Home>Blog>GDPR and SiteOrigin Products

GDPR and SiteOrigin Products

General Data Protection Regulation (GDPR) is European Union law on data protection and privacy for all individuals within the European Union. It addresses the export of personal data outside the EU. We’ve assembled a brief guide on what sort of information you might need to add to your privacy policy to comply with GDPR when using SiteOrigin themes and plugins.

Disclaimer: this post is by no means legal advice. If unsure, please seek professional consultation.

What is GDPR?

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU).

Read the full definition on Wikipedia.

Does GDPR Affect Me and My Website?

If your company is based in the European Union (EU), or you do business with EU citizens, the GDPR does affect you and your website so you need to comply. With that said, it would be a good idea comply with the regulations regardless, as it’s possible countries outside of the EU will implement similar legislation in the future.

SiteOrigin CSS Plugin and SiteOrigin Themes

Good News! SiteOrigin CSS and SiteOrigin themes comply with the GDPR as none of them collect, store or transmit any user information. However, if you’re making use of Google Fonts in SiteOrigin CSS or SiteOrigin themes, you’ll need to make a note of this in your privacy policy. Google is GDPR compliant, find out more.

(Google Fonts can only be added from within SiteOrigin CSS using the Web Font Selector in SiteOrigin Premium.)

SiteOrigin Page Builder: Layouts Directory

The only GDPR concern in SiteOrigin Page Builder is the Layouts Directory. By default, all images in prebuilt layouts are hosted on layouts.siteorigin.com. We recommend changing these images as soon as possible. If you decide not to, you’ll need to make mention of these images in your privacy policy.

SiteOrigin Widgets Bundle

Certain widgets include Google Fonts if you decide to use any of those fonts you’ll need to mention that in your privacy policy. Google is GDPR compliant, find out more.

SiteOrigin Contact Form Widget

While the SiteOrigin Contact Form widget doesn’t store data, it does handle user submitted data. As such, it’s a good idea to ask for consent before transmitting this data.

To ask for consent, add a checkbox to your contact form and use the following values:

Field Type: Checkboxes
Required Field: Required (This field must be required)
Add an Option and set the Value to:
Please tick to consent to your data being stored temporarily, as per our privacy policy.

If you choose to Log IP Address, you’ll need to mention this in your privacy policy. Logging the user’s IP Address simply includes the IP in the email, you’ll need to mention that it’s included, but not stored anywhere.

If you’re using SiteOrigin Premium, the Contact From plugin addon allows you to add autoresponder functionality to email the user on form submission. If you use this functionality you’ll need to mention this in your privacy policy alongside your contact form information.

SiteOrigin Google Maps Widget

If you use the SiteOrigin Google Maps widget, you’ll need to mention that you use Google Maps in your privacy policy and that while you don’t personally collect this data, Google may. Google is GDPR compliant, find out more.

SiteOrigin Video Player

If you embed any external video, such as from YouTube or Vimeo, you’ll need to mention this in your privacy policy. Be sure to check if the video you’re embedding is hosted on a service that is GDPR compliant.

Summary

Hopefully, this gives you a better idea of what GDPR is and how SiteOrigin themes and plugins might influence the creation of your website’s data management and privacy policy.

If you have any questions or concerns, please feel free to leave a comment.

Leave a Reply

Your email address will not be published. Required fields are marked *

Comments

  1. 5 months, 1 day ago Rebecca Westaway

    Hello, please expand further on the issue of layouts directory and which images you refer to – those uploaded by our company or default images supplied by your company.
    Many thanks,
    Rebecca

    • 5 months, 1 day ago Alex S Hi, I Work Here

      Hi Rebecca,

      All images included with the prebuilt layouts in layout directory are hosted on layouts.siteorigin.com. If you’re not too sure which images you’ve adjusted, I would open the Layouts Directory once again and preview the layout you previously imported. Compare the images to your current layout and any image that’s the same for both layouts is hosted on layouts.siteorigin.com.

  2. 5 months, 1 day ago Sro

    The most good and informed article i get. So simple and clarify about GDPR. Good work guys.

    • 5 months, 1 day ago Andrew Misplon Hi, I Work Here

      Hi Sro

      Glad that helped. All the best :)

  3. 5 months, 1 day ago R Parker

    I am a little unclear which SiteOrigin widgets use Google fonts. Please could you list them so that I may include a refernce to them in my privacy notice if I need to.

