COMPANY NAME

ANTI-SPAM COMPLIANCE POLICY

I. BACKGROUND

Canada's Anti-Spam Legislation ("CASL") prohibits the sending of a "commercial electronic message" ("CEM") to an electronic address unless:

  1. the person to whom the message is sent has consented to receiving it,

    AND
  2. the message complies with prescribed form and content requirements.

The potential penalties for non-compliance with CASL are significant and include administrative monetary penalties of up to $10,000,000 for corporations.

The purpose of this Anti-Spam Compliance Policy ("Policy") is to facilitate Company's compliance with CASL.

II. SCOPE AND PURPOSE

This Policy applies to all associates (whether full-time, part-time or contract), vendors and subcontractors [NTD: Consider whether others should be identified]of Company (collectively, "Associates").

III. WHAT DOES CASL APPLY TO?

CASL applies to CEMs that are sent to electronic addresses so it is important to understand what these terms mean.

A. What is a CEM?

A CEM is defined as an electronic message that has as its purpose, or one of its purposes, to encourage participation in a commercial activity.

Examples of CEMs sent by Company include electronic messages that wholly or partly [NTD: to be tailored to reflect the types of CEMs sent by Company]:

  • Advertise or promote products, services and special offers available at Company
  • Encourage customers to participate in contests or other promotions
  • Promote Company or its public image
  • Solicit business from vendors or suppliers

B. What is an electronic address?

An electronic address includes an address used in connection with the transmission of an electronic message to:

  • an e-mail account
  • an instant messaging account
  • a telephone account; or
  • any similar account (for example, an individually assigned address connected with a social media account).

Messages posted to a Company Facebook page or publicly Tweeted from a Company Twitter account are not considered to have been sent to an electronic address.

IV. WHEN CAN I SEND A CEM?

Subject to the limited exceptions discussed below (see "Exceptions" section below), you can send a CEM only if:

  • the recipient has consented to receiving it; and
  • the CEM meets CASL's form and content requirements.

A. Do I have express consent?

Except in the limited circumstances described in the section below entitled "Do I have implied consent?" express opt-in consent is required. An Associate can determine whether express consent has already been obtained by [Insert description of how an Associate can verify whether a recipient or group of recipients has provided his/her/their express consent. For example, is there a central database of recipients where express and implied consents will be tracked?]

Where express consent has not already been obtained, an Associate can request express consent (though the request for express consent cannot be sent electronically unless consent to send a CEM is implied or an exemption otherwise exists). Any request for express consent must provide the following information in a clear and simple manner:

  • the purposes for which consent is being sought
  • the name (or if different, business name) of the Company entity1 seeking consent
  • if consent is sought by one Company entity on behalf of another Company entity, the name (or if different, business name) of the entity on whose behalf consent is sought and a statement indicating which entity is seeking consent and which entity on whose behalf consent is sought
  • the mailing address, and one of a telephone number providing access to an agent or voice messaging system, an email address or a web address of the Company entity seeking consent or, if different, the Company entity on whose behalf consent is sought
  • a statement that the person can withdraw their consent

Note:

  • ➢ A pre-checked box that the individual has to un-check to indicate that they don't want to receive commercial electronic messages will not constitute express consent under CASL.
  • ➢ A request for consent may not be tied to or bundled with an individual's agreement to general terms and conditions of use or sale.
  • ➢ An electronic message requesting express consent to send CEMs is itself a CEM that can only be sent with express or implied consent and if the message complies with CASL's form and content requirements (unless an exemption otherwise exists).

Examples of valid requests for express consent are found at Schedule I.

B. Do I have implied consent?

Consent is implied only in the following circumstances

  • The Company has an "existing business relationship" (EBR) with the recipient. An existing business relationship will be held to exist, only in the following circumstances: [NTD: Consider providing specific examples relevant to the Company – for example, a written contract may exist because members of a loyalty program accept terms and conditions, or there may be a particular customer service line that receives inquiries or applications. Consider also explaining how an Associate can determine whether an EBR exists. For example, will there be a centralized database that tracks EBRs that can be checked before sending a CEM to a recipient or group of recipients?]

