Understand marketing consent types
The CRM tracks marketing consent using three levels:
Explicit consent
Guest actively opted in to receive marketing communications.
No expiration date.
Highest level of consent for GDPR and privacy compliance.
Example: Guest checks "Yes, I want to receive promotional emails" on a form.
Implied consent
Consent inferred from a business relationship for example guest made a booking.
Expires after a configured number of months.
Automatically expires if the guest has no activity.
Example: Guest books a room, providing their email for reservation communications.
No consent (False)
Guest has not consented or has explicitly opted out.
Guest will not receive marketing communications.
Can result from unchecking communication preferences or clicking unsubscribe links.
Do not contact
A separate suppression mechanism that prevents all marketing emails or SMS.
Created when a guest unsubscribes or opts out through any channel.
Works alongside consent status to ensure guests don't receive unwanted communications.
Where consent is captured
Consent can be set or updated through multiple entry points.
Guest portal
Guests can manage their own preferences through the preferences center page:
Guest logs into the portal.
From the left sidebar, click Preferences Center.
On the Message Preferences page, guests can:
Check or uncheck Contact me through email.
Check or uncheck Contact me through text message.
Select their preferred communication channel.
Choose segments and categories of interest.
When guests check a communication box, consent is set to explicit consent. When they uncheck both boxes, they opt out of all marketing communications.
Admin interface – Guest profile
CRM users can manually update consent for individual guests:
Navigate to Guests and click Guest Management.
Search for and open the guest profile.
Click the Subscriptions tab.
Click the Message Preferences sub-tab.
Under Marketing Consent:
Use the Email dropdown to select Explicit Consent or Implied Consent.
Use the SMS dropdown to select Explicit Consent or Implied Consent.
When implied consent is selected, the expiration date displays automatically.
Under contact preferences:
Check or uncheck Contact me through email.
Check or uncheck Contact me through text message.
Click Save to apply changes.
Forms and booking engine
Forms can collect consent during guest interactions:
Form builder includes consents (email) and mobile consents (SMS) field types.
When a guest submits a form with consent fields, the system:
Sets explicit consent if the guest checks the consent box.
Sets no consent if the guest explicitly unchecks the box.
Takes no action if the consent field is not present in the form.
For new guests created via form submission, default consent is set to explicit consent.
Bulk import
When importing guest profiles, you can include consent data in your CSV file:
CSV column headers:
Marketing consent email: Use values "Explicit", "Implied", or leave blank.
Marketing consent SMS: Use values "Explicit", "Implied", or leave blank.
Email consent expiration date: Date when implied email consent expires.
SMS consent expiration date: Date when implied SMS consent expires.
If consent columns are not included in the import, the system defaults to implied consent for all imported guests, unless the Do Not Contact column is set to true.
Email preference center
When a guest clicks an unsubscribe link in a marketing email, they are directed to a preference center where they can:
Unsubscribe completely (simple confirmation page).
Manage detailed preferences (if the preference center is enabled).
Update email and SMS contact preferences.
Select segments and categories.
Choose preferred communication channel.
The preference center behavior is configured in system and set during onboarding. Any changes needed can be requested through support.
View and update consent for a guest
Outlined below are steps on how to view an update consent.
View current consent status
Navigate to Guests and click Guest Management.
Search for and open the guest profile.
Click the Subscriptions tab.
Click the Message Preferences sub-tab.
Check the Marketing Consent section:
The email dropdown shows current email consent level.
The SMS dropdown shows current SMS consent level.
If consent is implied, the expiration date displays next to the dropdown.
Check the contact preference checkboxes:
If Contact me through email is unchecked, the guest is on the Do Not Contact list for email.
If Contact me through text message is unchecked, the guest is on the Do Not Contact list for SMS.
Update consent manually
To change a guest's consent follow the steps below.
Navigate to Guests and click Guest Management.
Search for and open the guest profile.
Click the Subscriptions tab.
Click the Message Preferences sub-tab.
In the marketing consent section:
Select Explicit Consent from the Email or SMS dropdown if the guest has actively opted in.
Select Implied Consent if consent is based on a business relationship.
Select the empty option to set No Consent.
Update the contact preference checkboxes:
Check Contact me through email to remove the guest from the email Do Not Contact list.
Check Contact me through text message to remove the guest from the SMS Do Not Contact list.
Uncheck either box to add the guest to the respective Do Not Contact list.
Click Save to apply changes.
The system creates an audit trail of all consent changes, including who made the change and when.
Use segmentation for consent management
Segments allow you to target specific consent levels and maintain compliance with regional regulations. You can create segments based on consent type to control which guests receive marketing communications.
Create consent-based segments
Navigate to Segments from the left menu.
Click New to create a new segment.
In the Filters tab, click Add Filter.
Select Contact Field Value as the filter type.
Choose one of the consent filter options:
Marketing consent - Email: Filter by email consent type.