    • 5 months, 1 day ago Andrew Misplon Hi, I Work Here

      Hi R

      Thanks for posting.

      We could do that but you might not have selected a Google Font from the relevant font setting. Any SiteOrigin widget that a font drop-down setting will offer Google Fonts on that list. If you have a sample page or two you’d like to me take a look at, I’d be happy to do so and let you know if there are Google Fonts being used.

  4. 5 months, 1 day ago Marc

    Hi Guys
    thanks for the info.
    What about Google fonts options in your themes?

    • 5 months, 1 day ago Andrew Misplon Hi, I Work Here

      Hi Marc

      Thanks for reaching out.

      We’ll update that section tomorrow, thanks for the heads up. The advice would be the same as for any widgets making use of Google Fonts, if you decide to use any of those fonts you’ll need to mention that in your privacy policy.

      Hope that helps.

  5. 5 months, 1 day ago Claudia

    Thanks for these infos, specially for the contact form. Seems to be one of the most sensitive cases. I was about to skip the form or to switch to contact form 7, because I read they already implemented a secure way. Will give your solution a further look, and hopefully, can stay with the so-widget.

    • 5 months, 1 day ago Alex S Hi, I Work Here

      Hi Claudia,

      Great to hear! :)
      Let me know if you have any questions about setting up the contact form in this manner, or run into any issues.

  6. 5 months, 22 hours ago Franziska

    Hi, thanks a lot for all the information.
    Do you have some kind of a statement that you are not collecting any data (as above) we can print for our gdpr documentation?
    Best
    Franziska

    • 5 months, 22 hours ago Andrew Misplon Hi, I Work Here

      Hi Franziska

      Thanks for your question. Unfortunately, we don’t at this time. SiteOrigin isn’t collecting any user data from within the plugin.

      • 5 months, 19 hours ago Andrew Misplon Hi, I Work Here

        I’ll let you know as soon as we have a document to print this week.

  7. 5 months, 14 hours ago Michelle Edwards

    Thanks so much for this! Definitely above and beyond… I’ve made the necessary changes and feel much more prepared for this change. Awesome Support! ~Michelle

    • 5 months, 14 hours ago Andrew Misplon Hi, I Work Here

      Super :) Glad to hear you’ve been making progress getting ready.

  8. 5 months, 1 hour ago Oleksandr

    I dont understand this at all!
    Can you explain step by step WHAT I MUST DO with images?

    • 5 months, 1 hour ago Andrew Misplon Hi, I Work Here

      Hi. Have you ever used pre-built layouts from the Layouts Directory in Page Builder? If so, did you change all the images? If you did then nothing needs to be done with regards to images.

  9. 5 months, 46 minutes ago Gerhard Berger

    Hello, the SiteOrigin Google Maps Widget isn’t clarify about GDPR, because the Google Maps API loads everytime. Also when I deactivate the SiteOrigin Google Maps Widget.
    The right way is to load the api on demand. From tommorow, this is not GDPR Compliant.
    Do you have an urgent fix?
    Regards, Gerd

    • 5 months, 29 minutes ago Andrew Misplon Hi, I Work Here

      Hi Gerd, we’re only loading the API as it’s being used. If the Maps widget is not present, the API JavaScript doesn’t output. It doesn’t load every time. It sounds like you might have something else using the API. One way to confirm would be to test with a default theme like Twenty Sixteen and only SiteOrigin plugins activated.

      • 5 months, 9 minutes ago Gerhard Berger

        Hi Andrew, I dont know the problem. But for tommorow, could you give me a help, how I can temporary deregister the google maps widget in SO until I have a solution? The solution from atheme Sydney dont work:
        function sydney_pro_child_remove_googlemap_api() {

        wp_dequeue_style( ‘sydney-gmaps-api’ );

        }
        add_action( ‘wp_enqueue_scripts’, ‘sydney_pro_child_remove_googlemap_api’, 999 );

        Website source code –> is not removed. Also when I deactivate the SiteOrigin Google Maps Widget. It seems, the Website source code printed wrong.

        • 4 months, 30 days ago Andrew Misplon Hi, I Work Here

          Thanks for your feedback. Unfortunately, the widget mentioned above isn’t a SiteOrigin widget, it’s an aThemes widget. aThemes will need to assist. Sorry, wish we could help but we can only assist with products we’ve coded, products we maintain and have control over.

