GDPR or General Data Protection Regulation is a privacy law set by the European government that started being applied on the 25th of May of 2018. It’s a law that dictates and regulates how companies, websites, or organizations can retain, collect, or even use the personal data of their customers or visitors.
Whether you’re a European, or a website that has visitors from Europe, then you’re concerned with GDPR. If you’re concerned with it, then this guide will explain everything you need to know about GDPR as a website owner or an Avoori user.
Disclaimer: we create guides like this in order to help you understand some maters on a more profound and detailed level. Our guides are only used as a resource and not as legal advice. Avoori does not offer advice or tips regarding matters related to the law for your website.
Who is affected by the GDPR?
It’s true that the GDPR is a law and a regulation that’s been established by the EU but it can affect anyone anywhere. In order to be regulated by the GDPR you either need to be:
- An organization that lives in the EU
- An organization that deals with customers, or visitors that are EU residents
So, whether you live inside of the EU or offer services or goods to EU residents, you’re going to be concerned with GDPR. Therefore, reading about the law and understanding it is very important for website owners.
What’s considered personal data?
GDPR only concerns the personal data of users or visitors that come across your website. So, under the GDPR, the data that qualifies as personal is any information that could help identify the person in question whether on its own or when combined with other information.
That means that any data that could include something personal like dates of birth address whether it’s their email address or physical address, credit card information, financial information, place of birth, or more.
You can understand more about what’s to be considered personal data by checking these pages:
What did Avoori do before the GDPR to ensure compliance?
Avoori comes prepared for the GDPR in order to ensure our users comply with the law and actually respect their visitor’s privacy. We made sure to comply with the law on our end by respecting the GDPR and its regulation and also establishing it on our own website builder.
Here are the actions we took in order to comply with GDPR:
- Employee training on the importance of GDPR and data processing
- Made our website builder more GDPR-friendly in order to help our customers respect GDPR as well
- More options when it comes to cookies and activity log for our users
- Updated our agreements with vendors that process our customer’s data on our behalf in order to respect GDPR
Do I need to sign a DPA with Avoori?
Cookies and similar technologies
A lot of website owners don’t know what a cookie is or it’s significance. A cookie is a text file that has a collection and an amount of information that can be saved either on your mobile device or computer. There are similar technologies to cookies like tags, pixels, and even fingerprinting.
A cookie or any technology similar to it can be used by websites or by website owners in order to :
- Personalize the customer/visitor experience
- Improve the functions of the website
- Identify visitors
- Target advertising using behavioral patterns
Website owners that do have some non-important cookies must improve and customize the cookie banner in order to only collect essential cookies.
Here’s what you need to do as a website owner:
- Explain the cookie usage you have on your website and what users need to understand about it
- Give access to a guide that explains cookie usage thoroughly on your website
- Get your visitor’s consent in order to collect non-essential cookies
As a website owner, you need to understand GDPR thoroughly in order to get what it includes and what it doesn’t include. Before GDPR, users didn’t have to consent to collect non-essential cookies from the website. Only their regular visits were considered as a form of consent for websites to drop their non-essential cookies on them.
Now, with GDPR, ambiguous consent is not consent. Visitors should clearly state they’re okay with the non-essential cookies in order to be dropped on them. If you place non-essential cookies on your website without the visitor agreeing to it, then you can be in it for a heavy lawsuit.
Your website must also give the visitors the option to manage their cookies’ preferences on the top of their affirmative consent in order to comply with the GDPR.
How does Avoori help me comply with GDPR and EU cookie requirements?
- Create and display a customizable cookie banner so visitors can understand what kind of cookies they’re dealing with
- Disable activity log on your website so you don’t collect or receive your visitor’ IP addresses or any other data that is considered personal
- Disable analytics cookies so your visitors don’t receive non-essential cookies
Your website is yours on Avoori and you have the complete right to edit it according to your preferences. Here’s what you can do:
- Customize your cookie banner and include different languages depending on the visitor
- Ask for consent before sending marketing emails
- Include a guide that explains the kind of data you collect, why you collect it, and how on your website
- Customize your newsletter block on your website to include a disclaimer for data collection
How do I remove personal data from Avoori?
There are different kinds of personal data that you can remove or update on Avoori, which are:
- Your list of websites including the expired and canceled websites
- Your credit card information and billing information
- Your account’s email address
- Your connected accounts
- Your contributor’s accounts
If you want any of your data to be removed from Avoori, then you can contact our customer service and file your request. We’ll handle it as soon as possible.
Using Avoori with third-party services
If you’re concerned with GDPR then you must know that it doesn’t affect how your website processes data only, but it also affects many other third-party services that deal with data on your behalf. If you’re wondering how is it possible to connect your website to third-party services, then here’s how:
- Code block
- Google Analytics
- Google Search Console
- Payment processors
- Code injection
- Connected accounts
- Social blocks
- Other integration like those of email marketing providers
- Form integration
If you’re dealing with third-party services, then you should know how they work. Third-party services embed content on your website and therefore accept data from your website. Avoori will act as a pass-through for that data or that content.
How does Avoori transfer customer and visitor data outside the EU?
According to the GDPR regulations, there need to be certain safeguards when it comes to transferring data, especially personal one outside of Europe, Switzerland, and the UK to any other country. This means that any country that falls outside of this scope is not considered a protected area including the US.
Because of that, Avoori treats data received from any area that falls within that scope in a way that is privacy-oriented. We process this data in a secure way that makes it comply with the GDPR law and that meets all of the clauses of the European Commission Standard Contractual Clauses.
European Commission Standard Contractual Clauses
In order to transfer personal data to any other country besides the one that falls inside of the protected area specified by the GDPR, we make sure to use standard contractual closes as our legal basis. We make sure to protect the personal data received and put it as soon as possible in a safeguard that meets the guideline of these standards.
Privacy Shield principles
After the 16th of July, 2020, the EU invalidated the US privacy shield and therefore it’s no longer valid to use the privacy shield frameworks in order to transfer persona data from the protected areas to the US. However, we still apply the needed principles to secure the data and add additional protection to our customers and visitors.
Other transfer requirements
If you read the articles from 45 to 50, then you’ll find out that the GDPR set a number of requirements for the transfers of personal data to unprotected countries or even international organizations. Here are the requirements:
Even as a country outside of the protected scope, you can still have adequacy to transfer personal data if the EU commission believes you have a great level of data protection.
If you don’t have the adequacy, then the GDPR can still allow the transfer if you provide appropriate safeguards to protect the data.
Exceptions for specific situations
There are always exceptions when it comes to transfers like:
- If you obtain consent
- Exercise of legal claims
- Conclusion of a contract
- Protect the interest of the data
There are other mechanisms established by Avoori in order to protect your data which you can customize as a website owner.
GDPR best practices for Avoori websites
Although Avoori can’t offer legal advice when it comes to GDPR, we can still present to you the best practices you can do as a website owner to comply with GDPR.
Personal data audit
When browsing your website, make sure to audit where you ask for personal data of your visitors. Make sure to also keep in mind what “personal data” actually is according to GDPR.
You can ask these questions in order to start:
- Are you collecting data that you need or don’t need?
- Is your data going to be transferred using third-party services?
- Do you collect data using third-party services?
- Do you export your data to another system?
- Do you use the data you collected and combine it with other sources of data?
- What kind of personal data you’re collecting
- Why you’re collecting that data
- With whom you’re sharing that data
- How you’re collecting that data
- How long do you store that data
- How do you protect that data
Here are other guides to help you: