Skip to main content

Site tracking and the GDPR

Updated
Disclaimer: The contents of this web page do not constitute legal advice. This page is for informational purposes only, and we strongly encourage you to seek independent legal counsel to understand how your organization needs to comply with the GDPR. 
If you’re using the Site Tracking feature to track visits made to your website by contacts in the EU, then you may want to make changes to consider how you’ve implemented site tracking in order to help with your General Data Protection Regulation (GDPR) compliance efforts.

What is site tracking?

Our site tracking feature tracks visits made to your website and associates those page visits with contact records. It also collects the IP address of your contacts. Site tracking allows you to see which web pages a contact visits so you can create segments and send targeted campaigns, display site messages to specific contacts, and is used with our attribution feature.
These page visits and the IP address are considered personal data under the GDPR because they allow your contacts to be individually identified.

How the GDPR impacts site tracking

Under GDPR, you must have an appropriate lawful basis or legally approved reason before you can collect and store personal data. One such lawful basis is consent.
To implement this, you can create a "Tracking Consent" notice on your website. This notice should clearly state what information is being collected and how that information will be used based on the consent you are requesting. It is important that the language used in this notice is clear and straightforward. Additionally, the notice should inform users that they have the right to withdraw their consent at any time. It should also include a button or checkbox that users must click to provide their consent.
Remember that, aside from implementing a proper method to collect consent when processing data based on consent, you must also comply with other GDPR requirements. This includes providing a compliant privacy notice to your contacts that clearly outlines your data processing practices and aligns with GDPR requirements, specifically the notice requirements in Articles 13 and 14.

Who does the site tracking update for the GDPR apply to?

The site tracking update for the GDPR applies to:
  • Any eduConverse customer in the European Union (EU) that is processing personal data and using our site tracking feature.
  • Any eduConverse customer outside of the EU that is processing personal data of EU data subjects and using our site tracking feature.

How to update site tracking for the GDPR to obtain consent

  1. Replace the site tracking code on your website.We’ve made updates to our site tracking code in order to complement your GDPR compliance needs. You will need to replace the eduConverse site tracking code you’re currently using with this new one. You can get this new code by going to Settings > Tracking in your account. The updated site tracking code will be located in the “Tracking Code” box.
  2. Update the "Track by Default" setting in the site tracking codeThe "Track by Default" setting in our site tracking code automatically records page visits. After replacing the site tracking code on your website, it's important to update this default setting as well. You can do this by modifying the code that you pasted on your site.

     

     

    You can change this: vgo('setTrackByDefault',true);
    To this: vgo('setTrackByDefault',false);

    Simply replacing the site tracking code (as mentioned in step 1) will not alter how the ActiveCampaign platform tracks your data. Updating the "Track by Default" setting is a crucial step that can help you comply with the GDPR when processing data based on consent. It allows you to obtain freely given, affirmative, and informed consent from users.

  3. Create a “Tracking Consent” notice.

    This notice requests permission to track contacts and informs them about their consent. It can be displayed as a banner or pop-up.

    The notice must clearly outline what information is collected, how it will be used, and that individuals can withdraw consent at any time. It should use simple language and provide a way for individuals to indicate their agreement, such as a consent button.

    If you need help creating this notice, please consult your team or legal counsel, as the Customer Experience Team cannot assist with this.

  4. Add a code snippet to your “Yes/Agree” button on the “Tracking Consent” notice.

    If a contact has allowed site tracking, you will need to call the Javascript function, vgo('process', 'allowTracking')

     

    To allow tracking for future visits, when the contact accepts cookies, you might set a temporary cookie (for example, for 30 days). Then on each page load, check for the temporary cookie you have set and run vgo('process', 'allowTracking') 

     

    Example:

    // Insert tracking snippet here

    if (document.cookie.indexOf('accept_cookies') !== -1) {

       vgo('process', 'allowTracking');

    }

     

    $('.btn').on('click', function() {

       var expiration = new Date(new Date().getTime() + 1000 * 60 * 60 * 24 * 30);

       vgo('process', 'allowTracking');

       document.cookie = 'accept_cookies=1; expires=' + expiration + '; path=/';

    });

     

    The GDPR compliance deadline was May 25, 2018. Parties who violate the law, including collecting and processing personal data without a proper lawful basis such as consent, are subject to substantial penalties. See Article 83: General conditions for imposing administrative fines.

Powered by Zendesk