This post answers the important question how and why you have to include a privacy policy on your website when you use MailChimp.

mailchimp_privacy_policy

Let’s assume you have a website, a contact/subscribe form and you use MailChimp to regularly send out mailings to people you want to reach for any reason. You do that via an email newsletter (powered by MailChimp) and you’re thinking about a privacy policy. What do you have to do?

IN SHORT

How iubenda helps you with this task, fast and easy.

  • Sign up and choose our clause called “Mailing List or Newsletter”;
  • Choose our clause called “MailChimp”;
  • Add the privacy policy to your site, potentially also to the footer of your newsletter;

1) Do I have to include a privacy policy when I use MailChimp?

There are two sides to this question from a regulatory perspective. One simple answer: YES.

There is the legal side of it: Depending on where you are you may fall under European laws, American (Californian) or Australian privacy laws. The list could go on since most countries have some sort of privacy regulations that extend onto the web – and penalties for not complying with these rules.

For newsletter/mailing services in general: newsletter services are sending out emails on your behalf. This means these services have access to a list of real people that you are contacting. Now, these people have a right to know how their private data (email, names?) is handled. This is why you’re required to disclose this fact to people via something like a privacy policy:

more information about the legal framework can be found here.

There is the company policy side to it as well: Does MailChimp require me in their terms to have a privacy policy when I use their service? See the answer in the next paragraph (2).

2) Am I required by MailChimp to post a privacy policy for my newsletter?

Yes and no. MailChimp requires you in their terms of use – 19. Compliance with Laws to be compliant with your country’s (or anyone’s country you send that newsletter to) privacy laws. Even more so when that is the EEA (European Economic Area):

  1. Will clearly describe in writing how you plan to use any data collected, including for your use of MailChimp. You’ll get express consent to transfer data to MailChimp as part of this process, and you’ll otherwise comply with whatever privacy policy you have posted.
  2. Have complied, and will comply, with all regulations, as well as data protection, electronic communication, and privacy laws that apply to the countries where you’re sending any form of email through MailChimp.
  3. Have collected, stored, used, and transferred all data relating to any individual in compliance with all data protection laws and regulations. You have the necessary permission to allow MailChimp to receive and process data and send communications to that individual on your behalf.
  4. Agree to indemnify and hold us harmless from any losses, including attorney fees, that result from your breach of any part of these warranties.

The most important part in these terms regarding the privacy policy: “Will clearly describe in writing how you plan to use any data collected, including for your use of MailChimp. You’ll get express consent to transfer data to MailChimp as part of this process, and you’ll otherwise comply with whatever privacy policy you have posted“. So does Mailchimp require you to have a privacy policy?

Mostly, yes. Mostly, because they’re not saying that using MailChimp also means you need a privacy policy or else your account will be terminated. But, being in compliance with most privacy laws (which is what they are asking) means you’ll have to tell your users exactly what you are doing with your data, even more so when it’s being transferred out of your country (here: into the US)

3) How do I add a privacy policy?

Usually, to make a privacy policy legally effective and compliant, it must be easily found. A best practice is to link to your privacy policy from your footer where your users or visitors can find it at any given time. It should also not be modified to look like you want to hide it (smaller type, light colors that make it literally indistinguishable from the background).

4) An example privacy policy for MailChimp?

A lot of people ask for sample privacy policies for their websites & MailChimp. In reality those samples don’t do anyone much good because they’re far too generic. Let’s start with an enumeration of what needs to go into a privacy policy. Most countries’ privacy laws require you to include the following information:

  • What kind of personal data is collected
  • Describe how this information will be used by the company
  • Describe how this information will be transferred to third party companies
  • Provide instructions on how users can modify or delete their personal information
  • Provide instructions on how users can opt-out of future communications
  • Identify its effective date and outline how you notify people of material changes to your privacy policy.

What about a sample privacy policy clause for MailChimp newsletters?

No problem, our privacy policy generator has a MailcChimp service that you can add to your iubenda privacy policy for free. 🙂 

Bonus information: checkbox on MailChimp forms

If you are using MailChimp’s subscribe widgets/forms, you might be wondering how you can add a checkbox for people to consent to your privacy policy before they subscribe to your newsletter. It’s hard.

Even MailChimp as a company hasn’t yet fully subscribed to making this happen easily and on all forms. Here’s a recent conversation on Twitter:

What MailChimp suggest on that discussion is to use the pop-up signup form and enforce a “required field” on there. In my tests limited to the above approach I went through the following:

  1. Add a checkbox with text and a link to your privacy policy

Within your list’s form settings, you need to add a checkbox item to your form in General Forms.

The field does not allow the addition of an actual link. So make sure that your link is a direct link to your privacy policy.

2. Add a Pop-Up Signup Form to Your Website (MailChimp)

Then you need to add this field to the Pop-Up Form, and put this checkbox to required.

The popup form:

The required checkbox field:

If this changes, we’ll gladly update our guide.

Bonus information: re-enable double opt-in on MailChimp forms

You can re-enable double opt-in on MailChimp by following this link. If you want to read more about why this important, go read our post How and why to re-enable MailChimp double opt-in.

Our Approach of Generating a MailChimp Privacy Policy

So here’s where iubenda’s privacy policy generator will come in very handy:

  1. Define the services and categories of data collection your site/app is making use of.
  2. Add the services (and categories of data collection like “Mailing List or Newsletter”) you are using to your policy. iubenda now takes care of your policy and generates it for you.
  3. You can either link to your policy or embed the text into your site/app.

Try Our Privacy Policy Generator


Privacy Policy for an Email NewsletterPrivacy Policy in German?Privacy Policy for 2Checkout.com

About Us

iubenda is the easiest and most professional way to generate a privacy policy for your website, mobile app and facebook app
www.iubenda.com

Generate a privacy policy now

Ready in a few steps and built to meet the needs of both website and mobile app owners

Generate your privacy policy now
RSS FEED

Sometimes the best choice is to "just give it a try"

iubenda is the easiest and most professional way to generate a privacy policy for your website, mobile app and facebook app

Generate your privacy policy now