SAA IT TESTING

Quality Assurance

 

 

“Our aim is to help you improve the quality of your customer’s experience and increase the visibility of your business, by providing expert advice and offering a range of affordable solutions and services”.

let’s talk

 

Continuing the Cookie Compliance Story

Planning Cookie Compliance
 

Having previously written a couple of blogs which focused on Website Legalities for the small business owner, there are still a few questions that need to be answered. And in recent reviews of a couple of Wix websites, one of these questions is ‘How can I make my Wix Website cookie compliant?’ 

Intuitive

I’ll try and answer the Wix question and provide a little more background to it. Both of my clients’ websites were built using Wix ADI. This is a very simple website template which allows the non-technical business owner to design and manage their own website. And I admit, when I was updating their sites, it was very intuitive and easy to use. 

One of the issues highlighted in my website review report, that impacted both sites, was that they were not GDPR-compliant. (GDPR stands for General Data Protection Regulation). Apart from some missing mandatory business and activity details, there was no Cookie and Privacy Policy information. This might not sound very important, but if you own and publish a business website, or even a personal blog, then you have to adhere to EU regulations. The GDPR regulations are there to inform, and protect everyone’s personal data. The use, and misuse, of cookies on websites has always been contentious because some companies argue that the use of cookies helps improve the customer experience. This is true in some cases. When you visit a new website and accept the cookies, it means it is easier for you to log in next time you visit the same site. 

Sharing Data

The downside to that, is that to make the customer experience more personal you have to supply the website with certain personal and financial data. That is not to everybody’s liking, and certainly not mine. There have been instances where personal data has been shared to third parties, and people subsequently bombarded with spam and marketing emails. In some severe cases fraudulent payment transactions have occurred. And all this is from companies they have had no previous contact with. 

Marketing Purposes

So what does all this have to do with Wix and cookie compliance then? To protect personal data all websites have to inform their visitors about the cookies generated by their website, or by links to and from their website, for example to social media pages, and for analytical purposes. Some cookies are essential, others are non-essential and for marketing purposes.

If you want to quickly check how many cookies your website uses go to your browser and type in your website url. Click on the security padlock and you will see some site specific data displayed, including the number of cookies used by your site. 

CookieBot Report

One of the tools I use during my website reviews that specifically checks for cookie compliance is CookieBot. Simple to use, no sign-up and in less than an hour you receive an email containing a summary of your website’s cookie compliance and a report on the types of cookies being used on your website. 

If you are not compliant it will tell you the reasons why. In most instances it is because your site does not give the visitor options to accept, reject or manage the cookies. This is where your Cookie Banner comes in. 

cookie compliance cookiebot feedback

Wix Cookie Plug-in

So the two sites I reviewed that were on Wix did not display a cookie banner. For my business website I use WordPress and there are multiple free applications, or plug-ins that you can add which generate a GDPR-compliant cookie banner. I actually use the CookieBot plug-in because it’s free and has great reviews. I assumed that Wix would have a similar app and checked their support pages for Cookie Compliance information. 

Surprisingly, although they have quite comprehensive information about preparing your Wix site for GDPR, unfortunately, the only Cookie banner add-on available is the Cookie Alert Pop-Up app.  Unfortunately? Yes indeed. The average review rating for this ‘Wix-recommended’ app is 1.7 out of 5. And the reviews are appalling.

CookieBot to the rescue (again!)

Trawled the internet to find out how to resolve this, because I did not want my clients at risk of being fined for non-compliance. I couldn’t find a solution, but to cut a long story short, Emma Lawrence from Languedoc121techcame back with the answer! 

CookieBot can be installed on your Wix site. Hurrah! But not on the Wix ADI version. Booo!

You have to switch to ‘Editor’ version, because to configure the cookie banner correctly you need to manually add in lines of code, and you cannot do this in Wix ADI. If you are not technical then do not try this at home.

