Home>Blog>GDPR and SiteOrigin Products

GDPR and SiteOrigin Products

General Data Protection Regulation (GDPR) is European Union law on data protection and privacy for all individuals within the European Union. It addresses the export of personal data outside the EU. We’ve assembled a brief guide on what sort of information you might need to add to your privacy policy to comply with GDPR when using SiteOrigin themes and plugins.

Disclaimer: this post is by no means legal advice. If unsure, please seek professional consultation.

What is GDPR?

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU).

Read the full definition on Wikipedia.

Does GDPR Affect Me and My Website?

If your company is based in the European Union (EU), or you do business with EU citizens, the GDPR does affect you and your website so you need to comply. With that said, it would be a good idea comply with the regulations regardless, as it’s possible countries outside of the EU will implement similar legislation in the future.

SiteOrigin CSS Plugin and SiteOrigin Themes

Good News! SiteOrigin CSS and SiteOrigin themes comply with the GDPR as none of them collect, store or transmit any user information. However, if you’re making use of Google Fonts in SiteOrigin CSS or SiteOrigin themes, you’ll need to make a note of this in your privacy policy. Google is GDPR compliant, find out more.

(Google Fonts can only be added from within SiteOrigin CSS using the Web Font Selector in SiteOrigin Premium.)

SiteOrigin Page Builder: Layouts Directory

The only GDPR concern in SiteOrigin Page Builder is the Layouts Directory. By default, all images in prebuilt layouts are hosted on layouts.siteorigin.com. We recommend changing these images as soon as possible. If you decide not to, you’ll need to make mention of these images in your privacy policy.

SiteOrigin Widgets Bundle

Certain widgets include Google Fonts if you decide to use any of those fonts you’ll need to mention that in your privacy policy. Google is GDPR compliant, find out more.

SiteOrigin Contact Form Widget

While the SiteOrigin Contact Form widget doesn’t store data, it does handle user submitted data. As such, it’s a good idea to ask for consent before transmitting this data.

To ask for consent, add a checkbox to your contact form and use the following values:

Field Type: Checkboxes
Required Field: Required (This field must be required)
Add an Option and set the Value to:
Please tick to consent to your data being stored temporarily, as per our privacy policy.

If you choose to Log IP Address, you’ll need to mention this in your privacy policy. Logging the user’s IP Address simply includes the IP in the email, you’ll need to mention that it’s included, but not stored anywhere.

If you’re using SiteOrigin Premium, the Contact From plugin addon allows you to add autoresponder functionality to email the user on form submission. If you use this functionality you’ll need to mention this in your privacy policy alongside your contact form information.

SiteOrigin Google Maps Widget

If you use the SiteOrigin Google Maps widget, you’ll need to mention that you use Google Maps in your privacy policy and that while you don’t personally collect this data, Google may. Google is GDPR compliant, find out more.

SiteOrigin Video Player

If you embed any external video, such as from YouTube or Vimeo, you’ll need to mention this in your privacy policy. Be sure to check if the video you’re embedding is hosted on a service that is GDPR compliant.

Summary

Hopefully, this gives you a better idea of what GDPR is and how SiteOrigin themes and plugins might influence the creation of your website’s data management and privacy policy.

If you have any questions or concerns, please feel free to leave a comment.

Leave a Reply

Your email address will not be published. Required fields are marked *

Comments

  1. 27 days, 19 hours ago Rebecca Westaway

    Hello, please expand further on the issue of layouts directory and which images you refer to – those uploaded by our company or default images supplied by your company.
    Many thanks,
    Rebecca

    • 27 days, 19 hours ago Alex S Hi, I Work Here

      Hi Rebecca,

      All images included with the prebuilt layouts in layout directory are hosted on layouts.siteorigin.com. If you’re not too sure which images you’ve adjusted, I would open the Layouts Directory once again and preview the layout you previously imported. Compare the images to your current layout and any image that’s the same for both layouts is hosted on layouts.siteorigin.com.

  2. 27 days, 17 hours ago Sro

    The most good and informed article i get. So simple and clarify about GDPR. Good work guys.

    • 27 days, 16 hours ago Andrew Misplon Hi, I Work Here

      Hi Sro

      Glad that helped. All the best :)

  3. 27 days, 16 hours ago R Parker

    I am a little unclear which SiteOrigin widgets use Google fonts. Please could you list them so that I may include a refernce to them in my privacy notice if I need to.

    • 27 days, 14 hours ago Andrew Misplon Hi, I Work Here

      Hi R

      Thanks for posting.

