Email, Consumer Data Collection, Advertising, Telemarketing and Regulatory Compliance Standards (the “RevGuard Standards”)
The following additional terms apply to all services conducted under the OCO Services Agreement and the RevGuard Master Services Agreement.
1. Spam Policy.
RevGuard has a strict policy against sending unsolicited commercial email (“UCE”), commonly referred to as “spam.” Client represents and warrants that all emails delivered under through RevGuard will be to permission-based subscribers/Consumers. (” “Transaction Correspondence” or “TC”) means the graphic or text file(s) made available to RevGuard to communicate transactional or existing business relationship messages on behalf of Client.) Any claims against RevGuard from TC recipients that such TC constitute UCE will be directed to Client, and Client shall make reasonable efforts to satisfactorily resolve the issue with the recipient.
2. Email Lists.
(a) A “List Owner” is an entity that has email lists that it provides to third parties (such as RevGuard) to send TC messages. All emails sent by RevGuard on behalf of Client shall be delivered to email lists owned or managed solely by Client. As a List Owner, Client is responsible for honoring opt-out requests or adding those email addresses to its own suppression list where Client is the Sender of the email communication. Where either Client or RevGuard learns of an opt-out request from an address on Client’s email address list, it shall not further sell, lease, exchange or otherwise transfer that address, except to comply with the CAN-SPAM Act or other law.
(b) Client shall maintain at all times during the term of the OCO Services Agreement or Master Services Agreement (as the case may be), and for a period of three years thereafter, complete and accurate subscriber sign-up/registration data for every subscriber to Client’s email list(s). Client agrees that, within one business day of RevGuard’s request, it shall provide, at a minimum, the following subscriber sign-up/registration data for any email address to which Client sends an TC: (i) subscriber email address used to sign-up/register for Client’s email list; (ii) subscriber’s IP address; (iii) date and time of subscriber’s sign-up/registration for Client’s email list; and (iv) location (URL) of subscriber’s sign-up/registration.
3. Campaign Preparation.
(a) Prior to issuing a request to RevGuard to send any TC or initiate telephone contact to Consumers, Client shall download the applicable suppression file for the campaign and “scrub” its list against the file. Client shall not use any suppression file(s) for any other purpose, or permit others to do so.
(b) Client will ensure that all data it provides to RevGuard has been supplied by Consumers who have expressly requested or consented to receive commercial marketing direct mail, and e-mail from Client (or its affiliates) and its third party vendors, and represents and warrants that the provision of data to RevGuard will not violate any privacy policies or other agreements that the Consumer accepted at the time he/she provided such data.
4. Campaign Requirements for all Advertising and OCO Services.
Client represents and warrants:
(a) Applicable Laws.
(i). Client has and will obtain, collect, compile, manage, maintain, share and transfer data without using unfair or deceptive acts or practices and in compliance the Federal Trade Commission’s Telemarketing Sales Rule, the Telemarketing and Consumer Fraud and Abuse Prevention Act of 1994 (“TCPA”), and Federal Communications Commission rules implementing the TCPA.
(ii). For each requested Service, Client shall comply with all applicable international, federal, state, and local laws, rules and regulations governing commercial email, and telephone solicitations, including but not limited to the California Business and Professions Code, §§ 17529 et seq., and any applicable state registry laws, such as the Michigan Children’s Protection Registry (https://www.protectmichild.com/senders/) and the Utah Child Protection Registry (https://www.registrycompliance.com/apply.html), to the extent that such acts are within Client’s reasonable ability to control.(iii). No campaign is targeted to children under the age of thirteen (13) and/or offers products or services that are illegal for minors to buy, possess or participate in.
(b) Content of Commercial Messaging and Transactional/Relationship Messaging and CAN-SPAM.
Client shall use RevGuard to promote only those campaigns that are lawful. Client acknowledges its responsibilities as a “Sender” under 15 U.S.C.A. Section 7705 (16)(A), and as such it shall comply with CAN-SPAM Act in all of its commercial electronic communications directed at Consumers that pass through RevGuard. A “Sender” is an initiator of a communication whose goods, services or products are promoted in the message, and in the case of a message promoting multiple promotions, it is identified as the exclusive sender in the “from” line of the message. Client will bear responsibility for approval of all external email marketing communications and determining whether the message is commercial or transactional/relationship in nature. The context of the message will determine whether the message must be CAN-SPAM compliant.
(i). Transactional or Relationship Messages are those where the primary purpose is to:
(a) Confirm, facilitate, or complete a commercial transaction that the recipient has previously agreed to enter into with the sender;
(b) To provide warranty information, product recall information, or safety information with respect to a commercial product or service used or purchased by the recipient;
(c) With respect to a subscription, membership, account or ongoing commercial relationship involving the ongoing purchase or use by a recipient of products or services offered by the sender, to provide:
Notification concerning a change in the terms or features;
Notification of a change in the recipient’s standing or status; or
At periodic and regular intervals, account balance information or other type of account statement;
To deliver goods or services, including product updates or upgrades, that the recipient is entitled to receive under the terms of a transaction that the recipient has previously agreed to enter into with the sender.
