Prospectiv CAN-SPAM and CCPA Compliance Statement

Last Updated: 21st October 2023 16:44 GMT

This statement sets out the operating procedures Prospectiv undertakes to ensure CAN-SPAM and CCPA best practice is observed to the greatest extent possible, at all times.

What is CAN-SPAM?

The Controlling the Assault of Non-Solicited Pornography And Marketing Act of 2003 (CAN-SPAM) is the primary regulation governing B2B sales in the United States. It was introduced in 2003 to regulate email marketing and prevent unsolicited and misleading commercial email communications. Read the rules of CAN-SPAM.

What is CCPA?

The California Consumer Privacy Act (CCPA) was introduced in 2020 and applies to sales emails sent to contacts within California. It grants Californians the right to know the personal data collected by companies and the ability to request the deletion of their personal information.

CCPA applies if your company meets the following requirements:

  • Your company has a gross annual revenue of more than $25 million.

  • Your company generates more than 50% of its annual revenue from California residents.

  • Your company buys, sells, or receives personal information from more than 50,000 California residents.

Under CCPA, Californian recipients have the right to request:

  • What kinds of personal data your company has collected on them.

  • If their personal information has been sold or shared, and who has it (this also means informing people if you’ve had a breach involving their data).

  • That their personal information is not sold.

  • The deletion of the personal information (AKA the right to be forgotten).

  • Not to be discriminated against for exercising their rights under CCPA.

Prospectiv and CAN-SPAM/CCPA Compliance

In addition to appointing a compliance officer to oversee our adherence to the rules, Prospectiv has engaged 3rd party compliance expertise to audit and advise on best practice. This investment enables us to assure clients that CAN-SPAM and CCPA best practices are strictly observed wherever possible, at all times.

Prospectiv’s Relationship with You

When it comes to CAN-SPAM and the CCPA, we’re Joint Controllers. Even though we’re working for you as a service provider, it’s important to recognize that we’re both responsible for: deciding who to target, what data to collect, and how that data is collected, processed, and stored.

We’ve also incorporated a comprehensive Data Sharing Agreement within Prospectiv’s standard Terms of Service - just to make everything easier. This agreement sets out how we work together as Joint Controllers and how we support each other if we ever receive a data request.

This decision is fundamental to how we operate, so please ask if you have any questions!

Is Prospectiv’s Marketing Activity Compliant?

Of course! Compliance is built into everything we do at Prospectiv - our business wouldn’t be able to operate without it.

Prospectiv’s services are designed and offered solely to help businesses promote to other businesses (i.e. B2B marketing only). We ensure that the email marketing provided material is relevant and allow the recipient to opt out of future emails. Prospectiv has also established technical and operational systems to ensure all aspects of data collection, storage, and processing are compliant.

Before launching new client activity, we conduct an in-depth assessment to establish if the product or service, combined with the proposed targeting, meets the criteria for compliant business to business (B2B) marketing. A key part of this assessment is called the Legitimate Interest Assessment (LIA). We also have a standard privacy policy update for clients to use as needed, which includes all the relevant clauses plus references to Prospectiv to make everything clear to the data subject. Just let us know if you need a copy of any of these.

Rights of Individuals

Privacy Policy – All messages sent will contain a link to a privacy policy that explains to the user exactly what their rights are as well as the type of data that is held about them and by who. Prospectiv will provide a template privacy policy or review your existing one to ensure it meets the required standard. Here’s a link to our Privacy Policy: [insert relevant link]. This standard privacy link would typically be contained in the email signature of any outbound messaging, in the case of messaging as part of client campaign activity, the privacy link will be that of our client’s own privacy policy.

Opting Out and Exclusion Lists – All recipients are able to opt out easily to prevent further email communication being received. All replies to prospecting emails are logged and those prospects are added to your campaign exclusion list within 24 hours. Prospectiv allows import of existing exclusion lists in advance of campaign activity. Exclusions can be submitted in the form of individual email addresses or full domains and will prevent communications being issued to those email addresses or domains listed.

Subject Access Requests (SAR) – All individuals have the right to request a copy of all data you hold on them. To support this, data subjects can email any SAR requests to [insert appropriate email address], and we will return this data within 72 hours.

Right to Be Forgotten – All individuals have the right to have some or all of their data removed (to be ‘forgotten’) at any time. A conflict does arise in removing or forgetting an email address whilst at the same time keeping this address on an exclusion list to prevent future mailings. Where we have removed data, we will move the email address to a separate exclusion list, encrypted using a one-way hashing algorithm (SHA1), ensuring we are able to prevent any future messages being sent to the customer whilst continuing to honour their right to be forgotten.

Prospectiv Employees

All Prospectiv employees undergo both general and region-specific compliance training. This covers the CAN-SPAM and CCPA rule set in detail, the relevance and impact of those rules on Prospectiv and our clients, and the steps we take to ensure best practice is observed at all times. We also make clear the consequences (i.e. penalties) associated with failure to meet the strict standards.

Your Responsibility

Whilst Prospectiv continues to take extensive measures to ensure best practice with respect to CAN-SPAM and CCPA across all client activity, clients should take note that responsibility for compliance rests (in different forms) with each party. Prospectiv cannot be abreast of the constantly evolving regulatory frameworks in all countries at all times, as such it is important that you, as the client, have knowledge of your local regulatory climate and ensure your business operates within the relevant regulatory frameworks.

In Summary

Prospectiv has worked hard to develop a compliant platform providing innovative marketing services and technology for our clients and at all times respecting the rights of the data subjects whose information we collect. Compliance is part of what we do and ongoing due diligence is core to how we operate.