      We could do that but you might not have selected a Google Font from the relevant font setting. Any SiteOrigin widget that a font drop-down setting will offer Google Fonts on that list. If you have a sample page or two you’d like to me take a look at, I’d be happy to do so and let you know if there are Google Fonts being used.

  4. 27 days, 15 hours ago Marc

    Hi Guys
    thanks for the info.
    What about Google fonts options in your themes?

    • 27 days, 14 hours ago Andrew Misplon Hi, I Work Here

      Hi Marc

      Thanks for reaching out.

      We’ll update that section tomorrow, thanks for the heads up. The advice would be the same as for any widgets making use of Google Fonts, if you decide to use any of those fonts you’ll need to mention that in your privacy policy.

      Hope that helps.

  5. 27 days, 13 hours ago Claudia

    Thanks for these infos, specially for the contact form. Seems to be one of the most sensitive cases. I was about to skip the form or to switch to contact form 7, because I read they already implemented a secure way. Will give your solution a further look, and hopefully, can stay with the so-widget.

    • 27 days, 46 minutes ago Alex S Hi, I Work Here

      Hi Claudia,

      Great to hear! :)
      Let me know if you have any questions about setting up the contact form in this manner, or run into any issues.

  6. 26 days, 22 hours ago Franziska

    Hi, thanks a lot for all the information.
    Do you have some kind of a statement that you are not collecting any data (as above) we can print for our gdpr documentation?
    Best
    Franziska

    • 26 days, 22 hours ago Andrew Misplon Hi, I Work Here

      Hi Franziska

      Thanks for your question. Unfortunately, we don’t at this time. SiteOrigin isn’t collecting any user data from within the plugin.

      • 26 days, 20 hours ago Andrew Misplon Hi, I Work Here

        I’ll let you know as soon as we have a document to print this week.

  7. 26 days, 15 hours ago Michelle Edwards

    Thanks so much for this! Definitely above and beyond… I’ve made the necessary changes and feel much more prepared for this change. Awesome Support! ~Michelle

    • 26 days, 15 hours ago Andrew Misplon Hi, I Work Here

      Super :) Glad to hear you’ve been making progress getting ready.

  8. 26 days, 1 hour ago Oleksandr

    I dont understand this at all!
    Can you explain step by step WHAT I MUST DO with images?

    • 26 days, 1 hour ago Andrew Misplon Hi, I Work Here

      Hi. Have you ever used pre-built layouts from the Layouts Directory in Page Builder? If so, did you change all the images? If you did then nothing needs to be done with regards to images.

  9. 26 days, 1 hour ago Gerhard Berger

    Hello, the SiteOrigin Google Maps Widget isn’t clarify about GDPR, because the Google Maps API loads everytime. Also when I deactivate the SiteOrigin Google Maps Widget.
    The right way is to load the api on demand. From tommorow, this is not GDPR Compliant.
    Do you have an urgent fix?
    Regards, Gerd

    • 26 days, 53 minutes ago Andrew Misplon Hi, I Work Here

      Hi Gerd, we’re only loading the API as it’s being used. If the Maps widget is not present, the API JavaScript doesn’t output. It doesn’t load every time. It sounds like you might have something else using the API. One way to confirm would be to test with a default theme like Twenty Sixteen and only SiteOrigin plugins activated.

      • 26 days, 33 minutes ago Gerhard Berger

        Hi Andrew, I dont know the problem. But for tommorow, could you give me a help, how I can temporary deregister the google maps widget in SO until I have a solution? The solution from atheme Sydney dont work:
        function sydney_pro_child_remove_googlemap_api() {

        wp_dequeue_style( ‘sydney-gmaps-api’ );

        }
        add_action( ‘wp_enqueue_scripts’, ‘sydney_pro_child_remove_googlemap_api’, 999 );

        Website source code –> is not removed. Also when I deactivate the SiteOrigin Google Maps Widget. It seems, the Website source code printed wrong.

        • 26 days, 20 minutes ago Andrew Misplon Hi, I Work Here

          Thanks for your feedback. Unfortunately, the widget mentioned above isn’t a SiteOrigin widget, it’s an aThemes widget. aThemes will need to assist. Sorry, wish we could help but we can only assist with products we’ve coded, products we maintain and have control over.

          • 25 days, 22 hours ago Andrew Misplon Hi, I Work Here

            `wp_dequeue_style` looks wrong, my guess is that should be `wp_dequeue_script`. Let us know if aThemes aren’t able to resolve.