(ii). Creative content and email subject lines shall follow these guidelines, at a minimum:
(a) Client has a reasonable basis for all claims made within the TC, possesses appropriate documentation to substantiate such claims and shall fulfill all commitments made in its advertising campaigns; and
(b) The use, reproduction, distribution, transmission or display of any TC and any materials to which Consumers can link such as any products or services made available to users through the creative graphics, emails, banner advertisements, hyperlinks, web pages, and/or other advertising material and its use of the Services shall not give rise to criminal or civil liability or infringe any copyright, patent, trademark or service mark, trade secret rights or any other personal, moral, contract, property or privacy right of any third party (collectively “Unlawful Conduct”); contain or promote viruses, obscene, abusive, violent, bigoted, or hate-oriented content or conduct (collectively “Offensive Conduct”); or encourage conduct that would constitute Unlawful Conduct or Offensive Conduct.
Such messages are governed by the Telephone Consumer Protection Act (“TCPA”), and will only be sent where consent has been obtained. RevGuard shall only send SMS/MMS/text messaging to United States email addresses for which a message to such address would not constitute a mobile service message as defined by the CAN-SPAM Act of 2003.
(iv) Opting Out.
1. Client shall allow Consumers to opt-out without requiring, (by way of example and not limitation): (a) payment, (b) information other than the Consumer’s email address, (c) any other obligation as a condition for accepting or honoring the Consumer’s opt-out request, or (d) that the Consumer visits more than a single Internet Web page.
2. Client must honor all opt-out requests within 48 consecutive hours of receipt.
3. Client may not send subsequent commercial email more than ten (10) business days after the recipient’s request not to receive further emails has been received (unless there is a subsequent affirmative consent by the recipient to receive such emails).
4. Once Client receives such a request, Client may not sell, lease, exchange or otherwise transfer or release that email address.
(v) Email-Specific Rules.
1. Headers. Client shall not require RevGuard to send any TC with false, deceptive or misleading header information (source, destination and routing information), subject lines or from lines. TC shall accurately identify Client as the initiator of the email in the “from” line. Client shall not, for example: (1) use a brand name (other than their own) in the from line; (2) use a celebrity’s name in the from line; (3) send email “from” individuals that do not exist or are not actually involved in sending the email; or (4) send, or otherwise indicate an email is “from,” a group or department that does not exist.
2. Domains. All mailing domains shall be publicly registered. Client shall provide the WHOIS database the accurate name and physical postal address of Client, such that the domain name in the “from” and “reply-to” headers of each email identify Client via a WHOIS database search. Client shall not use WHOIS Guard or a similar technology which masks the identity of a sender, in connection with its performance of this Agreement.
3. Dates. Emails may not be shall not pre-dated or post-dated.
4. Scrubbing. Client shall scrub its email list against the list of wireless domains found at http://www.fcc.gov/cgb/policy/DomainNameDownload.html at least once every 30 days.
5. Sender Identity. Client shall not request RevGuard to send any TC via newsletters or other emails having multiple senders.
6. Commercial messaging. Any and all commercial email messaging sent at the instruction of Client shall include: (1) a clear and conspicuous identification that the message is an advertisement; (2) a functioning return electronic mail address; (3) a clear and conspicuous Internet-based opt-out mechanism for the advertiser and Client that function for at least 30 days after the transmission of the message; and (4) valid physical postal addresses for the advertiser and Client.
7. Disclosure. The body of the email must describe how the email address was obtained, for example, “You opted in to receive this email promotion from our web site, or from one of our partner sites,” and information on how to request evidence of the consent, for example, “If you would like to learn more about how we received you email address please contact us at email@example.com.” Client must post an firstname.lastname@example.org email address on the first page of any Web site associated with the email, must register that address at abuse.net, and you must promptly respond to messages sent to that address.
(vi ) Complaint Tracking.
Client must have the means to track anonymous complaints. Upon RevGuard’s request, Client shall provide RevGuard with documentation demonstrating that the recipients consented to receive the marketing communication at issue.
Client will not load nor cause to be loaded any computer program onto an individual’s computer, in connection with the campaign, including without limitation programs commonly referred to as adware or spyware but excluding cookies, without RevGuard’s prior written approval and the individual’s express consent after receiving clear and conspicuous notice about the nature of the application to be downloaded.
(a) Client recognizes that a breach of the RevGuard Standards could result in immediate, extraordinary and irreparable damage to RevGuard and/or its affiliated companies and that such damages may be difficult to measure. Accordingly, Client agrees that should it be in breach of any of the RevGuard Standards, RevGuard may, in addition to other legal remedies, terminate the RevGuard OCO Services Agreement or RevGuard Master Services Agreement immediately (including any payment obligations) and be entitled to liquidated damages of up to $1,000.00 per breach. Client further agrees that such liquidated damages are reasonable and do not constitute a penalty.
(b) Client shall indemnify, defend and hold RevGuard harmless for any Losses arising out of any breach of these RevGuard Standards pursuant to the indemnification provisions of the relevant services agreement of which this is a part.
6. Payment Card Industry Data Security Standard (PCI DSS)
RevGuard is a certified Level 2 Service Provider and employs an independent PCI Approved Scanning Vendor (ASV) to perform monthly vulnerability scans. The RevGuard Product Development group completes an annual PCI Self-Assessment Questionnaire D (SAQ Type D-SP) and Attestation of Compliance (AOC) covering the 12 PCI DSS requirements for the design, implementation, and continuous improvement of controls for safeguarding cardholder data and sensitive information.
Additionally, RevGuard employs AlertLogic 24X7 Threat Monitoring and Log Monitoring services as additional real time protection against intrusion, security, and integrity threats.