    • Recipient has purchased a product or service from Company in the past 2 years
    • Recipient has accepted a business, investment or gaming opportunity from Company in the past 2 years
    • Recipient has a written contract with Company (not relating to the purchase of a product or service), that is in existence or expired in the past 2 years
    • Recipient has made an inquiry or application (in respect of anything mentioned in the first three bullets) with the Company within the past 6 months
  • The recipient has conspicuously published or caused to be conspicuously published, or has otherwise provided (for example, by providing a business card), his/her contact information to the Company and has not requested not to be contacted at that contact information and the message relates to the recipients role in a business or official capacity.

Note: All CEMs (unless fully exempt), whether sent based on express or implied consent, must meet CASL's form and content requirements discussed below.

C. What are the form and content requirements?

Each CEM sent by the Company to an electronic address must include all of the following:

  • the Company name (or business name, if different)
  • the mailing address and one of a telephone number providing access to an agent or voice message system, email address, or web address of the Company
  • an "unsubscribe mechanism" that is able to be readily performed (at no cost) and that enables the recipient to unsubscribe using the same electronic means by which the CEM was sent or if those means are not practicable, any other electronic means. It must also specify an electronic address or link to a webpage where the recipient can unsubscribe (unless already provided in the "unsubscribe mechanism"). The unsubscribe mechanism must be valid for at least 60 days and be given effect to within 10 business days without any further action from the recipient. [NTD: If there is a single unsubscribe mechanism that must be included in all Company CEMs consider referencing it here]

If Company has engaged a third party to send CEMs to individuals on the Company's own marketing list on its behalf, and that third party has some degree of control over the content of the message or the choice of recipients (i.e. is not just facilitating the sending of the message), in addition to the foregoing, the third party sending the message must be identified and a statement must be added to indicate that the third party is sending the message on behalf of the Company. Contact information for the third party need not be provided and the unsubscribe mechanism should unsubscribe recipients from Company CEMs.

If it is not practicable to include all of the required information and unsubscribe mechanism in the CEM itself, the information and unsubscribe mechanism can be posted on a webpage as long as the CEM has a clearly labelled hyperlink that will take the recipient directly to that webpage. [NTD: If there is a webpage that contains all of this information, consider describing it here and providing the hyperlink]

Example language for inclusion in CEMs to comply with CASL's form and content requirements are set out in Schedule II.

V. ARE THERE ANY EXEMPTIONS?

Yes, certain classes of CEMs are exempt from some or all of CASL's requirements.

A. Exemptions from Consent Requirement

CEMs that solely do any of the following are exempt from CASL's consent requirements, but must still comply with CASL's form and content requirements (i.e. they must still provide the information and unsubscribe mechanism discussed in the "What are the form and content requirements?" section above):

  • Provide a quote or estimate for the supply of a product, good or service, if the quote or estimate was requested by the recipient.
  • Facilitate, complete or confirm a commercial transaction between the Company and the recipient where the recipient previously agreed to enter into such a transaction.
  • Provide warranty, product recall, safety or security information about a product, good or service that the recipient uses, has used or has purchased.
  • Provide notification of factual information about the ongoing use or purchase by the recipient of a product, good or service offered under a subscription, membership, account, loan or similar relationship, or that provides notification of factual information about the ongoing subscription, membership, account or loan.
  • Provide information directly related to an employment relationship or benefit plan in which the recipient is currently involved, participating or enrolled.
  • Deliver a product, good or service, including updates or upgrades further to a transaction that has been previously entered into.

B. Exemptions from Consent and Form and Content Requirements

Certain classes of CEMs are exempt from CASL's anti-spam prohibition altogether and can be sent without consent and without complying with CASL's form and content requirements. Full exemptions that are likely to be most often relevant to the Company are set out below. [NTD: The following is not an exhaustive overview of CASL's exemptions. Consider whether the following exemptions are relevant and/or whether other exemptions should also be discussed]

i. Responding to Customer Requests, Inquiries and Complaints.

CEMs sent by Company in response to an individual's request, inquiry or complaint or where the CEM was otherwise solicited by the recipient are exempt from CASL. Note that these types of messages will be exempt from CASL as long as they only respond to the request, inquiry or complaint and do not otherwise encourage participation in a commercial activity. See chart below for examples of messages that will and will not benefit from this exemption.

