Data privacy in the EU / Germany - where does the data go?

Payments, packages, business questions please ask here.
Tom
Has thanked: 0
Been thanked: 0

Data privacy in the EU / Germany - where does the data go?

Unread post by Tom » 27 Jan 2014, 18:36

Hi there,
I'm really interested in cleantalk, especially since I saw in the test phase that it works great.

Now I was digging a little deeper, and found out that regarding the german law (… I'm located in Germany) you are not allowed to send user data like the IP adress uncrypted. At least not outside Germany, I guess … (I'm still learning the exact laws.)
Now I saw that one of your servers is actually located in Germany.

Is there maybe the option to make sure that the data is only transferred there? Do you have any information or plans regarding the privacy policys that are in the EU?

I guess this is a really big issue, and I would like to know the exact facts before signing up for the service. (… maybe also some ready-to-copy texts fot the privacy policy that every website must have?)

Thanks,
Tom

User avatar
shagimuratov
Administrator
Posts: 1115
Joined: 16 Mar 2011, 12:51
Has thanked: 158 times
Been thanked: 67 times
Contact:

Re: Data privacy in the EU / Germany - where does the data g

Unread post by shagimuratov » 28 Jan 2014, 04:19

Hello, Tom!

Can you please provide a URL privacy in Germany? We should dig this too.

At the moment you can use server URL: http://moderate4.cleantalk.ru to work with service only in Germany. But in the future I think we should switch all customers to SSL connections with servers.

You can find privacy policy in the page bellow, please see title "Privacy policy".

http://cleantalk.org/publicoffer

Thank you for questions and feedback, we will try provide legal service for EU customers!
WBR
Denis Shagimuratov
Project leader

ackermann.online
Posts: 1
Joined: 17 Aug 2017, 15:40
Has thanked: 0
Been thanked: 0

Re: Data privacy in the EU / Germany - where does the data g

Unread post by ackermann.online » 17 Aug 2017, 15:47

Hello Denis,

this post ist more than 2 years old now. I purchased pro allready and use your plugin while developing a big wordpress blog. To push your plugin through IT-Security from customer, we need details about how you process the commenters/visitors data:

- what data exaclty do you collect?
- to which physical location / country the comment / form data will be send to and stored?
- how long the data is stored?

Background: In Germany the storage of user data in foreign countries without anomyzing them is a big issue.

Thank you for sorting that out

Best Regards
Daniel

User avatar
AMags
Posts: 42
Joined: 05 May 2017, 08:31
Has thanked: 0
Been thanked: 3 times

Re: Data privacy in the EU / Germany - where does the data g

Unread post by AMags » 18 Aug 2017, 08:08

Hello Daniel.

Thank you for your request.

- what data exaclty do you collect?
- how long the data is stored?

We collect the following information - IP, Email, Nickname sender of the message, information about the technology of JavaScript in the browser sender, comment text message sender. This information Service uses to detect spam activity of the sender and stores on the servers from 7 to 45 days.

- to which physical location / country the comment / form data is send?

We have servers in U.S. and in the Europe. We may transfer information that we collect about you, including personal information, to affiliated entities, or to other third parties (as provided herein) across borders and from your country or jurisdiction to other countries or jurisdictions around the world. If you are located in the European Union or other regions with laws governing data collection and use that may differ from U.S. law, please note that you are transferring information, including personal information, to a country and jurisdiction that does not have the same data protection laws as your jurisdiction, and you consent to the transfer of information to the U.S. and the use and disclosure of information about you, including personal information, as described in Privacy Policy.

You can find privacy policy in the page bellow, please see title "Privacy policy".

http://cleantalk.org/publicoffer

If you have any other questions please let us know.

Best regards.
Technical Support
https://CleanTalk.org — Anti-Spam Modules for all CMS

sscout
Posts: 1
Joined: 17 Mar 2018, 19:55
Has thanked: 0
Been thanked: 0

Re: Data privacy in the EU / Germany - where does the data go?

Unread post by sscout » 17 Mar 2018, 19:58

Hi there,

did you change anything since your last post? If not you are not compliant with EU privacy legislation and I can no longer use your service... which would be a pitty :-(

Looking forward to you response!