Marketing consent - SMS: Filter by SMS consent type.
Explicit consent date - Email: Filter by when email explicit consent was granted.
Explicit consent date - SMS: Filter by when SMS explicit consent was granted.
Implied consent expiration date - Email: Filter by when email implied consent expires.
Implied consent expiration date - SMS: Filter by when SMS implied consent expires.
Select the operator:
equals (=).
greater than (>).
greater than or equal (>=).
less than (<).
less than or equal (<=).
empty.
not empty.
Select the value:
For marketing consent fields: Explicit consent, implied consent, or no consent.
For date fields: Select or enter the date.
Click Save and Close.
Align consent practices with regional regulations
The CRM provides configurable tools to support consent management across different jurisdictions. Your organization is responsible for determining how applicable regulations apply to your specific use cases.
GDPR (European Union and European Economic Area)
GDPR generally requires explicit consent for marketing communications, except where a valid soft opt-in or legitimate interest applies.
To align with GDPR:
Use explicit consent as the primary requirement for marketing campaigns.
Configure implied consent expiration conservatively.
Ensure all marketing emails include a working unsubscribe link.
Enable the preference center so guests can easily withdraw consent.
Use segmentation to restrict campaigns to profiles with valid explicit consent only.
Transactional communications such as booking confirmations and reservation updates may continue regardless of marketing consent status.
Canada – CASL and Québec Law 25
CASL (Canada's Anti-Spam Legislation) permits implied consent for up to 24 months following the start of a business relationship, after which consent must expire unless renewed.
To align with CASL:
Configure the implied consent expiration period to 24 months or less.
Allow implied consent to renew only through qualifying guest activity such as new reservations or transactions.
Ensure all marketing communications provide a clear unsubscribe mechanism.
Segment marketing audiences by consent type where stricter policies apply.
Explicit consent has no expiration unless the guest opts out.
Québec Law 25 reinforces transparency, accountability, and consent governance.
To align with Law 25:
Maintain clear visibility into how and when consent was obtained.
Enable guest-initiated preference updates via the portal or unsubscribe flow.
Use audit logs to track consent changes for accountability purposes.
Clearly separate transactional and marketing communications.
Organizations operating in Québec should adopt explicit-consent-first strategies and regularly audit consent status using CRM reporting.
United States – CAN-SPAM
CAN-SPAM allows marketing emails without prior consent, provided specific requirements are met.
The CRM supports CAN-SPAM compliance by:
Automatically including unsubscribe functionality in marketing emails.
Respecting opt-out requests through Do Not Contact suppression.
Distinguishing marketing messages from transactional communications.
Allowing you to maintain accurate sender identification and contact details.
Even where consent is not legally required, you can apply stricter internal consent standards using segmentation and consent type filtering.
Regional configuration guidance
The CRM allows you to configure consent requirements based on the regulations that apply to your business:
Region | Recommended Consent Type | Implied Consent Expiration | Preference Center |
EU/EEA (GDPR) | Explicit Consent | Conservative | Required |
Canada (CASL) | Explicit or Implied | 24 months | Required |
Québec (Law 25) | Explicit Consent | 24 months or less | Required |
United States (CAN-SPAM) | Optional | Configurable | Optional but recommended |
⚠️Important: SHR CRM provides configurable tools to support consent management and guest communication preferences. Legal compliance obligations remain your responsibility as the data controller. Consult your legal advisors to determine how applicable regulations apply to your specific use cases and jurisdictions.
Troubleshoot consent issues
Outlined below are some troubleshooting consent issue.
Guest not receiving marketing emails despite consent
Check the following:
Consent Status: Open the guest profile and verify the Email dropdown shows Explicit Consent or Implied Consent (not blank).
Do Not Contact: Verify Contact me through email is checked.
Implied Consent Expiration: If consent is Implied, check that the expiration date has not passed.
Segment Membership: Verify the guest is in the correct segment for the campaign.
Email Validity: Confirm the guest's email address is valid and not bounced.
Guest received email after unsubscribing
Check the following:
Do Not Contact Record: Verify a Do Not Contact record exists for the guest.
Consent Status: Confirm Email consent is set to No Consent (False).
Email Type: Transactional emails (booking confirmations, password resets) are sent regardless of consent status—only marketing emails respect Do Not Contact.
Timing: If the guest unsubscribed recently, emails already in the sending queue may still be delivered.
Implied consent expired unexpectedly
Check the following:
Expiration Setting: Verify the Implied Consent Expiration - Months setting in Client Management.
Guest Activity: If the guest has had recent stays or interactions, their implied consent expiration date should have been updated automatically.
Last Activity Date: Check the guest's last stay or transaction date—if it exceeds the configured expiration period, consent correctly expired
Import did not set consent correctly
Verify:
CSV Column Headers: Column headers must exactly match: "Marketing Consent Email" and "Marketing Consent SMS".
