SMS marketing in the Netherlands

This article is designed to assist Voyado customers in navigating the legal landscape of sending marketing messages via SMS to individuals in the Netherlands. We have compiled this guide to help you ensure compliance with Dutch law.

This information is provided for general information purposes only and does not constitute legal advice. Voyado is not a legal professional adviser and accepts no responsibility for the accuracy of, or any interpretations and actions based on, the information herein. Voyado recommends that you conduct your own legal analysis or consult with your legal counsel to ensure compliance with applicable laws.

What legislation applies?

In the Netherlands, the sending of marketing messages via SMS is governed by the electronic marketing rules in the Telecommunicatiewet (Dutch Telecommunications Act, “TA”) as well as the General Data Protection Regulation (“GDPR”).

TA restricts unsolicited marketing by electronic messages, such as emails and SMS messages. If you send marketing messages via SMS to an individual, you will often need to obtain prior consent to such marketing, as further described below. The GDPR applies alongside the TA, and the TA uses the GDPR standard for obtaining valid consent.

Obtaining consent is key

Before sending any marketing messages via SMS to individuals, you must always obtain explicit consent from the recipient, unless the “soft opt-in" exception described below applies. Simply having an individual’s phone number does not imply consent for SMS marketing, nor is it sufficient that the recipient has agreed to marketing in general.

Under the GDPR, consent needs to be “freely given, specific, informed, and unambiguous”. A clear affirmative action (e.g., ticking a box or clicking a button) is required to demonstrate consent. Accordingly, pre-ticked boxes do not constitute valid consent. For further information on what constitutes a valid consent under the GDPR, please see the EDPB Guidelines 05/2020 on consent and Autoriteit Persoonsgegevens guidance on consent (in Dutch).

Soft opt-in exception

The “soft opt-in" is an exception to the consent requirement for electronic marketing in the TA. It applies only in relation to existing customers and may allow you to send marketing messages via SMS to such individuals without having obtained prior consent. In order for the “soft opt-in" rule to apply, you must meet all of its requirements: (1) you collected the contact details directly from the customer, (2) you collected the details during the sale of a product or service, (3) you will use the details for marketing of your own similar products or services, (4) you clearly and expressly provide an easy, free of charge way for the recipient to object to or opt-out of SMS marketing when collecting the details, and if the recipient has not objected at the time of collection, in each subsequent SMS message.

If the “soft opt-in" rule is applicable (i.e., consent is not required under the TA), you may rely on legitimate interest under the GDPR as the legal basis for the processing of personal data. However, to be able to use Voyado Engage SMS, a consent must be logged in the contact card of the customer for which the soft opt-in rule applies. In such case, even if the legal basis is legitimate interest, you will need to manually add consent in the contact card of the customer. For this reason, Voyado recommends obtaining and relying on consent for all recipients, including existing customers who fall under the soft opt-in rule. For further information on the logging of consents, see the “Documenting consent” section below.

Providing opt-in mechanisms for consent

To utilize Voyado Engage SMS, your website and sign-up forms must include an opt-in mechanism for SMS marketing for the collection of consents. The opt-in mechanism must fulfil the requirements for a valid consent under the GDPR and may, e.g., take the form of a checkbox that is not pre-ticked, allowing the recipient to actively opt into receiving marketing via SMS.

It is not sufficient to include an opt-in mechanism for marketing in general. To fulfil the “specific” and “informed” consent requirements, consent for SMS marketing must be collected separately and not be bundled with other types of communication. Thus, if you collect consent for both SMS and email marketing, you must offer separate opt-ins for SMS and email.

Example of SMS marketing opt-in text for website/sign-up forms:

"I would like to receive marketing from [Company Name] via SMS in accordance with the [link to Privacy Policy]. I understand that I can withdraw my consent at any time by following the directions to unsubscribe provided in each SMS message.”

Transparency

Each marketing message you send to recipients in the Netherlands must identify you as the sender of the message. When using Voyado Engage SMS, each SMS includes information about who you are using a customized sender ID. During the implementation project, you will be able to choose the sender name(s) for your SMS messages.

Providing opt-out mechanisms for withdrawal of consent

Each SMS message must include an opt-out mechanism which enables the recipient to easily opt-out of SMS marketing at any time. You may use one of the following mechanisms:

  • Include a stop word (e.g. STOP to 123 123)
  • Add an opt-out link

When using Voyado Engage SMS, an opt-out link is automatically added to your SMS messages, unless a stop word has been added during the implementation project. Contact your Voyado specialist or account manager if you want to use a stop word instead.

Documenting consent

Maintaining records of consent is a crucial part of compliance. It is important to keep records of when, where, how, and for what an individual provided their consent to be able to demonstrate compliance in the event of a complaint.

Voyado Engage helps you to maintain records of consent. In the contact card of each recipient, it is documented when and how the recipient’s consent was obtained via your opt-in mechanism(s), including:

  • The date consent was given (opt in);
  • The source of the consent (e.g., online form, in-store sign-up); and
  • The date consent was withdrawn (opt out).

You may also log consents in the contact card of each recipient manually.

Please note that the logging of consents in Voyado Engage is based on information provided by the integrating system collecting the information. Voyado Engage cannot supply this information on its own; it relies on the integrating system to provide it based on customer actions. Further, it is always the customer’s responsibility to ensure that the documented consents are valid and have been obtained in accordance with the GDPR.

Privacy policy updates

Prior to using Voyado Engage SMS, you must update your privacy policy to include information on SMS marketing and how you handle personal data for marketing purposes. Ensure that the privacy policy covers at least:

  • What personal data you collect and how you are going to use it.
  • The legal basis (consent, legitimate interest).
  • The type of content recipients can expect to receive and for what purposes (e.g., news and offers for marketing purposes).
  • How recipients can opt-out of SMS marketing at any time.

The privacy policy should be accessible from the opt-in mechanism (checkbox on the website, sign-up form etc.), see the example in the “Providing opt-in mechanisms for consent” section above.

The below example text covers SMS marketing only but may be amended to include information regarding marketing by email, post etc. depending on the channels used for marketing.

Example of privacy policy text:

“We may collect your name and phone number to send you marketing messages via SMS if we have obtained your consent or if we have a legitimate interest pursuant to the Dutch Telecommunications Act and GDPR. Your personal data is used solely for the purpose of sending you relevant news and offers. You can unsubscribe from marketing at any time by following the instructions in each SMS message.”

Need more help?

For further assistance or specific queries, we recommend seeking legal advice tailored to your situation. The Dutch Data Protection Authority’s (Autoriteit Persoonsgegevens) website, and the Netherlands Authority for Consumers & Markets (Autoriteit Consument & Markt) website, also offers valuable resources and guidance on compliance with the TA and data protection laws in the Netherlands, such as the Guidance on advertisement (in Dutch) and Guidance on spam and advertising (in Dutch).

Was this article helpful?
0 out of 0 found this helpful

Comments

0 comments

Article is closed for comments.