The text in this article may include ControlShift's interpretation of the GDPR and/or interpretations we've heard from other organizations. This article should not be considered legal advice. Please seek independent legal counsel to ensure your compliance with the new regulations.
Background
In approaching GDPR compliance, ControlShift has separated consent to data processing from consent to email communications.* For our tools, this means that while consenting to data processing is required to take action on the platform (whether implicitly or explicitly), consenting to email communications may be optional.
Please note that depending on your location, communications to members may be governed by an array of national and/or international laws. Therefore, the options presented in this help document are not specific to GDPR.
Guide: |
|
Definitions
Before going into the technical details, it may be useful to understand the ways in which ControlShift has modeled email communications opt-ins.
Any time a user signs a petition, RSVPs to an event, or takes any other action that includes an email communication component, the platform will record their email communications opt-in type. Tracking this information for each action allows organizations to know, at a granular level, exactly what type of communications a user agreed to receive. This information can be used to ensure that your organization is only sending notifications to the appropriately opted-in users.
Within ControlShift each email communications opt-in is made up of two parts: the opt-in's Context and its Kind.
The opt-in's Context can be thought of as the opt-in's channel – where did this opt-in come from? Within ControlShift, there are four Context options: web form, email, offline, and external.
- Web Form opt-ins are used when supporters sign the petition on the web via the petition signature page or the embedded signature form.
- Offline opt-ins are used when signatures are collected via the petition creator's offline signature form and are then entered via the petition creator's bulk entry tool.
- Email opt-ins are used when the organization has email confirmation (previously known as Double Opt In) enabled.
- External opt-ins refer to any opt-ins that are collected outside of the ControlShift toolset. This might include things like: opt-ins collected via your organization's CRM, signatures collected offline and bulk uploaded, etc.
Each Context also has what we're calling Kind options, which are the kind of opt-in that was given.
For Web Form opt-ins, there are five Kinds: (1) implicit, meaning that the user was automatically opted into email updates; (2) pre-checked checkbox, which could also be called an opt-out checkbox, meaning that the user had the option of not subscribing, but if they took no action then they'd be subscribed to email updates; (3) unchecked checkbox, meaning that the user had to manually check a box to receive email updates; (4) radio buttons, meaning that the user saw 'yes' and 'no' radio buttons and was asked to make a choice; and (5) radio buttons, with an "Are You Sure?" prompt, which means that if the user selects the 'no' radio button option, they'll be shown a customizable 'are you sure?' message re-prompting them to opt into email communications.
For Offline opt-ins, there are two Kinds: (1) implicit, meaning that the user was automatically opted into email updates; and (2) unchecked checkbox, meaning that the user had to manually check a box to receive email updates.
The Email opt-in only has one Kind: email confirmation. (This is the traditional Double Opt In behavior.) with email confirmation enabled, when a user signs a petition, they receive an email asking them to confirm their signature and they're presented with two options: confirm and subscribe to updates or just confirm.
External opt-ins have seven Kinds: (1) implicit, meaning that the user was automatically opted into email updates; (2) pre-checked checkbox, which could also be called an opt-out checkbox, meaning that the user had the option of not subscribing, but if they took no action then they'd be subscribed to email updates; (3) unchecked checkbox, meaning that the user had to manually check a box to receive email updates; (4) radio buttons, meaning that the user saw 'yes' and 'no' radio buttons and was asked to make a choice; (5) physical signature, meaning that the user had to sign their name on the offline signature form in order to be subscribed to updates; (6) email confirmation, meaning that they received a confirmation email and clicked a link in that email to subscribe to updates; and (7) unknown, meaning that admins do not know what type of email opt-in was given.
Setting Email Opt-in Types
Within ControlShift, org admins can set up different email opt-in types for their organization. To see your organization's current email opt-in types, go to the admin homepage > Settings > Email Opt-In Types tab.
From this page, click Update to view or change the opt-in type.
If you'd like to change the opt-in type's Kind, you can do so by choosing the appropriate radio button. If you'd like to change the text associated with the opt-in type, click the Edit button next to the text's row. When you've finished making updates to that piece of text, click Done. Changes to the opt-in type will *not* be saved until you click the Save button at the bottom of the page.
Please note: Any time any changes are made to the information on this page – whether to the opt-in's Kind or the text associated with the opt-in – a new email opt-in type will be created. This means that even if it's just a small spelling update or a new translation, a new opt-in type will be created. To keep your data as streamlined as possible, we'd recommend doing all translations at once and checking that spelling and grammar is correct before clicking to Save.
Once an admin saves a new opt-in type, that opt-in type will immediately begin being used for the associated context. This means that if an admin switches your organization's Web Form behavior from implicit to radio buttons, users will immediately begin seeing radio buttons on the signature form.
If you'd like to add a new External opt-in type, click the Manage Email Opt-In Types link in the Email Opt-In Types tab. From this page, click the Add External button.
From here, choose the Kind that most closely matches this new External email opt-in Context. Some examples: if your organization collected signatures on paper, and there was no box to opt in or out of the mailing list, then choose the Implicit Kind. If your organization collected opt-ins on your main site and the page had radio buttons, choose the Radio Buttons Kind.
On this page you can also mark whether this new opt-in type is Mailable or not. If the opt-in type is not mailable, then signatures that are assigned this opt-in type will not be sent updates from the ControlShift platform. Finally, you can also set an External ID for this email opt-in type. This will allow you to keep your email opt-in types consistent between systems. When you've finished entering information on this form, click to Save.
