On May 25, 2018, the European Union is enacting the General Data Protection Regulation (GDPR). All website owners are obliged to follow this regulation to protect the privacy of their visitors. The following document explains what YOOtheme Pro, WordPress and third-party services mean for your visitors' privacy, what data is collected and what necessary steps you should take to make your websites GDPR compliant.
Disclaimer: This information is not a legal advice and is for informational purposes only. Learn more about the GDPR from the European Commission’s Data Protection page.
YOOtheme Pro itself does not store any personal information. There are no tracking-cookies created or saved by the theme.
In YOOtheme Pro you can make use of third-party services, for instance, Google Fonts, Mailchimp, YouTube, etc. These services as well as WordPress are all working on making their products and services GDPR compliant. This document only focuses on their officially recommended solutions. Here is a short overview:
Third-Party Service | Possibly used in |
---|---|
Google Fonts | Style customizer |
Google Analytics | Advanced Settings |
Google Maps | Maps element |
OpenStreetMap | Maps element |
YouTube | Button, Gallery, Grid, Image, Section, Slider, Slideshow and Video elements |
Vimeo | Button, Gallery, Grid, Image, Section, Slider, Slideshow and Video elements |
Mailchimp | Newsletter element |
Campaign Monitor | Newsletter element |
YOOtheme Pro is a theme for WordPress which itself offers a number of privacy features. There is a cookie opt-in for the comments, a dedicated privacy policy page, and data handling tools to export and erase data from your WordPress website.
When using any Google Service, you agree to the Google Privacy Policy. It explains in detail what data is collected, why it is collected, and what happens to it.
YOOtheme Pro stores Google Fonts locally, and thus using them is GDPR compliant. When selecting a Google font in the Style Customizer, the woff2
font file is downloaded to your server and are included in the CSS. So YOOtheme Pro, loads the fonts from your own server, and no requests are sent to Google Fonts server.
Using Google Maps on your website will create a NID cookie on the client device. The cookie is used to remember your preferences and for advertising. More information about the different types of cookies used by Google is available in the Google Policies - Types of cookies.
Google Maps has not announced any solution on how to comply with GDPR. For that reason, it is your responsibility to inform your visitors in the privacy policy about the use of Google Maps and their tracking methods. Mind that Google Maps have updated their Terms of Service that will take effect on June 11, 2018.
Google Analytics provides settings for customizing cookies, sharing data, IP anonymization and other privacy controls. On May 25, Google will also introduce a data retention control to define how long the data is stored and a user deletion tool to remove visitors' data. It is the website owner's responsibility to make their Analytics settings GDPR compliant.
In YOOtheme Pro you have to enable IP Anonymization. Go to the Settings -> Advanced -> Google Analytics option and check IP Anonymization right below the Google Analytics API key field.
YouTube offers a privacy-enhanced mode for embedding YouTube videos. Enabled, YouTube won't store information (cookies) about visitors on your website unless they play the video.
When you Enable privacy-enhanced mode in the YouTube embed settings, the video URL changes to https://www.youtube-nocookie.com
. Use this URL in the video element or whenever you add YouTube videos in YOOtheme Pro to embed the video with the privacy-enhanced mode.
Once a YouTube video is played, a NID cookie is created. For that reason, it is your responsibility to inform your visitors in the privacy policy about the use of YouTube and its tracking methods.
Vimeo does not offer any privacy settings yet. Their Privacy Policy and Cookie Policy explain what data is collected, why it is collected and how it is used. Please inform your visitors that you use Vimeo services in your privacy policy.
There is not much information available on the changes of OpenStreetMap usage due to the GDPR. In their official blog post, OpenStreetMap state that they will implement a plan over the next months. Make sure to inform your visitors on the usage of this service as well.
Mailchimp offers a number of tools to comply with GDPR. They allow you to get user's consent and handle data easier.
If you are using MailChimp, enable the Double Opt-in option in the Newsletter element settings in YOOtheme Pro. An extra confirmation email will be sent to the user to verify the email address. YOOtheme Pro only sends the filled-in form data to Mailchimp. There are no scripts loaded or cookies created by Mailchimp.
Campaign Monitor is working on privacy tools which should be released soon. They allow you to get user's consent and handle data easier.
If you are using Campaign Monitor, you have to enable the Double Opt-in option in the Campaign Monitor List Settings on their website. An extra confirmation email will be sent to the user to verify the email address. YOOtheme Pro only sends the filled-in form data to Campaign Monitor. There are no scripts loaded or cookies created by Campaign Monitor.