General Data Protection Regulation (GDPR)
Please note that the information provided herein is for general informational purposes only and does not constitute legal advice; it has not been prepared with your specific circumstances in mind and therefore may not be suitable for use in your business. By relying on the information contained in this FAQ, you assume all risk and liability that may result.
What is Personal Data?
Personal data under GDPR includes any information about an identified or identifiable individual that you may collect directly or indirectly through your website. Some examples of personal data you might obtain directly are a person’s name, address, email address or username, such as through a contact form or blog comment. Personal data that may be transmitted indirectly includes things like a user’s IP address or the information stored in a browser cookie.
What Rights Do My Visitors Have?
The GDPR allows individuals in the EU greater control over their personal data and grants them a number of rights with regard to how that data is processed, stored and accessed. The section below covers the two situations that you, as a website owner, are most likely to see, but you should also carefully review the full list of data subject rights here: https://gdpr-info.eu/chapter-3/
The right to be forgotten: A person can request to be ‘forgotten’; that is, to have all of their personal data removed from your possession. If you are asked to do this, you will need to remove any personal data you have collected from the requester. You will also need to contact any third parties, such as Weebly, that process personal data on your behalf. To ensure that any personal data in Weebly’s possession can be removed in a timely manner, you can relay any request to be ‘forgotten’ to us by submitting a request at help.weebly.com.
Data portability: Under GDPR, an individual located in the EU may request that you send them any personal data in your possession. In this case, you would need to provide the requester with any personal data that you have in a commonly used, machine-readable format. You would also need to contact Weebly at help.weebly.com to obtain any personal data stored on our end.
Access: Any data subject can ask the controller of their information to confirm how and where their personal data is being stored and processed. The data subject also has a right to know how that data is shared with third parties.
Rectification: The data subject shall have the right to obtain from the controller without undue delay the rectification of inaccurate personal data concerning him or her.
If a user approaches you with a request to avail themselves of any of the rights mentioned above, please note that you have 30 days to do so. You can contact Weebly at hc.weebly.com and email or chat with our agents about your responsibilities and how we can help.
How Can My Website or Online Store Be GDPR Compliant?
Apart from promptly responding to requests from EU data subjects as described above, there are things you can and should do to help ensure compliance. Here are some suggestions to get you started:
Inform your visitors and get their consent. Whenever you need to collect data from a user, make sure to clearly state, among other things, why you need it, what you plan to use the data for, whether it may be shared and with whom, and the lawful basis on which you are relying to collect such data. For example, if you have a newsletter or mailing list, make sure that the purpose of your sign up form is very obvious so they know what they are signing up for.
Evaluate third-party apps and vendors for compliance. If you are using any third-party services to gather or process customer data, you will need to check with those companies to verify they are GDPR compliant and will assist you with, among other things, users’ data removal and portability requests.