recommendation content

  • The products advertised need to be similar to the product purchased. “Similar” means they have the same sense and can be used in the same way. No other advertising must be included.
  • A full legal imprint is in the email footer: physical address, email address, phone number, authorized representative and business registration number.
  • Unsubscribe and privacy policy links are in the email footer.
  • The email also contains information that one can unsubscribe from it "without costs other than the transmission costs pursuant to the basic rates being incurred in this regard".

Image: Example email footer

Imprint requisites

  • An imprint page must be present on the website and accessible.
  • The imprint page must contain: physical address, email address, phone number, VAT identification number, and authorized representative.

Privacy policy requisites

Must haves

  • A privacy policy page must be present on the website and accessible.
  • The recipient must be informed from which sender he or she is going to receive which type of emails.

Newsletter

  • A remark must be present that indicates that unsubscription is possible at any time and by which methods (at least unsubscribe link and email).
  • A maximum of 10 third parties, including sponsors, must be explicitly named.

Customer relationship

  • A remark stating that emails about similar products or services will be sent must be clearly visible.
  • The privacy policy must contain the information that one can unsubscribe at any time “without costs other than the transmission costs pursuant to the basic rates being incurred in this regard” or similar and by which method, at least unsubscribe link and email address.

Nice To haves

  • The recipient should be informed about the frequency of the newsletters or product recommendations.

Image: Example privacy policy note - newsletter

Image: Example privacy policy note – customer relationship

Unsubscribe requisites

  • Unsubscription must be easy and requires no more than two clicks.
  • Unsubscription must be free.
  • No further login must be required.
  • No persuasive language must be used.

Registration data requisites

Must haves

  • Context of contact acquisition (newsletter, customer relationship and so on).
  • URL / screenshot of online registration form or scan of offline registration form / contract.
  • Type of opt-in given, if applicable (double opt-in, single opt-in and so on).
  • Date and time of registration, and DOI confirmation.

Newsletter

  • Declaration of consent as presented when email address is collected.

Customer relationship

  • Remark informing recipient that contradiction to this type of advertising is possible at any time as presented .
  • Purchase data.

Nice to haves

  • IP address of registration and of DOI confirmation