If you have received an unsolicited message from our platforms, please let us know immediately through our reporting form
The Splio Group is a marketing software provider in Saas mode, specialized in retail, offering various Services to its clients. The Saas Client Experience Management IT platform combines a number of modules allowing Splio Group clients to orchestrate omnichannel strategies in real time from their Client database.
The Splio Group places great importance on the quality of marketing communications sent from its infrastructure (electronic communication operation via campaigns (hereinafter referred as “Campaigns”), pays particular attention to Personal Data protection, ensuring that the rights of Campaigns or Electronic Messages recipients are protected, fighting against inappropriate solicitations, spam, junk mail and chain letters, and subjects the use of the Saas Service to the respect of Applicable Legislation and good practices.
The Splio Group and its clients undertake to collect, process, use and transfer the Client Data with respect of the Applicable Legislation.
The respect of Applicable Legislation and good practices is necessary in maintaining and developing the Splio Group’s reputation towards e-mail service providers and telecommunications operators. This reputation is essential for optimal deliverability and enables clients to use electronic marketing to its full potential in order to expand their businesses. They also make it possible to guarantee the respect of the recipients’ rights and privacy.
The Client Data used by the Splio Group clients are owned by the clients, and are collected and managed under their full and sole responsibility.
The Splio Group does not market any Client Data.
The Splio Group reserves the right to suspend the launching of a Campaign which could lead to an abnormal or excessive complaint rate or else block an account or part of the Client Data if it is proven that the said client does not respect the Applicable Legislation.
We remind our clients that it is important not to over solicit their contacts, to correctly segment their database in order not to send messages considered to be uninteresting or inappropriate and to carefully pick the mailing days.
In respect of your Campaigns, the Splio Group, as sub-contractor remains at your disposal in order to provide you with any information on the Applicable Legislation and good practices.
Commitments of clients using the Splio platform.
1. Ethics Codes And Charters Of Various Organizations
The Splio Group makes its clients aware that they should:
1.1. respect the ethics codes and charters of the following organizations:
SNCD (Syndicat National de la Communication Directe) http://www.sncd.org/deontologie/code-general-de-deontologie-communication-directe-sncd/Signal Spam http://www.signal-spam.fr/Certified Senders Alliance https://certified-senders.eu/MAAWG http://www.m3aawg.org/CAN-SPAM Act https://www.ftc.gov/tips-advice/business-center/guidance/can-spam-act-compliance-guide-business; CASL http://fightspam.gc.caand more specifically any good practice or regulation applicable to the territory targeted by the Campaigns launched;
1.2. consult the recommendations of the Personal Data protection authorities such as for example National Commission for Data Protection and Liberties (CNIL) in France, Spanish Data Protection Agency (AEPD) in Spain, Italian Regulatory Authority (Garante) in Italy, GIODO in Poland, etc.
2. Applicable Legislation And Good Practices
Within the context of the Saas Services contract signed between Splio Group and its clients, the clients undertake to respect the Applicable Legislation and in particular the rules and good practices described below from articles 3 until 19.
3. Representations, Registers For Processing And Collections
If the local law so requires, the Client Data must be declared by the clients to the competent local Personal Data protection authorities (or else keep a Register of the Personal Data processing activities) and must exclusively contain addresses or numbers collected (opt-in) from individuals who have been informed of the information below at the time of the collection.
The clients shall be solely responsible for collecting the Client Data for direct marketing purposes and information to be provided to individuals at the time of this collection. The clients must first obtain the free, specific, informed and unequivocal consent (clear and positive act) from the recipient to receive the Electronic Message, irrespective of the channel, and must keep proof of this consent, as well as any information on the data collection (date, origin, IP address, etc.).
The “pre-ticked” boxes which make it possible to assume the consent of the individual (“opt-out) are not lawfully admitted. Similarly, the acceptance of the client’s general user conditions is not a sufficient method for gaining the individual’s consent.
At the time of the Personal Data collection the clients must inform the individual of the following information in particular:
a) identity and contact details of the person responsible for the processing;
b) if applicable the Data Protection Officer’s (“DPO”) contact details;
c) the purpose for which the Personal Data processing is intended, as well as the legal basis for the processing (consent or legitimate interests of the person responsible);
d) recipients or categories of recipients of Personal Data, if they exist; and
e) if applicable, the fact that the person responsible for the processing intends to transfer the Personal Data to a third country;
f) time limits for the storing of Personal Data;
g) existence of the right to request the person responsible for the processing to provide access to the Personal Data, for rectification or deletion of the said Personal Data or limitation of the processing regarding the person concerned, or the right to oppose the processing and the right to the portability of the Personal Data;
h) the right to lodge a claim to a supervisory authority;
i) the existence of automated decision-making, including profiling mentioned in article 22, par. 1 and 4 of the GDPR (General Data Protection Regulation), and, at least in such cases, relevant information concerning the underlying logic, as well as the importance and consequences of this processing for the person concerned.
4. Subscriptions To A Newsletter
When collecting Personal Data at the time of subscription to a Newsletter, secure the subscription form (captcha or double opt-in).
5. Personal Data Of Minors
When processing Personal Data of a child under 16 years of age, obtain the consent or authorization for consent from the person who has parental responsibility for the child. It must be noted that EEA Member States may provide by law for a younger age for these purposes so long as this age is not below 13 years.
6. International Personal Data Transfers
Take all necessary measures to ensure the legality of the international Personal Data transfers.
7. Information On The Client’s Website
Provide a privacy and cookie user policy, as well as legal disclaimers available on the website where Personal Data are collected.
