Skip to Navigation Skip to Content

Running a promotion to attract new clients or boost sales? Before you start, make sure you have all the necessary legal documents required by the data privacy laws protecting your customers. Don’t worry – with our help, this only takes just a few minutes! We’ve prepared guidelines to help keep your planned campaign on the right side of the law.

Generate all the policies your business needs!

Try GetTerms

Why are privacy laws needed for advertising and promotions?

Promotions often involve the collection of personal information, such as email addresses, phone numbers, or payment details. As a result, privacy laws were introduced or adjusted to protect said personal information. For the most part, these privacy laws come with few drawbacks; by simply implementing the necessary legal policies and respecting the privacy rights of their customers, businesses are able to meet their requirements and carry-on doing business as usual.

Laws that affect promotions and advertising

There are many laws that govern data collected through promotions and advertising, too many to list in this short guide. However, they often have overlapping requirements. Below are a few examples of stricter data privacy laws. While you should research the specific data privacy laws that protect your customers, meeting the compliance requirements of stricter data privacy laws is a great first step towards global privacy law compliance.

General Data Protection Regulation (GDPR)

The GDPR applies to businesses based in the EU or dealing with EU residents’ personal data. It requires notifying individuals of their rights and detailing how their data is collected, processed, stored, and shared. This can be done with a comprehensive privacy policy.

What is the GDPR?

California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)

Similar to the GDPR, the CCPA and the CPRA protect California consumers’ personal information. The CPRA is the updated version of the CCPA, and both laws require businesses that meet their criteria to protect California consumers’ personal information and inform users of their rights.

Consumer Rights Directive

The EU’s Consumer Rights Directive requires businesses to allow consumers from the EU to return a product for a full refund within 14 days. If a business does not inform users about their right to withdraw from a sale, consumers are automatically granted the right to return the item for a refund for up to one year from the date of purchase.

Legal policies needed for running a promotion

To ensure comprehensive protection and compliance, your legal policies should include several key elements:

Privacy policy

A privacy policy describes how your business collects, uses, stores, and shares personal information, as well as what rights your users have concerning their personal information. For promotions, include a clause that explains how personal information is used in these circumstances.

Privacy Policy Generator

Terms and conditions

A terms and conditions agreement informs users about their rights and responsibilities when using your products or services. This agreement can include a clause about any special terms concerning your business’s offers or promotions. It outlines the rules users must agree to, providing a legal foundation for managing customer relationships and resolving disputes.

Terms and Conditions Generator

Return and refund policy

A return and refund policy describes the steps users need to take to make a return or receive a refund, as well as the timeframe or circumstantial requirements they need to meet to be eligible. Include a clause that lets users know about any conditions concerning making returns or requesting refunds for items that are part of a promotional offer or deal.

A roadmap for legal compliance before running a promotion

Step 1. Understand applicable laws

Identify the privacy laws and regulations that apply to your business based on your location and customer base. This includes both local and international laws.

Global data privacy laws by country

Step 2. Draft or generate the required legal policies

Create or update your privacy policy, terms and conditions, and return and refund policy to address all relevant legal requirements. Ensure these policies are clear, concise, and accessible. If you already have your legal documents written, make sure they include relevant information on promotions e.g.:

  • Your privacy policy states that you collect personal information through promotions
  • Your terms and conditions clarifies any special terms concerning your business’s offers or promotions

Step 3. Display policies prominently

Place links to your legal policies in easily accessible locations, such as your website footer, checkout page, account login form, app download page, or in-app menu.

Step 4. Obtain user consent

Use an “I agree” checkbox or similar mechanism to obtain explicit consent from users before they submit personal information or make a purchase. This ensures compliance and strengthens legal protection.

Frequently asked questions

What information must be included in a promotion’s terms and conditions?

Eligibility criteria, entry methods, deadlines, prize descriptions, and winner selection processes.

How can I ensure my promotions comply with FTC guidelines?

Ensure all advertising is truthful, claims are substantiated, and disclaimers are clear and conspicuous.

Are there specific regulations for email marketing promotions?

Yes, the can-spam act requires clear opt-out methods and identification of emails as advertisements.

What should my privacy policy include regarding promotions?

Detail how personal information is collected, used, stored, and shared specifically for promotional purposes.

How often should I review and update my legal policies?

Regularly, especially when there are changes in the law or your business practices.

Can I run promotions in different states with the same terms and conditions?

Ensure compliance with state-specific laws, which may require adjustments to your terms and conditions.

What are the consequences of not complying with privacy laws like GDPR or CCPA?

Non-compliance can lead to fines, legal action, and damage to your brand’s reputation.

Can I change the terms of a promotion after it has started?

Avoid changing terms mid-promotion, but, if necessary, provide clear notice to all participants.

Do I need to inform users of their rights under CCPA/CPRA?

Yes, you must inform California consumers of their rights regarding personal information.

How can I make my return and refund policy more accessible?

Place links in the website footer, at checkout, and in customer service sections.