GDPR

ezguide
easy to follow step by step guides

Summary

This guide has been created to help you understand your GDPR responsibilities as well as to notify you about how we look after your data as a customer of PhD Interactive.

In terms of your responsibilities if your website collects personal information then GDPR affects you. An obvious example is a website that invites visitors to subscribe to a newsletter but even a simple contact form which captures just the enquirer's name and email address still requires GDPR consideration.

Overview

The General Data Protection Regulation (GDPR) came into affect on 25th May 2018. It replaced the current Data Protection Act in the UK and was the biggest overhaul of data protection legislation for 25 years. Despite being an EU initiative it has been incorporated into English law and so is independent of the UK's relationship with the EU.

This guide serves two purposes. Firstly as you are a customer of PhD Interactive we need to inform you how we look after your privacy and process your personal information. Secondly we will explain the measures we have taken to help you with your responsibilities to be GDPR compliant with respect to your PhD Interactive website.

Protecting the privacy of PhD Interactive customers

We respect your privacy. One of our fundamental principles is that no-one should receive a communication from us that they do not expect and might perceive to be unwanted. This principle is at the heart of GDPR but we also have responsibilities for documentation and to carry out checks on our suppliers.

Our Privacy Policy is available to view at www.phdinteractive.co.uk/privacy

GDPR and your website

If your website collects personal information then GDPR affects you. An obvious example is a website that invites visitors to subscribe to a newsletter but even a simple contact form which captures just the enquirer's name and email address still requires GDPR consideration. 

The whole business is not strictly about websites at all - it is about what you do with personal information you receive through any means and ensuring you have permission to do that. Even if your website has no contact form at all it probably still shows your email address so you need to think about what you do with the email addresses of your enquirers. Responding to the enquiry is obviously a legitimate use, but gathering all these addresses into an email list and mailshotting them periodically with marketing is very unlikely to be a legal use of this personal information under GDPR. As this guide may prompt a number of questions we have prepared an FAQ section which should answer most of your questions. 

Although we can't tell you how to be GDPR compliant, we have given a lot of thought to how we can can simplify the work you need to do to make your website GDPR compliant. We have created a number of special features which simplify the process of adding privacy notices to your website as well as giving your enquirers necessary notifications.

  1. A dedicated page to hold your Privacy Notice
  2. Links to your Privacy Notice automatically added to the website footer
  3. Links to your Privacy Notice automatically added to the Email Contact Form
  4. Checkbox option available on the Email Contact Form

Privacy Notices

PhD Interactive clients can create their Privacy Notice via the special Privacy Notice section under Site Management in the Administration Area. Once you have written it you can activate it by going to Special Features (also under Site Management) and scrolling down to the Privacy Features section. 

Website Footer Links

Once you activate your Privacy Notice, as explained above, a link is automatically added to your footer which enables website visitors to easily access the page if they wish. The link looks like this.

Email Contact Form Links

When visitors contact you via your Email Contact Form (ECF) a higher level of awareness about your Privacy Notice is provided through the addition of a link automatically built into the ECF which looks like this below.

This type of Privacy Notice notification is generally considered adequate when your usage of the enquirer's email is purely to facilitate communication about the delivery of a service. If however you wish to retain the email and use it to send marketing messages then the checkbox method explained below may be needed. 

Note also that the automatic addition of these notifications only applies to the standard Email Contact Form which is provided free with every website. If you are using the PHD Forms service with customised fields for capturing different types of information (age, mobile phone numbers etc) then these contact forms do not automatically include Privacy Notice links. The business partner who builds your form will need to include them.

Email Contact Form tickbox

The tickbox is a higher level of active confirmation by your website visitor. It is designed to confirm that they have seen your Privacy Notice and agree to you processing the information in the manner you explain in your Privacy Notice. Your Privacy Notice may for example say that you will contact them periodically with updates on your service or special offers. Of course this may put people off so only do this after due consideration. There is no point telling people that you may do it, but never get around to it as you will put people off for no gain.

You can enable this for Email Contact Forms just like the Privacy Notice link above within the Special Features section of your Administration Area. Just tick ECF Active Confirmation Tickbox. The ECF is then displayed with this kind of notification.

 

Frequently Asked Questions

  1. What do I need to do for my website to be GDPR compliant?
  2. How do you process and store the enquiries sent via my contact form?
  3. How can I add a notice to my contact form to make clear how I will use an enquirer's information?
  4. Can you advise me on what I should put in my Privacy Notice?
  5. Do you have an example of a Privacy Notice?
  6. How can I ensure my Privacy Notice has been seen by enquirers? I have lots of email links on my website
  7. What information does my Email Contact Form capture?
  8. I have "Subscribe to Mailing List" on my website. What do I need to do?
  9. What cookies does my website use?
  10. I need visitors to tick a box to say they have read my Privacy Notice
  11. Where can I find out more about GDPR?
  12. I have written my privacy notice. Can you tell me if its OK?
  13. I heard that GMail might not be GDPR compliant
  14. Where are the Terms & Conditions of my contract with PhD Interactive ?