Although the instructions are clear it is not something I would recommend anyone attempts if they are not tech-savvy. When I realised that I needed to switch to Editor version I had to ask my client’s permission. One client does not want to switch because she has only just mastered the ADI. So I have had to point out the risks and she accepts all responsibility. The other client accepted and the CookieBot plug-in has been successfully installed. Phew…

If when you check your Wix website you find it isn’t compliant do not load the Wix Cookie Alert. It is not EU compliant, and it cannot be uninstalled. Ask for help in installing a third party plug-in such as CookieBot. Preferably ask an experienced, professional web designer, such as Emma from Languedoc121tech.

Finally

So, along with my previous blog posts, with this one you should now have all the information at your finger tips to make your business website cookie compliant .

Fan-blooming-tastic!

And you have remembered to create and display your Cookie and Privacy Policy?

I hope this has helped. Yes, it’s long-winded, but I wanted to provide as much information as possible, but make it easy to read and understand. If I have missed anything, please let me know. Thank you for taking the time to read it.

Shirley Atkinson

Feel free to share – Sharing is Caring 

Location

Shirley Atkinson

SAA IT Test Consultant

79120, Sainte Soline, France

SIRET – 835 373 515 00013

©2020 SAA-IT-Test.com

Contact

Need additional assistance? Please contact us:

saa.it.testing@gmail.com

FR: +33 (0)7 83 16 61 11

UK: +44 (0)7940 435970

Hours

Mon: 10:00 AM – 4:30 PM
Tue: 10:00 AM – 4:30 PM
Wed: 10:00 AM – 12:00 PM
Thu: 10:00 AM – 4:30 PM
Fri: 10:00 AM – 12:00 PM
Sat: Closed
Sun: Closed

 

Macarons are so much nicer than cookies

colourful cascade or macarons

 

Chocolate-chip anyone?

I’m not being totally disrespectful to cookies. There are some nice ones, but living in France I have now acquired a taste for macarons. The colours, the different flavours… Hmm, I’m going a bit off track here, because I should really be talking about browser cookies, and even they’re not all bad. 

Following my article about Website Legalities and business websites having to display a cookie notice, I had a couple of questions from worried website owners. Personal Blog owners too should take heed because you also have to comply with the privacy laws. 

What are browser cookies?

They’re not particularly dangerous and they can’t be used to steal your personal data. In fact browser cookies are generally harmless.

They store login details and other little bits of information on your computer from the different websites you have visited.

The information can only be read by the website that made the cookie, and it can only store details that you have given it. It can’t be used to get any other personal data from your computer.

 

How does Amazon know what I’m looking for?

Well, let’s use Amazon as an example. When you log into your Amazon account it stores the details you entered and shows you everything related to your account. The Amazon website also stores a cookie on your device that tells them what items you viewed last time you were there. So it’s only reading and sharing with you the information you gave it before.

In theory, a website could store your credit card as a cookie, because you gave it that information. But only the website where it’s stored can read it. Therefore the only real ‘danger’ is if someone physically has access to your computer because they can read the info. To be on safe side though, you should only provide personal and financial data to websites that you trust 100%.

Is a cookie a virus?

No, cookies are NOT viruses and no, you cannot catch coronavirus online either. (Believe me, I have seen that asked in one of the browser forums). Cookies are just simple text files. They can’t make copies of themselves and spread to other networks so they cannot be defined as a virus. They could be used as a form of spyware though because they store information about browsing history. That’s why a lot of anti-spyware products regularly flag cookies up for deletion. 

Responsible web developers

Now we’re getting down to the privacy issues side of things. Responsible web developers will provide clear descriptions of how cookies are used on their site. There are different types of browser cookies, some are necessary and useful and can’t be refused, others such as third-party cookies usually get created if you frequent websites that display adverts from another website. Again these are not really bad cookies, because they help advertisers keep track of how many people are seeing their ads and whether a particular ad campaign is effective. Cookies can also limit the number of times as advert is shown and display ads in a particular order.

Privacy Laws

The legislation about using cookies for storing information came into force in May 2011.

