Matt's Brand Resource Wiki
Register
Advertisement

How to create, style and present content that captivates and converts visitors. Privacy (GDPR/DSGVO). Refer to "Web Site Design" page for structuring.

Resources

General Advice

  • Provide a steady stream of information, front and center
  • At least 6 articles helping the customer need to be immediately accessible (reference: Psychotactics)
    • Credibility section: customer-centered portfolio, testimonials

Privacy: GDPR/DSGVO

Tutorials/Resources

English

German

Identifying cookies: databases

GDPR/DSGVO and reCAPTCHA

  • Generally, reCAPTCHA is inadvisable (source)
  • One could set up a honeypot instead (more info [German] in this article)
    • Contact Form 7 has an add-on plugin for this
  • If using, make sure to have a section covering it in privacy policy (cf. this article)

What goes into an Impressum?

(source)

  • First and last name of website operator
  • Address (street, house number, location, zip code)
  • Contact data

[German] For companies:

  • Rechtsform und Vertreter
  • wenn vorhanden Registernummer und Registergericht
  • wenn vorhanden Aufsichtsbehörde
  • wenn vorhanden die Umsatzsteuer-ID
  • zusätzliche Angaben bei reglementierten Berufen
  • berufsrechtliche Vorschriften

What goes into a privacy policy?

(source)

  • Everything related to users' sensitive personal data that is being collected, handled and passed on to third parties. Quick non-comprehensive breakdown:
  • IP addresses, server logs
  • Analytics tools (GA, Matomo...)
  • Social media plugins
  • User data from contact forms, newsletter subscriptions
  • Ad networks like Google AdSense or amazon partner programs
  • User registrations and comments
  • Disclaimer about right to objection, blocking or deletion

Webinar: DSGVO-konforme Website

01.04.2019 - Timo Heinrich / Checkdomain

Dienstleister: https://www.mein-datenschutzbeauftragter.de

Wie erkenne ich Verschlüsselung? Was ist aktueller Stand der Technik?

  • Firefox Add-On "IndicateTLS" zeigt in Adressleiste TLS-Version an und bietet Tests
    • Auch ssllabs.com
    • TLS 1.0 und 1.1 sind veraltet und abzuschalten
  • "Stand der Technik": Ist in BImSchG $3 Abs. 6 nachzulesen
  • Verschlüsselung ist immer dann nötig, wenn personenbezogene Daten übertragen werden: Kontaktformulare, Shop, Newsletter, andere Fälle wo IP-Adressen durch Dritte übertragen werden:
    • z.B. Google Analytics
  • E-Mails mit Daten eines Kontaktformulars müssen kontaktverschlüsselt sein!
  • Ist GA heutzutage überhaupt noch erlaubt? Grundsätzlich ja, aber nur mit Einwilligung

Wie Video- und Karten-Dienste inkl. Google richtig einbinden?

  • YouTube: beim Einbetten "erweiterter Datenschutzmodus aktivieren" > einbetten als iframe
    • Einwilligung können wir uns über ein Cookie Consent Tool einholen
  • Google Maps: Lizenz und Opt-In beachten
  • Cookie Consent Tools: z.B. Borlabs Cookie, es gibt noch andere - recherchieren!
  • Testen: Sind Dienste richtig eingebunden?

Welche Cookies sind in Verwendung, wie erkenne ich die?

  • Inspektor > Web-Speicher > "Cookies" in linker Sidebar (in Firefox)
  • All diese Cookies sind zu beschreiben. Wie ordne ich Cookies richtig zu?
    • ccm19.de/cookiedb
    • cookiedatabase.org
  • Beim Einsatz von ausschließlich technischen (funktionsbegünstigenden) Cookies muss kein Banner (Cookie Consent Tool) eingesetzt werden. Es reicht, diese Cookies in der Datenschutzerklärung zu beschreiben (das ist aber nötig)
  • Google Fonts: Nutzung ist nicht konform, es sei denn lokal gehostet!!

Was muss in DS-Erklärung stehen bzgl. Cookies und Analystools?