Editing Existing Email Opt-In Types
Once an email opt-in type is created, admins are able to edit some of its characteristics, like its External ID and Mailability.
Note: If you're trying to update the language associated with the opt-in type (or if you're trying to change a web form or offline opt-in type's Kind), you'll need to use the same process described under Setting Email Opt-In Types. These types of changes automatically create a new email opt-in type.
To edit an existing email opt-in type, go to the admin homepage > Settings > Email Opt-In Types tab > Manage Email Opt-In Types > Edit.
Including an Email Opt-In Ask in Signature Thank You Emails
After the initial signature is submitted, organizations can make a final email communications opt-in request in the thank you for signing email that is sent to all signers. Generally this opt-in will only be included when the email recipient did not consent to email communications during the signature process.
To add this final opt-in ask, go to the org admin homepage > Settings > Content > Email > Thank you email for new signers.
In the email, the subscription opt-in text should be wrapped with {% unless signature.has_joined_organisation? %}
and {% endunless %}
. These tags are used to determine whether the text they're wrapping should be included in the email, based on the email recipient's opt-in status. If the user opted in to email communications while signing, the text between these two tags will not be visible. If the recipient did not opt in, the text will be visible. The subscribe URL should be added to the email using the {% signature_subscribe_url %}
variable.
For the example shown above, this was the code that was used:
<p><b>{% unless signature.has_joined_organisation? %} Want to stay up to date on this campaign's progress? The easiest way to get campaign updates is to subscribe to emails from the campaign creator. (You can unsubscribe at any time.) <a href="{% signature_subscribe_url %}">You can subscribe here.</a>
{% endunless %}<b></p>
When users opt-in via the link in this email, their email opt-in type will be Email:Email Communication.
Viewing Email Opt-In Types
When a user takes action on the site, we keep a record of the email communications opt-in that they saw. There are a few ways to check that record:
- For petition signatures, go to the petition page > Admin > Signatures > find the appropriate signature > Details. On the Details page, we show you the various pieces of information that we have about the signature, including the signature's Email Opt-in Type.
If you click the Details link, you can see more information about that specific email opt-in type, including the text that was used. - For event RSVPs, go to the event page > Admin > Attendees > find the appropriate RSVP > Details. On the Details page you can see more information about the RSVP, including the Email Opt-In Type.
If you click the Details link, you can see more information about that specific email opt-in type, including the text that was used. - Email consent information is also included in the appropriate Webhook and API endpoints. For more information on these endpoints, please see: https://developers.controlshiftlabs.com.
Determining Mailability
Every email opt-in type is either mailable or not. If the email opt-in type is mailable, then users who have opted into that email opt-in type will be subscribed to emails from ControlShift. If an email opt-in type is not mailable, then those users will not receive updates from the platform. Within the platform, admins are able to change the mailability of opt-in types from admin homepage > Settings > Email Opt-In Types > Manage Email Opt-In Types. On this page you'll see a list of all the email opt-in types that have been configured on the platform and whether they're mailable or not. To change an opt-in type's mailability, click the Edit button next to the appropriate email opt-in type. Then, check or uncheck the mailable box.
One potential use case for this toggle: in the past, your organization implicitly opted users into updates. In advance of GDPR, your organization switched to an unchecked checkbox for email opt-ins. After 25 May, you decide that the implicit opt-in is no longer valid under GDPR and you cannot continue to send emails to those users. You can then set the implicit email opt-in type to not mailable while leaving the unchecked checkbox mailable. This will ensure that only the users who have properly opted into email updates receive them.
Updating A User's Email Opt-In Types
Org admins are able to bulk update users' email opt in types after they've taken action on the site. There are three methods to update the email opt-in types:
- Within the platform, admins can upload a list of users whose email opt-in types should be updated by going to admin homepage > Settings > Email Opt-In Types > Manage Email Opt-In Types > Bulk Update. Choose the appropriate CSV of email addresses, and then choose the new email opt-in type that these users should be associated with. (Note: to preserve data integrity, you may wish to create a new external opt in type for these users.) All records associated with these email accounts will then have their email opt-in type updated. This means that the opt-in types will be updated for all signatures, event RSVPs, etc. that the user has created.
- Admins (and petition creators) can send a special blast email that allows users to update their email opt-in type. This blast email template is not publicly visible, but is available if you add
/emails/new_from_template?email_template=email_template_re_opt_in
to the end of the petition's URL. For more information about this option, please see: https://controlshiftlabs.zendesk.com/hc/en-us/articles/360000175395#consent_email. - Depending on your organization's technical capacity, we also allow a user's email opt-in type to be updated via our Authenticated REST API. More information on that process is available in our developer docs: https://developers.controlshiftlabs.com/#members.
For more information about consent migrations, please see: https://controlshiftlabs.zendesk.com/hc/en-us/articles/360000175395.
* Because ControlShift's only method of communication is email, we're specifically focused on email communications. If your organization is communicating with members through other channels, then you may want to consider the legal implications of those methods of communication.
The GDPR has numerous requirements and hefty fines for non-compliance. The information included here is not legal advice, and we strongly recommend that all organizations using ControlShift seek legal counsel to ensure that they comply with the GDPR and all relevant laws.
Comments
0 comments
Please sign in to leave a comment.