ANTI-SPAM POLICY

ANTI-SPAM POLICY OF VERCOM S.A.

§ 1. GENERAL PROVISIONS

1. This Anti-Spam Policy sets forth the minimum standards for using the Services rendered by Vercom via electronic means put in place in order to protect the Message recipients from unwanted or unlawful SPAM or Smishing communication.

2. This Anti-Spam Policy constitutes an integral part of the Framework Agreement on the Provision of Services by Electronic Means („Agreement”). In matters not covered by the Anti-Spam Policy, the remaining contractual documents, particularly the provisions of the Agreement, shall apply to it.

3. Vercom is a telecommunications enterprise listed in the register of SMS service integrators maintained by the President of the Office of Electronic Communications (President of UKE) in accordance with the Act of July 28, 2023, on combating abuse in electronic communication.

4. Message recipient who has received SPAM or Smishing communication may seek support by reaching Vercom at: [email protected]

§ 2. DEFINITIONS

For the purposes of this Anti-Spam Policy, the following definitions shall apply:

1. SPAM – any communication of a commercial character, sent to the end-user without their prior, verifiable consent;

2. Smishing – sending a Message, including a short text message (SMS), in which the sender impersonates another entity to prompt the recipient of the Message to engage in specific actions, particularly disclosing personal data, unfavorable disposition of property, opening a website, initiating a voice call, or installing software;

3. Sending of Messages (including the lower-case spelling) – sending Messages utilizing the Services rendered by Vercom.

4. Client – a natural person, a legal person or an organizational unit that is not a legal person, to which a separate act grants legal capacity, not being a consumer, who has concluded an Agreement with Vercom

5. NASK – Computer Security Incident Response Team of the Scientific and Academic Computer Network – National Research Institute

6. Services – services provided by Vercom to the Client under the Agreement

7. SenderID – sender identifier replacing the MSISDN number in the sender field of SMS/MMS messages,

8. NASK list – a list containing the content of message templates containing Smishing developed by NASK,

9. Public entity – public entities indicated in the Act of July 28, 2023 on combating abuse in electronic communications

§ 3. SERVICES DEDICATED TO PROFESSIONALS

In order to minimize the risk of exposure of clients to SPAM or Smishing:

1. The Agreement may only be concluded with professional entities – entrepreneurs and public entities. Additionally, an entrepreneur who is a natural person may conclude such an Agreement only if it is directly related to his or her business activity and has a professional character for him or her, resulting in particular from his or her business activity, made available on the basis of the provisions on the Central Registration and Information on Bus;

2. Sending Messages to actual recipients (outside the Client’s own personal data) may take place only after a positive verification of the Client performed by Vercom.

3. Sending of Messages by a Public entity’s may be ordered directly by The Public entity or by a third party (Client) ordering Sending of Messages on behalf of and for the benefit of the Public entity.

4. Before commencing the order, a Client ordering Sending of Messages on behalf of and for the benefit of the Public entity, is obliged to provide Vercom with a declaration of the Client and the Public entity regarding the Client’s right to send Messages on behalf of this Public Entity.

5. In the event of the expiry of the Client’s right to order the Sending of Messages on behalf of the Public entity, the Client is obliged to notify Vercom about this within 1 business day.

6. The Client who orders the sending of Messages on behalf of the Public entity, each time sends Vercom the name and the National Official Business Register (REGON) of the Public entity for which he orders the Sending of Messages.

§ 4. END-USERS

1. The Client shall be fully liable for the lawfulness of sending Messages to a specific recipient. In particular, the Client is obliged to obtain all necessary, prior and verifiable consents in this respect, as well as to register them appropriately. The consent of the recipient must be clear and unambiguous, and may not be implied or derived out of any other content or declaration, in any way. In addition, the recipient must be entitled to a simple, unhindered withdrawal of consent at any time, in a way at least as easy as the way the consent has been granted. Sending Messages to recipients who have withdrawn their consent to receive them is prohibited. Vercom shall not be liable for the correctness, lawfulness and the way of collecting consents from the users.

2. Vercom has the right to introduce a non-removable registration link in each Message, enabling the recipient to withdraw the consent to receive Messages.

3. Using publicly available contact data of the recipients, in particular collected from: websites acquired under any title of databases or collected using hidden methods is prohibited. The first sentence shall also apply to contact details of addressees who are legal persons and organizational units without legal personality and Public entities.

4. All kinds of automated solutions, software or scripts for the collection of contact data are prohibited.

5. Vercom has the right to verify the sendings carried out by the Client in terms of meeting the characteristics of SPAM or Smishing, as well as in terms of the existence of spam traps and the number of bounces, after the Client’s sending. A negative result of such verification, including obtaining information about violations of legal requirements regarding required consents and permissions, entitles Vercom to terminate the Agreement with immediate effect.

§ 5. CONTENT OF MESSAGES.

1. It is forbidden to send Messages of any content that is contrary to the law, calling for acts that are illegal, discriminatory, insulting or offensive to third parties, incitement to hatred, vulgar or pornographic.

2. It is forbidden to send SPAM or Smishing.

3. The Client is obliged to include in the Messages true and accurate information regarding the sender and the subject. It is forbidden to indicate the sender or the subject or content of the Message in a misleading way or even suggesting the facts other than true.