Values: Use only "Explicit", "Implied", or leave blank—other values will default to Implied Consent.
Date Format: Expiration date columns must match the format configured in Client Management.
Frequently asked questions
Outlined below are some of the most frequently asked questions.
What is the difference between Explicit Consent and Implied Consent?
Explicit Consent means the guest actively opted in to receive marketing communications for example checked a box on a form. Implied Consent means consent is inferred from a business relationship for example made a booking. Explicit Consent never expires, while Implied Consent expires after a configured number of months.
What happens when Implied Consent expires?
When Implied Consent expires, the guest's consent status automatically changes to No Consent (False), and they will no longer receive marketing communications. This moves the record to the Do Not Contact list. The guest can re-consent by logging into the guest portal and updating their preferences, using the subscription pages from any unsubscribe link, using an opt in form process, explicitly consenting during the booking process, calling and having consent changed manually.
Can a guest have Explicit Consent for email but Implied Consent for SMS?
Yes, email and SMS consent are tracked separately. A guest can have different consent levels for each channel.
What is the difference between No Consent and Do Not Contact?
No Consent (False) means the guest has not provided consent. Do Not Contact is a suppression list that prevents marketing communications from being sent. When a guest unchecks communication preferences or clicks unsubscribe, both mechanisms are applied: consent is set to False, and a Do Not Contact record is created.
Do transactional emails respect Do Not Contact status?
No, transactional emails (booking confirmations, password resets, reservation updates) are sent regardless of consent or Do Not Contact status, as they are required for business operations.
Can I bulk update consent for multiple guests?
Yes, use the Guest Bulk Import feature with a CSV file containing the guest identifiers and the desired consent values. You can update Marketing Consent Email and Marketing Consent SMS columns for existing guests by including their email addresses or member IDs in the import file.
How do I configure the preference center shown when guests click unsubscribe?
Reach out to you support team for guidance on adjusting the settings.
Can I use different consent rules for different regions?
Consent configuration (expiration and preferences) are system wide, and it is recommended to use your most restrictive region for the rules. Communication can be managed regionally by creating separate segments based on consent type (Explicit vs. Implied) and guest location, then target appropriate segments for each campaign. This allows you to apply stricter rules for GDPR regions while using more flexible approaches where permitted by local regulations.
What is the role of SHR CRM in regulatory compliance?
SHR CRM is a data processor that provides configurable tools to support your consent management and compliance requirements. You, as the data controller, are responsible for defining consent policies, lawful bases for processing, and regional compliance requirements. The CRM provides the technical capabilities to implement and enforce your policies.
What is the difference between Explicit Consent and Implied Consent?
Explicit Consent means the guest actively opted in to receive marketing communications (e.g., checked a box on a form). Implied Consent means consent is inferred from a business relationship (e.g., made a booking). Explicit Consent never expires, while Implied Consent expires after a configured number of months.
What happens when Implied Consent expires?
When Implied Consent expires, the guest's consent status automatically changes to No Consent (False), and they will no longer receive marketing communications. This moves the record to the Do Not Contact list. The guest can re-consent by logging into the guest portal and updating their preferences, using the subscription pages from any unsubscribe link, using an opt in form process, explicitly consenting during the booking process, calling and having consent changed manually.
Can a guest have Explicit Consent for email but Implied Consent for SMS?
Yes, email and SMS consent are tracked separately. A guest can have different consent levels for each channel.
What is the difference between No Consent and Do Not Contact?
No Consent (False) means the guest has not provided consent. Do Not Contact is a suppression list that prevents marketing communications from being sent. When a guest unchecks communication preferences or clicks unsubscribe, both mechanisms are applied: consent is set to False, and a Do Not Contact record is created.
Do transactional emails respect Do Not Contact status?
No, transactional emails (booking confirmations, password resets, reservation updates) are sent regardless of consent or Do Not Contact status, as they are required for business operations.
Can I bulk update consent for multiple guests?
Yes, use the Guest Bulk Import feature with a CSV file containing the guest identifiers and the desired consent values. You can update Marketing Consent Email and Marketing Consent SMS columns for existing guests by including their email addresses or member IDs in the import file.
How do I configure the preference center shown when guests click unsubscribe?
Reach out to you support team for guidance on adjusting the settings.
Can I use different consent rules for different regions?
Consent configuration (expiration and preferences) are system wide, and it is recommended to use your most restrictive region for the rules. Communication can be managed regionally by creating separate segments based on consent type (Explicit vs. Implied) and guest location, then target appropriate segments for each campaign. This allows you to apply stricter rules for GDPR regions while using more flexible approaches where permitted by local regulations.
What is the role of SHR CRM in regulatory compliance?
SHR CRM is a data processor that provides configurable tools to support your consent management and compliance requirements. You, as the data controller, are responsible for defining consent policies, lawful bases for processing, and regional compliance requirements. The CRM provides the technical capabilities to implement and enforce your policies.