Options and tools offered by Tilda for making sure your website is GDPR-compliant

The GDPR (General Data Protection Regulation) is the new European legislation that regulates how individuals and organizations may collect, use, and retain personal data. The GDPR goes into effect on May 25, 2018.
This guide covers some tools and options offered by Tilda that allow our users to comply with GDPR; it highlights a number of important points that you, as a Tilda website owner, should be aware of, and it also describes what Tilda is doing to comply with GDPR.
Disclaimer: This article should not be construed or relied upon as legal counselling. If you have any questions you should speak to your lawyer to find out how GDPR effects you.
Options and tools offered by Tilda
1.Cookie Consent Notification

To inform your website visitor that you are using cookies and receive their consent, add to your page the block T657 from the Other category.
2. Privacy Policy and Terms and Conditions Pages

Create new pages on your website, where you should add your Privacy Policy and Terms & Conditions, publish them and use links to these pages to inform your users and receive their consent.
3. GDPR-friendly forms

There is a field called Text under form in all data capture forms on Tilda. This field can be used to place links to your Terms & Conditions and Privacy Policy pages. To obtain your user's explicit consent, add the Checkbox field to the form. This way the user can actively confirm that they have read and accept your Privacy Policy and Terms & Conditions.
4. Simplified Statistics Mode (Disabling cookies)

Tilda's embedded analytics system uses cookies to get more accurate results. Also cookies are used to track UTM parameters. If you don't want to use cookies and send your users notifications to this effect, you may turn on the Simplified Analytics Mode in the site settings. Your stats wouldn't be as precise but then your site won't be collecting cookies either.

To disable cookies, go to Site Settings → Analytics&SEO → Site Statistics → Settings.
5. IP Anonymization in Google Analytics

Google Analytics provides a feature that allows website owners to request that all of their users' IP addresses are anonymized within the product. If you have assigned Google Analytics and want to activate this feature, tick the box Turn on IP anonymization in Google Analytics counter settings in your account on Tilda.

To do this, go to the Site Settings → Analytics&SEO → Google Analytics → Settings.
6. Managing data retention period

By default, all data sent via data capture forms on a website is available in your account for 30 days. If you don't want to store data in your Tilda account, you can delete it. Data will be deleted immediately after it is sent to a third-party data capture service.

To do this, go to Site Settings → Forms → General forms settings → Data storage period → Don't save.
7. Deleting personal data on your user's request

If you have a request to delete personal data from a user who sent their data via a data capture form, you can remove it in the 'Leads' section of the website. Data will be removed from your Tilda account. If you have assigned third-party services, you need to delete data there as well.
8. Configuring HTTPS on your website

All data transfers that go through Tilda are encrypted and have cryptographic SSL connection by default. However, you can сonfigure additional safe protocols on your website by issuing a free SSL certificate.
The least number of steps you should take to make your website GDPR-complaint
1. Add a cookie consent notification to inform your website visitors that you are using cookies and to obtain their consent;

2. Place your Privacy Policy and Terms & Conditions on individual pages of your website;

3. Add links to your Privacy Policy and Terms & Conditions in the footer of your website;

4. In data capture forms add links to Privacy Policy and Terms & Conditions. Also add a checkbox to obtain your users' explicit consent that they have read your Privacy Policy and Terms & Conditions and accept them;

5. Configure HTTPS
What to do if you can't be bothered to deal with GDPR rules
You need to stop collecting personal data of EU citizens. To do this:

1. Don't use data capture forms on your website. Instead, add your contact information such as your phone number and email to your website to allow people to get in touch with you without sending their personal data.

2. Turn on Simplified Mode for statistics to avoid using cookies.

3. Disable all external statistics tools such as Google Analytics and Google Tag Manager.
What is Tilda doing to comply with GDPR?
There is detailed information in our Privacy Policy that explains how we work with personal data: https://tilda.cc/privacy

In short, the main principles we follow are:
1. Security, confidentiality and data safety

The data you share with us is processed via a safe, encrypted connection by using HTTPS protocol. We also implement security measures designed to protect personal data, including physical, electronic and procedural measures.
2. Transparency in personal data usage

There is detailed information in our Privacy Policy about what personal information we collect, how we collect it and how we use it. We undertake not to use the personal data you share with us in any other way except for the ways described in our Privacy Policy.
3. Right to access and manage personal data

Change, update or delete your personal information or your users' personal information at any time from your account. You may contact us at Tilda to help you edit or change this information.
4. Right to move data

Obtain and reuse your personal information or your users' personal information with other services or providers at any time from your account. You may contact us at Tilda to help you transfer this information.
5. Right to be forgotten

You can delete the data you share with us as well as your users' data from your account. You can also delete your account at any time. You may send us a request for deleting data that we undertake to process in reasonable time.
How can I learn more about GDPR?
Have questions?
Don't hesitate to email us at legal@tilda.cc if you have any question regarding our privacy practices or if you would like to exercise your rights and choices.
Made on
Tilda