The GDPR (General Data Protection Regulation) is the new European legislation regulating how individuals and organizations may collect, use, and retain personal data. The GDPR went into effect on May 25, 2018.
This guide covers the tools and options that allow Tilda users to ensure that their websites comply with GDPR, highlighting all the important things that you as a Tilda website owner should be aware of and describing what Tilda is doing to comply with GDPR.
Disclaimer: This article should not be construed or relied upon as legal counseling. Should you have any questions on how GDPR affects your business, it is highly advisable that you speak to your lawyer.
Options and tools offered by Tilda
1. Cookie Consent Message
To inform the website visitors that you are using cookies and receive their consent, add a T657 block from the "Other" category to the page.
2. Privacy Policy and Terms and Conditions Pages
Create the "Privacy Policy" and "Terms & Conditions" on your website, publish them, and use links to the pages to inform the users.
3. GDPR-Friendly Forms
Every data capture form on Tilda has a text field where you can place the links to the "Terms & Conditions" and "Privacy Policy" pages. To ensure that the users accept your terms of service, add a checkbox to the form. This way, the users can confirm that they have read and accepted the Privacy Policy and Terms & Conditions.
4. Simplified Statistics Mode (Disabling Cookies)
Tilda's embedded analytics system uses cookies to provide more accurate results. Cookies can also be used to track UTM parameters. If you do not want to use cookies and send cookie consent messages to the website visitors, you may turn on the simplified mode in the Site Settings. Your stats wouldn't be as precise, but then your website won't be collecting cookies either.
To disable cookies, go to the Site Settings → Analytics → Website statistics → Edit settings.
5. IP Anonymization in Google Analytics
Google Analytics provides a feature that allows website owners to request that all of their users' IP addresses are anonymized within the product. If you have connected Google Analytics to your website and want to activate this feature, select the "Turn on IP anonymization" checkbox in Google Analytics counter settings in the Site Settings → Analytics → Google Analytics → Edit settings.
6. Managing Data Retention Period
By default, all data submitted via the data capture forms on your website is available in your account for 30 days. If you do not want to store data in your Tilda account, you can delete it. The data will be deleted as soon as it is sent to your preferred third-party data capture service.
To do this, go to the Site Settings → Forms → General form settings → Edit settings → Data storage period → Don't save.
7. Deleting Personal Data on the User's Request
If you receive a request to delete personal data from a user who has sent their data via a data capture form, you can delete it in the "Leads" section. The data will be removed from your Tilda account. If you have connected any third-party services to your website, you will have to delete the data there as well.
8. Configuring HTTPS on Your Website
All data transfers that go through Tilda are encrypted and have a cryptographic SSL connection by default. However, you can сonfigure additional safe protocols on your website by issuing a free SSL certificate.
Here is what you have to do to ensure that your website is GDPR-compliant:
1. Add a cookie consent message to inform the website visitors that you are using cookies as well as to obtain their consent.
2. Create the "Privacy Policy" and "Terms & Conditions" pages on your website.
3. Add the links to the "Privacy Policy" and "Terms & Conditions" pages to the footer of your website.
4. Place the links to the "Privacy Policy" and "Terms & Conditions" pages in the data capture forms on your website. Add a checkbox to those forms to obtain the users' consent to the Privacy Policy and Terms & Conditions.
5. Configure HTTPS on your website.
What to do if you can't be bothered to deal with the GDPR rules
You need to stop collecting the personal data of EU citizens. To do this:
1. Don't use data capture forms on your website. Instead, add your contact information, such as your phone number and email, to your website to allow people to get in touch with you without sending their personal data.
2. Turn on the simplified statistics mode to avoid using cookies.
3. Disable all external statistics tools such as Google Analytics and Google Tag Manager.
The data you share with us is processed via a safe encrypted connection using the HTTPS protocol. We also implement security measures designed to protect personal data, including physical, electronic, and procedural measures.
2. Transparency in Personal Data Usage
Our Privacy Policy contains detailed information about what personal information we collect, how we collect it, and how we use it. We undertake not to use the personal data you share with us in any other way except for the ways described in our Privacy Policy.
3. The Right to Access and Manage Personal Data
You can change, update or delete your personal information or the users' personal information from your account at any time. You may contact us for help in editing or changing this information.
4. The Right to Move Data
Obtain and reuse your data or the users' data with other services or providers at any time from your account. You may contact us for help in transferring this data.
5. The Right to be Forgotten
You can delete the data you share with us as well as your users' data from your account. You can also delete your account at any time. You may send us a request for deleting data that we undertake to process in a reasonable time.
Don't hesitate to email us at legal@tilda.cc if you have any questions regarding our privacy practices or if you would like to exercise your rights and choices.