GDPR Compliance

The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU.

In this guide we will explore:

  • • How to update your Privacy Policy texts
  • • How to get consent and collect subscribers
  • • How to include an opt out info
  • • Data redaction

GDPR Compliance

In order to send text marketing and automation messages you need to have legally gathered the client's phone numbers first. When talking about legally we refer to the customer giving you an explicit "Prior Written Consent". SMSBump offers 2 different ways for Store owners to legally gather the prior written consent.

  • • Opting in through the checkout
  • • Opting in through our subscription form

We will cover all these three a bit later on. Now back to the GDPR. The most important things we need to know here are:

  • • Customers need to agree to your Privacy Policy that needs to be explicitly stated on your checkout page
  • • Opting in through our subscription form
  • • All agreement forms must be made "clear and conspicuous" prior to customers giving consent

I Privacy Policy

1. Okay so the first thing we need to do is updating our privacy policy. In this guide we will go through the steps for Shopify so if you are running any other platform you can just replicate the steps here.

Disclaimer: Even though we have worked with an attorney to help us draft our documents. We are not a certified legal advisor so we encourage you to hire or consult your legal advisor who is familiar with GDPR before pasting our legal texts.

1. Log in to the Shopify admin panel and then go to Settings -> Legal and scroll down to Privacy Policy. If you don't have a Privacy Policy, click on Generate Sample Policy. If have a privacy policy already then proceed to the next step.

2. Edit your Privacy Policy by adding/pasting the following texts:

Text Marketing and notifications (if applicable): By entering your phone number in the checkout and initialising a purchase, subscribing via our subscription for or a keyword, you agree that we may send you text notifications (for your order, including abandoned cart reminders) and text marketing offers. Text marketing messages will not exceed X per month. You can unsubscribe from further text messages by clicking on the unsubscribe link. Sending text messages or using automations requires you to feed phone numbers or recipient names into our importer. We will store and use this data to show you campaign analytics and results including message delivery status, sent status, and in some cases whether the purchase resulted in a sale. If you decide to use our link shortener in text messages, we will collect information on whether the link was clicked or not and use it to display results in your analytics. Any other third party service that you may decide to use outside of the scope of (third party link shortener, GA tracking, etc) you will be referred to their specific third party policies which you need to agree with. Upon sending the text messages, we will pass the data to our text messages operator to fulfill their delivery. Information is being shared to our operator only upon initialising a marketing campaign. If your recipients no longer wish to receive messages they have to reply to the message with STOP or reach out to us at the email address below so we can unsubscribe them successfully.


3. Confirm the changes by clicking the Save button at the top or the bottom.


II Gathering Checkout opt ins

Now that we have edited the Privacy Policy we will show you the process of receiving consent from the Shopify Checkout.

1. Go to Settings -> Checkout and set the Shipping address Phone number to be Optional


2. Scroll down to Checkout language and click Manage checkout language.


3. Search for Checkout Marketing. Below you will find Accept marketing checkbox label.

There add. Sign up for exclusive offers and news via text messages and/or email.


5. Confirm the changes by clicking the Save button at the top or bottom.


Enable Phone fields and Change Placeholder

1. Go to Settings -> Checkout and make Shipping address Phone number to be Optional.


2. Scroll down to Checkout language and click Manage checkout language.


3. Find the Phone label setting. This field will be located just below the State and territory placeholder.

Under Phone Label and Optional Phone Label add: Phone number for updates and exclusive offers


Next search for Search for Checkout shop policies and under Privacy Policy paste the following text: "By proceeding to Shipping updates you agree to Privacy Policy and consent to receive recurring SMS/texts for order confirmations, exclusive offers and early access to new products. You don’t need to consent to continue to purchase. You can unsubscribe at any time. Standard message and data rates apply. View privacy policy and ToS."

4. Confirm the changes by clicking the Save button at the top.


When you are all done your checkout will look like this:

III Unsubscribing clients

TCPA requires store owners to honor opt out requests. SMSBump automatically takes care of all unsubscribes (clients who reply to messages with STOP or STOP#####, where ##### is a digit or by just having clients click on an unsubscribe link). We have also developed a system where you can manually unsubscribe clients in case they don't wish to reply back to messages but get in touch with you via phone/email or elsewhere. SMSBump also considers the national DND (Do not disturb) register when sending a text message. Our system is designed in such a way where we will NOT allow any marketing campaigns unless they contain the opt-out language. If a client has opted out but decides to Join all they need to do is respond to the text message with JOIN.

IV Further reading

For more info on how SMSBump features convey the best SMS practices here: If you have any specific questions you can reach out to us here: Once you have saved your Privacy Policy then what you need to know is that if a client ever wants their data deleted please forward their phone number to, so we can delete all their data from our servers.

Last Modified: Nov 20, 2019