1. What do I need to do for my website to be GDPR compliant?

This very much depends on how you use your website and any personal information you obtain through it. This link provides a well written and clear explanation of the areas that will be of most relevance to our customers. It is rare for customers of PhD Interactive to be engaged in online or offline direct marketing campaigns, so for most the concerns will be about ensuring that your visitors are notified about how you will use their personal information when they contact you (via a Privacy Notice) as well as how we process enquiries that come via your Email Contact Form.

2. How do you process and store the enquiries sent via my contact form?

Enquries submitted through your contact form are sent directly to you by email and then deleted from our systems. They are retained only until we are confident they have been successfully delivered. 

3. How can I add a notice to my contact form to make clear how I will use an enquirer's information?

The important thing is to draw attention to your Privacy Notice that states how you will use any information provided. See above for how to add a Privacy Notice and how to link to it from your contact form.

4. Can you advise me on what I should put in my Privacy Notice?

This is beyond our area of expertise as all customers will make individual choices, however we would recommend contacting your professional association who should have good general guidelines relevant to your type of acitivities.

5. Do you have an example of a Privacy Notice?

Unfortunately we aren't able to provide an example privacy notice. Its a little like asking for an example tax return as privacy notices are intended to reflect the way you use personal information and this varies even between therapists. We have retained a lawyer to help us write our own but that wouldn't be suitable for you. That isn't cheap of course but your professional association should be able to give some guidance for someone in your particular area of work.

6. How can I ensure my Privacy Notice has been seen by enquirers? I have lots of email links on my website

Unless you intend to use emails for marketing it is not clear to us that there is a strict requirement that an enquirer positively confirms they have read a notice thought it should still be fairly visible. Once your Privacy Notice is activated links will be automatically added to it from your website footer, however to be more cautious you could modify all your email links to be links to your Email Contact Form.  

7. What information does my Email Contact Form capture?

A standard email contact form only captures an enquirer's name and email address along with IP address of the computer used to make the request. No cookies are captured.

8. I have "Subscribe to Mailing List" on my website. What do I need to do?

If you have added this yourself you will need to contact the supplier of the mailing list service and ask them. Any reputable service will have made arrangements for GDPR so they may automatically update their plugins with the necessary changes or provide options for you to update the plugin according to the way you will use the data. If you have had assistance from a PhD Interactive business partner to add the mailing list feature you should contact the business partner for assistance in updating it as required.

9. What cookies does my website use?

Firstly cookies and personal information for GDPR purposes are very different things. It is very rare that you will have access to personal information through cookies so unless you have a special plugin that does give you personal information you are not processing personal information and you won't need a Privacy Notice for it. 

Until the introduction of our Social ColourMax design platform PhD Interactive websites did not use cookies as standard for any other purpose than to remember your login which does not impact on visitors. For this reason there was no cookie page. We introduced a cookie page with Social ColourMax designs and you will see this linked from the footer of your website - if you don't then you are on an old design. The Social ColourMax cookie page lists the social media cookies that are automatically included with this design. 

When you activate your Privacy Notice you will see a modified footer including a link to a cookie page whatever design you are on. This privacy page again references social media cookies as a catch all in case you have used them on an older design.

The only other cookies that might get used by your website are as a result of 3rd party plugins that you may have used on your website such as online booking tools. If you have used these you should contact the supplier and ask for advice on the privacy implications.

10. Where can I find out more about GDPR?

We recommend seeking the advice of your professional association who will understand the typical working practices and data usage of someone in your profession. For more general information about GDPR you may wish to visit the Information Comissioner's Office GDPR page.

11. I need visitors to tick a box to say they have read my Privacy Notice

To enable this feature within your Email Contact Form go to the Special Features section in your Administration area. There is an option under Privacy Features to enable a tickbox. If you are using a bespoke designed PHD Form you will need to contact the business partner who made it and they will be able to modify the form.

12. I have written my privacy notice. Can you tell me if its OK?

The whole business of GDPR is quite complex and is fundamentally about your own business and procedures. We're seeking advice from a lawyer about our own particular circumstance so I'm afraid we can't really say whether your notice is right for you or covers everything or is in some way "right" or "compliant".  All we can say in terms of reassurance is that we are advised that the businesses that get in trouble for GDPR are likely to be those that have given no thought to it at all or decided to play "fast and loose". If you are a small business and have given proper consideration to what you do and written a privacy notice in good faith you are likely to be OK. If you need more reassurance than this then we would advise seeking the advice of your professional association or a commercial lawyer.

13. I heard that GMail might not be GDPR compliant

Prior to the launch of GDPR there were some concerns that standard GMail might not be GDPR compliant. We raised this with our legal advisors and received the following reassurance "This privacy notice is compliant with GDPR and has clearly been designed with GDPR in mind. The privacy notice will have been sent to all Gmail users within the EU and makes it quite clear that the rights extended by that policy apply across Google as a whole".

14. Where are the Terms & Conditions of my contract with PhD Interactive ?

Please see this link for our latest terms and conditions, however these are likely to change before May 25th 2018