There are two sides to this question from a regulatory perspective. One simple answer: YES.
There is the legal side of it: Depending on where you are you may fall under European laws, American (Californian) or Australian privacy laws. The list could go on since most countries have some sort of privacy regulations that extend onto the web – and penalties for not complying with these rules.
more information about the legal framework can be found here.
- Have complied, and will comply, with all regulations, as well as data protection, electronic communication, and privacy laws that apply to the countries where you’re sending any form of email through MailChimp.
- Have collected, stored, used, and transferred all data relating to any individual in compliance with all data protection laws and regulations. You have the necessary permission to allow MailChimp to receive and process data and send communications to that individual on your behalf.
- Agree to indemnify and hold us harmless from any losses, including attorney fees, that result from your breach of any part of these warranties.
- What kind of personal data is collected
- Describe how this information will be used by the company
- Describe how this information will be transferred to third party companies
- Provide instructions on how users can modify or delete their personal information
- Provide instructions on how users can opt-out of future communications
Bonus information: checkbox on MailChimp forms
Update: MailChimp has just launched what they call GDPR Forms which will allow you to use a proper checkbox. GDPR-friendly forms include checkboxes for opt-in consent, and editable sections that explain how and why you are using data. You can find more information on this page: Collect Consent with GDPR Forms
Bonus information: re-enable double opt-in on MailChimp forms
You can re-enable double opt-in on MailChimp by following this link. If you want to read more about why this important, go read our post How and why to re-enable MailChimp double opt-in.
- Define the services and categories of data collection your site/app is making use of.
- Add the services (and categories of data collection like “Mailing List or Newsletter”) you are using to your policy. iubenda now takes care of your policy and generates it for you.
- You can either link to your policy or embed the text into your site/app.