ConvertedU Marketing Library Webinar Blog

Need help? You've come to the right place

What's New Getting Started Building Integrating Publishing

Leadpages and GDPR

General Data Protection Regulations (GDPR) is designed to hold organizations (like Leadpages & your business) more accountable for keeping personal data secure and outlines new procedures for how you collect data, store, and use data – as well as the rights individuals have to protect, access, and modify your data.

This new legislation applies to all people/ organizations/ businesses involved in processing personal data (names, email addresses, tracking, etc.) about individuals within the European Economic Area (EEA) within the context of selling goods and services – regardless of where in the world your business (and data) is based. The EEA states include the EU and Norway, Iceland, and Liechtenstein as well as (for now) the UK.

Your business is responsible for its own compliance. While we'd suggest speaking to a lawyer as to what GDPR compliance means for your own business, we acknowledge legal counsel isn't always readily available to our customers. Leadpages has implemented changes to make our product compliant and has answers below to some of your GDPR questions.

First things first, make sure to read our post on all things GDPR.

 

The fine print

  • We're not lawyers here at Leadpages and therefore we're not able to provide specific do's and don'ts for your company's compliance with GDPR. Instead, we're delivering broad best practices for online marketers. Your own legal counsel may instruct you more specifically in your compliance and implementation.
  • When informing your visitors of your privacy policy as well as what they are consenting to upon opting in to your forms, treat our placeholder text solely as an example and be sure to edit it to fit your business (i.e. types of communication they'll receive, frequency, etc.). Learn more →

Data Protection Agreement (DPA) for Customers

GDPR specifies that any Controller that is subject to GDPR will need to have a signed Data Processing Agreement with any third party that it shares data with where that third party is a Processor as defined under GDPR.

If you’re collecting any personal data (name, email address, etc.) from someone located in the EEA, you’re a controller. The organization/application that stores that data on your behalf (Leadpages, for example) is the processor.

Article 28 (3) of GDPR specifies that this contract should clearly define the nature, purposes, and duration of data processing, the types of personal data, any particular special categories of data and the obligations and rights of both parties.

Customers of Leadpages who are considered to be Controllers under the terms of GDPR should sign a DPA with Leadpages in advance of the May 25, 2018 compliance deadline.

Here's how to complete this process:

  1. View our pre-signed DPA: When you click the link below, you'll need to enter your name and email. When you click 'Begin Signing' you'll be taken to a DocuSign version of our DPA that has been pre-signed by the authorized Leadpages Data Protection Officer.
  2. Add your signature: After you have reviewed the document, add your signature electronically.
  3. Download and Save: Download a fully signed version of the DPA for your records.

Click here to get started!

Active-consent checkbox

Inside the Leadpages builder, marketers can easily start gaining consent from leads and subscribers located in the EEA with active-consent checkboxes (available in both the Legacy and Drag & Drop Builder). The checkbox displays next to a customizable compliance statement (such as “I consent to receive information about services and special offers via email”).

If you're looking to obtain and document that active consent was given, before implementing the Leadpages active-consent checkbox, consider creating a consent checkbox as a custom field within your email service provider (ESP). This custom field would need a compliance statement like the one above and cannot be pre-selected or required.

You use Drip? Life just got a little easier. If you have a Leadpages active-consent checkbox on a Drag & Drop Leadpage or Leadbox and are integrated with Drip, the results of that checkbox will be saved in Drip.

Learn more about how to add custom fields from your email service provider here. ↗

WARNING: If custom field checkboxes are not available to you or you are not using a third-party ESP, you can utilize the Leadpages active-consent checkbox. Consent data will not be passed to your ESP in this case (unless you're integrated with Drip) and will be saved in the .CSV file download for Drag & Drop Leadpages and Leadboxes. Here's how to download that .CSV file.

Adding the active-consent checkbox to a Drag & Drop form

  1. Hover over your form and click Edit Integrations.
  2. Switch to the tab "② FIELDS" on the left and click "Add a Field."
  3. Select the active-consent checkbox.
  4. Press Done and Update your page. 

Adding the active-consent checkbox to a Standard form

  1. Click your call-to-action button.
  2. Select the "Confirmation" field under Form fields.
  3. Press Okay and Save your page.

2018-05-11_11-31-08.gif

 

Frequently asked questions

Didn't you tell me to require the checkbox at one point?

We did. And just like you and the rest of our customers, we're continuing to learn more about the evolving nature of GDPR. Take a look a this.

What if I'm using Leaddigits?

If you're using Leaddigits to collect contact information and deliver content, you must clearly state all types of communications your subscriber will receive upon opt-in and provide specific information wherever the Leaddigit is advertised (on the web, in print, etc.). That is, before the subscriber has texted your Leaddigit.

For advertising Leaddigits, we recommend you review the industry standards based on your location. Below is an example of ad language:

  • Message and data rates may apply. {Message frequency}. {Types of communication}. Text HELP to ##### for help. Text STOP to ##### to cancel. For terms: {URL to SMS terms of service}. For privacy: {URL to privacy policy}

Keep in mind that your own web privacy policy must be GDPR compliant and should include a link to the Leadpages privacy policy.

How do I access the IP addresses of subscribers?

At this time, Leadpages does not provide the IP addresses of subscribers. Please note, if you're looking to identify the geographical location of your subscribers, it's best to set up a field on your form that asks for their location, as IP addresses are not the most accurate indicator for a subscribers residence. Furthermore, filtering by IP addresses when deciding who to send subsequent emails to could incorrectly include subscribers of a location not intended to be left out.

I can use double opt-in instead of checkboxes, right?

Not quite. Double opt-in is a function offered by most third-party email service providers (ESP) and enables marketers to send an email after a visitor has signed up, inviting the visitor to confirm his/her email address and consent to receive further email communications. Under the terms of the GDPR, double opt-in is generally not an acceptable means of obtaining active consent. Because exceptions to this rule do exist in certain cases, we recommend you first seek legal counsel to help craft the necessary compliance statements necessary to deploy double opt-ins.

Active-consent checkboxes are the recommended alternative.

Why can't your checkbox just talk to my email service provider (ESP)?

Many of our third-party ESP integrations have not yet updated their API in order for Leadpages to pull in GDPR-specific fields to be added to Leadpages forms and in turn submitted to that ESP. But, as indicated above, you're not out of options.

How do I get cookie consent from my visitors? 

Obtaining consent for tracking cookies is not a requirement of GDPR but rather the ePrivacy Directive. Cookie consent is a current topic for ePrivacy Regulation, likely to replace the Directive next year, requiring all browsers to regulate cookie consent rather than individual websites. However, being that many of you currently use third-party tracking code and analytics, our team is exploring options to build this functionality into our product in the future.

Are Leadpages certified with the Privacy Shield?

Leadpages will not be self-certifying with US Privacy Shield, but instead committing to the EU Standard Contractual Clauses (SCCs) in our Data Processing Agreement, which cover the EU's requirements for international data transfer. Since you're transferring data to Leadpages only for processing purposes, the contract will do.

Can I set up multiple checkboxes?

Some online marketers may be counseled by a legal team to have multiple consent checkboxes for each of the means of communication they'll be contacting their subscribers (i.e. email, phone, direct mail). We only have one active-consent checkbox within Leadpages, however, you may be able to set up multiple custom field checkboxes in your ESP and add those to your Leadpages form.

As always, our support team is standing by for any other questions you have!

(Updated September 27, 2018)


Please let us know if you have additional questions.

You can always file a support ticket if you have additional questions by clicking the Support button in your dashboard as shown here or clicking here to file a support ticket.

Was this article helpful?
Powered by Zendesk