This document is a work in progress and is subject to change without warning.
Disclaimer: Always check you are GDPR compliant with your own privacy office or legal department
The Umbraco Engage cares about privacy and values insights. We have turned this into a standard for you and your customer. Server-side analytics in combination with a 1st party cookie was never this easy to set up. And even better; you own your data.
You can be GDPR compliant out of the box.
Umbraco Engage principles:
Umbraco Engage uses specific retention periods and personal data is not kept longer than necessary.
Umbraco Engage has set up its software according to the principles of privacy by design and by default.
Umbraco Engage has been designed with the principles of privacy by design and privacy by default in mind. For example, the following measures have been taken:
The retention period for the Umbraco Engage cookie is 365 days by default. The data is anonymized after two years, and fully deleted after four years;
The IP address is pseudonymized by default;
The use of view and click behaviour is optional;
Neither Umbraco Engage nor any other third party has access to the data (except for, for example, your own hosting provider), as the cookie is first party.
You can change the default settings. However, we do not recommend doing so, as they are set in line with the General Data Protection Regulation (hereinafter: GDPR).
When using Umbraco Engage, this means that you, as a customer, have to inform about the use of Umbraco Engage, which personal data is processed, why it is processed and how. In order to comply with this information obligation set by the GDPR, you can add the following text to your privacy (and cookie) statement:
On our website we use Umbraco Engage_. This is add-on software from_ Umbraco_, which allows us, through the use of a cookie, to analyze the website behavior of the website visitor. Based on this information, we can improve the user experience and personalize content for each specific website visitor. In order to do so, we process, amongst other things, your pseudonymized IP address, cookie ID, website and clicking behavior (optional), how you got to visit our website and your browser data. Only we have access to this personal data. The cookies will be deleted from your device after one year. The personal data collected through the use of the cookie will be retained for a maximum of two years. Hereafter, the data will be anonymized and retained for another two years. This way, we can identify trends on the website and improve the website._
The cookie of Umbraco Engage can be categorized as an analytical and personalization cookie in one, as the cookie is used to analyze website visitor behavior and to personalize the content of the website based on this behavior. For analytical and personalization cookies consent is required, based on the GDPR and the ePrivacy Directive.
As a customer and the controller of the personal data processed by the use of Umbraco Engage, it is your responsibility to obtain consent from the website visitor for the use of the Umbraco Engage cookie. Consent can be obtained by means of a cookie banner.
You can control the features of Umbraco Engage and give your visitors total control over which features they which to enable.
This article explains how to implement CookieBot with Umbraco Engage to comply with GDPR.
Integrating a cookie consent banner service such as CookieBot allows you to configure parts of Umbraco Engage based on user consent.
This article gives you a working implementation to use with CookieBot.
The code example below shows how to create the backend code to read the CookieBot consent cookie from the end user. Based on that, decide which features of Umbraco Engageit should enable or disable.
Create a class that implements the Umbraco.Engage.Business.Permissions.ModulePermissions.IModulePermissions
interface.
Check the current HTTPContext Request Cookies for the CookieBot cookie which is named CookieConsent.
From some of the documentation from CookieBot, implement the same logic to check if the value of the cookie is -1 or another value. If it is set to -1, CookieBot is indicating to us that this is a user within a region that does not require consent.
The rest of the code is deserializing the JSON string stored inside the cookie from CookieBot. It maps to the relevant cookie permission used for turning Umbraco Engage features on or off.
CookieBotModulePermissions.cs
CookieBotComposer.cs
The existing CookieBot cookie Keys are mapped to the following Umbraco Engage features:
For information on setting up and configuring your Cookie Consent Banner, see the Cookiebot Documentation. It contains information on changing the wording and the look and feel of the cookie consent banner.
To install CookieBot, insert the JavaScript tag provided by CookieBot into the <head>
of your HTML template:
Umbraco Engage does not actively track visitors until they have given their consent to the Cookiebot configuration. After the visitor consents, you need to reload the page to track the visit. If no reload is performed the visitor's referrer and/or campaign information will not be tracked.
Use JavaScript to reload the page when consent is given by handling the CookiebotOnAccept event:
Calling the above method will preserve any referrers and query strings supplied in the current request. It results in Umbraco Engage processing the current page visit and visitor correctly.
For more details, see Cookiebot Documentation.
CookieBot Key
Umbraco Engage Features
Preferences
Personalization
Statistics
Analytics
Marketing
A/B Testing