Tag: gdpr

Are Cart Abandonment Emails GDPR Compliant?

Shopping cart abandonment makes reference to the action of initiating a checkout process on an online store by adding a product to a virtual shopping cart and leaving the site without completing the purchase.

There are many reasons why customers abandon their shopping carts. Maybe they were just looking around, perhaps they weren’t ready to buy, they just wanted to see the final cost of the transaction before making a decision or didn’t have enough time. Unexpected shipping costs, complicated site navigation or confusing checkouts can also be the cause. 

However, all of these reasons don’t mean they aren’t willing to complete the purchase and this is where cart abandonment strategies come into play. Cart abandonment emails have been the number one strategy for e-commerce sites to bring customers back to finish a transaction they left halfway.

But, what happened with cart abandonment emails when GDPR came into the picture? 

GDPR makes reference to the General Data Protection Regulation. Is the legislation enforced in May 2018 that aims to protect users’ data privacy. It applies to any business that provides services to EU residents, even if it’s located anywhere else in the world. 

This legislation states that no business can disclose users’ personal information or send any type of communication to users without their previous consent. It’s pretty clear that this raised many eyebrows of concern for marketers wondering what would happen with their customer’s email database.

Cart abandonment email retargeting is the main practice marketers rely on to tackle the issue of only 2% of users converting. If the appearance of GDPR meant they would lose the user’s database they have built with so much effort and time and wouldn’t be able to retarget customers that initiated a transaction on their site, it would be a disaster. 

So, are cart abandonment emails GDPR compliant?

In order to answer this question as accurately as possible, it’s important to clarify that there are three different types of emails. Each one of them fulfills a purpose and depending on its objective.

1. Marketing Emails

Marketing emails are the ones that contain a commercial message and it’s sent to groups of customers or to prospects. The objective of marketing emails is to push leads down the marketing funnel.

Are Cart Abandonment Emails GDPR Compliant

These types of emails are not sent programmatically, they are timed and sent strategically like newsletters, announcements or welcome emails. 

2. Promotional Emails

A promotional email is an email sent to inform email subscribers about offers and time limited sales, like Black Friday or Mother’s Day. They have a specific time frame and could be recurring given the nature of the offer.

Are Cart Abandonment Emails GDPR Compliant

Its objective is to get the word out about and inform email subscribers about something special. Promotional emails usually also include some sort of promotional code or coupon with the goal of encouraging customers to move down the funnel and complete a purchase. 

3. Transactional Emails

Transactional emails are direct one-to-one emails with personalised information regarding a transaction a customer did or started on a site. They are not sent to a large group of subscribers or to the entire list because transactional emails are triggered by an action a user took when browsing the site.

They include:

    • Order confirmations
    • Delivery updates
    • After purchase receipts
    • Post-purchase review requests
    • Cart abandonment reminders

Cart abandonment emails are considered transactional emails because a user that added a product to the shopping cart showed an intention to buy, thus initiating a transaction. 

Unlike marketing and promotional emails, transactional emails are programmed to be triggered by specific user behaviour on site. With platforms like Frizbit, you can set up an event that sends an automated email to users that add a product to their carts but leave without finishing a purchase.

Are Cart Abandonment Emails GDPR Compliant

One of the main attractions of transactional cart abandonment emails is that they only need to be configured one first time. Since they’re automated and triggered by the scenario you define, you just have to take time to create templates and content once to set up the campaigns and then everything runs smoothly by itself. 

You can schedule a sequence of emails to be sent:

  • 1 hour after adding a product to the cart and leaving the site without completing a purchase
  • 1 day later
  • 3 days later

These automated cart abandonment recovery emails, include hyper-personalised information such as user name, product name, price and image. These features increase the value of the communication between sender and recipient by making the information much more relevant. 

Is sending cart abandonment emails still allowed under GDPR? 

Now that you know what types of email exist and what their objectives are, you’ll understand the answer is yes. According to the European Commission’s definition of legal grounds for processing data, cart abandonment emails are compliant as long as you have explicit consent from users to receive those emails. (Source Nosto.com)

Abandoned cart emails are categorized as direct marketing and can work under the legal grounds of legitimate interest which basically states that if the recipient is really going to be interested in what you have to say and find value from it, it’s ok to send it:

“Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party except where such interests are overridden by the interests…” icoo.org.uk

Processing personal data for direct marketing purposes may be considered done for legitimate interest. (BOE.es)

This means that you might not need specific consent from users to send this type of communication because when customers share their email addresses with you in the intent of making a purchase and don’t complete it, both parties have legitimate interest on the transaction being finished.

That being said, we strongly recommend you to not take any chances on this and be very explicit and straightforward in order to receive consent from users before sending any type of automated cart abandonment campaign. 

