Privacy on Your Website

On 25/05/2018 the new EU General Data Protection Regulation (GDPR) becomes binding. Therefore, you must react now and make your website suitable for GDPR.

Time is running out: the new European data protection law will be fully effective at the end of May. Consumers can look forward to more rights. But companies have significant changes to respond to. These changes also affect most websites, as they are usually commercial.

Get your Goldfish website fit for the new GDPR. Otherwise, you may face expensive warnings or even penalties.

Am I ever affected by the GDPR?
All commercial websites are covered by the GDPR. These are e.g. websites of companies, online shops, blogs and club pages. Excluded are purely family or personal websites. If you are exempt from the GDPR, the following does not apply to you.

Data processing on behalf
If an external web hoster is running your website, which is usually the case, you must sign a data processing agreement with the hoster. Ask your web hoster for this. A sample form can be found at the Society for Data Protection (German)

Privacy Policy
If your website is covered by the GDPR, it must also contain a privacy policy. You can write these yourself or have them put together by an online service that can do this for you. We recommend e.g. https://www.e-recht24.de (German). There you can also create a site notice for your website.

Note the following for Goldfish
  1. Make sure you use at least Goldfish 4.4. Earlier versions and especially Goldfish 3 is not GDPR compliant. The current version of Goldfish can be found on the download page.
  2. Set up a page for the site notice and one for the privacy policy on your website. Paste there the text for the site notice and the privacy policy.
  3. In the project properties, activate "Use of Cookies" (the "Show Warning" property must be set to "Automatic" or "Yes").
  4. Very important: Activate "Link to Privacy Policy" and link to your privacy page.
  5. You should set also a link to the privacy policy and the site notice on every page in the footer or in the header. It is best to place these links in the corresponding area templates.

Details on the privacy of Goldfish websites
The following information is required to create your privacy policy.

Cookies
The following components use cookies:
  • Redirections (also to the mobile page)
  • Stats Web App
  • Use of Cookies Warning
  • Blog (for administrator login only)
  • Guestbook (for administrator login only)
  • Form
  • Visitor Counter
  • Onlineshop (Product and Shopping Cart)
IP address
The following components store the IP address anonymously for 24 hours.
  • Form
  • Visitor Counter
  • Stats Web App
Blog
Necessary personal data is stored. When users comment on a blog entry, the name and email address are stored permanently and the name is published along with the comment.

Guestbook
Necessary personal data is stored. When users post a guestbook entry, the name and email address are stored permanently and the name is published along with the entry.

Onlineshop
Necessary personal data is forwarded. When an order is placed, the customer's name and address will be emailed to the shop owner. If you use PayPal, this information will also be shared with PayPal. This must be specifically indicated in your privacy policy.

Audio & Video
Necessary personal data is forwarded. If you include YouTube videos, the IP address will be shared with YouTube. This must be specifically indicated in your privacy policy.

Follow & Share
Necessary personal data is forwarded. If you use the Follow or Share buttons, the IP address will be passed to AddThis (Oracle America, Inc), as well as the respective services, such as Facebook, Twitter and YouTube. The operation of these buttons may not be permitted under the GDPR. Therefore, Goldfish will soon replace these buttons with a legally secure alternative.

ReCaptcha spam protection
Personal data will be forwarded. If you have activated ReCaptcha spam protection somewhere, it will send the IP address to Google. This must be specifically indicated in your privacy policy.

Google Analytics
Personal data will be forwarded. If you use Google Analytics, the IP address will be transmitted to Google. This must be specifically indicated in your privacy policy. Goldfish generally uses the variant with IP anonymization. You still need to provide a link in the privacy policy that allows the user to disable Google Analytics. Learn how to set up the link:
  1. Create a text link.
  2. Select "Manual Link" as the link destination and write "javascript:gaOptout();" as the address.

Google Webmaster Tools
This service does not send personal data to Google.

Google Fonts
Personal data will be forwarded. If you use Google Fonts, the IP address will be sent to Google. This must be specifically indicated in your privacy policy.

Published in  Goldfish4, Webdesign, Publish, Datenschutz,  GDPR on 19/04/2018 06:10 pm.

English • Deutsch
© 1998-2018 Fishbeam Software • Site NoticePrivacy