          • 4 months, 30 days ago Andrew Misplon Hi, I Work Here

            `wp_dequeue_style` looks wrong, my guess is that should be `wp_dequeue_script`. Let us know if aThemes aren’t able to resolve.

            If you’re using SiteOrigin Premium you can also reach out to us on email ([email protected]). Thanks.

  10. 5 months, 21 minutes ago Norbert Schaub

    It,s ok with me

    • 5 months, 20 minutes ago Andrew Misplon Hi, I Work Here

      Hi Norbert, glad to hear all is well :)

  11. 4 months, 30 days ago Marcus

    Currently, Google Fonts ARE NOT compliant to the GDPR.
    At least that’s what German lawyers say all over the web.

    A workaround would be to implement the fonts locally.
    Can you provide a guide for site origin themes like Vantage?

    cheers
    Marc

    • 4 months, 30 days ago Andrew Misplon Hi, I Work Here

      Hey Marc

      You’d head over to the Customizer > Theme Design in the case of Vantage and switch over any of the websafe fonts on offer.

      If you’d like to self-host fonts, please see https://crunchify.com/wordpress-google-fonts-load-locally/.

      There is a large amount of conjecture over Google Fonts at the moment. For every thread claiming there is an issue, I can source another reputable thread that introduces evidence that they aren’t.

      The Google fonts API collects a very limited set of information and uses it only for serving the font to your site. You can read more about the data Google collects, stores, and uses in connection with Google fonts here: https://developers.google.com/fonts/faq.

      For the time being, given the rules presented as they are, we’re happy to proceed with Google Fonts in conjunction with a privacy policy reference. In the event you aren’t, a websafe font or self-hosting fonts is the way to go.

  12. 4 months, 28 days ago Eric1980

    Hi i have two quistions. If I use the page builder plugin from site origing with the gpdr am I correct that when I use images without the pagebuilder and use the image on a palace where I don ‘t use the page builder. That this image Will not be seen on your site.

    2 Do you see data when People react on wordpress om a massage page or writting a testimonial.
    Eric

    • 4 months, 28 days ago Andrew Misplon Hi, I Work Here

      Hi Eric

      1. Sorry, I’m not quite following your question.
      Whether your images are inside Page Builder or outside Page Builder, as long as they are hosted in your own WordPress Media Library, there is no concern.

      2. What form are you using? The SiteOrigin Contact Form, for example, doesn’t store user submissions.

  13. 4 months, 26 days ago Rob van der Walle

    Hi,

    What is GDPR:

    SiteOrigin Page Builder: Layouts Directory

    The only GDPR concern in SiteOrigin Page Builder is the Layouts Directory. By default, all images in prebuilt layouts are hosted on layouts.siteorigin.com. We recommend changing these images as soon as possible. If you decide not to, you’ll need to make mention of these images in your privacy policy.

    What does this mean ? How can I check and change the images in the Layout Directory and what this has to do with GDPR?

    Thanks Rob

  14. 4 months, 26 days ago Andrew Misplon Hi, I Work Here

    Hi Rob

    Have you ever used Layouts in Page Builder and added a prebuilt layout? If not, there is nothing to attend to.

  15. 4 months, 25 days ago Coleen

    Thank You! Great article.

    • 4 months, 25 days ago Andrew Misplon Hi, I Work Here

      Glad it helped a little. All the best.

  16. 4 months, 21 days ago Marc

    Heads up, everybody. The first warnings are sent to website owners because of google fonts.
    Reason is: they are already loading when you visit the site.
    I will host the fonts locally but I recommend everybody to test if any widget builds a connection to a Google server.
    @SiteOrigin: It would be great if you guys let us know if the themes are automatically connecting to google and how we can deactivate this

    cheers
    Marc

    • 4 months, 21 days ago Andrew Misplon Hi, I Work Here

      Hi Marc, Vantage uses Helvetica Neue as its default font, no Google Fonts are loaded by the theme unless selected in the Customizer.

  17. 4 months, 14 days ago AlexRC

    Thanks for the information. I’m going to use it right now.

