Any type of eCommerce wordpress solution is naturally strongly affected by the RGPD, as this sales data, personal information, user account data and integrations with third-party payment publishers. 7.2 To the extent necessary by legislation and/or regulation, the subcontractor supports the notification of the relevant authorities and/or persons concerned. 1. Description of data processing on behalf of the processing manager 4.3 The processing manager ensures that the content and use of personal data and the instruction to process it within the meaning of this Agreement are not unlawful and do not infringe the rights of third parties. We have always tried to collect the minimum amount of data that is needed. For example, if you sign up for WordPress.com, we ask you for limited information to set up your account WordPress.com. We need an email address and a username, that`s all. If you buy a paid plan, we need additional information to process your payment. You can add more information about your public profile and account settings, but we don`t ask that you provide us with any other personal information to put your account into service. The same principle applies to all of our products and services. The new regulations on the RGPD are supposed to protect the rights of EU citizens, but they have essentially an impact on everyone on the internet. That`s right, everybody! This is independent of where a business is created or where its online activities take place.
When your website processes or collects data from EU citizens, you must comply with the RGPD rules. The good part is that if you use WordPress plugins like WPForms, Gravity Forms, Ninja Forms, Contact Form 7, etc., you don`t need a data processing agreement, because these plugins don`t store your form entries on their website. Your form entries are stored in your WordPress database. If you use a contact form in WordPress, you may need to add additional transparency measures, especially if you store the form entries or use the data for marketing purposes. Explicit consent – If you collect personal data from an EU citizen, you must obtain explicit and unequivocal consent. In other words, you can`t just send unwanted emails to people who have given you your business card or who have filled out your contact form because they don`t sign up for your marketing newsletter (i.e. you shouldn`t do it anyway). To comply with the EU`s General Data Protection Regulation (GDPR), our EU customers must sign our data processing agreement (“DPA”) and standard contractual clauses to determine the respective responsibilities between the defiant client (as data manager) and the Defiant himself (as a data processor). If the RGPD applies to you, please download the DPA and standard contractual clauses, sign them and email email@example.com.