GDPR and the Editor

All features and elements in the Editor are designed to enable you to gather, manage and delete visitor data in compliance with data privacy laws outlined in the General Data Protection Regulation (GDPR).


Important notice

Any information within this article is not be considered as legal advice. Please consult with your own legal counsel to make sure you live up to the general requirements outlined in GDPR as well as any additional, regional privacy laws in your country. It is your responsibility as a website owner to make the required adjustments on your website in order to be compliant with GDPR.


What is GDPR?

The GDPR is a European Union (EU) regulation aimed at strengthening the data protection of individuals (data subjects) within the EU. Its focus is to give more control and transparency to data subjects about what, how and when data is collected about them online. The GDPR came into effect on May 25, 2018 and doesn't only apply to businesses located within the EU but also to businesses located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects.  


GDPR and your website

The GDPR states that data subjects (website visitors) have four fundamental rights. Below, we've outlined what website owners need to think about in order to comply with these rights.  


The right to transparency

The key to transparency is having a privacy policy on your website that clearly states how you gather and manage visitor data. You can have this policy on a separate page on your website and then link out to it from forms, buttons, links, etc. If you make the page hidden, it won't show up in your main navigation. Alternatively, you can enter the policy text in the Legal section in Global Data. 

There are five different channels through which user data can come into your website that you should be aware of:


Forms

When visitors submit contact forms on your website, they may be sending personal data which is being stored in the Editor.

There are three modules where user data can come in through forms to your website:

Read more about the modules by clicking the links above. If you have entered your email address in the Email Recipient field in the Form and Mailchimp Form modules, the submitted data will be sent to your email. Keep in mind that this entails you'll be keeping visitor data in your inbox. On the Form and Mailchimp Form modules, you can also enable the Data Collection which means that form data will be stored in CRM under 'Forms'. 

You can add an opt-in option on a contact form, requiring visitors to consent to your privacy policy by ticking a box before submitting the form. Add a link to your privacy policy on the opt-in box so visitors can easily head there and read your terms. 


On-Site Engagements

These pop-up elements can be set to appear on your website and allow for various types of visitor engagement. Three of these engagement types may involve the visitor submitting personal data:

Just like with the Form modules, you can add an opt-in option to your On-Site Engagements.

Read more about On-Site Engagements here.


User logins

If you have password protected pages or use the User Login module, users will have to sign up in order to access your site and may submit personal data in the process. This data is stored in CRM in the Editor.


Blog

If you have access to Blog, you can write blog posts and open them up to user comments. These user comments may contain visitors' personal data and are stored in the Editor under Blog.

Just as with Form modules, you can set up an opt-in option in your Blog so that the website visitor has to consent to your privacy policy before being able to add a comment.

Read more here (section 2).


E-commerce

If you have added E-commerce you can take orders and accept payments. Those transactions contain personal data about the customers. Orders will go into Shop in the Editor while anything related to credit card payments will be stored with the payment gateway and not in the Editor.



The right to consent and control

At any instance where a visitor can submit data on your website, you have to option to have them consent to the terms outlined in your privacy policy. Please refer to the following articles for practical information on how to set it up in the Editor:


Cookies

If your website stores data from cookies, be aware that personally identifiable data may be transmitted from the visitor, in which case you must inform about this in your data privacy policy. Cookies might be added to your website if you, for example, have embedded a video or added a third-party widget. 

As a standard on the V5 platform, all websites are enabled with Google Analytics. Google’s compliance with GDPR is available on their website.

The following types of cookies are being set by default in the Editor from Google Analytics:


None of the cookies above store any personally identifiable information about visitors - their IP addresses are masked and, therefore, fully anonymized. The cookies are added to all websites created in the Editor and are necessary in order for the website to function and to supply visitor data on the Editor dashboard. For more information, please visit: https://developers.google.com/analytics/devguides/...

The pre-installed Google Analytics use session-based cookies to collect information about a users' behavior on the site. As no personally identifiable behavior is recorded, there are no specific GDPR requirements. However, keep in mind there may already be an opt-in or opt-out general cookie policy applicable by law. This answer is strictly pertaining to GDPR. We wish to reiterate this pertains to the standard, pre-installed or "out of the box" Google Analytics in the Editor. If you or your SMB clients add any additional Google Analytics or other cookie-relevant external code added to a website there may be other obligations to which you need to consult with local counsel.

Other cookies used within the platform are based on sessions and are necessary in order to carry out and support basic website functions such as login, form submissions and maps. Just as with analytics, these cookies are not personally identifiable and only session-based. In short, the cookies the Editor uses do not affect an SMB’s ability to comply with GDPR.

If website visitors do not wish to have cookies stored, they have the option to opt-out. Read this article for more information about cookie settings. Please note that it is the responsibility of the SMB (the data controller) to add the cookie consent feature to their website. It will also be possible to add a link to the SMB's data privacy policy.


Social media opt-in

If you have social media share modules added to your website, for example the 'Facebook Like' module, you can enable a double opt-in functionality. This gives you the possibility to ask your website visitors to first give their consent to displaying this module before they can start interacting with it. After they have toggled the button, they can click on the modules and perform actions. This way, you can clearly inform website visitors that if they interact with social media modules, they might be passing on information to third parties. Read more about setting up social media opt-in here



The right to data portability

Visitors have the right to request an overview of all the data that they have submitted on your website. Using the Editor's User Data Report feature you can generate an overview of all data submitted by individual visitors. It collates all the data that you have on a specific visitor and allows you to export that data in a PDF file (that you could pass on to the visitor, if required).

The report contains data submitted through the following modules and features:

Read more about the User Data Report feature here.



The right to be forgotten

Visitors have the right to request the deletion of specific personal data that they have previously submitted on your website.

Here's an overview of where you can delete visitor data that you have previously collected:

 

Anything we’ve not covered?

Contact Us