Getmeetingbooked CAN-SPAM and CCPA compliance statement
This statement sets out the operating procedures Getmeetingbooked undertakes to ensure CAN-SPAM and CCPA best practice is observed to the greatest extent possible, at all times.
- What is CAN-SPAM?In place since 2003, the primary regulation governing B2B sales in the US is the Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003 (CAN-SPAM). As email marketing started to gain momentum in the early noughties, this act was introduced to keep things in check. Read the rules of CAN-SPAM.
- What is CCPA?The California Consumer Privacy Act (CCPA) was introduced in 2020, and only applies if you’re sending sales emails to contacts within California. It gives Californians the right to know exactly what personal data companies are collecting about them.Under the CCPA, Californians are able to access – and request the deletion of – any personal data that companies have collected on them.The CCPA applies if you meet the following requirements:
- Your company has a gross annual revenue of more than $25 million
- Your company gets more than 50% of its annual revenue from California residents
- Your company buys, sells, or receives personal information of more than 50,000 California residents
- What kinds of personal data your company has collected on them
- If their personal information has been sold or shared – and who has it (this also means informing people of if you’ve had a breach involving their data)
- That their personal information is not sold
- The deletion of the personal information (AKA the right to be forgotten)
- Not be discriminated against for exercising their rights under CCPA
- Getmeetingbooked and CAN-SPAM/CCPA complianceIn addition to appointing a compliance officer to oversee our adherence to the rules, Getmeetingbooked has engaged 3rd party compliance expertise to audit and advise on best practice. This investment enables us to assure clients that CAN-SPAM and CCPA best practices are strictly observed wherever possible, at all times.
- Getmeetingbooked’s relationship with youWhen it comes to CAN-SPAM and the CCPA, we’re joint controllers. Even though we’re working for you as a service provider, it’s important to recognise that we’re both responsible for: deciding who to target, what data to collect, and how that data is collected, processed, and stored.We’ve also incorporated a comprehensive Data Sharing Agreement within Getmeetingbooked’s standard Terms of Service – just to make everything easier. This agreement sets out how we work together as Joint Controllers and how we support each other if we ever receive a data request.This decision is fundamental to how we operate, so please ask if you have any questions!
- IsGetmeetingbooked’s marketing activity compliant?Of course! Compliance is built into everything we do at Getmeetingbooked – our business wouldn’t be able to operate without it. Getmeetingbooked’s services are designed and offered solely to help businesses promote to other businesses (i.e. B2B marketing only). We ensure that the email marketing provided material is relevant and allow the recipient to opt out of future emails. Getmeetingbooked has also established technical and operational systems to ensure all aspects of data collection, storage, and processing are compliant.Before launching new client activity, we conduct an in-depth assessment to establish if the product or service, combined with the proposed targeting, meets the criteria for compliant business to business (B2B) marketing. A key part of this assessment is called the Legitimate Interest Assessment (LIA). We also have a standard privacy policy update for clients to use as needed, which includes all the relevant clauses plus references to Getmeetingbooked to make everything clear to the data subject. Just let us know if you need a copy of any of these.
- Rights of individualsPrivacy Policy – All messages sent will contain a link to a privacy policy that explains to the user exactly what their rights are as well as the type of data that is held about them and by who. Getmeetingbooked will provide a template privacy policy or review your existing one to ensure it meets the required standard. Here’s a link to our privacy policy: https://Getmeetingbooked.com/privacy-policy/. This standard privacy link would typically be contained in the email signature of any outbound messaging, in the case of messaging as part of client campaign activity, the privacy link will be that of our client’s own privacy policy.Opting out and exclusion lists – All recipients are able to opt out easily to prevent further email communication being received. All replies to prospecting emails are logged and those prospects are added to your campaign exclusion list within 24 hours. Getmeetingbooked allows import of existing exclusion lists in advance of campaign activity. Exclusions can be submitted in the form of individual email addresses or full domains and will prevent communications being issued to those email addresses or domains listed.Subject access requests (SAR) – All individuals have the right to request a copy of all data you hold on them. To support this data subjects can email any SAR requests to dpo@Getmeetingbooked.com and we will return this data within 72 hours.Right to be forgotten – All individuals have the right to have some or all of their data removed (to be ‘forgotten’) at any time. A conflict does arise in removing or forgetting an email address whilst at the same time keeping this address on an exclusion list to prevent future mailings. Where we have removed data, we will move the email address to a separate exclusion list, encrypted using a one-way hashing algorithm (SHA1), ensuring we are able to prevent any future messages being sent to the customer whilst continuing to honour their right to be forgotten.
- Getmeetingbooked employees All Getmeetingbooked employees undergo both general and region-specific compliance training, this covers the CAN-SPAM and CCPA rule set in detail, the relevance and impact of those rules on Getmeetingbooked and our clients, and the steps we take to ensure best practice is observed at all times. We also make clear the consequences (i.e. penalties) associated with failure to meet the strict standards.
- Your responsibilityWhilst Getmeetingbooked continues to take extensive measures to ensure best practice with respect to CAN-SPAM and CCPA across all client activity, clients should take note that responsibility for compliance rests (in different forms) with each party. Getmeetingbooked cannot be abreast of the constantly evolving regulatory frameworks in all countries at all times, as such it is important that you, as the client, have knowledge of your local regulatory climate and ensure your business operates within the relevant regulatory frameworks.
- In summary Getmeetingbooked has worked hard to develop a compliant platform providing innovative marketing services and technology for our clients and at all times respecting the rights of the data subjects whose information we collect. Compliance is part of what we do and ongoing due diligence is core to how we operate.