  • DS-Erklärung währt Transparenz und Informationspflicht gegenüber Websitebesuchern
  • Inhalte:
    • Verantwortliche Stelle
    • Zweck der Datenerhebung
    • Rechtsgrundlagen
    • Löschfristen
    • Drittanbieter
    • Rechte der Betroffenen z.B. auf Löschung, Auskunft etc - Artikel 14 und 15 DSGVO
  • Zu beachten:
    • Immer aktueller Stand der Website-Inhalte
    • Muss mit Website angepasst werden
    • DS-Generatoren müssen angepasst werden und decken nicht immer alle Tools ab
    • Alle Tools prüfen
    • Werden personenbezogene Daten übertragen?
    • Verarbeitungstätigkeit erstellen
    • Vollständiges Impressum
    • Newsletter Abo: Doppeltes Opt-In
    • Quellenangaben für Bilder wg. Lizenz, Urheberrecht
  • Mit Wayback Machine kann man gucken, ob alte Versionen der Website DSGVO-konform waren

Welche Drittanbieter hab ich auf meiner Website?

GDPR (DSGVO) and Cookies

Cookies

Good source of up-to-date info and comparison (German, May 2020)

  • In general:
    • EU markets: require explicit opt-in, no cookies must load before that. Many other markets: notice saying that cookies are in use is sufficient
    • Wording of cookie notice must adhere to strict regulations!
    • Users need to be able to refuse cookies (verdict here)
    • Users need to give informed, voluntary, active and prior consent
    • Consent isn't about cookies, but about handling of personal data
    • Cookie notice needs to appear right at 1st access to website
    • Should say which cookies are used and why
  • Don'ts
    • Pre-selecting "Yes" (e.g. setting a check mark a user needs to remove) is forbidden
    • Banner must not cover/obscure required contents, like links to legal documents
    • "You agree if you continue using this website" is not allowed
    • No "Deny" button (or hidden, obscured, harder to get to)
    • Pre-selected checkboxes/options
    • "Nudging": gently pushing the user to do a certain thing
    • Omitting a button to revoke consent
  • Analytics tools: allowed to use without consent unless they connect to third parties
    • Google Analytics connects to Google > requires consent
    • Matomo is locally installed > does not require consent
    • Log file analytics are ok, too
  • Consent is absolutely necessary if third parties are allowed to analyse user behaviour
    • Google Analytics, social media plugins
    • If data is transferred outside EU
  • Like or share buttons
    • Privacy-respecting implementations of such buttons are ok as long as information about user behaviour isn't passed to third parties or concentrated across several websites

Cookies (not) requiring permission

April 2023 (source)

  • No permission necessary
    • Cookies that are necessary to run a service, like shopping cart (without data transfer to 3rd parties)
    • Legitimate interest: when user's interests don't outweigh yours (boy this is vague)
  • Permission necessary
    • Elements that concentrate user behaviour beyond website or device boundaries
    • (social media plugins, elements by major online platforms or ad networks)
    • Webmasters themselves aren't allowed to arbitrarily concentrate user data either

About informed, voluntary, active and prior consent

  • Data handling needs to be described clearly, so that users understand what they consent to
  • "to improve your experience" or "for advertising purposes" is insufficient and confusing!
  • Consent isn't about cookies, but about handling of personal data
  • Make clear which third parties receive personal data! Also if they have their own agendas
  • Recipients of personal data should be selectable
  • User should have no disadvantages from refusing

Using the Complianz WordPress plugin

Excellent cookie consent plugin, provides blocker & legal documents

Troubleshooting

  • How to get German formal/informal cookie policy (source)
    • Make sure site language is set correctly in Settings > General (e.g., "Deutsch (Sie)")
    • Double-check WordPress updates: are all translations up to date?

Overview/Guide

  • Dashboard gives an overview of tasks, tools, documentation
  • Wizard allows to configure website for specific region, including cookie scan
    • Integrations with services and plugins will be implemented based on information given in Wizard. Also possible to block extra scripts here.
  • Cookie banner section is to configure and style cookie banner after completing wizard
    • Will have extra tab with region-specific settings
  • Settings: e.g. add Document CSS, disable features, restart tour etc.
  • Proof of consent: a log where changes in cookie policy / banner / functionality are tracked
  • This plugin connects to cookiedatabase.org (maintained by devs) to recognize and handle cookies

How to make a banner [2023]

(source from 2021) (source from 2023)