8. “Opt-In Partners” Monetization Transactions
Do not use database leased or loaned by a third party without the individuals of these bases having previously and expressly consented to receive messages from the partners (opt-in partners). The purchase of Client Data is forbidden.
Monetization transactions take place when the clients (i) send Campaigns to addresses or telephone numbers leased from third parties or made available by third parties (for example in what are commonly known as “partner operations”/”opt-in” partners) or (ii) sell or make available to third parties its own addresses or telephone numbers.
In both cases, the Client Data thus monetized contributes significantly to the increase in the recipients’ complaint rate.
Therefore at the time of the collection, if a Personal Data transfer to partners is planned, the clients must separate the collection of the consent from the person who is to receive the offers from the clients, from the consent to be received from offers issued by the client’s partners (by clearly indicating the company name of these partners and the purpose of commercial solicitation), in order to avoid any confusion in the consumer’s mind.
9. DPO And Request For Information On The Collection
Send the DPO’s contact details and reply within 3 working days to any request for information on the origin of the consent and collection.
Splio may request the clients to provide proof of consent from recipients of the Client Data, in particular in the event of a high complaint rate following a Campaign.
10. List Of Unsubscribed, Inactive Contacts And Complaints
On the date of Saas Services Initialisation and during the performance of the Saas Services Contract, provide Splio with a complete list of unsubscribed, inactive contacts and spam complaints which may have been collected by the client’s other routing service providers.
11. Taking Into Account Unsubscribed Contacts, Feedback And Requests For Information
The clients must ensure that it takes into account unsubscribed contacts, final rejections (“hard bounces”), any feedback of information sent by Splio and recipients’ requests for information, access, change or opposition within a maximum period of two (2) weeks.
12. Do Not Send Campaigns To “Spamtrap” Or “Honeypot” Addresses Or Numbers
Avoid targeting recipients who have not received any communication over the last six (6) months (“spamtrap”).
A spamtrap is an address or trap number distributed or kept in service to identify spams, in other words illegal or abusive communications. These trapped addresses or numbers are for the most part created from addresses or numbers which have been inactive for a long time, and their basic presence in the Client Data tends to indicate that their retention period has been excessive or that they have been obtained without opt-in.
The “honeypots” are also trapped addresses or numbers but they are created on purpose. Their actual presence in the Client Data shows that the collection has been fraudulent as it is impossible to collect them with opt-in.
13. Mandatory Details – Content And Format Of Electronic Messages
The Campaigns sent must contain mandatory legal details, namely:
– clearly indicate the identity of the advertiser with the company name; the subject of the message must clearly indicate its purpose and no element of the header or body of the message must deceive the recipient as to the origin or subject of the message;
– the subject of the message must be related to the activity of the company which is the owner of the Client Data;
– for emails the technical field reserved for the message sender contains an email address, the domain name of which corresponds either to the actual sender or to a service provider responsible for the routing of the message, and a display name clearly informing the recipient of the message sender’s identity; The clients dedicate a sub-domain or a domain name to the email transmissions carried out by the Splio Group; the owner of the domain name must be publicly identifiable on the WHOIS database (not anonymous);
- customers dedicate a sub-domain or a domain name to Splio's emailings; the owner of the domain name must be publicly identifiable on WHOIS databases (not anonymous);
– offer the recipients a simple, free, express and unambiguous means to oppose the receipt of new Electronic Messages, by offering (1) for emails and/or newsletters a clearly visible and functional unsubscribe or opt-out link and (2) for SMS’ a STOP marketing message the operation of which has been checked (in the event of sending to countries where operators offer this function) or else a right of opposition collected by means of a checkbox. The unsubscribe link makes it possible to unsubscribe without manual identification of the recipient.
14. Respect The Authorized Times For Sending Marketing SMS
Sundays and public holidays are forbidden for sending commercial or marketing SMS.
15. Do not send electronic messages containing malicious software or software that may operate without the knowledge of the systems intended to receive the message
16. Do Not Use the SaaS Service to Store Content or Send Campaigns
(...) whose content is illegal, political, religious, discriminatory, offensive, shocking, inappropriate, obscene, threatening, abusive, violent, rude, racist, insulting, defamatory, misleading, intended to harass, threaten, embarrass others, pornographic or child pornographic, constituting an apology of crimes against humanity, likely to incite racial hatred, violence or terrorism, to violate human dignity or the privacy of others, manifestly contrary to morality or public order, illegal or contrary to the laws in force or damaging to the reputation of Splio. These restrictions on use also apply to violations of privacy and press offences such as insult or defamation;
17. Do Not Store Personal Health, Banking, Sexual, Religious, or Political Preference Data
18. Do Not Practice Email Appending
Clients should refrain from communicating on contact details that have been obtained in the context of enrichment operations carried out by third parties. The means of contact of the final recipients must always have been obtained in a direct exchange between them and the clients.
19. Take all necessary precautions to maintain the security of your own information systems
"Customer Data" means data hosted by Splio as part of the SaaS Service, including Personal Data.
"Personal Data" means any information relating to an identified or identifiable natural person within the meaning of the Applicable Data Protection Regulation; it being understood that in all cases, an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to his or her physical, physiological, genetic, mental, economic, cultural or social identity.
“Applicable Legislation” designates any national legislation on personal data protection applicable to the data processing, and notably, when all or some of the processing operations entrusted to the Splio Group (pursuant to the Saas services contract with the client) are undertaken in the European Economic Area (“EEA”) or relate to data collected in the EEA, Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of Personal Data and on the free movement of such data, and from 25 May 2018 the General Data Protection Regulation (EU 2016/679 of the European Parliament and of the Council of 27 April 2016), and the applicable national laws and legislations on data protection and privacy.