Support » Plugin: MC4WP: Mailchimp for WordPress » GDPR Compliance

  • Resolved kwebdesign

    (@kwebdesign)


    I’m currently working through a list of plugins that we use, trying to establish the following.

    1. What cookie files (inc. local storage etc) containing personal data are being set by the plugin?
    2. Do any settings need to be changed within the plugin, to make it GDPR Compliant?
    3. Are we adding all the relevant information in relation to the plugin, to our websites privacy policy?

    I’ve found this very useful article that you’ve written…
    https://kb.mc4wp.com/gdpr-compliance/

    It’s my understanding that…

    Cookies

    Mailchimp for WordPress plugin doesn’t set any cookie files (inc. local storage etc) containing personal data, unless you are using the Premium Feature of E-Commerce integration. Details provided here… https://kb.mc4wp.com/cookie-overview/

    I’m slightly concerned by the section that says “Make sure your Cookie Statement describes any cookies or tracking technologies you might use.
    If you’re not sure, Mailchimp’s Cookie Statement includes a section called Cookies served through the Services that describes technology you (or your website) might use, depending on the features you use through Mailchimp.”
    This has been taken from https://mailchimp.com/help/gdpr-faq/
    It points you towards… https://mailchimp.com/legal/cookies/
    I’m assuming these cookies generally only effect use of the MailChimp website.
    They would only effect my website, if I embedded one of their forms into my website and because I’m not doing this and using the Mailchimp for WordPress plugin instead, I just need to follow your guidelines on Cookie information.

    Settings

    Always ask for explicit consent to transfer data to MailChimp, by using the recommended options under “MailChimp for WordPress > Integrations” and not pre-checking any of the sign up checkboxes.

    Although it’s not essential, it’s highly recommended that you enable double opt-in so you have additional evidence of consent.

    Inform users that data is being transferred to MailChimp, as detailed on this page… https://kb.mc4wp.com/gdpr-compliance/

    Privacy Policy

    There’s no information that needs to be included in our websites privacy policy, in relation to the Mailchimp for WordPress plugin, apart from a one liner saying “We use Mailchimp to store information.”

    I’ve come to this conclusion, based on no Privacy Information provided in the article provided by yourselves, but a line within the article from MailChimp that says “Update your website’s privacy statement or policy to state you use Mailchimp to store information.” https://mailchimp.com/help/gdpr-faq/

    Additional Information

    From the article you’ve provided, I’ve also learned that we should be signing a Data Processing Agreement with MailChimp.
    A sample can be found here… https://eep.io/assets/yzco4xsimv0y/3nCyJIzUaQg6MOqgSimCMC/f195ea5f9a7ee2e876d06bb10778b857/2018_12_19_MC_SAMPLE_DPA.pdf
    More details on how you can sign a DPA with MailChimp can be found here… https://mailchimp.com/help/gdpr-faq/

    The MailChimp GDPR page at https://mailchimp.com/help/gdpr-faq/ also provides useful information on how to prove consent.
    It recommends two-factor authentication on your MailChimp account.
    It explains how to get consent from existing contacts, despite the new regulations already being in place.

    Please, could you let me know if it appears I’ve missed anything important?

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Danny van Kooten

    (@dvankooten)

    Hi @kwebdesign,

    Sorry for the terribly late reply, but I think that is about right. To summarise:

    – Ask your visitors for consent before sending their data to Mailchimp. A “agree to terms” checkbox in your sign-up form is a good choice for this.
    – Use double opt-in.
    – Don’t precheck any of the sign-up checkboxes because it needs to be an active opt-in.
    – State that you use Mailchimp in your privacy policy (and link to their terms & agreements)
    – Sign Mailchimp’s data processing agreement
    – No cookies are being set by our plugin and thus no cookies are being set by your site if you use our sign-up forms or sign-up checkboxes.

    No problem with the delay and thanks for your response.

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘GDPR Compliance’ is closed to new replies.