Since the implementation of the EU General Data Protection Regulation (GDPR) in May 2018, businesses worldwide have had to adhere to stricter privacy requirements.
GDPR compliance is imperative. The regulation empowers Wix users, particularly EU citizens, to exercise control over their personal data stored by your app. Users may reach out to you regarding accessing, modifying, or deleting their data, necessitating proactive measures from app builders.
Wix has enabled a cookie policy which allows all parties to adhere to the applicable laws, such as the GDPR and CCPA.
Important:
All apps are bound by the Wix Partner Agreement, which contains obligations related to privacy regulations (including honoring each site visitor’s decision about cookies).
- Site owner sets up a consent policy which includes any or all of the following consent types:
- Essential: lets the visitor move around the website and use essential features like secure and private areas.
- Functional: used to remember choices users make to improve their experience (e.g. language).
- Analytics: lets the site/app owner understand how visitors use the website (e.g. which pages they visit), to provide statistics on how the website is used, improve the website by identifying any errors, and performance issues.
- Advertising/Marketing: used to collect information about the impact of marketing campaigns performed in other websites on users and non-users.
- Data to Third Parties: lets the site/app owner share data with third (or fourth) parties (includes the "sale" of data, as well sharing data for essential or enhanced functionality, e.g., Google Analytics) - specifically for CCPA compliance.
- Site visitor gets a popup/banner about cookies.
- Site visitor interacts with popup/banner, setting their consent policy – they can choose which of the options to allow.
- At this point, and no earlier, your app must:
- Access the consent policy per visitor.
- Manage all applicable actions to take for their app’s functionality based on the provided consent.
Access to the consent policy set by each site visitor is available using the iframe JS SDK. The JS SDK also provides access to the default site policy as set by the site owner. See Implement Cookie Consent Requirements for details.
To ensure compliance with GDPR requirements, you should familiarize yourself with the regulation. Here are essential guidelines to follow when handling user requests related to personal data:
- Verification of identity: When users request access to their personal data, it's crucial to verify their identity to safeguard security. Requesting proof of identity helps prevent unauthorized access to sensitive information.
- Acknowledgment of user requests: Promptly inform users that you're processing their request. Sending an acknowledgment email demonstrates transparency and reassures users that their concerns are being addressed.
- Timely response to requests: Efficiently handle user requests within specified timeframes:
- For edit or deletion requests, aim to fulfill them within a week, but ensure completion within 30 days at the latest.
- Regarding access requests, provide the requested data within 30 days. Always utilize the same communication channel through which the user initiated contact.
- Adhere to visitors' data consent policies: Compliance entails respecting policies such as cookie usage and data selling restrictions. Integrating mechanisms to uphold these policies within your app is essential for maintaining GDPR compliance.