• What does the GDPR mean for your FlippingBook Online publications?

With the General Data Protection Regulation (GDPR), effective from May 25, 2018, EU residents will have bigger say over what, how, why, where, and when their personal data is used. Any organization that works with personal data of EU residents has obligations to protect and properly process said data.

In this article we describe how this affects your publications, directly and indirectly and how you can make them compliant with the GDPR, if applicable to you.

The short version of what you have to do to make your publications GDPR compliant

Technically, you don't have to do anything, but you have to make sure that you process information, that you gathered with the ‘Lead Capture Form’ in accordance with the GDPR.

The long version: how does the GDPR affect your publications on FlippingBook Online?

At FlippingBook, we have always respected our users’ right to data privacy and protection. We do not rely on advertising as a revenue stream. We have never served ads in publications to our users, and never will. There is no hidden code or script that gathers your users’ personal data.

So when you create your publications in FlippingBook Online, there are is just one way in which they can gather personal data, and this is directly under your control: the Lead capture form. If you don’t use the Lead capture form, you don’t have to worry about your FlippingBook publications. They don’t gather any personal data at all.

What should I do if I use the Lead Capture form?

From a technical viewpoint, you don’t need to do anything. When your viewers open the lead capture form, they see a link to our privacy policy.

This privacy policy clearly specifies which personal information is gathered and how it is used, before your viewers provide this information, just as the GDPR prescribes.

From an organizational viewpoint, you, as the controller (in GDPR terms) of the information are not allowed to use this information in any other way than the viewer has given consent for. This is outlined in our privacy policy: https://flippingbook.com/help/legal/privacy-policy-and-disclaimer

For your convenience, we repeat the relevant part here.

 As a User, you should know that your usage of Collected Personal Information is limited to:

  • Promoting the use of your services;
  • sending informational messages;
  • providing customer support;
  • providing, supporting, and improving the services you offer.

As a User, you may not use the Collected Personal Information for sending information that is not consistent with this policy, also sending messages in bulk and/or that are unauthorized, unexpected by recipients, including spamming. In case of transferring Collected Personal Information to third parties you as a User are responsible for making sure that their manner of use of Personal Information is consistent with this policy.

If one of your viewers contacts you in relation to one of his GDPR-rights (such as the ‘right to rectification’ or the ‘right to be forgotten’), then please contact us at privacy@flippingbook.com. We will be happy to help.

But what if I use Google Analytics?

The GDPR only applies to personal data (Personally Identifiable Information). In FlippingBook Online, we have implemented Google Analytics in a way that the gathered data is not personal. Instead of using the standard implementation (where a unique ID is stored in a cookie, which could be regarded as Personally identifiable), we instead use a random identifier which is created by our scripts and stored in the browser’s local storage. Unlike cookies, these cannot be read by servers. And while this identifier is generated by our scripts, it is done without our knowledge. It is almost certainly unique (there is a miniscule chance that two different visitors get the same one, which is the nature of working with random numbers). We don’t gather or store any other data, so neither we nor Google can have any knowledge of which person is associated with which identifier. This means that it cannot be used to make data personally identifiable as described in the GDPR.


Was this article helpful?