Page 1 of 2

Contact - form

Posted: 29 Apr 2018, 11:41
by DirkM
Hi all,

following the newest legislation on privacy in the EU, I would like to add a tick box into the contact form (although I an private person without any business activities). This tick box should ensure, that a mail can only be sent if the sender agrees to the storage and processing of his data.

Is there any possibility to install this also in our web-sites?

Example see here: https://wordpress.org/plugins/wp-gdpr-compliance/

Thank you in advance.

KR Dirk

Re: Contact - form

Posted: 29 Apr 2018, 12:41
by mjau-mjau
This would not be complicated. But can I ask, do you have an example of such a form on an actual website? I would like to witness this illogical behavior on a real (preferably professional) website.

Is there ever a slight chance, when sending an email, that the visitor would NOT agree when trying to send an email? It would be 100% implicit, if the visitor sends an email, that they agree to sending the email.

Of course, "the website" itself does not store the sent information either. Normally it would just go through the SMTP, in your settings. Just like the EU cookie law, I think this new law will be misinterpreted, and will cause more unnecessary UI junk, complicating things for visitors. Just for reference, these privacy protection laws in EU are created primarily to protect individuals from being tracked by the big companies for gain.

My personal opinions aside, yes it would not be difficult. In fact, you could already add a checkbox below the form. Leaving the checkbox unchecked, would not prevent the mail from getting sent, but what kinda human would try to send an email but not want the email to get sent? The checkbox should probably be checked by default.

Furthermore, I am wondering why it is not sufficient with some text below the form: "By using this form, you agree with the storage and handling of your date by this website."? Is there any rule in the GDPR that says it must be a checkbox?

Sorry, just would like to question these things before creating seemingly un-useful features.

Re: Contact - form

Posted: 02 May 2018, 15:49
by DirkM
The question is not, that visitors agrees to sending the mail, but they need to agree, that personal data is stored from the receiver. Personal data is defined in wide Terms. For example, taking a photography of somebody is seen as storing personel data, idependently if the person is clearly recognisable or just idetifiable (hope, this translation is correct - I mean "klar zu erkennen" or "identifizierbar"). Crazy law, I know.

Here an example of a preofessional web-site:

https://www.eulerhermes.de/kontakt.html

Re: Contact - form

Posted: 03 May 2018, 00:30
by mjau-mjau
I will add it to next release, coming within a few weeks.

Basically, it will just be a checkbox that needs to be :ballot_box_with_check:checked for the form to be valid.

Re: Contact - form

Posted: 09 May 2018, 08:53
by DirkM
Yes, please keep it as simple as possible. Just a check box - not ticked -> no mail sent. 

You keep us informed in this conversation asap you finalised?

KR
Dirk

Re: Contact - form

Posted: 09 May 2018, 12:29
by mjau-mjau
DirkM wrote:You keep us informed in this conversation asap you finalised?
Yep.

Re: Contact - form

Posted: 10 May 2018, 09:04
by GeoPal
Many users in Europe will appreciate this and use it. Thank you!

Re: Contact - form

Posted: 20 May 2018, 17:08
by Ruud de Soet
I think a simple checkbox is not enough because the customer must be able to read the privacy text. A simple button, linked to the text, is a pre. Then the customer can use the checkbox if he/she has read the text.

Re: Contact - form

Posted: 21 May 2018, 00:59
by mjau-mjau
Ruud de Soet wrote:I think a simple checkbox is not enough because the customer must be able to read the privacy text. A simple button, linked to the text, is a pre. Then the customer can use the checkbox if he/she has read the text.
What text do you mean to add? Do you have an example of this behavior? Even if you do "require" reading some privay text first, nobody who wants to send you an email will ever read it (when they have already clicked "consent").

You can add a LINK "privacy statement" in the checkbox text, that opens a popup modal with an extended privacy statement if you like. Technically, it wouldn't be tied in with the "required" checkbox though. They will be required to check the checkbox, which means they agree. If they actually open and read the privacy statement, is up to them. Nobody is interested in reading that privacy statement of course, just to send you an email.

PS! The "required" checkbox is ready, pending for release in forthcoming X3.25.0.

Re: Contact - form

Posted: 21 May 2018, 04:51
by DirkM
Agree - link to the "privacy statement" is sufficient.

Thank you for adding "required Checkbox" that fast.

Re: Contact - form

Posted: 21 May 2018, 06:07
by Ruud de Soet
What I see, when I search EU photo websites, is that a link to the privacy text is enough. I have never seen a checkbox, only a link to the text.
Maybe you can add a check box in X3, but optional. 
Here an example of the privacy text. A small text box below the contact page will link you to the text (see right bottom corner). May a good idea to add this link on the first page bottom, near the FB and contact icon.

http://www.jeffroffman.com/privacy-policy
https://www.matt-thomas-photography.co. ... cy-policy/

