The GDPR (General Data Protection Regulation) is the new European legislation regulating how individuals and organizations may collect, use, and retain personal data. The GDPR went into effect on May 25, 2018.
This guide covers the tools and options that allow Tilda users to ensure that their websites comply with GDPR, highlighting all the important things that you as a Tilda website owner should be aware of and describing what Tilda is doing to comply with GDPR.
Disclaimer: This article should not be construed or relied upon as legal counseling. Should you have any questions on how GDPR affects your business, it is highly advisable that you speak to your lawyer.
Options and tools offered by Tilda
1. Cookie Consent Message
To inform the website visitors that you are using cookies and receive their consent, add a T657 block from the "Other" category to the page.
3. GDPR-Friendly Forms
4. Simplified Statistics Mode (Disabling Cookies)
To disable cookies, go to the Site Settings → Analytics → Website statistics → Edit settings.
5. IP Anonymization in Google Analytics
Google Analytics provides a feature that allows website owners to request that all of their users' IP addresses are anonymized within the product. If you have connected Google Analytics to your website and want to activate this feature, select the "Turn on IP anonymization" checkbox in Google Analytics counter settings in the Site Settings → Analytics → Google Analytics → Edit settings.
6. Managing Data Retention Period
By default, all data submitted via the data capture forms on your website is available in your account for 30 days. If you do not want to store data in your Tilda account, you can delete it. The data will be deleted as soon as it is sent to your preferred third-party data capture service.
To do this, go to the Site Settings → Forms → General form settings → Edit settings → Data storage period → Don't save.
7. Deleting Personal Data on the User's Request
If you receive a request to delete personal data from a user who has sent their data via a data capture form, you can delete it in the "Leads" section. The data will be removed from your Tilda account. If you have connected any third-party services to your website, you will have to delete the data there as well.
8. Configuring HTTPS on Your Website
All data transfers that go through Tilda are encrypted and have a cryptographic SSL connection by default. However, you can сonfigure additional safe protocols on your website by issuing a free SSL certificate.
Here is what you have to do to ensure that your website is GDPR-compliant:
1. Add a cookie consent message to inform the website visitors that you are using cookies as well as to obtain their consent.
5. Configure HTTPS on your website.
What to do if you can't be bothered to deal with the GDPR rules
You need to stop collecting the personal data of EU citizens. To do this:
1. Don't use data capture forms on your website. Instead, add your contact information, such as your phone number and email, to your website to allow people to get in touch with you without sending their personal data.
2. Turn on the simplified statistics mode to avoid using cookies.
3. Disable all external statistics tools such as Google Analytics and Google Tag Manager.
The data you share with us is processed via a safe encrypted connection using the HTTPS protocol. We also implement security measures designed to protect personal data, including physical, electronic, and procedural measures.
2. Transparency in Personal Data Usage
3. The Right to Access and Manage Personal Data
You can change, update or delete your personal information or the users' personal information from your account at any time. You may contact us for help in editing or changing this information.
4. The Right to Move Data
Obtain and reuse your data or the users' data with other services or providers at any time from your account. You may contact us for help in transferring this data.
5. The Right to be Forgotten
You can delete the data you share with us as well as your users' data from your account. You can also delete your account at any time. You may send us a request for deleting data that we undertake to process in a reasonable time.