The General Data Privacy Regulation (GDPR) from the European Union is a new wide-reaching online privacy law. We talked about it in this blog post.
This law threatens American online services, companies, and websites with hefty fines if they mess up the privacy of EU citizens and that EU citizen reports it. We actually think the spirit of the law is great, so we have put in place some new functionality and publicly posted policies (Privacy and Cookie policies) in order to be ready for the GDPR.
What do Showcase IDX customers have to do to get ready for GDPR with Showcase IDX?
1. Set up the expressed consent checkbox in the lead sign-up form
A big part of getting ready for GDPR is getting consent from your visitors as they sign up, so it clear how their private data will be used after they create an account. To do this, we’ve added an (optional) setting on the new Privacy Settings page.
The main section you’ll need to use in the section regarding transferring data out of the EU. You’ll want to add this section for Showcase IDX. We highly recommend if you have a high number of visitors and leads from EU countries to contact a GDPR consultant and/or your legal counsel to make sure that you are in compliance. Forget the threat of big fines for a second, if you have a lot of European visitors and leads (I’m looking at you Florida), they will expect this kind of privacy protection and it might not be good for business.
Section: Transfers of your information outside the European Economic Area
Server log information
Country of storage: The United States.
Safeguards used: our third party hosting provider has self-certified its compliance with the GDPR.
Section: Disclosure of your information to service providers
“We use a number of third parties to provide us with services which are necessary to run our business or to assist us with running our business and who process your information for us on our behalf. These include the following:
Firstly, Showcase IDX’s cookies should be considered Essential Cookies on your website. This is an important distinction. Here’s a very easy to understand guide about how the EU is now treating cookies, from Wired.
The Showcase IDX cookies are persistent.
First Party Cookies
This can be a little confusing, but it’s by which domain drops the cookie, not that it’s from a 3rd party… so the Showcase IDX cookies are cookies placed on your device by our website domain.
List of Cookies
The main cookie set by Showcase IDX does not contain any personally identifiable information and just a token that we use to tell who is who based on the session. This lets us do a bunch of fancy stuff. It’s remarkably private. We do store some information about the user before they sign up, but that is in the browser cache of their own device and it’s accessed without going through or onto our servers. We also track analytics on our search pages through using Google Analytics. This lets us see how the IDX is being used, and we use this information to make educated fact-based decisions that improve the product. It is anonymized and we cannot see what individual sites or customer are doing. Only the aggregate of all instances of our product.
|Name of Cookie||Essential or Non-essential?||Type of cookie||First or Third party?||Session or Persistent?||Expiry Time||Purpose|
|sidx_token||Essential||Session Controller||First Party||Persistent||20 years||IDX|
|_ga & _gid||Non-Essential||Tracking||Third Party||Persistent||24 hours||Google Analytics|
These are cookies that are designed for purposes such as enhancing a website’s functionality. These are either not strictly essential for the website or functionality which you have requested to work, or are cookies which serve non-essential purposes in addition to their essential purpose. We use the following functional cookies on our website:
– First party, persistent cookies to recognize you when you use our IDX search and personalize it to you. These cookies are: sidx_token. These cookies expire after 2 years.