All new and existing business websites SAA I.T. Tst Consultant Privacy Policy have to be compliant. And it’s not all the responsibility of your web hosting service. They can provide cookie data about their website but not yours, especially if you add links to other websites.

There are sites such as CookieBot which can analyse and report back on the cookies it finds on your website and tell you how intrusive they are. Then you have to decide how you use that information and the best way to obtain a user’s consent.

 

As a responsible business website owner you must:

  • inform users of the purpose of cookies,
  • obtain their consent,
  • provide users with a way to refuse them.

And if users do give their consent it is only legally for a period of 13 months maximum.

Details of the types of cookies used on your website should be included in your Privacy Policy or a separate cookie policy prominently displayed on your website, and a link in your Cookie Notice. 

There are a number of WordPress plugins for cookie notices and plenty of websites out there offering to scan your site, continue to monitor it and provide bespoke cookie policies. Check out CookieBot and Termly.io

All this talk about cookies has got me thinking about macarons again. I’m gutted that the lock-down stopped me from attending a macaron baking workshop with Keith at Jambon de Printemps last month. But I’ll be the first to sign up for the class when everything gets back to normal.

Stay Safe. 

 

 

Location

Shirley Atkinson

SAA IT Test Consultant

79120, Sainte Soline, France

SIRET – 835 373 515 00013

©2020 SAA-IT-Test.com

Contact

Need some help? Please contact us:

saa.it.testing@gmail.com

FR: +33 (0)7 83 16 61 11

UK: +44 (0)7940 435970

Hours

Mon: 10:00 AM – 4:30 PM
Tue: 10:00 AM – 4:30 PM
Wed: 10:00 AM – 12:00 PM
Thu: 10:00 AM – 4:30 PM
Fri: 10:00 AM – 12:00 PM
Sat: Closed
Sun: Closed

Website Legalities Updated 

Do you remember my last article on Website Legalities? It covered the privacy laws relating to Cookies and Privacy Policies and the mandatory details you have to display on your business website. If that was a lot to take in, well sadly for the individual entrepreneur there is a lot more you need to know.

Mandatory Details

As an individual entrepreneur, as well as the Cookies and Privacy policy, you have to display personal details that identify you, and the type of activity you carry out. 

Identification

For all activity types – Commercial, Craft and Regulated – your business website must display the following mandatory identity details: 

  • Name and Surname
  • Home Address
  • Telephone Number and Email Address
  • Name of the Director, and name of any co-director or editor if there is one
  • Name, company address and phone number of your business  website host. 

Activity

Additionally, for the type of activity you are registered to carry out, you must display the following mandatory Activity information:

Commercial

  • Registration number in trade and companies register
  • Individual tax identification number
  • General Terms and Conditions of Sale, including price in euros, Tax, delivery costs, date of delivery, payment terms, after-sales service, right of withdrawal, duration of any offers, the cost for phone calls (standard call charges, etc).

Artisan

  • Registration number in the trades directory
  • Or registration number in the register of companies of the chambers of trades in the departments of Moselle, Bas-Rhin and Haut-Rhin.

Regulated

  • Reference to applicable professional rules
  • Indication of professional title
  • Name of the EU state in which the professional title was granted
  • Name of the order or organisation with which a registration was made

 

This article covers the information required for individual entrepreneurs. There are other mandatory requirements for companies registered in France. All the information for individuals and companies can be found on the Service-Public.Fr site.

 

Tick for compliance - individual entrepreneur

 

 

 

Non-Compliance

Best case, if you don’t comply you will get fined €1500. But do you really want to be worrying about getting caught?

Worse case, if you’re found to be processing data without authorisation you could get 5 years’ imprisonment and a €300,000 fine. 


Non-professional Websites

I’m including this category for completeness. Personal blogs are slightly different. You are not obliged to reveal your identity, but you can still be fined.

If you decide to remain anonymous, then you only have to display the identity details of your website host. Your hosting company has to have your identification details in case of legal proceedings.

