Checkbox: Declaration of consent for data processing

[Torsten-K]

The contact plugin is great, but there is something that I am missing, and that is a checkbox. According to the EU General Data Protection Regulation (GDPR), the user has to be informed about the data processing of personal data, and the user must declare his or her agreement by checking the appropriate checkbox.

Is it possible that you implement something like that? I managed it myself, but it will be overwritten when I update. Thanks in advance.

[david-novafacile]

This is an interesting point.

But what should written in the legal text, so that it contains the correct legal text in every language and for every EU country? I'll see, if I can implement something as an optional feature.

[Torsten-K]

Hmm … I don’t know if there is an official wording. My own text reads as follows (no guarantee, no liability):

German: Mit Absenden dieses Kontaktformulars bestätigen Sie, dass Sie die Datenschutzerklärung gelesen haben, und erklären sich mit der Speicherung Ihrer Daten einverstanden. Ihre Daten werden nur benötigt, um Sie gegebenenfalls zwecks Beantwortung Ihrer Anfrage kontaktieren zu können, und werden weder an Dritte weitergegeben noch zu Werbezwecken missbraucht.

Translations by DeepL (https://www.deepl.com/), an AI translation tool which in my opinion is better than Google translator (but humans should make corrections, if needed):

English: By submitting this contact form you confirm that you have read the privacy policy and agree to the storage of your data. Your data will only be used to contact you for the purpose of answering your inquiry and will not be passed on to third parties or misused for advertising purposes.

French: En soumettant ce formulaire de contact, vous confirmez que vous avez lu la politique de confidentialité et que vous acceptez le stockage de vos données. Vos données ne seront utilisées que pour vous contacter dans le but de répondre à votre demande et ne seront pas transmises à des tiers ou utilisées à des fins publicitaires.

Spanish: Al enviar este formulario de contacto, usted confirma que ha leído la política de privacidad y está de acuerdo con el almacenamiento de sus datos. Sus datos sólo se utilizarán para ponerse en contacto con usted con el fin de responder a su consulta y no se transmitirán a terceros ni se utilizarán indebidamente con fines publicitarios.

Portuguese: Ao enviar este formulário de contato, você confirma que leu a política de privacidade e concorda com o armazenamento de seus dados. Os seus dados só serão utilizados para o contactar com o objectivo de responder ao seu pedido e não serão transmitidos a terceiros ou utilizados indevidamente para fins publicitários.

Italian: Inviando questo modulo di contatto confermi di aver letto l'informativa sulla privacy e acconsenti alla conservazione dei tuoi dati. I vostri dati verranno utilizzati al solo scopo di contattarvi per rispondere alle vostre richieste e non verranno ceduti a terzi o utilizzati in modo improprio a fini pubblicitari.

Dutch: Door het versturen van dit contactformulier bevestigt u dat u het privacybeleid heeft gelezen en dat u akkoord gaat met de opslag van uw gegevens. Uw gegevens zullen alleen worden gebruikt om contact met u op te nemen voor het beantwoorden van uw vraag en zullen niet worden doorgegeven aan derden of worden misbruikt voor reclamedoeleinden.

Polish: Przesyłając ten formularz kontaktowy potwierdzasz, że zapoznałeś się z polityką prywatności i zgadzasz się na przechowywanie swoich danych. Twoje dane będą wykorzystywane wyłącznie do kontaktu z Tobą w celu udzielenia odpowiedzi na Twoje zapytanie i nie będą przekazywane osobom trzecim ani wykorzystywane niezgodnie z przeznaczeniem do celów reklamowych.

More euroean languages are not available in DeepL, unfortunately.

[BlakesHeaven]

Wouldn't it suffice to have the GDPR text under the Send button with a lead in of something like, "By click Send you agree to the following..."

[david-novafacile]

I will add a feature for GDPR in the next version, with free text entry in the config. So every website owner can add an own legal text.

[Torsten-K]

Wouldn't it suffice to have the GDPR text under the Send button with a lead in of something like, "By click Send you agree to the following..."

No, that’s not enough, as far as I know. The webmaster must be able to prove that the sender has expressly confirmed that he/she has been informed of and agrees to the processing of personal data. This can best be done via checkbox that has to be clicked. Such a checkbox can easily be added to the source code.

@novafacile If it’s not asking too much: This very nice plugin would be perfect, if there was a way to build individual contact forms from the Bludit backend. Because sometimes name and email adress are not enough, and for example, a phone number or whatever might be needed. Some "big" CMSs like concrete5 have such a contact form builder. I used to love concrete5 in the past, but version 8 is not stable and reliable enough, in my opinion and experience. My programming skills are much too weak to build something like that myself; I could only hard code such fields in your Contact 3 plugin, but that would not be update safe, of course. I could imagine a paid premium version with such a feature.

[david-novafacile]

If it’s not asking too much: This very nice plugin would be perfect, if there was a way to build individual contact forms from the Bludit backend.

This is on the roadmap but unfortunatly this is not a small feature and need some time.

[BlakesHeaven]

The webmaster must be able to prove that the sender has expressly confirmed that he/she has been informed of and agrees to the processing of personal data.

Fair point, though to be able to prove anything, would that mean having to store a log of when, and who clicked a button or ticked a box, along with all submitted data? The log would then itself definitely fall under GDPR. Sounds like a bit of a conundrum. I'm only thinking about it from a data storage point of view and I don't think this plugin or Bludit is actually storing any data entered in this form; the form is mearly using the text to forward an email.

Having said all that... perhaps appending the GDPR policy statement to the end of the email as well as displaying it under the submit button and then also CC'ing the email back to the sender as well as the intended recipient of the webform. That way, the User also get a receipt of the action they undertook and both parties have a copy of the GDPR policy.

Anyway...

sometimes name and email address are not enough, and for example, a phone number or whatever might be needed

... This is a good idea... perhaps a JSON list of other fields might be captured in the Plugin Settings and looped through to dynamically add fields to the web-mail form.

[Torsten-K]

@BlakesHeaven I think the law is quite unclear and confusing, but as far as I understand, the impossibility to send the data without having clicked the checkbox, is proof enough that the sender must have given his or her consent to the data processing.

@novafacile That sounds great, and I can imagine that this means a lot of work. So, take it easy, take your time.

[david-novafacile]

Feature is added in version Contact3 v1.3.0