            If you’re using SiteOrigin Premium you can also reach out to us on email (support@siteorigin.com). Thanks.

  10. 26 days, 45 minutes ago Norbert Schaub

    It,s ok with me

    • 26 days, 43 minutes ago Andrew Misplon Hi, I Work Here

      Hi Norbert, glad to hear all is well :)

  11. 25 days, 18 hours ago Marcus

    Currently, Google Fonts ARE NOT compliant to the GDPR.
    At least that’s what German lawyers say all over the web.

    A workaround would be to implement the fonts locally.
    Can you provide a guide for site origin themes like Vantage?

    cheers
    Marc

    • 25 days, 18 hours ago Andrew Misplon Hi, I Work Here

      Hey Marc

      You’d head over to the Customizer > Theme Design in the case of Vantage and switch over any of the websafe fonts on offer.

      If you’d like to self-host fonts, please see https://crunchify.com/wordpress-google-fonts-load-locally/.

      There is a large amount of conjecture over Google Fonts at the moment. For every thread claiming there is an issue, I can source another reputable thread that introduces evidence that they aren’t.

      The Google fonts API collects a very limited set of information and uses it only for serving the font to your site. You can read more about the data Google collects, stores, and uses in connection with Google fonts here: https://developers.google.com/fonts/faq.

      For the time being, given the rules presented as they are, we’re happy to proceed with Google Fonts in conjunction with a privacy policy reference. In the event you aren’t, a websafe font or self-hosting fonts is the way to go.

  12. 23 days, 2 hours ago Eric1980

    Hi i have two quistions. If I use the page builder plugin from site origing with the gpdr am I correct that when I use images without the pagebuilder and use the image on a palace where I don ‘t use the page builder. That this image Will not be seen on your site.

    2 Do you see data when People react on wordpress om a massage page or writting a testimonial.
    Eric

    • 23 days, 2 hours ago Andrew Misplon Hi, I Work Here

      Hi Eric

      1. Sorry, I’m not quite following your question.
      Whether your images are inside Page Builder or outside Page Builder, as long as they are hosted in your own WordPress Media Library, there is no concern.

      2. What form are you using? The SiteOrigin Contact Form, for example, doesn’t store user submissions.

  13. 21 days, 15 hours ago Rob van der Walle

    Hi,

    What is GDPR:

    SiteOrigin Page Builder: Layouts Directory

    The only GDPR concern in SiteOrigin Page Builder is the Layouts Directory. By default, all images in prebuilt layouts are hosted on layouts.siteorigin.com. We recommend changing these images as soon as possible. If you decide not to, you’ll need to make mention of these images in your privacy policy.

    What does this mean ? How can I check and change the images in the Layout Directory and what this has to do with GDPR?

    Thanks Rob

  14. 21 days, 14 hours ago Andrew Misplon Hi, I Work Here

    Hi Rob

    Have you ever used Layouts in Page Builder and added a prebuilt layout? If not, there is nothing to attend to.

  15. 20 days, 9 hours ago Coleen

    Thank You! Great article.

    • 20 days, 2 hours ago Andrew Misplon Hi, I Work Here

      Glad it helped a little. All the best.

  16. 16 days, 19 hours ago Marc

    Heads up, everybody. The first warnings are sent to website owners because of google fonts.
    Reason is: they are already loading when you visit the site.
    I will host the fonts locally but I recommend everybody to test if any widget builds a connection to a Google server.
    @SiteOrigin: It would be great if you guys let us know if the themes are automatically connecting to google and how we can deactivate this

    cheers
    Marc

    • 16 days, 18 hours ago Andrew Misplon Hi, I Work Here

      Hi Marc, Vantage uses Helvetica Neue as its default font, no Google Fonts are loaded by the theme unless selected in the Customizer.

  17. 9 days, 23 hours ago AlexRC

    Thanks for the information. I’m going to use it right now.

  18. 6 days, 17 hours ago SLBen

    Site Origin may want to know. In their page link about GDPR they noted that “Google is complaint…” I guess you really meant Google is compliant. Just an FYI. Post: GDPR and SiteOrigin Products

    • 6 days, 15 hours ago Andrew Misplon Hi, I Work Here

      Thanks for letting us know. Will fix ASAP. Sorry for the hassle.

  19. 7 hours, 20 minutes ago drb

    Dear Alex,
    Can you please share on how to de-identify user data here, on SiteOrigin, please?
    Thank you kindly.

Get The Most Out of SiteOrigin with SiteOrigin Premium

Find Out More