In brief, Nosto can’t give you legal counselling as you need to comply with your country’s legislation. Therefore we can only give you broad advise by describing how Nosto works.
To be fully aligned for example with EU laws governing all Nosto’s features, such as retargeting activities, the following requirements have to be met. Consider the following as a checklist since most of the following are (or should be) already covered in your privacy policy due to nature of e-commerce business.
1) Review privacy policy and make sure to include explanation of the use of customer’s data and tracking.
2) If Nosto email features are enabled, communicate the opt-out possibility easily for the user (link is by default positioned on the bottom of an email sent by Nosto)
3) Sync email blacklists across multiple email marketing providers (ie. a person who opted-out of Newsletters should not receive any personalized retargeting emails)
The personal data which Nosto processes is described in detail in Terms of Use.
Email-addresses are collected only to enable Nosto’s email features, hence mapping email and name details are only required if you want to utilize the email features. Leaving the email-detail out in the implementation is supported and perfectly fine.
One way to describe and communicate Nosto’s functionality to visitors on your website could be following: The purpose of the service [Nosto] is to display personalised product recommendations on-site, in emails and other mediums which make the shopping experience easier, more personal and enjoyable. However, do not add this to your website without consulting your legal department or lawyer first to make sure you comply with your local legislation.