Privacy and GDPR

On May 25, 2018 the European Union is enacting the General Data Protection Regulation (GDPR). All website owners are obliged to follow this regulation to protect the privacy of their visitors. The following document explains what YOOtheme Pro, Joomla and 3rd party services mean for your visitors' privacy, what data is collected and what necessary steps you should take to make your websites GDPR compliant.

Disclaimer: This information is not a legal advice and is for informational purposes only. Learn more about the GDPR from the European Commission’s Data Protection page.

YOOtheme Pro

YOOtheme Pro itself does not store any personal information. There are no tracking-cookies created or saved by the theme.

In YOOtheme Pro you can make use of 3rd party services, for instance, Google Fonts, Mailchimp, YouTube, etc. These services as well as Joomla are all working on making their products and services GDPR compliant. This document only focuses on their officially recommended solutions. Here is a short overview:

3rd Party Service Possibly used in
Google Fonts Style customizer
Google Analytics Advanced Settings
Google Maps Maps element
OpenStreetMap Maps element
YouTube Button, Gallery, Grid, Image, Section, Slider, Slideshow and Video elements
Vimeo Button, Gallery, Grid, Image, Section, Slider, Slideshow and Video elements
Mailchimp Newsletter element
Campaign Monitor Newsletter element

Joomla

YOOtheme Pro is a theme for Joomla which will offer a number of privacy features with their next releases. There will be a new privacy extension with an API for 3rd party developers, a tool to handle the consent of registered users, and data handling tools to export and erase data from your Joomla website.

Google Privacy Policy

When using any Google Service, you agree to the Google Privacy Policy. It explains in detail what data is collected, why it is collected, and what happens with it.

Google Fonts

YOOtheme Pro stores Google Fonts locally, and thus using them is GDPR compliant. When selecting a Google font in the Style Customizer, the woff and woff2 font files are downloaded to your server and are included in the CSS. So YOOtheme Pro, loads the fonts from your own server, and no requests are sent to Google Fonts server.

Google Maps

Using Google Maps on your website will create a NID cookie on the client device. The cookie is used to remember your preferences and for advertising. More information about the different types of cookies used by Google is available in the Google Policies - Types of cookies.

Google Maps has not announced any solution on how to comply with GDPR. For that reason, it is your responsibility to inform your visitors in the privacy policy about the use of Google Maps and their tracking methods. Mind that Google Maps have updated their Terms of Service that will take effect on June 11, 2018.

Google Analytics

Google Analytics provides settings for customizing cookies, sharing data, IP anonymization and other privacy controls. On May 25, Google will also introduce a data retention control to define how long the data is stored and a user deletion tool to remove visitors' data. It is the website owner's responsibility to make their Analytics settings GDPR compliant.

In YOOtheme Pro you have to enable IP Anonymization. Go to the Settings -> Advanced -> Google Analytics option and check IP Anonymization right below the Google Analytics API key field.

YouTube

YouTube offers a privacy-enhanced mode for embedding YouTube videos. Enabled, YouTube won't store information (cookies) about visitors on your website unless they play the video.

When you Enable privacy-enhanced mode in the YouTube embed settings, the video URL changes to https://www.youtube-nocookie.com. Use this URL in the video element or whenever you add YouTube videos in YOOtheme Pro to embed the video with the privacy-enhanced mode.

Once a YouTube video is played, a NID cookie is created. For that reason, it is your responsibility to inform your visitors in the privacy policy about the use of YouTube and its tracking methods.

Vimeo

Vimeo does not offer any privacy settings yet. Their Privacy Policy and Cookie Policy explain what data is collected, why it is collected and how it is used. Please inform your visitors that you use Vimeo services in your privacy policy.

OpenStreetMap

There is not much information available on the changes of OpenStreetMap usage due to the GDPR. In their official blog post, OpenStreetMap state that they will implement a plan over the next months. Make sure to inform your visitors on the usage of this service as well.

Mailchimp

Mailchimp offers a number of tools to comply with GDPR. They allow you to get user's consent and handle data easier.

If you are using MailChimp, enable the Double Opt-in option in the Newsletter element settings in YOOtheme Pro. An extra confirmation email will be sent to the user to verify the email address. YOOtheme Pro only sends the filled-in form data to Mailchimp. There are no scripts loaded or cookies created by Mailchimp.

Campaign Monitor

Campaign Monitor is working on privacy tools which should be released soon. They allow you to get user's consent and handle data easier.

If you are using Campaign Monitor, you have to enable the Double Opt-in option in the Campaign Monitor List Settings on their website. An extra confirmation email will be sent to the user to verify the email address. YOOtheme Pro only sends the filled-in form data to Campaign Monitor. There are no scripts loaded or cookies created by Campaign Monitor.

YOOtheme Pro