The Big Guideline
If you're going to track non-anonymous user information and behavior, make sure you solicit their informed consent.
Glossary of Tracking Technologies used on Gameflow Sites
A glossary of third-party technologies and how they are used on our sites. This guide helps clients understand the privacy implications of all the third party tools we recommend, with links to external sources and a clear summary of how we set things up by default.
On most of our sites
- Google Analytics: After May 24 2018, GA on our sites are set up to be completely anonymous. This includes IP Anonymization.
- Google Analytics e-commerce tracking is set up in sites that use PatronManager (we now anonymize order numbers to protect private information and avoid issues with pseudonymous identifiers).
- WordPress has some anonymous cookies used when a user logs in, which is uncommon for most of our clients (this affects for instance sites with members that can log in to your site). This data can now be monitored and administered under Settings >> Privacy.
You can review the new GDPR features for WordPress in the notes for the 4.9.6 release.
Most sites will have one of the following form tools installed. Each form will need to be manually altered to include opt-in consent for any data that you track, because forms typically collect non-anonymous user data:
- Gravity Forms (WordPress Native Forms): Compliance Checklist
- Formstack: Compliance Checklist
- FormAssembly: Compliance E-Book
- Google Tag Manager may be set up on your site, which allows you to install many different varieties of tracking codes which should be audited. Find your GTM account info under Settings >> General (if you don't see a setting here, chances are GTM is not installed)
- Google Analytics Remarketing tracking is typically disabled for our client sites unless you've specifically requested this feature to support your marketing efforts. (See how this affects your GDPR Compliance)
Third party cookies
These cookies often appear on our sites and may track customer data:
- Youtube does some viewing history tracking when a video is embedded.
- Typekit sets an anonymous cookie to track font usage.
Other common marketing tools
These are tools that we don't typically support beyond set up, but many of our clients use them so it's important that you review each tools' privacy features:
Frequently Asked Questions
Do I need a cookie consent popup?
We recommend an approach that informs users and gets their consent at the moment in their experience when they want something that a cookie provides. A better design is say, a request to enable only youtube embedding when a user tries to view an embedded youtube video. Then it's clear to the user what you are asking and why it is beneficial to them.
If you need to collect actual customer data on the website (and not in, say, a CRM), we can help you implement a tool like the GDPR Cookie Compliance plugin or a Youtube Embed Consent plugin.
We recommend you perform a cookie audit on your site using the free Cookiebot.com service.