GDPR compliance? (And not just cookies)

  • Hi there,

    being in Europe, I’m trying to understand what I have to put into the privacy policy on sites where I use your plugin. GDPR compliance, you know ??

    You already provided some information about cookies, but what I still need to understand if your plugin sends any kind of data to you (or other external services) to perform it’s job.
    E.g. Spam detection is often done by sending ip addresses, user names and comment contents to some cloud service which will analyze it to decide if it’s spam or not.

    I checked your privacy policy on your web site, but that’s not really talking about stuff the plugin does.

    So, does you plugin transfer data to you or someone else?
    If yes, what data is transfered to whom and for what purpose?

    Thanks a lot for your answer!

    Christian Toller
    https://tethis-it.at

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author gioni

    (@gioni)

    Hi!

    We develop and maintain our cloud-based database of offensive IP addresses that are involved in malicious activities and known to disseminate spam. WP Cerber operates with IP addresses only; no other personal (sensitive) data is collected or processed because it’s not necessary and we take our reputation very seriously. Here is what is processed depending on the version of WP Cerber:

    1. The free version: doesn’t send anything unless “Send malicious IP addresses to the Cerber Lab” is enabled. If it’s enabled, sends an IP address once the address has been blocked (see the Lockout tab).
    2. The professional version: the same as the free one plus if a visitor tries to submit something or to get access to a critical service on the website, it sends the IP address of the visitor to our cloud to check the IP address against our database.

    If anything is unclear, please let me know.

    See also: https://wpcerber.com/wordpress/gdpr/

    Thread Starter chtoller

    (@chtoller)

    Thanks Gioni, that answer helps.

    Please understand that I would like to use your plugin for the websites im responsible for, but can only do that if I’m certain that it’s GDPR compliant.

    From the GDPR standpoint you said that we send the IP address of our visitors to a recipient outside Europe (you) with the purpose to identify malicious break-in attempts.
    At least if that option is enabled.

    As a European company under GDPR we are allowed to hand over personal data (like IP adresses) to third parties in the US if we
    – inform our visitors about that fact
    – are legally allowed to do so
    – the US company is member of the privacy shield

    The last two points may be problematic. You are not part of privacy shield, right?
    And the data transfer would only be allowed if you confirm (in your privacy policy), that you don’t do anything else with the collected data. Especially you shouldn’t use analyze or even sell the data. But I didn’t find information about the IP address collection in your privacy policy.

    Again, I don’t think you are doing anything wrong, I like your piugin. I’m just being careful.

    For now I will use the free version with “send malicious IP addresses to Cerber” disabled. Then we should be fine.

    Otherwise I’ll hope that you become member of the privacy shield and update your privacy policy to contain information about the IP address collection.

    Thanks,

    Christian

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘GDPR compliance? (And not just cookies)’ is closed to new replies.

Tags