SMS Compliance Policy

At VPass, we take ‘Permission’ and ‘Compliance’ very seriously. By creating an account and agreeing to our Terms of Service, you are also agreeing to this anti-spam policy.

With the recent update to Data Privacy regulations vis a vis the European GDPR, Data Privacy, Compliance and Spam laws have taken a much needed step in a good direction. ie to look after customer data and to use it responsibly.

Permission

Spam is any SMS you send to someone who hasn’t given you their direct permission to contact them on the topic of the message.

What constitutes permission?

As a guideline, permission can be obtained through but not limited to the following:

  • A subscribe form on your web site.
  • An opt-in checkbox on a form. This checkbox must not be checked by default, the person completing the form must willingly select the checkbox to indicate they want to hear from you.
  • If someone completes an offline form like a survey or enters a competition, you can only contact them if it was explained to them that you would be contacting them by message AND they ticked a box indicating they would like you to contact them.
  • Customers who have purchased from you within the last 2 years and were made aware at the point of data collection that they would be contacted.
  • If someone gives you their business card and you have explicitly asked for permission to add them to your list, you can contact them. If they dropped their business card in a fishbowl at a trade show, there must be a sign indicating they will be contacted by message about that specific topic.

 

In Summary, you can only ever message anyone who has clearly given you permission to message them specifically about the subject you’re contacting them about.

What DOES NOT constitute permission?

Anything outside the examples above doesn’t equal permission in our eyes, but here are some examples to make sure we’re crystal clear. By using VPass, you agree not to import or send to any mobile number which:

  • You do not have explicit, provable permission to contact in relation to the topic of the message you’re sending.
  • You bought, loaned, rented or in any way acquired from a third party, no matter what they claim about quality or permission. You need to obtain permission yourself.
  • You haven’t contacted via messaging in the last 2 years. Permission doesn’t age well and these people have either changed mobile numbers or won’t remember giving their permission in the first place.
  • You scraped or copy and pasted from the web. Just because people publish their mobile numbers doesn’t mean they want to hear from you.

 

Sure, some of these people might have given you their mobile numbers, but what’s missing is your permission to send them commercial messages. Blasting promotional messages to any of these people won’t be effective and will more than likely have your message seen as spam by many of your recipients.

What MUST I include in my message?

Every message you send using VPass must include the following:

  • An opt-out mechanism that instantly removes the subscriber from your list. Once they unsubscribe, you can never message them again.
  • The identity of the beneficial sender of the message. i.e. If you’re sending an message for your client, you’ll need to make sure your client is identified by name in the message instead.

 

Monitoring

VPass has numerous layers of approval and monitoring to ensure you comply with our anti-spam policy. Here’s a few of them:

  • Until your account has been approved by a member of our team, every message you send will need to be approved.
  • Our software is directly integrated into the spam reporting systems for the biggest global telco’s. If you don’t have permission and someone marks your campaign as spam, we’ll know about it the moment that button is pressed. If you receive a complaint rate greater than the average you will receive a warning email requesting an explanation and giving you advice. Higher levels of complaints may result in accounts being locked or terminated, and your details reported to the authorities.
  • Our team verifies all large lists imported into our software. Until we’ve given it the all clear, you can’t send to it.
  • We monitor blacklists and our abuse accounts all day every day. We can pinpoint who is causing us delivery problems or attracting complaints very easily.

If we do discover that you’re messaging people without their permission, we will terminate your account with VPass immediately, and in serious breaches, report you to prevailing authorities.

In the end, it’s really common sense. Take off your business hat and put yourself in your recipient’s shoes. If they don’t recognise who you are or aren’t interested in what you’re sending, they’ll think you’re a spammer. It’s that simple.

If you have any questions about our Anti-Spam Policy, or if you want to report spamming activity by one of our customers, please contact us at.

Compliance

in addition to our own terms of Services and Permission considerations as outlines above, Messaging Compliance Rules are laws of the land in various jurisdictions around the world, and they govern what obligations you have and what you can and cannot do with messaging. These rules differ from location to location. It is important that you familiarise yourself with your obligations in your country of operation. To assist your analysis, below is a list of relevant legislative items from regulatory bodies in 5 major operating regions around the world. If you are unsure as to your obligations we encourage you to seek legal advice.

Australia

  • Competition and Consumer Act 2010 (in particular Section 1 Australian Consumer Law)
  • Privacy Act 1988 (in particular Section 1 Australian Consumer Law)
  • Code and Initiatives administered by the Advertising standard Bureau
  • Telecommunications Consumer Protections Code Industry Code (C628:2015) (in particular Chapter 4 Consumer Sales, Service and Contracts)
  • Do Not Call Register Act 2006 (applies to voice call and faxes only)
  • The Telecommunications Data Retention Act of 2015

 

New Zealand

  • The Telecommunications Carriers Forum Mobile Messaging Code (note: the Code is not mandatory. However, under the Telecommunications Act, the Telecommunications – Commissioner has the power to designate or specify telecommunications services if, for example, industry self-regulation is not effective)
  • Unsolicited Electronic Messages Act 2007
  • Fair Trading Act 1986
  • Privacy Act 1993 and Telecommunications Information Privacy Code
  • The Telecommunications Carriers Forum Mobile Messaging Code
  • Advertising Standards Authority Codes of Advertising Practice

 

United Kingdom

  • The Data Protection Act 1998
  • The Privacy and Electronic Communications Regulations 2003
  • Information Commissioner’s Guide to Privacy and Electronic Communications Regulations and Direct Marketing
  • The UK Code of Non-broadcast Advertising, Sales Promotion and Direct Marketing and its supplemental code on Mobile Marketing
  • The Direct Marketing Association (DMA) Code of Practice
  • The Mobile Marketing Association Code of Conduct

 

United States

  • U.S. Consumer Best Practices for Messaging from the Mobile Marketing Association (2012)
  • Direct Marketing Association’s Guidelines for Ethical Business Practice (2014)
  • CTIA Common Short Code (CSC) Guidelines (voluntary codes of conduct)
  • 47 U.S.C. § 227 (Telephone Consumer Protection Act of 1991)
  • TCPA Omnibus Declaratory Ruling and Order
  • 16 C.F.R. Part 310 (Telemarketing Sales Rule, Do-Not Call Rule)
  • 47 C.F.R. § 64.1200 (Restrictions on Telemarketing, Telephone Solicitation, and Facsimile Advertising


Singapore

  • Personal Data Protection Act (in particular, sections 36-48 on the Do Not Call Registry and the Eighth Schedule on Exclusion from meaning of “Specified Message”)
  • Personal Data Protection (Exemption from section 43) Order 2013
  • Advisory Guidelines on Key Concepts in the PDPA: Part V: The Do Not Call Provisions
  • Advisory Guidelines on the Do Not Call Provisions
  • Advisory Guidelines on Requiring Consent for Marketing Purposes
  • Personal Data Protection (Do Not Call Registry) Regulations 2013
  • Spam Control Act (in particular, the Second Schedule: Requirements for Unsolicited Commercial Electronic Messages)

 

NB: This page, its commentary and provided resources are provided only as a best efforts guide only, and do not constitute any form or legal or professional advice.