What does the GDPR mean for your FlippingBook Online flipbooks?

With the General Data Protection Regulation (GDPR), effective from May 25, 2018, EU residents have a bigger say over what, how, why, where, and when their personal data is used. Any organization that works with the personal data of EU residents has obligations to protect and properly process said data.

In this article, we describe how this affects your flipbooks, directly and indirectly, and how you can make them compliant with the GDPR, if applicable to you.

The short version of what you have to do to make your flipbooks GDPR compliant

If you:

• are operating from France, Italy, or Austria AND
• embed flipbooks into your own website AND
• do not use a custom domain, 

then we advise you not to track your flipbooks using Google analytics and to contact us to disable FlippingBook Google analytics completely.

In other situations, you don't have to do anything, but you have to make sure that you process information, that you gathered with lead capture form, embedded video, or trackable links in accordance with the GDPR. We also advise you to declare the usage of Google Analytics in your privacy policy.
Of course, we will be happy to disable Google Analytics tracking for your account even if you are operating from other countries.

The long version: how does the GDPR affect your publications on FlippingBook Online?

At FlippingBook, we have always respected our users’ right to data privacy and protection. We do not rely on advertising as a revenue stream. We have never served ads in FlipBooks to our users, and never will. There is no hidden code or script that gathers your users’ personal data.

So when you create your publications in FlippingBook Online, there are several ways in which they can gather personal data, and this is directly under your control: lead capture form, videos, and trackable links.

If you don’t use any of these options, you don’t have to worry about your FlippingBook publications. They don’t gather any personal data at all.

What should I do if I use the lead capture form?

From a technical viewpoint, you don’t need to do anything. When your viewers open the lead capture form, they see a link to our privacy policy.

This privacy policy clearly specifies which personal information is gathered and how it is used, before your viewers provide this information, just as the GDPR prescribes.

From an organizational viewpoint, you, as the 'controller' (in GDPR terms) of the information, are not allowed to use this information in any other way than the viewer has given consent for. This is outlined in our privacy policy: https://flippingbook.com/help/legal/privacy-policy-and-disclaimer

For your convenience, we repeat the relevant part here.

 As a User, you should know that your usage of Collected Personal Information is limited to:

• Promoting the use of your services;
• Sending informational messages;
• Providing customer support;
• Providing, supporting, and improving the services you offer.

As a User, you may not use the Collected Personal Information for sending information that is not consistent with this policy, also sending messages in bulk and/or that are unauthorized, unexpected by recipients, including spamming. In the case of transferring Collected Personal Information to third parties you as a User are responsible for making sure that their manner of use of Personal Information is consistent with this policy.

If one of your viewers contacts you in relation to one of his GDPR-rights (such as the ‘right to rectification’ or the ‘right to be forgotten’), then please contact us at privacy@flippingbook.com. We will be happy to help.

What if I use embedded video?

If you embed Youtube, Vimeo, or Wistia videos in your flipbooks, then you make use of services that are completely beyond our control. Unfortunately, that means that we cannot guarantee that such services don’t gather personal information from your viewers. We can only advise you to:

• Make sure that you collect and handle personal data in a GDPR-compliant manner.
• Alternatively, you can remove the video or replace it with a direct link to the video on the provider’s site

Please also refer to the following links to learn more:

Vimeo's cookie policy
YouTube cookie types
Wistia's privacy policy

What if I generate trackable links to my flipbooks?

If you create trackable links to your flipbooks and send them to a group of people (consisting of more than one person), it technically still cannot be considered the collection of personal data.

However, if a trackable link to a flipbook was sent to a single person, analytics gathered via this link can be considered personal data. Therefore you are obliged to:

• inform the recipient of the link about our privacy policy: https://flippingbook.com/help/legal/privacy-policy-and-disclaimer, which specifies which personal data is gathered and how it is used, before sending a trackable link;
• handle their data in a GDPR-compliant manner;
• receive their consent to process their personal data;
• delete the trackable link as soon as the recipient revokes said consent.

What about Google Analytics?

You have the possibility to add your own Google Analytics tracking ID to track your flipbooks in Google Analytics. We at FlippingBook, as the processor, also use our own Google Analytics ID to track flipbooks to gather aggregated stats (e.g. popularity of various browsers, Operating system versions, screen resolutions) if they are on the default domain online.flippingbook.com. If you set up a custom domain, we do not track your flipbooks with our Google Analytics ID.

This means that even if you don’t use Google Analytics, your flipbooks may still be tracked by us. Our implementation is in line with the guidance of supervisory authorities, specifically the Dutch one) According to this guidance, GA is allowed even without cookie banners. If you use your own Google Analytics ID, we advise you to apply the same guidance:

• Make sure that you accepted the updated Data Processing Amendment in your Google Analytics account settings.
• Make sure you disabled all Data sharing settings in your Google Analytics account settings.
• Make sure that you mention using Google Analytics in your privacy policy and that you 
  
  • have concluded a processor agreement with Google;
  • have masked the last octet of the IP address; (we do this automatically for you)
  • have  turned off 'data sharing';
  • do not use other Google services in combination with the Google Analytics cookies.

What about the recent ruling of the Austrian supervisory authority?

On January 13th, 2022, the Austrian supervisory authority ruled that an Austrian website violated the GDPR because it used Google Analytics, which stores data that could - in combination with other data that Google possesses - possibly be traced back to individuals. The US intelligence services could possibly force Google to disclose this data under the Patriot Act.
Since then, France and Italy have come to the same conclusion. Several other supervisory authorities are still reviewing this decision.

We are closely monitoring further developments and are preparing to replace our Google Analytics tracker with another solution. In the meantime, if you want to disable FlippingBook tracking right away (most notably, when you operate from Austria, France, or Italy AND embed flipbooks into your own website), then please contact us. We will be happy to disable our Google Analytics tracker for your flipbooks.