If you don’t want to remain anonymous then you have to provide your identification details. Name, Surname, Home Address, Phone Number and Email Address. 

Non-compliance for personal blogs may result in a year in prison and a €75,000 fine.

Location

Shirley Atkinson

SAA IT Test Consultant

79120, Sainte Soline, France

SIRET – 835 373 515 00013

©2020 SAA-IT-Test.com

Contact

Need additional assistance? Please contact us:

saa.it.testing@gmail.com

FR: +33 (0)7 83 16 61 11

UK: +44 (0)7940 435970

Hours

Mon: 10:00 AM – 4:30 PM
Tue: 10:00 AM – 4:30 PM
Wed: 10:00 AM – 12:00 PM
Thu: 10:00 AM – 4:30 PM
Fri: 10:00 AM – 12:00 PM
Sat: Closed
Sun: Closed

Website Legalities 

If you have a website, blog or app on the Internet then you have to comply with privacy laws. Regardless of whether your website is professional or non-professional, you must display certain mandatory information. If you don’t comply with the website legalities then you risk being fined €1500.

In the worse case scenario, unauthorised computer processing of data you’ve collected could result in 5 years’ imprisonment and a €300,000 fine.

Have I got your attention now?

Websites legalities is a fairly hefty topic and the mandatory information depends on whether you are an individual, company, type of activity, etc. So I’m going to break it down into smaller chunks and just cover Cookies and Privacy Policies here.

 

Follow the rules Please Stay on the path

Cookies & Privacy

Whether you are just starting out or have been in business for several years, if you’re collecting personal information you are responsible for that data. Having a Privacy Policy is your commitment to guarding the privacy of your user’s data.

 

“When operating a website or mobile app, you should be ready to answer questions that your users, business partners, or authorities might have about the privacy policy of your service. If you work with other businesses, you [might] need to share with them your privacy policy and make sure you abide by it”.  Extract taken from PolicyMaker.io website

Business website owners aren’t the only ones who have to comply. Theses website legalities apply to professional and non-professional websites. 

  • A professional website is one that is used by a business, either an individual or a company. The compulsory details to be displayed will depend on the type of activity. 
  • A non-professional website is one that’s used by an individual and is not used for business. For example, a blog.   

To comply with the law all websites must display the terms relating to the use of cookies, and information relating to the use of personal data.

Trust

Apart from the risk of a fine, non-compliance could have other more serious effects. There is plenty of evidence to suggest that users will avoid interacting with a website if they think their privacy is at risk. You need to comply with the law if you want to be seen as trustworthy. 

Find more detailed info, including cookie definition and a free online policy generator at ‘Cookie Law’ and PolicyMaker.io .

Check out Top 12 Trustworthy Policy Generators. Be aware, although most claim to be free, some will apply fees depending on the type of business. 

Choose a policy that’s most relevant to your website activity, personalise it and display it prominently on your website. Enable a Cookie pop-up so it displays when visitors access your website. This allows them to accept, reject or change their preferences. Also consider adding a link to your policy on your Contact page. Prove to your customers that they can trust you.

If you have any problems with setting this up, get in touch and I will do my best to help you out. If I can’t help then I’m sure I’ll find someone that can!

 

I hope this article has been useful. The next one in the Website Legalities series will cover individual entrepreneurs exercising commercial, craft and regulated activities.

 

Location

Shirley Atkinson

SAA IT Test Consultant

79120, Sainte Soline, France

SIRET – 835 373 515 00013

©2020 SAA-IT-Test.com

Contact

Need some help? Please contact us:

saa.it.testing@gmail.com

FR: +33 (0)7 83 16 61 11

UK: +44 (0)7940 435970

Hours

Mon: 10:00 AM – 4:30 PM
Tue: 10:00 AM – 4:30 PM
Wed: 10:00 AM – 12:00 PM
Thu: 10:00 AM – 4:30 PM
Fri: 10:00 AM – 12:00 PM
Sat: Closed
Sun: Closed