13.latest (LTS)
CMSCloudHeartcore
DXP

GDPR & EU regulation

Read how Umbraco Engage is designed with GDPR compliance in mind, ensuring data privacy through first-party cookies, data anonymization, and retention controls.

Disclaimer: Always check you are GDPR compliant with your own privacy office or legal department

Umbraco Engage cares about privacy and values insights. We have turned this into a standard for you and your customers. Server-side analytics in combination with a first-party cookie is quick to set up. And even better, you own your data.

You can be GDPR compliant out of the box.

Privacy is our concern

Umbraco Engage principles:

  • Umbraco Engage uses specific retention periods and personal data is not kept longer than necessary.

  • Umbraco Engage has set up its software according to the principles of privacy by design and by default.

GDPR Compliance

Umbraco Engage has been designed with the principles of privacy by design and privacy by default in mind. For example, the following measures have been taken:

  • The retention period for the Umbraco Engage cookie is 365 days by default.

  • The data is anonymized after two years, and fully deleted after three years.

  • The IP address is pseudonymized by default.

  • The use of view and click behavior is optional.

  • Neither Umbraco Engage nor any other third party has access to the data (except for, for example, custom hosting provider), as the cookie is first party.

You can change the default settings. However, we do not recommend doing so, as they are set in line with the General Data Protection Regulation (GDPR).

Information obligation

As a customer, you must inform the user about using Umbraco Engage. This includes which personal data is processed, why, and how. To comply with the information obligation set by the GDPR, you can add the following template to your privacy (and cookie) statement:

On our website we use Umbraco Engage_. This is add-on software from_ Umbraco_, which allows us, through the use of a cookie, to analyze the website behavior of the website visitor. Based on this information, we can improve the user experience and personalize content for each specific website visitor. In order to do so, we process, amongst other things, your pseudonymized IP address, cookie ID, website and clicking behavior (optional), how you got to visit our website and your browser data. Only we have access to this personal data. The cookies will be deleted from your device after one year. The personal data collected through the use of the cookie will be retained for a maximum of two years. Hereafter, the data will be anonymized and retained for another two years. This way, we can identify trends on the website and improve the website._

Remember to adjust the template to match the configuration on your website.

Cookie consent

The Umbraco Engage cookie can be categorized as both an analytical and a personalization cookie. The cookie is used to analyze website visitor behavior and personalize content based on this behavior. Based on the GDPR and ePrivacy Directive cookie consent is required for gathering analytic and personalization data.

As the data controller it is your responsibility to obtain consent from the website visitor for the use of the Umbraco Engage cookie. Consent can be obtained using a cookie banner.

You can control the featuresand give your visitors total control over which features they wish to enable.

PreviousAnonymizationNextHow to become GDPR compliant using cookiebot

Last updated