You can make sure your emails are compliant by checking the following:

  • Users need to actively opt-in or subscribe. Unchecking a box is not enough, this has to be a voluntary decision. 
  • Include a registered address.
  • Make sure your website’s privacy policy clearly states the type of information being collected. Specify you’re going to send transactional cart abandonment messages. Here are a couple of examples:
    • We will use your data to suggest products or offers based on the profile you create based on your purchase history, the products you view when you browse our platforms, or the products you leave in your cart when you do not finish the purchase process.
    • Your data may also be used for other marketing and advertising purposes. These suggestions can come to you through push notifications, banners, or even to your email using the abandoned cart feature.
  • If you’re going to rely on legitimate interest, your privacy policy should say something like this:
    • Why do we process your personal data? Guarantee the correct processing of your order, in the event that you purchase any of our products.
    • The Responsible Party treats user data for the following purposes: other commercial communications by email about the Responsible and the provision of services
  • Check the source of the email list you have before automating an abandoned cart recovery campaign. GDPR also affects data collected before its implementation, so it’s very important for you to verify what type of consent previous subscribers agreed to. 
  • Include an easy way for users to unsubscribe from your list.

Should you be using Cart Abandonment Emails?

Cart abandonment recovery emails by Frizbit have reported a CTR of 17,1%  and conversion rates of 4,1%, making them the highest performing channel in automated cart recovery campaigns. 

When it comes to GDPR and cart abandonment emails, consensus says that there’s no problem with sending these types of emails to users that voluntarily subscribe to your mailing list thanks to the base of legitimate interest. 

If you haven’t implemented a strategy for cart abandonment recovery, getting started with automated and hyper-personalised emails is a great way to go. If you’d like to know more about how to do so, get in touch with us and we will be happy to guide you. 

This information might also interest you:

Are Web Push Notifications GDPR Compliant?

GDPR (General Data Protection Regulation) is the legislation that oversees all practices related to the processing of user data. This  applies to any business and organization that provides services to EU residents. The GDPR basically states that no business can disclose users’ personal information or send any type of communication to them without their consent. 

A lot has been and it’s still being discussed regarding the GDPR. It was enforced in May 2018 but it still raises many questions and doubts regarding its effects on digital marketing and CRM strategies and tools, such as cookies, retargeting, ads and emails. 

These changes in legislation regarding users’ privacy, is forcing digital marketers to step out of the common place and invest in new, more creative channels to get across and engage customers. One of these platforms are web push notifications that every day are becoming an essential part of any digital marketing strategy. 

However, web push notifications is still a pretty new method. A lot of e-commerce businesses and brands aren’t yet familiar with their use and different applications. The advantages they present for digital marketers are vast, and one of the most important one is how web push notifications are GDPR compliant.  

How do web push notifications comply with GDPR?

Web push notifications offer a direct communication channel with users. Their immediacy, personalization features and simplicity make them a must in the digital marketing mix. And one of the great things about web push notifications is how they are GDPR compliant by nature. 

Web Push Notifications don’t require any personal data!

More traditional digital marketing channels such as email and SMS require collection of users’ personal information to function. However, in order to be GDPR compliant for EU residents this is not enough. Visitors must complete an additional action, ticking a box under the form to consent to receive communication from that brand and entrust their data. Only then they are eligible to receive communications from brands. As you can imagine this requirement decreased the opt-in rate for email marketing.

Web push notifications open new opportunities. With just one click users that visit your site can opt-in to subscribe and be recipients of information. There’s no need to fill any form, share their email, phone number or any other kind of personal data. 

The first time users visit a site that uses web push notifications, they get a message asking them if they wish to receive said notifications. All they have to do is give their consent to the notifications service to become a subscriber to the notifications from your website.

gdpr and web push notifications

By clicking “allow” on the opt-in message, users provide their permission, making the platform completely GDPR compliant. They will not receive any type of notification if they choose to click “block”. 

Optionally, you can also show a pre-opt-in pop-up to explain to your users why they should opt-in to the web push notifications from your website. You can let users know exactly what type of notifications you are going to send them with the opt-in text you design. This way, users are completely informed and clear about the type of messages they’ll be receiving if they decided to subscribe. 

Subscription information is stored in servers of browsers

Once users opt-in and consent subscribing to web push notifications from a site, they have complete control over them. All the subscription information is stored in the push notification server of each browser and no one other than the user can manipulate it. It is technically impossible to share the consent of the user to any 3rd party, copy or export in any case. That is simply the technical proof that nobody is capable of sending the users a message without their consent.

The users have complete control in Real-Time

gdpr and web push notifications

By accessing their browser’s notification configuration, users can easily unsubscribe from the service. With just one click, just like they opted in, they can opt-out. Even if the brand tries to send them, it’s technically impossible for them to receive push notifications. Web push notifications offer a very easy and immediate unsubscribe option for users which makes them even more friendly.

Frizbit and GDPR

What you need to keep in mind when designing your web push notifications strategy is to make sure you offer users the best experience they can have. Legislations like GDPR have been created with this sole purpose. 

Users want to feel comfortable, and the sense of security is key to that. When deciding to implement web push notifications to your digital marketing strategy, make sure you choose the right platform. 

Frizbit puts security integrity and user privacy as a priority. We are fully complying to GDPR (General Data Protection Regulation) of the EU (European Union). All the subscriber data is completely owned by our clients and it’s never shared or sold. Our platform is stored in the cloud servers of AWS and Microsoft Azure within European Union with high security measures. 

Since you’re here, make sure you check out: