In addition to the new Terms, we have updated our software, with the goal of these changes being to make Clicky fully GDPR compliant.
This page covers the major changes to everything.
Clicky software changes
- This update is all about visitor privacy. There is a lot of new info in our help section.
- There is a new global opt out page.
- The "Recent Visitors" widget, and the "Most active visitors" option for the "Poppy" widget, have both been disabled, as they could contain Personal Data.
- There is a new visitor privacy option in your user preferences that lets you specify who you want the maximum privacy settings to apply to. Defaults to "All visitors".
- For visitors that your privacy setting apply to, IP addresses are anonymized, and "Opt Out" cookies are honored.
- There is a new custom tracking option called visitor_consent. This allows you to override your visitor privacy settings for individual visitors by obtaining their consent to track Personal Data that you disclose up front. How you obtain consent from visitors and remember that consent is up to you, but supposing you do that, then privacy settings will be ignored for this visitor.
- "Public access" is no longer an option to view data for a site. Viewing data requires some kind of authentication now, whether it's a user login or a private link. We must do this to protect End User personal data from being accidentally leaked to unauthorized parties.
Terms of Service changes
- Our new Data Processing Agreement ("DPA") is automatically amended to the Terms for business and commercial customers. The DPA covers our and your responsibilities when it comes to the GDPR and "Personal Data". It's important. Read it.
- EEA citizens have the right under the GDPR to access, modify, and delete any Personal Data that Data Controllers (you) have about them. You are responsible for handling their inquiries. We are building tools for you to easily find, update, and delete their info, which will be available by May 25 2018.
The one thing we didn't state in the old policy was that we used Clicky to track Clicky customers (you), although we thought that was pretty gosh darn obvious. The new policy states this fact.
The GDPR requires a lot more up front information than we had before, which we have zero problem with because we are honest and transparent, but that means the whole policy is basically new. It's easy to read and understand though, that's a hallmark of the legislation. The info from our old policy is still in there but there's a lot more now.