Practical guidelines for GDPR-compliant WhatsApp messages with chatarmin
Sending marketing messages on WhatsApp without adhering to privacy laws like the GDPR isn’t just risky - it’s a recipe for trouble. In this guide, we’ll share best practices for obtaining proper opt-ins from your clients, ensuring compliance while building a valuable list that drives your marketing goals effectively and responsibly.
Disclaimer: This information is provided as a guideline and does not constitute legal advice. Please tailor the procedures and texts to your specific needs and consult a legal expert if necessary.
An explanation about different optin ins for GDPR-compliance
SOI (Single Opt-In)
Users enter their phone number and are added directly to the your mailing list. There is no further confirmation. In this case you have no proof of consent. The risk of misuse is high and generally this is not GDPR-compliant.
Avoid SOI as it is not legally secure and does not protect against unauthorized sign-ups.
Your recommendatoin: DOI (Double Opt-In)
Trigger Message: User enters the WhatsApp Chat via QR-Code or wa.me.link. A predefined trigger message will be in the chat.
Double Opt-In Flow: After the trigger message was sent successfully the double opt-in flow starts. If the user accepts to receive messages on WhatsApp (e. g. bei START / YES) you have a proper double opt in – and from now on can send marketing messages to the user.
Do not forget: Opting out must be as easy as opting in.
Recommendation: Always use DOI to ensure compliance and build trust.
Example Costumer Journey:
“STOP” OPT OUT:
Example DOI Process in Chatarmin Flow:
TXOI (Transactional Opt-In)
Transactional messages on WhatsApp are automated, direct messages sent in response to specific user actions. Examples are order confirmations, delivery updates, or password reset requests. Their primary purpose is to inform and build trust with customers, not marketing.
The primary purpose of transactional message must always be informational.
Best Practices
Start: Always use Double Opt-In (DOI)
Use DOI as the standard for all sign-ups. Do not forget to add a “DOI Tag” to your costumers or any other tags you need to manage your list. chatarmin documents the timestamp and IP address of the confirmation for your legal proof.
Stop: Include an "Unsubscribe" option in every message
Provide a clearly visible unsubscribe notice in every message with clear wording, such as: “Don’t want to receive further messages? Write STOP.”
Technical and Legal Safeguards
Data Processing Agreement (DPA): The data processing agreement (DPA) regulates the transfer of personal data. You as the client transfer data to chatarmin, and chatarmin is the contractor, as we receive and process this recipient data according to your instructions. To ensure compliance with the legal provisions of the GDPR, we offer you a data processing agreement in accordance with the legal provisions of Art. 28 of the GDPR and the other data protection requirements of the General Data Protection Regulation: https://chatarmin.com/avv
Sample for your Privacy Notice
Privacy Notice for chatarmin
(This text is a template and must be tailored to your specific requirements and purposes of the the processing.)
English
Sending WhatsApp newsletters
We use the WhatsApp solution from chatarmin.com to communicate with customers, send them the latest information and offers, and provide customer support, provided that you have given us your consent to do so in accordance with Article 6(1)(a) of the GDPR. Consent is given by selecting the ‘START’ button in the chat. This consent can be withdrawn at any time by entering ‘STOP’ in the chat.
In this context, we process the following personal data: telephone number, WhatsApp profile name, and communication and click behaviour in the chat.
Chatarmin.com is a communication tool from the company chatarmin.com GmbH, based in Vienna, that uses the WhatsApp API. An API is an interface. We have a contract with chatarmin.com GmbH for order processing in accordance with Art. 28 GDPR. In this context, your telephone number will also be transmitted to WhatsApp Ireland Limited and other WhatsApp affiliates in third countries. These are currently primarily located in the United States. A new adequacy decision, known as the Data Privacy Framework, has been in place for the United States since July 2023.
We store your data until further notice. After you withdraw your consent, your data will no longer be used to send information via WhatsApp and will be anonymized.
German
Versand von WhatsApp-Newslettern
Zur Durchführung der Kundenkommunikation, zum Versand von aktuellen Informationen und Angeboten und zum Kundensupport nutzen wir die WhatsApp-Lösung von chatarmin.com, soweit Sie uns Ihre Einwilligung nach Art. 6 Abs. 1 lit. a) DSGVO erteilen. Die Einwilligung erfolgt über den Chat, indem Sie den Button „START“ auswählen. Diese Einwilligung kann jederzeit durch die Angabe von „STOP“ in den Chat widerrufen werden.
In diesem Zusammenhang verarbeiten wir folgende personenbezogenen Daten: Telefonnummer, WhatsApp Profilnamen und die Kommunikation und Klickverhalten im Chat.
Bei chatarmin.com handelt es sich um ein Kommunikationstool des Unternehmens chatarmin.com GmbH mit Sitz in Wien auf Basis der WhatsApp API. Eine API ist eine Schnittstelle. Mit der chatarmin.com GmbH besteht ein Vertrag zur Auftragsverarbeitung nach Maßgabe des Art. 28 DSGVO. Ihre Telefonnummer wird in diesem Zusammenhang auch an die WhatsApp Ireland Limited und andere mit WhatsApp verbundene Gesellschaften in Drittländern übermittelt. Diese befinden sich aktuell primär in den USA. Für die USA besteht seit Juli 2023 ein neuer Angemessenheitsbeschluss, das sog. Data Privacy Framework.
Wir speichern Ihre Daten bis auf Widerruf. Nach dem Widerruf Ihrer Einwilligung werden Ihre Daten nicht mehr für die Zusendung von Informationen über WhatsApp genutzt und anonymisiert.