GDPR -  Third Party Privacy

GDPR - Third Party Privacy

What does this mean?

Consider when a website visitor views a webpage on your site which uses a particular feature which is delivered from Google's platform, or another third party provider.

When your website needs to load / retrieve information from Google to use on your website, a communication process happens between your website and Google which passes certain information about the website visitor.  In particular, the IP address of the visitor's location  is sent by your website to Google.  So, to ensure that you are covered in respect of this personal information being provided to the third party, it would be important to make reference to this activity within your Privacy Policy.

What do we need to say in a Privacy Policy

Your own GDPR  manager (DPO) will be able to guide you on this one but below we provide some sample content which could be included in your Privacy Policy to inform website visitors of the information passed by the website onto the third party. Feel free to use or adapt the text below but please always check with your DPO before adapting your Privacy Policy in this respect.


Displaying content from external  service providers platforms

What does this mean? This  is where you view content, hosted on an external (i.e. third party) platform, directly from the pages of our website. It should be noted that the third party provider may still collect data even if you do not actually visit the specific webpage where their content is actually seen.

Third party providers who may collect personal data

Google Fonts (Google Ireland Limited)

Description:

Google Fonts is a free to use library of open source font families and APIs for convenient use on websites

Personal Data processed:

  1. IP address: Google may collect the IP address of the device used to access the website that is using Google Fonts. This helps to determine the user's geographic location and provide the appropriate language-specific fonts.
  2. Browser and device information: Google may collect information about the user's browser type, version, and device type. This helps to optimize the loading and rendering of fonts.
  3. Referring website: Google may collect information about the referring website that led the user to the website using Google Fonts.
  4. Cookies: Google may use cookies to store information about the user's session and preferences. This helps to optimize the loading and rendering of fonts.
  5. Fonts usage data: Google may collect information about how the fonts are used, such as which fonts are popular and which are rarely used. This helps to improve the quality and selection of fonts available through Google Fonts.

Place of processing:

Ireland – Google's Privacy Policy.

 

Google reCaptcha (Google Ireland Limited)

Description: 

Google reCAPTCHA is a tool that helps protect websites from spam and abuse by verifying that the user is not a robot. It uses advanced risk analysis techniques to distinguish humans from bots, and presents a challenge that only humans should be able to solve.

Personal Data processed: 

  1. IP address: Google may collect the IP address of the device used to access the website protected by reCAPTCHA. This helps to determine the user's geographic location and prevent fraudulent activities.
  2. Browser and device information: Google may collect information about the user's browser type, version, and device type. This helps to identify and prevent automated bot attacks.
  3. Cookies: Google may use cookies to store information about the user's session and preferences. This helps to prevent repeated challenges for the same user.
  4. Mouse movements and clicks: Google may collect information about the user's mouse movements and clicks to determine if they are human or a bot.
  5. User interactions: Google may collect information about how the user interacts with the reCAPTCHA challenge, such as the time it takes to complete the task or how accurate their responses are.

Place of processing: Ireland – Google's Privacy Policy.

 

Font Awesome (Fonticons, Inc. )

Description: 

Font Awesome is a set of icons and symbols that are used on websites, and it does not collect personal data directly. However, Font Awesome may be loaded from a Content Delivery Network (CDN), which may collect certain information about the user's visit.

Personal Data processed: 

  1. IP address: The CDN may collect the IP address of the device used to access the website that is using Font Awesome. This helps to determine the user's geographic location and optimize the delivery of content.
  2. Browser and device information: The CDN may collect information about the user's browser type, version, and device type. This helps to optimize the delivery of content.
  3. Referring website: The CDN may collect information about the referring website that led the user to the website using Font Awesome.
  4. Cookies: The CDN may use cookies to store information about the user's session and preferences. This helps to optimize the delivery of content.
  5. It's important to note that the specific data collected may vary depending on the CDN being used to load Font Awesome. However, it's generally considered to be a low-risk activity in terms of privacy, as no personal data is collected beyond what is necessary to provide the service. It is recommended that users review the privacy policies of the CDN being used to understand how their data is collected, used, and protected.

Place of processing:

United States – FontAwesome's Privacy Policy.


As noted above, if you pass this information to your Data Protection Officer  they can decide whether this information is pertinent to your website and  your overarching Privacy Policy.