  • Types of banners:
    • ✓ Opt-In: the only acceptable one in Germany! Used to get active, informed prior consent from users about placing cookies. Able to choose between services freely and individually. Pre-selecting is explicitly forbidden. Blocks cookies before consent is given.
    • ✗ Opt-Out: Cookies are placed until user revokes consent, to which a possibility is given immediately after site entry. Required by CCPA (California), not by European law. More restrictive opt-in (above) is consequently CCPA-compliant.
    • ✗ Disclaimer: "We use cookies. You're consenting to that." Privacy policy contains scattered instructions how to opt out. This is not legally acceptable in Germany.
  • Necessary contents (source)
    • Why cookies are placed and personal data is processed
    • Info about data being sent to non-EU countries (e.g., US)
    • Info about 3rd-party services being used, what data is processed, what cookies are placed
    • Naming of responsible parties for data processing
  • Necessary features
    • Buttons: accept, deny, settings
    • Links to privacy policy and legal notice (in the banner, not just footer bar!)
  • What should go into the cookie banner?
    • Headline: indicating that users can make settings here re. their privacy
    • Information about data processing and rights: what's being used and processed, incl. example, why this is happening, and how to revoke consent
    • If applicable, section about data processing in the US. Describes dangers associated with that.
    • Note about protection of minors (below 16 yrs of age)
    • Cookie groups (functional, marketing etc.)
    • Options to choose from: accept all, continue w/o accepting, custom settings
    • Link to legal notice, privacy policy

Sample Text

Wir verwenden Cookies und ähnliche Technologien auf unserer Website, z.B. um Funktion und Sicherheit zu gewährleisten oder Statistiken zu erheben. Wir verarbeiten auch personenbezogene Daten über Sie, wie Ihre IP-Adresse. Wir teilen diese Daten auch mit Dritten. Die Datenverarbeitung kann mit Ihrer Einwilligung oder auf Basis eines berechtigten Interesses erfolgen, dem Sie in den individuellen Datenschutzeinstellungen widersprechen können. Sie haben das Recht, nur in essenzielle Services einzuwilligen und Ihre Einwilligung zu einem späteren Zeitpunkt zu ändern oder zu widerrufen. Benutzen Sie den "Einstellungen"-Knopf an Ihrem unteren Bildschirmrand (auf Desktopgeräten) oder den "Cookies"-Link in unserer Fußleiste. Einige Services verarbeiten personenbezogene Daten in den USA. Indem Sie der Nutzung dieser Services zustimmen, erklären Sie sich auch mit der Verarbeitung Ihrer Daten in den USA gemäß Art. 49 (1) lit. a DSGVO einverstanden. Die USA werden vom EuGH als ein Land mit einem unzureichenden Datenschutzniveau nach EU-Standards angesehen. Insbesondere besteht das Risiko, dass Ihre Daten von US-Behörden zu Kontroll- und Überwachungszwecken verarbeitet werden, unter Umständen ohne die Möglichkeit eines Rechtsbehelfs. Sind Sie jünger als 16 Jahre? In dem Fall können Sie nicht in optionale Dienste einwilligen bzw. müssten Ihre Erziehungsberechtigen bitten, dies mit Ihnen zu tun.

We use cookies and similar technologies on our website, e.g. to ensure functionality and security or to collect statistics. We also process personal data about you, such as your IP address. We share this data with third parties. This processing of data can take place with your consent or on the basis of a legitimate interest, which you can object to in custom privacy settings. You have the right to only consent to essential services and to change or revoke your consent at a later point in time. Use the "Settings" button at the bottom of your screen. Some services process personal data in the USA. By agreeing to the use of these services, you also consent to the processing of your data in the USA in accordance with Article 49 (1) lit. a GDPR. The US is viewed by the ECJ as a country with an inadequate level of data protection according to EU standards. In particular, there is a risk that your data will be processed by US authorities for control and monitoring purposes, possibly without the option of a legal remedy. Are you below 16 years of age? In that case, you cannot consent to optional services or you need to ask your legal guardian to do this with you.