  18. 4 months, 11 days ago SLBen

    Site Origin may want to know. In their page link about GDPR they noted that “Google is complaint…” I guess you really meant Google is compliant. Just an FYI. Post: GDPR and SiteOrigin Products

    • 4 months, 11 days ago Andrew Misplon Hi, I Work Here

      Thanks for letting us know. Will fix ASAP. Sorry for the hassle.

  19. 4 months, 5 days ago drb

    Dear Alex,
    Can you please share on how to de-identify user data here, on SiteOrigin, please?
    Thank you kindly.

    • 4 months, 4 days ago Alex S Hi, I Work Here

      Hi drb,

      We currently process requests manually. Can you please email [email protected] with the subject of GDPR – Deidentity.
      We’re working on an automated system that will allow for this.

  20. 2 months, 1 day ago Frank S

    Thanks for your valuable informations on GDPR compliance.
    My question regards to a method for the SO-theme Vantage to prevent access to the google-font-server and use local google fonts instead. Other themes use a function like “wp_enqueue_style( ‘google-fonts’, ‘//fonts.googleapis.com/..” for that in the functions.php. Deleting the enqueuing-funtion and local saved google-fonts could be used when the style.css is supplemented accordingly. Can’t find any wp-enque-style(‘google-fonts’-function in the functions.php of your theme. Any solution for that?.

    Background: As one of the former users stated out, access to google-servers including IP-transmission might be critical in Germany.

    Thanks for the help in advande.

    • 2 months, 1 day ago Alex S Hi, I Work Here

      Hi Frank,

      There’s no direct way, at this time, to dequeue Google Fonts in Vantage. These fonts are only enqueued if you select them so to ensure they aren’t output, navigate to WP Admin > Appearance > Customize, Theme Design > Fonts and ensure no Google Fonts are selected – I would set the fonts to Arial.

      • 2 months, 8 hours ago Frank S

        Thanks Alex for your answer.
        It’s a pity that dequeueing is not supported. With sytem-fonts, the optics of the pages are considerably reduced. I am convinced that many users of SO-themes in Germany would be very interested in a solution for local google fonts. Would be glad if this could be tackled by SO. Many Thanks

        • 2 months, 4 minutes ago Andrew Misplon Hi, I Work Here

          Hi Frank

          Do you have your self-hosted Google Font setup yet? All that’s missing once that’s done is to add Custom CSS to get the font to be used. If you’d like a hand with that, please post a thread on the forum, let us know once that’s done and we’ll lend a hand. https://siteorigin.com/thread. Basically, that’s what you’re asking for. When you select a font in the Customizer, CSS is output in the head to ensure that font is used, that can easily be done with Custom CSS.

          • 1 month, 30 days ago Frank S

            Thank you Andrew for your answer.

            Ýes, I have my self-hosted Google Setup and I have added related CSS-code in the styles.css of the theme. Also checked thisout with custom-css code. Nevertheless, the google-font server is still called when I load the site. Should be my mistake. I’ll spend some time in error finding and, if that doesn’t help, I’ll post my problem in thread as recommended.
            Thx again for your helpful reply.
            Regards
            Frank

        • 1 month, 30 days ago Andrew Misplon Hi, I Work Here

          Thanks for the update. Happy to take a look. Please, let me know when you’ve opened a thread on the forum, please include a link and we’ll help you get this problem resolved ASAP.

          • 1 month, 30 days ago Frank S

            Hi Andrew, o.k., I’ll let you know when a new thread regarding this problem is opened.

            THANK YOU AND YOUR TEAM!
            That is what service should be, HELPFUL!!!
            Very welcome, keep it up :)

            Frank

          • 1 month, 30 days ago Andrew Misplon Hi, I Work Here

            For sure :) Chat then.

  21. 9 days, 12 hours ago Glen

    Hi guys, I am using Vantage theme, and wondering how I get a GDPR check box on the default blog post page comment area. I thought it was a requirement for GDPR compliance to have this on all comments for blog posts, but I can’t find any settings for this in the Vantage theme? Love this theme, and would appreciate your help, thanks and have a great day! Keep up the great work!

    • 8 days, 22 hours ago Andrew Misplon Hi, I Work Here

      Hi Glen. Thanks for reaching out. Head over to Settings > Discussion and ensure that the setting labeled: Show comments cookies opt-in checkbox. is enabled. Hope that helps :)

Get The Most Out of SiteOrigin with SiteOrigin Premium

Find Out More