Privacy Policy


Bob Tyler Toyota does not share/buy/sell opt-in consent with third parties

## **A2P 10DLC Privacy Policy Requirements (Summary)**

For A2P 10DLC campaign approval, your privacy policy must:

– Be easily accessible via a direct link from your opt-in page or call-to-action.

– Clearly state how you collect, use, and share consumer information.

– **Explicitly state that mobile numbers and opt-in consent data will not be shared, sold, or transferred to third parties or affiliates for marketing/promotional purposes.**

– Include a “message and data rates may apply” disclosure.

– Be up-to-date and match the business/brand name used in your campaign registration.

## **What Your Policy Does Well**

– **Comprehensive Coverage:** Your policy covers data collection, use, sharing, and security in detail.

– **Opt-Out/Opt-In Mechanisms:** You provide clear instructions for opting out of SMS and other communications.

– **SMS-Specific Section:** You include a dedicated SMS Privacy Policy Script and SMS Terms and Conditions, which is excellent.

– **Contact Information:** You provide clear contact details for privacy questions or complaints.

## **Required/Recommended Changes for A2P 10DLC Approval**

### 1. **Explicit Non-Sharing Statement for Mobile Data**

– **What’s Required:** The privacy policy must clearly state that mobile numbers and opt-in consent data will **never be shared or sold to third parties or affiliates for marketing/promotional purposes**.

– **Your Policy:** You have this language in the “SMS Privacy Policy Script,” but it should also be present in the main privacy policy section, not just the SMS-specific section.

– **Recommended Edit:**

Add a statement such as:

> “Mobile information (phone numbers, opt-in data, and consent) collected for SMS communications will not be shared, sold, or transferred to third parties or affiliates for marketing or promotional purposes.”

### 2. **Placement and Accessibility**

– **What’s Required:** The privacy policy must be easily accessible from the opt-in page (where users provide their phone number and consent).

– **Your Policy:** Ensure that the privacy policy link is clearly labeled and directly accessible from the opt-in form or call-to-action.

### 3. **Message Frequency Disclosure**

– **What’s Required:** Disclose message frequency (e.g., “Message frequency varies” or a specific number of messages per month) in both the opt-in flow and the privacy policy.

– **Your Policy:** The SMS Terms and Conditions mention “Message frequency varies,” which is good. Make sure this is also referenced in the privacy policy or linked terms.

### 4. **“Message and Data Rates May Apply” Disclosure**

– **What’s Required:** This must be present in the opt-in flow and ideally referenced in the privacy policy.

– **Your Policy:** This is present in the SMS Terms and Conditions. Consider referencing it in the main privacy policy as well.

### 5. **Consistency in Brand Name**

– **What’s Required:** The privacy policy must reference the same brand name as used in your A2P registration and opt-in flow.

– **Your Policy:** Ensure the brand name is consistent throughout the policy and matches your campaign registration.

### 6. **Opt-Out Instructions**

– **What’s Required:** Clear opt-out instructions (e.g., “Reply STOP to unsubscribe”) must be present in the opt-in flow, sample messages, and referenced in the privacy policy.

– **Your Policy:** This is present in the SMS Terms and Conditions. Consider referencing it in the main privacy policy as well.

## **Sample Language for Compliance**

You can add the following to your main privacy policy section (not just the SMS-specific section):

> **Mobile Information Privacy**

> We do not share, sell, rent, or otherwise disclose mobile numbers or opt-in consent data to third parties or affiliates for marketing or promotional purposes. All other categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties. Message frequency varies. Message and data rates may apply. Reply STOP to unsubscribe or HELP for assistance.

## **Summary Table of Key Requirements**

Requirement In Your Policy? Recommendation
Non-sharing of mobile/opt-in data (main policy) Partially Add to main policy section
“Message and data rates may apply” disclosure Yes (SMS T&C) Reference in main policy
Message frequency disclosure Yes (SMS T&C) Reference in main policy
Opt-out instructions Yes (SMS T&C) Reference in main policy
Policy accessible from opt-in page N/A Ensure direct link is present
Consistent brand name Yes Double-check for consistency

 

## **Next Steps**

  1. **Update your main privacy policy** to include the explicit non-sharing statement for mobile/opt-in data.
  2. **Ensure the privacy policy is directly linked** from your SMS opt-in page or call-to-action.
  3. **Double-check for consistency** in brand name and disclosures across all documents and web pages.
  4. **Reference message frequency and “message and data rates may apply”** in the main privacy policy, not just the SMS section.