GDPR

Learn about our commitment to data privacy and processing.

What is GDPR?

The General Data Protection Regulation (GDPR) took effect on May 25, 2018 and is a European Union regulation focused on protecting privacy and personal data for individuals within the EU.

R ead the full overview here .

This regulation dictates how personal data is collected, processed, and stored and affects everyone in the EU, as well as online businesses (regardless of location) who sell products and/or collect any personal information from customers and site visitors in the EU.

All affected website owners must:

Alert visitors when their information is collected and stored
Explain how the data is used
Give the option to delete personal information
Provide visitors with information on data importers and subprocessors

Blinki and GDPR

We take GDPR very seriously and have adjusted our data collection methods and Privacy Policy to ensure the privacy and data protection of our site visitors. We also continue to improve our systems in our commitment to this data privacy. The following information serves to educate you about the requirements of GDPR and provide clear information about our practices and policies.

Disclaimer: The content presented on this page is for informational purposes only and should not be taken as legal advice. GDPR is a highly complex subject with many variations that are unique to each EU member state. To ensure compliance in a specific member state, we recommend consulting a legal / privacy expert in that location to determine how GDPR may apply to your specific organization.

Select a Topic to Explore

01: Data Management
Explore what data Blinki manages and collects about you and your site visitors.

02: Cookies
Learn about how we use cookies, and what your requirements are for client websites.

03: Builder Compliance
See how Blinki sites can be made GDPR compliant using built-in or third-party tools.

01: Data Management

How does Blinki collect and store your information?

Blinki acts as the data processor for your master user account, including name, email, username for your master user account, as well as the username and email for sub-users attached to your account, and the billing details for any purchases. This is all for the purposes of account set up and continued use.

In addition, we may collect automatically received browser or mobile platform information, including your location, IP address, cookie information, and activity on the site. Analytics, including IP addresses are anonymized wherever possible. This information is processed in order to enhance the functionality of our site and services.

Finally, our website creation component, acts as a subprocessor for some of your data, including analytics information, contact form submissions, and ecommerce information.

How does Blinki collect and store your site visitor’s information?

Personal information collected by us about site visitors is used for operational needs to provide the service; this is never shared externally. Analytics, contact form submissions, and ecommerce information is collected and transferred by subprocessors

Analytics: This includes Google Analytics and other internal analytics. The IPs are anonymized, and they can also be disabled; send the Blinki team an email requesting this.
Contact Form: When you add a contact form to your site, the submitted personal information will be stored. This feature allows you to retrieve form responses but can be deleted from your account at any time.
Ecommerce : Customer information will be collected and disclosed to the third-party ecommerce platform (Ecwid) when purchasing from your store. Customers provide consent when entering information; this allows you to retrieve customer, order, and billing information for the purposes of selling products and/or services. This information is retained during the period of the contract and can be deleted directly through your site editor.

How do I update or delete my data?

Any requests for update or deletion of a master account, billing information, and sub-user information can be made to Blinki at any point. We will provide written confirmation that this has been updated or removed from our system, as well that the relevant items have been update or removed from our web creation component.

Analytics: Send us an email requesting that the analytics feature be disabled, and we will provide written confirmation that this has been done.
Contact Form : You can delete any form responses from your account; simply visit your site editor, enter the Content tab, and select “Manage Form Responses.”
Ecommerce: You can remove customer and site visitor data right from your site editor. To delete information for someone who purchased/signed up for information through your Ecwid store, simply visit the control panel, delete the customer profile, along with any orders or other information from them.

Note: do not delete information needed for order fulfillment or required for other legal reasons.

International Transfer of Data

Overview

We may transfer and process your data, as well as your site visitor’s data out of the EU and/or Switzerland to another country. This transfer is required for account sign-up and continued use of the site builder, ecommerce, and a variety of widgets, as well as additional resources provided on our website. According to the GDPR, you are known as the data exporter, Blinki is known as the data importer, while our website creation component and other third-party companies act as subprocessors on our behalf. Through Standard Contractual Clauses (SCC), you agree to allow us to transfer your data on your behalf and we guarantee that Blinki, along with our subprocessors, provide an adequate level of data protection. As well, the SCCs lay out the path for claim of compensation for your end users.

Data Processing Agreement

Obtain a Data Processing Addendum (DPA) and the relevant SCCs between Blinki, as the Data Importer and you, as the Data Exporter here. These agreements have been pre-signed by Blinki, and can be digitally signed by customers using our signature provider, HelloSign.

Click to sign our Data Processing Addendum

Subprocessors

Blinki uses the following subprocessors for our core application, as well as supporting systems. You may request a copy of a signed agreement between Blinki. and a subprocessor by emailing info@Blinki.co.uk In the event that a subprocessor provides their agreements in their Terms of Use or Privacy Policy, Blinki will send the relevant URL for your reference.

Core Applications

Google Inc.

Cloud Hosting & Data Storage (WOC Media Drive), Visitor Analytics

Location: California, USA

Stripe, Inc.

Payment Processing and Card Storage

Location: California, USA

Duda, Inc.

