Is Avada GDPR Compliant?
What needs to be compliant is the end user website, it is not the software/framework a website is built on. The Avada WordPress theme as an entity does not violate GDPR criteria because it does not collect any data. What we as a team have done, is to give our Avada userbase the tools necessary to ensure that their websites are GDPR compliant. These new privacy tools and options were introduced in Avada 5.5.2, released May 22nd, 2018.
GDPR Privacy Tools & Features in Avada
On top of the new WordPress features, ThemeFusion decided that we wanted to give our user base even more possibilities to get their sites GDPR compliant. In the following, we want to present you the main new features in Avada 5.5.2 and above.
When you are using Google fonts that usually mean retrieving the font files from their API, which includes sending the IP addresses of your users (which are considered to be private data) to Google. You might find that circumstance worrisome, but at the same time you don’t want to do without the nice typography options Google fonts offer. Avada to the aid. We have added a new Theme Option that easily allows you to decide whether Google fonts should retrieved via the Google fonts API, or if they should be hosted locally on your server. View the new Theme Option below.
User Control Over Third Party Embeds
Avada offers a variety of elements and widgets that help you to utilize third-party content, like YouTube and Vimeo videos, Google Maps, Facebook and Twitter timeline, Flickr images, SoundCloud files, etc. While all of these third party services enrich your websites, they also do collect data about your users. IP addresses, location data or user activity tracking, to name a few. Under the GDPR it is necessary to ask visitors for their explicit consent if data should be passed along to third parties. While that is generally not possible to achieve with embeds, on the other hand, similar to Google fonts, you don’t want to lose these services on your site.
Our development team has come up with a very nice and easy to use solution. We added a new Theme Option to prevent embeds from loading until user consent is granted. For any of the third party services, which you can freely choose from, you add to the consent list, the embeds will stop to be loaded on page load. Instead, your users will see a placeholder graphic, with custom text on it and a button to accept this third-party service. The background color and text color for that placeholder can be set in Theme Options.
The whole setup is cookie driven, and thus we also added an option, so that you can set a custom expiration date for that cookie. Once it is expired your users will have to set their consents newly according to their preferences. Check out the images below of these third-party embed tools and settings.
In Avada 5.6, we added a privacy bar, displayed at the bottom of your website, which gives you options to notify your website visitors regarding 3rd party embeds, tracking codes, and any custom cookie contents that you may require. Enabling the Privacy Bar options will give access to additional options that will help you style and personalize privacy bar. These options are located in the Avada > Theme Options > Privacy section.
Contact Form Consent CheckBox
In Avada 5.5.2 we added a new option to display a consent checkbox on the contact form page. The label can be easily customized in Theme Options to reflect your needs which you can view below.
Custom Message On Registration Element
In previous versions, we used the default WordPress note before the submit button on the user registration element in Avada Builder. In Avada 5.5.2, to give you full freedom of choice, and added a new setting to show custom text before the submit if you want to inform a new user about GDPR compliance. View the new custom registration notice message field for the user registration element below.