4. It is forbidden to use a SenderID of SMS / MMS content that may mislead the addressee about the identity of the sender, in particular unauthorized use of names, names of institutions, companies and trademarks.

5. It is forbidden to use a SenderID of SMS / MMS messages ordered by entities that are not Public entities content that is match with the headers listed in the NASK list of Public entities’ SenderID’s. This also applies to content match with variations of names or abbreviations contained in the NASK list of Public entities’ SenderID’s.

6. The Message of the Public Entity must contain the SenderID in the form of a name or its abbreviation reserved for this Public entity in the NASK List. If the Public entity, does not have a reserved SenderID in the NASK List, the Message of the Public Entity cannot contain SenderID’s in the form of a name or its abbreviation reserved for reserved in the NASK List for other Public entities.

7. It is prohibited to send Messages by entities that are not Public entities with a SenderID containing the phrase #RP. The Client is solely responsible for the content of the Messages sent. Vercom shall not be liable for the content sent by the Client within the use of the Service.

§ 6. MAILING POLICY

1. The Client is obliged to take care of the database intended for sending of Client’s Messages (i.e., in particular for verifying data validity, removing data that are duplicated, obsolete, incorrect or inactive, appropriate data segmentation, etc.) and maintaining statistics of sending EMAIL Messages below the permissible thresholds for EMAIL message statuses (hereinafter: Thresholds) mentioned in section 2. In the event of exceeding the thresholds specified in section 2 above, Vercom is authorized to suspend or close the Account. Vercom will contact the Client prior to suspension or closure of the Account in order to explain the reasons of its decision, unless the risk associated with further handling of sending is considered critical to the security of the Vercom services. Suspension or termination of the Account is the ground for termination of the Agreement by each of the Parties for reasons attributable to the Client.

2. Vercom applies acceptable Thresholds in accordance with the table below. Thresholds are calculated as the percentage share of EMAIL Messages with a specified status in comparison with all EMAIL Messages sent from a given Account within 24 hours. The thresholds below do not pertain to SPAM or Smishing Messages, which are not allowed.

Sent EMAIL Message Status Permitted thresholds
Hardbounces ≤ 10%
Spambounces ≤ 2%
Spam Complaints ≤ 0.1%
Unjustified abuse complaints < 1

Definitions of terms used in the table above:
a) Hardbounces – when EMAIL Message has not been delivered as the address or domain does not exist or the recipient blocks the delivery of EMAIL Messages;
b) Spambounces – when EMAIL Message has been classified as spam in the recipient’s mailbox;
c) Spam Complaints – when the recipient of the EMAIL Message has marked it as SPAM;
d) Unjustified Abuse Complaints – when the recipient of EMAIL reports that the sender contacts it without the required consent.

3. Vercom and telecommunications companies cooperating with it are blocking the sending of a Message whose content is match with the content of the Message template contained in the NASK list or which contains SenderID’s not compliant with § 5.

4. Vercom and its cooperating telecommunications entrepreneurs may block a Message whose content includes Smishing, other than match with the content of the Message template in the NASK list, including MMS messages.

5. Vercom blocks the provision of Services to the Client in whole or in part if the President of UKE issues an administrative decision under Article 23 of the Act on Combating Abuses in Electronic Communication instructing the introduction of such a block, and will promptly inform the Client thereof. Such a block does not constitute a breach of the Agreement or a basis for the Client to terminate it.

6. Vercom may charge fees for sending a Message that has been blocked in accordance with points 3 and 4, especially if the Message has been blocked by a cooperating entity.

7. Vercom is not responsible for blocking Messages in accordance with points 3 and 4, in particular such a block does not constitute a breach of the Agreement or a basis for the Client to terminate it.

§ 7. FINAL PROVISIONS

1. The Client shall be fully and solely responsible for the compliance of the sending of the Message with the applicable law, the Agreement and the rules specified in the Anti-Spam Policy. If the Vercom is to bear any liability (civil, administrative, criminal or other) resulting from the Client’s breach of the obligations specified in the first sentence, the Client shall be liable to Vercom on the basis of recourse for any damage, including lost profits resulting therefrom, as well as any potential financial sanctions applied to Vercom by the President of the Office of Electronic Communications.

2. In the event of a breach by the Client of any of the obligations specified in the Anti-Spam Policy, Vercom is entitled to terminate the Agreement with immediate effect.

3. Vercom will collect and process information related to the Service, including the content of the Message that has been blocked as Smishing or due to the use of SenderID’s inconsistent with § 5, for a period of 12 months from the date on which the Service was to be provided or for the period necessary to resolve a dispute arising from the blocking of the Service.

4. For the purpose of identifying, preventing, and combating abuses in electronic communication, Vercom will process and make available to NASK and other telecommunications undertakings information related to the Service, including the content of Messages that have been blocked as Smishing.

5. In order to identify, prevent and combat abuse in electronic communications, Vercom will process and make available to NASK and other telecommunications undertakings the information it processes related to the Service, excluding the content of messages, that have been identified by Vercom as a form of abuse in electronic communications other than Smishing.

6. The provisions of points 3, 4 and 5 exclude the application of the confidentiality principle from the Agreement.

The anti-spam policy is effective as of February 1, 2024.

The previous version of the anti-spam policy in effect until January  31, 2024 is available here.