Kind regards

User avatar
SergeCleantalk
Posts: 30
Joined: 26 Sep 2017, 06:49
Has thanked: 0
Been thanked: 1 time

Re: Data privacy in the EU / Germany - where does the data go?

Unread post by SergeCleantalk » 18 Mar 2018, 08:37

Hello,

Thank you for your request.

Please, do the following to meet GDPR requirements:
Go to your CleanTalk Control Panel [ http://cleantalk.org/my/ ] —> press the line “Settings” under the name of your website —> enable “Don’t save approved requests” —> Save.
That option refers to the records of your Anti-Spam Log.
You can see it here:

https://cleantalk.org/my/show_requests?int=week

As stated in the tooltip, the option will remove emails, nicknames and messages from approved registrations, comments, orders and contact messages.
You still will be able to see date/time and IPs in your Anti-Spam Log.
The data of European users processing on the server located in Europe.
Here is our privacy policy:

https://cleantalk.org/publicoffer#privacy

And read next “Limitation of Liability”

Write to us if have any questions.

Best regards

kestrel
Posts: 1
Joined: 23 Apr 2018, 18:11
Has thanked: 1 time
Been thanked: 0

Re: Data privacy in the EU / Germany - where does the data go?

Unread post by kestrel » 23 Apr 2018, 18:48

Hi

I think you will need to provide a specific Data Processor Agreement in your terms and conditions for your paying customers showing how you are meeting the requirements of the GDPR. From May 25th we will be required to use GDPR compliant data processors only. For example (from the UK Information Commissioner's Office) "Controllers are liable for their compliance with the GDPR and must only appoint processors who can provide ‘sufficient guarantees’ that the requirements of the GDPR will be met and the rights of data subjects protected."

GDPR includes IP addresses as identifying personal data, so based on what you've said about the IP address being retained when the email address and other personal data are deleted, this would still be an issue, unless you can provide the guarantees that you meet the requirements of the GDPR.

When you say that the data of European users is processed in Europe, does this happen automatically? Can I check I have understood it correctly - if a comment is made by a data subject in the EU, their data including IP address is never transferred out of the EU?

I hope you will become fully compliant as I value your service and indeed have just renewed for another year, but at the same time we can't afford to risk our own compliance and part of that is the requirement to have a DPA with all our processors.

thanks, Fiona

User avatar
SergeCleantalk
Posts: 30
Joined: 26 Sep 2017, 06:49
Has thanked: 0
Been thanked: 1 time

Re: Data privacy in the EU / Germany - where does the data go?

Unread post by SergeCleantalk » 24 Apr 2018, 06:52

Hello Fiona,

Thank you for your question.

We working on this issue. We will find a solution within 2-4 weeks.

Best regards
These users thanked the author SergeCleantalk for the post:
kestrel (01 May 2018, 10:52)
Rating: 50%

pawell87
Posts: 1
Joined: 22 May 2018, 09:39
Has thanked: 0
Been thanked: 0

Re: Data privacy in the EU / Germany - where does the data go?

Unread post by pawell87 » 22 May 2018, 09:40

Hi, are there any good news or should i deinstall the plugin?

User avatar
SergeCleantalk
Posts: 30
Joined: 26 Sep 2017, 06:49
Has thanked: 0
Been thanked: 1 time

Re: Data privacy in the EU / Germany - where does the data go?

Unread post by SergeCleantalk » 22 May 2018, 13:59

Hello,

Thank you for your question.

We've made all necessary changes and completely ready for GDPR. Now we are in process of passing Privacy Shield certification.

Please, learn more about our Privacy Policy and GDPR Compliance here:
https://cleantalk.org/publicoffer#privacy

The CleanTalk GDPR Agreement is available on your profile page https://cleantalk.org/my/profile or use this link https://download.cleantalk.org/Signed_C ... eement.pdf.

Cookies that are being used by the CleanTalk plugin are described here and they do not contain any personal information:
https://wordpress.org/support/topic/coo ... sion-5-82/

Learn more about how you can manage your private information:
https://cleantalk.org/help/CleanTalk-GDPR-Compliance

Let us know if you have any other questions and we will be happy to help you.
Thank you!

Post Reply