GDPR Compliance

Disclaimer.

The information provided in this helpsheet is intended as a guide to the sort of actions required to maintain GDPR compliance. You should not rely on this article as legal advice or as recommendations regarding what you should actually do. We recommend that you seek legal advice to help you maintain GDPR compliance, and forty40studio cannot be held responsible for any breaches of relevant legislation.

About GDPR

The General Data Protection Regulation (GDPR) - which came into force on May 25th, 2018 - affects any entity (including websites) that processes EU citizens' personal data. Whether or not you, or your business, is located in the EU; if you have EU site visitors or, if your marketing campaigns target EU citizens, this affects you.

Data Roles

As the business owner, you are considered the Controller of your site-visitors’ data. This means that you are the one who is choosing what data to collect from your site-visitors and you decide how it will be handled.

Both forty40studio and the website platform provider are Processor's of your site-visitors’ data. This means that we will only process your site-visitors’ data following your instructions and on your behalf, and will not process your site-visitors’ data for our own benefit.

Helping Your Site Meet GDPR Requirements

Use the following information and recommendations to prepare your site for GDPR.

Create a Privacy Policy

Transparency and communication with your site-visitors are key elements of the GDPR. As part of the regulation, you must let your site-visitors know how you collect, store and use their data - in a clear and transparent way. In addition, you must comply with your site-visitors' requests to receive a copy of their data that is processed on your site. A Privacy Policy is a statement that discloses the ways in which your website gathers, uses, discloses and manages your site-visitors' data.

About Cookies and Cookie Banners

GDPR requires that you get affirmative consent from site visitors before placing non-essential cookies on their device. Depending on which features are active on your site, it is possible that the use of some cookies might require affirmative GDPR consent. By adding a cookie banner to your site, your visitors can give their consent to non-essential cookies being placed on their device.

Request Consent to Process Your Site Visitors’ Data

GDPR establishes ways in which you can lawfully process your site-visitors’ data. Requesting your site-visitors’ consent is just one of the ways to lawfully process data. If you want to receive 'affirmative consent' from your site-visitors before processing their data, you can do so by, for example:

• Displaying a Cookie Banner on Your Site

• Using Forms to Receive Explicit Consent

• Adding a policy checkbox to your store Checkout page

• Adding a policy checkbox to your Booking forms

Get Consent for your Email Marketing.

Email marketing campaigns require consent from your site-visitors. If you're using any email marketing tool, this applies to you. Consent to receive marketing campaigns can be interpreted and applied in different ways on your site.

'Implied consent' informs your site-visitors that, for example, clicking the button will subscribe them to your marketing campaigns.

'Explicit consent' requires a positive action, for example, by adding a checkbox next to your 'Subscribe' button that must be checked to subscribe to your marketing campaigns.

Access and Delete Your Site Visitors' Data

In accordance with GDPR, site-visitors have the right to request a copy of the data held on them, and the right to request that data is deleted. Processes are available to support these requests.

For a complete guide to GDPR, visit https://gdpr.eu/