Exempt Not Exempt
A message sent in response to a customer complaint about a defective product that includes a coupon towards a replacement product as a customer service gesture. A message sent in response to a customer complaint about a defective product that includes a coupon towards a replacement product and advertises an upcoming promotion.
A message sent in response to a customer inquiry regarding the availability of a service at a particular store that provides information about the availability and price of the service. A message sent in response to a customer inquiry regarding the availability of a service at a particular store that provides information about the availability and price of the service and advertises an in-store promotion on unrelated products.

ii. Secure Message Centre.

CEMs sent to a limited-access secure and confidential account to which messages can only be sent to the recipient by the person who provided the account are exempt from CASL. Accordingly, messages sent by Company to a customer's secure online message centre are exempt from CASL.

iii. Business to Business Communications.

Internal Company communications (within the same Company entity) are exempt as long as they relate to Company activities.

CEMs sent by an Associate to an employee, representative, consultant or franchisee of another organization (including another Company entity) are also exempt as long as the Company on whose behalf the Associate is sending the message has a relationship with the recipient organization, and the message concerns the activities of the recipient organization. Accordingly, business to business communications between Company and its existing suppliers and vendors are exempt from CASL.

Communications with prospective suppliers and vendors are also likely exempt since messages sent to a person who is engaged in a commercial activity that consists solely of an inquiry or application related to that activity are also exempt from CASL.

iv. Legal Notices and Mandatory Information.

CEMs sent to satisfy a legal obligation or to enforce or provide notice of existing or pending legal rights or actions. [NTD: consider what types of messages may be sent out by Company under this exemption]

VI. WHAT ABOUT FORWARD-TO-A-FRIEND?

It is an offence under CASL to send, or cause or permit to be sent, a CEM in violation of the anti-spam prohibition. It is also an offence to aid or abet in a violation of the anti-spam prohibition. Accordingly, forward-to-a-friend ("FTF") promotions must be carefully structured so as not to expose Company to liability under CASL.

CEMs sent between individuals who have a personal or family relationship (which terms are defined quite narrowly under the legislation) are exempt from the anti-spam prohibition. Accordingly, potential liability in respect of FTF promotions can be mitigated somewhat by requiring participants to only send messages to recipients with whom they have a close personal or family relationship. This requirement must be prominently displayed to the participant and the participant must, prior to sending the message, acknowledge and agree that the proposed recipient of his/her message is someone with whom he/she has a close personal or family relationship.

Email addresses provided in connection with a FTF promotion may only be used for the purposes of forwarding messages to friends and family members and may not be retained or used for any other purpose.

VII. COMPLIANCE

[NTD: consequences for non-compliance should be laid out within the policy unless they are addressed in a broader policy/handbook applicable to Associates]

VII. QUESTIONS

Questions about this Policy or the requirements of CASL should be directed to [TBC]

SCHEDULE I

The below consent can only be used when consent is being sought by a single Company entity and will not work if consent is being obtained on behalf of one or more third parties/affiliates.

Yes, I would like to receive communications from [Company name]2 relating to products, service, promotions, events, special offers and surveys [purpose statement must be tailored]that may be of interest to me. I may withdraw my consent at any time. [Company mailing address and one of email address, website address or telephone number for agent or voicemail box]. Personal information provided may be collected, used and disclosed in accordance with Company's Privacy Policy available at [insert hyperlink].

SCHEDULE II

CEM Sent By Company

This message was sent to you by [Company] [insert Company mailing address and one of telephone number providing access to an agent or voice mail system, email address or website address]. To unsubscribe from future promotional messages from [Company] click here. Please note you may still receive safety notices and transactional messages.

[consider also including a link to the Company privacy policy]

CEM Sent By Third Party Vendor on Behalf of Company

This message was sent to you by [Vendor] on behalf of [Company] [insert Company mailing address and one of telephone number providing access to an agent or voice mail system, email address or website address]. If you wish to unsubscribe from future promotional messages from [Company] click here. Please note you may still receive safety notices and transactional messages.

[consider also including a link to the Company privacy policy]

Footnotes

1. Affiliates are treated as third parties.Therefore, if Company affiliate A, wants to request express consent on behalf of itself, and Company affiliates B and C, the name and contact information for each affiliate must be provided and it must be clear which Company affiliate is requesting consent and which are the Company affiliates on whose behalf consent is being sought.

2. Must be the name of the entity requesting consent or if different, the name by which the entity requesting consent carries on business.