With the General Data Protection Regulation (GDPR), effective from May 25, 2018, EU residents have a bigger say over what, how, why, where, and when their personal data is used. Any organization that works with the personal data of EU residents has obligations to protect and properly process said data.
In this article, we describe how this affects your flipbooks, directly and indirectly, and how you can make them compliant with the GDPR, if applicable to you.
The short version of what you have to do to make your flipbooks GDPR compliant
- are operating from France, Italy, or Austria AND
- embed flipbooks into your own website AND
- do not use a custom domain,
Of course, we will be happy to disable Google Analytics tracking for your account even if you are operating from other countries.
The long version: how does the GDPR affect your publications on FlippingBook Online?
At FlippingBook, we have always respected our users’ right to data privacy and protection. We do not rely on advertising as a revenue stream. We have never served ads in FlipBooks to our users, and never will. There is no hidden code or script that gathers your users’ personal data.
So when you create your publications in FlippingBook Online, there are several ways in which they can gather personal data, and this is directly under your control: lead capture form, videos, and trackable links.
If you don’t use any of these options, you don’t have to worry about your FlippingBook publications. They don’t gather any personal data at all.
What should I do if I use the lead capture form?
For your convenience, we repeat the relevant part here.
As a User, you should know that your usage of Collected Personal Information is limited to:
- Promoting the use of your services;
- Sending informational messages;
- Providing customer support;
- Providing, supporting, and improving the services you offer.
As a User, you may not use the Collected Personal Information for sending information that is not consistent with this policy, also sending messages in bulk and/or that are unauthorized, unexpected by recipients, including spamming. In the case of transferring Collected Personal Information to third parties you as a User are responsible for making sure that their manner of use of Personal Information is consistent with this policy.
If one of your viewers contacts you in relation to one of his GDPR-rights (such as the ‘right to rectification’ or the ‘right to be forgotten’), then please contact us at firstname.lastname@example.org. We will be happy to help.
What if I use embedded video?
If you embed Youtube, Vimeo, or Wistia videos in your flipbooks, then you make use of services that are completely beyond our control. Unfortunately, that means that we cannot guarantee that such services don’t gather personal information from your viewers. We can only advise you to:
- Make sure that you collect and handle personal data in a GDPR-compliant manner.
- Alternatively, you can remove the video or replace it with a direct link to the video on the provider’s site
Please also refer to the following links to learn more:
What if I generate trackable links to my flipbooks?
If you create trackable links to your flipbooks and send them to a group of people (consisting of more than one person), it technically still cannot be considered the collection of personal data.
However, if a trackable link to a flipbook was sent to a single person, analytics gathered via this link can be considered personal data. Therefore you are obliged to:
- handle their data in a GDPR-compliant manner;
- receive their consent to process their personal data;
- delete the trackable link as soon as the recipient revokes said consent.
What about Google Analytics?
You have the possibility to add your own Google Analytics tracking ID to track your flipbooks in Google Analytics. We at FlippingBook, as the processor, also use our own Google Analytics ID to track flipbooks to gather aggregated stats (e.g. popularity of various browsers, Operating system versions, screen resolutions) if they are on the default domain online.flippingbook.com. If you set up a custom domain, we do not track your flipbooks with our Google Analytics ID.
This means that even if you don’t use Google Analytics, your flipbooks may still be tracked by us. Our implementation is in line with the guidance of supervisory authorities, specifically the Dutch one) According to this guidance, GA is allowed even without cookie banners. If you use your own Google Analytics ID, we advise you to apply the same guidance:
- Make sure that you accepted the updated Data Processing Amendment in your Google Analytics account settings.
- Make sure you disabled all Data sharing settings in your Google Analytics account settings.
- have concluded a processor agreement with Google;
- have masked the last octet of the IP address; (we do this automatically for you)
- have turned off 'data sharing';
- do not use other Google services in combination with the Google Analytics cookies.
What about the recent ruling of the Austrian supervisory authority?
On January 13th, 2022, the Austrian supervisory authority ruled that an Austrian website violated the GDPR because it used Google Analytics, which stores data that could - in combination with other data that Google possesses - possibly be traced back to individuals. The US intelligence services could possibly force Google to disclose this data under the Patriot Act.
Since then, France and Italy have come to the same conclusion. Several other supervisory authorities are still reviewing this decision.
We are closely monitoring further developments and are preparing to replace our Google Analytics tracker with another solution. In the meantime, if you want to disable FlippingBook tracking right away (most notably, when you operate from Austria, France, or Italy AND embed flipbooks into your own website), then please contact us. We will be happy to disable our Google Analytics tracker for your flipbooks.