Cloud Website Creation and Hosting Services

Location: California, USA

Facebook, Inc.

Advertising

Location: California, USA

Pandadoc

Contract Delivery and Signatures

Location: California, USA

Cookies & Consent

Learn about storing cookies and obtaining consent

02: Cookies

What are cookies and how do they apply to GDPR?

Cookies are small data files that are stored on a users computer when they visit a website. They contain data specific to that user or website and are often used to track a user's progress through a site (e.g. the items in their cart during a checkout) or to record browsing activity / analytics such as which buttons are clicked, or what pages they have visited in the past.

Cookie policy is not governed by the GDPR, rather the ePrivacy Directive. For the purpose of this article we will refer to the requirements related to cookies as the Cookie Law.

What is the Cookie Law?

The Cookie Law requires that website visitors give consent prior to a third-party cookie being placed on their computer (first-party cookies are exempt). This is typically achieved through the use of a banner or notification informing users of the websites Cookie Policy. Consent must be a clear and defined action. Common consent actions may include:

Navigating beyond a cookie banner or scrolling through the page
Clicking a button agreeing to the cookie policy
Closing or dismissing the banner

Your Cookie Policy must detail the purpose for the installation of cookies, and outline the category and purpose of all third-party cookies, including links to their respective privacy policies. You are not required to list each individual third-party cookie.

What are exempt (or first-party) cookies?

First-party cookies are exempt from the consent requirements, and can be placed on a computer without prior consent. Cookies that fall into this category are typically those used to remember user's data and preferences. These may include:

Cookies that are necessary to provide the requested service, such as session ID cookies, authentication cookies, UI customization cookies and social media content sharing cookies.
Statistical cookies that are managed by your business and are not used for personal data tracking (i.e. cannot be used to identify a specific user).

What are third-party cookies?

Third-party cookies are those set and controlled by companies outside of your own. These typically include cookies for advertisements, analytics or embedded services (such as video or audio players). Consent is required before your website can place a third-party cookie on a user's website.

You are not required to list each individual third-party cookie used on your site, however you do need to clearly outline their purposes and general category. The law does not require that you manage consent for all third-party cookies directly, but rather inform users of their usage and link to their individual privacy policies. This approach gives users the ability to disable / withdraw consent through the individual service providers.

What cookies are being used on the Blinki website I built?

By default, a website generated by Blinki does not include any third-party cookies that need prior consent. We use various first-party cookies that are exempt from the consent requirements and are not used to track user data.

As the site designer, it is your responsibility to ensure that if you integrate third-party services, such as Google Analytics or YouTube videos, that you are aware of their cookie practices and taking the appropriate steps to comply with privacy regulations. All major third-party service providers have integrated GDPR compliant options into their services.

For example, YouTube videos should be embedded using "Privacy-Enhanced mode" to avoid the use of tracking cookies. Embeds should reference the URL "www.youtube-nocookie.com" instead of the standard www.youtube.com. More information is available here.

Google Analytics may track personal user data, such as IP addresses and geographic information. This is considered personally identifiable information and is subject to prior consent. To avoid this, we highly recommend enabling IP anonymization. More information is available here . Learn how to enable IP anonymization through Google tag manager in this video tutorial .

If you have any questions about a third-party service and their GDPR practices, it's best to contact them directly. Blinki can not act as an intermediary between our end-users and third-party service providers (your subprocessors).

Builder Compliance

See how websites built on Blinki can be made compliant using our built-in tools.

03: Builder Compliance

What tools are available from Blinki to enable me to build a compliant website?

The Blinki website builder was upgraded in early 2018 to integrate new tools and procedures to simplify GDPR compliance. We will actively continue to develop new tools and integrate services to help you build GDPR compliant websites.

Privacy Pages

A comprehensive privacy page is essential for GDPR compliance and the Blinki builder makes creating one easy; in your builder, visit the Settings section, and click “Privacy Settings"; from here you can customize a privacy page for your business. Alternatively, you can manually create a privacy page by creating a new standard page.

Cookie Notifications

The Blinki website builder comes integrated with a cookie notification bar that can be used to inform users of your cookie policies. This bar assumes that no third-party cookies are being used in the site, as it does not have the ability to control the placement of a cookie prior to consent.

In the event that you are using a third-party service that is making use of cookies, we recommend integrating an outside cookie solution, such as Cookiebot. Cookie bot can be configured to allow cookies to be delayed until consent is given. Please note that each third-party service will use cookies differently, and we are unable to provide a guide explaining how to individually delay the placement of cookies.

We highly recommend using Google Tag Manager (GTM) to integrate all third-party services if possible. This will simplify the enabling / disabling of cookies based on user consent, since most third-party scripts can be toggled and managed by GTM.

Contact Forms

In order to remain compliant, you must have permission from site visitors to collect their information, as well as delete this information upon request. Contact forms in the builder include the option to add an “opt-in” checkbox. This ensures that your site visitors agree to submit their information when using forms and can be customized to include privacy information, as well as link directly to your privacy policy. Any form responses can be deleted from your account by selecting the Content tab and clicking “Manage Form Responses.”