Re: Contact - form

Posted: 21 May 2018, 09:47
by mjau-mjau
Ruud de Soet wrote:What I see, when I search EU photo websites, is that a link to the privacy text is enough. I have never seen a checkbox, only a link to the text.
I think the point of the new "required" checkbox, is to comply the new EU GDPR "data collection" law. "Privacy policy" pages that you are referring to have been around for ages. You don't need a plugin in X3 to create your "privacy policy" page. If you want to have a "privacy policy" page, or a "required" checkbox for your contact forms, or BOTH, that will be up to you.
Ruud de Soet wrote:Maybe you can add a check box in X3, but optional.
Yes, it will certainly be optional. Essentially, you will just be able to add a checkbox input with "required" attribute and the text label of your choice:
Code
<div>
<input type="checkbox" id="comliance_agree" name="comliance_agree">
<label for="comliance_agree">I hereby agree blah blah blah ...</label>
</div>
Ruud de Soet wrote:Here an example of the privacy text. A small text box below the contact page will link you to the text (see right bottom corner). May a good idea to add this link on the first page bottom, near the FB and contact icon.

http://www.jeffroffman.com/privacy-policy
https://www.matt-thomas-photography.co. ... cy-policy/
Yes. Is there a specific request in regards to this? You can already add privacy policy pages to your X3 website, and include a LINK to it from any contact form. There is no need for any extended X3 functionality to achieve this. For those who want to use the "required checkbox" (must be checked before the form can be submitted), this feature is coming shortly.

Re: Contact - form

Posted: 09 Jun 2018, 09:50
by nkamp
A client came to me with the same question and this example: AVG/GDPR example

Re: Contact - form

Posted: 10 Jun 2018, 03:13
by mjau-mjau
This feature is already added to new X3.25.0.
www.photo.gallery/blog/photo-gallery-X3-25/

It's simply a required checkbox, where you can write whatever you want in the label. If visitor attempts to send the form without checking the box, the form will not send, and checkbox will highlight and focus as in below screenshot:
Image
Code
<div>
  <input type="checkbox" id="consent" name="consent" required>
  <label for="consent">Text here</label>
</div>

Re: Contact - form

Posted: 03 Aug 2018, 06:23
by mjau-mjau
Hi folks. The GDPR "required consent" checkbox is already available in release X3.25.0. I would like to mention however, after working with this plugin and studying the compliance requirements, I am even more opposed to using a "required consent" checkbox for contact forms. This "required checkbox" concept is a misinterpretation gone viral. Seems some just want to add plugins for everything because they exist.

1. The EU Isn’t Coming For You
Before anything else, let's summarize how this guide elaborately puts it:
GDPR primarily aims to regulate businesses that do a lot of data processing - and especially businesses that make their money from selling or “exploiting” the data they collect about people.

Think: data harvesting giants like Facebook or Google.
2. Where does the "required checkbox" come from?
There is absolutely no rule or mention in any GDPR regulation about requiring a checkbox in any way to require consent.

3. Why are you requiring consent just to send an email anyway?
A contact form in X3 is used strictly to SEND an email from visitor to YOU. X3 does not store anything. The website does not store anything. The server does not store anything. As long as you are not harvesting the emails into newsletters, you are not collecting data. What are you trying to require consent for? If this was required, then Gmail and Hotmail would have to include this checkbox into their online mail applications also.

4. Even if you were collecting data ...
Ok, let's pretend the form IS actually collecting names and emails for a NEWSLETTER, and not just sending an email. If you explicitly make it clear by TEXT in the form what the visitor is committing to when "signing up", that is already acceptable as "explicit consent". Again, there is no mention of "required checkbox" in GDPR regulations ... The only regulation you need to comply to is:
The “tell me what’s going to happen” right: the citizen has the right to be told what will happen with personal data before it is submitted and the data shall only be used if explicit consent is given.
5. Let's look at ALL consent conditions in layman terms:
  1. The “tell me what’s going to happen” right: the citizen has the right to be told what will happen with personal data before it is submitted and the data shall only be used if explicit consent is given.
  2. The “show me my data” right: the citizen has the right to know what data is being collected about them, why it’s being collected and how it’s being used.
  3. The “I want to change that” right: the citizen has the right to have data modified or updated.
  4. The “forget about me” right: the citizen has the right to have their private data removed completely.
It is safe to say that #2, #3 and #4 do not apply when visitor is sending an email in contact form. Even if they were, it would not be difficult for you to satisfy those requirements on request. If you are paranoid, you could for example write "We do not store your email in any way, and it is only used to reply to your request".

6. It's really dumb
Considering the above, and that there is no mention of such "required checkbox" for contact forms, this is a really dumb solution. If the visitor fills email, name, writes a message, and clicks "SEND", then of course they want to send the email to you, and will expect a reply. What kinda logic would have it that they would fill the contact form, send, but refuse to allow you to reply? This is just another negative factor for the visitors user experience.

Also, there is another twist:
https://thrivethemes.com/gdpr-for-email-marketing/
Under GDPR, you are not allowed to disadvantage anyone because they don’t provide consent. That means in a form like this one, you can’t make the checkbox required.
Ok, so what should I do?
  • Nothing, unless you are categorically storing the users data for specific reason.
  • If you are paranoid, you could write something like "We only use your data to reply to emails, and do not store emails for marketing or any other specific purpose".
  • Are you adding incoming emails into newsletter or spamming emails with marketing? Then, YES you would have to make this clear up front, possibly by using checkboxes.
  • Don't worry. Eu are not out to get you. Even if they were, you would simply need to prove the FOUR POINTS noted in #5 above.