Sample Text: Only functional cookies

Wir verwenden Cookies und ähnliche Technologien auf unserer Website, um ihre Funktionalität zu gewährleisten. Zur Erhebung von Web-Statistiken setzen wir das Tool Matomo ein, das ohne Cookies arbeitet. Jegliche Datenverarbeitung kann mit Ihrer Einwilligung oder auf Basis eines berechtigten Interesses erfolgen, dem Sie in den individuellen Datenschutzeinstellungen widersprechen können. Sie haben das Recht, nur in essenzielle Services einzuwilligen und Ihre Einwilligung zu einem späteren Zeitpunkt zu ändern oder zu widerrufen. Benutzen Sie den "Einstellungen"-Knopf an Ihrem unteren Bildschirmrand (auf Desktopgeräten) oder den "Cookies"-Link in unserer Fußleiste. Sind Sie jünger als 16 Jahre? In dem Fall können Sie nicht in optionale Dienste einwilligen bzw. müssten Ihre Erziehungsberechtigen bitten, dies mit Ihnen zu tun.

Sample Text: Contact Form Terms & Conditions

Ich habe die Datenschutzerklärung (s. Fußleiste) zur Kenntnis genommen. Ich stimme zu, dass meine Angaben und Daten zur Beantwortung meiner Anfrage elektronisch erhoben und gespeichert werden. Hinweis: Sie können Ihre Einwilligung jederzeit für die Zukunft per E-Mail an EMAIL widerrufen.

The Site's Message

  • Clearly answers who I am
  • Resonates with target audience
  • Compelling value proposition
  • Keep my marketing consistent over time! Customers can build trust
  • Site's not about me, but the users/clients
  • Visitors feel welcome and appreciated
  • Gets them what they need
  • Helps them get what they want, and when
  • Bring a smile to their faces

Front Page

Structure

  • Most important info: highlighted, immediately visible, large, white space
  • Supporting info: heart of the page, spread-out, subheads, blockquotes, bullet lists
  • Least important info: sidebars, copyright. Least visually striking, smaller, low contrast, set apart from main content
    • Step away for a day or two, then come back and evaluate front page's effectiveness. Show to friends.

Storytelling

See Marketing page for more details

  • Find the story behind my product. It needs:
    • A hero
    • A goal
    • Conflict
    • A mentor
    • A moral

Content

  • About my clients and how I solve their problems!
  • About how I differentiate from the competition
  • Simple with clear, relevant images (usually a large banner is enough)
  • What do they need and how do I do it?
  • Call to action: sign up, contact me, stay in touch
    • Ask if they want more info. e.g. monthly e-mail with incitement to go back to page
  • Order info hierarchically
  • Link to testimonials
    • Testimonials: with headshots

"About" Page

  • Captivating "about" page: personal story, why I do what I do and how I can help
  • Emphasize my strengths
  • Short and sweet! relevant to client

How to Write One

Article on Copyblogger

  • "About" page is about empathy for visitors
  • Include visitors in conversation
  • Readers ask:
    • What's in this for me?
    • Am I in the right place?
    • Can they help with my problem?
  • Opening statement: ignite a feeling
    • Demonstrate you know why they're here
    • e.g. through a story, solution, answers
  • Follow up: empathic paragraph
    • Stir some emotions about reader's situation
    • Be on a mission: display values, beliefs
  • Let others speak for you: testimonials, social proof
    • "People talk about me and some of it is actually good"
    • "People besides my mom and best buddy like my site"
  • Bio: towards end of the page!
    • Because you warm up people first and show you care
    • Why do I do what I do?
    • What's my mission?
    • 1-3 short, engaging stories about background
  • 1-3 photos across entire page
  • Ask to keep in touch
    • Sign-up box in 3 parts of the page

Landing Page

Article on Copyblogger (Feb 4, 2015): guest blogging => conversion

  • Landing Page: a page without navigation - so people don't get distracted from the goal you have
  • Write strong guest posts and then connect with the audience. Elements:
    • Guest post
    • Author bio
    • Sign-up incentive
    • Landing page
    • ...everything after that
  • Empathize with readers in blog post (to initiate conversation)
  • Author bio:
    • Who you are and what you do
    • Glimpse of personality (mission)
    • Entice to click through to site
  • Bait! (e.g. free eBook) (solves audience's struggles)
  • Landing Page
    • Dedicated
    • Consistent w/ bio
    • Distraction-free
    • Most important info first
Advertisement