GDPR Compliance

How to implement WonderPush GDPR Compliance tools

The GDPR (General Data Protection Regulation) adopted by countries of the European Union requires you to get user consent before collecting any type of personally identifiable information.

While this sounds quite simple, implementation can lead to complex application logic.

Fortunately, WonderPush gives you the tools to make the implementation quite simple.
It works like this:

  • at initialization time, WonderPush lets you declare that user consent is required,
  • when this is the case, all your calls to WonderPush SDKs will fail until user gives his/her consent using the setUserConsent API available in all our SDKs.

WonderPush goes beyond what is strictly required by GDPR: we give you the tools to let users download or delete part or all of their WonderPush related data.

Declaring that consent is required

All our SDKs let you declare that user consent is required. This is done like this:

WonderPush.push(["init", {
  webKey: "YOUR_WEBKEY",
  requiresUserConsent: true,
}]);
buildConfigField 'boolean', 'WONDERPUSH_REQUIRES_USER_CONSENT', 'true'
#import <WonderPush/WonderPush.h>

- (BOOL)application:(UIApplication *)application willFinishLaunchingWithOptions:(NSDictionary *)launchOptions {
    [WonderPush setRequiresUserConsent:YES];
    [WonderPush setClientId:@"YOUR_CLIENT_ID" secret:@"YOUR_CLIENT_SECRET"];
    [WonderPush setupDelegateForApplication:application];
    [WonderPush setupDelegateForUserNotificationCenter];

    return YES;
}
func application(_ application: UIApplication, willFinishLaunchingWithOptions launchOptions: [UIApplicationLaunchOptionsKey: Any]?) -> Bool {
  WonderPush.setRequiresUserConsent(true)
  WonderPush.setClientId("YOUR_CLIENT_ID", secret: "YOUR_CLIENT_SECRET")
  WonderPush.setupDelegateForApplication(application)
  WonderPush.setupDelegateForUserNotificationCenter()
}

📘

Our Cordova SDK requires you set that property when installing the plugin. See the REQUIRES_USER_CONSENT variable

Setting user consent

All our SDKs let you give or remove user consent. This is done like this:

// Give consent
WonderPush.setUserConsent(true);

// Remove consent
WonderPush.setUserConsent(false);
//Give consent
WonderPush.setUserConsent(true);

//Remove consent
WonderPush.setUserConsent(false);
// Give consent
[WonderPush setUserConsent:YES];

// Remove consent
[WonderPush setUserConsent:NO];
// Give consent
WonderPush.setUserConsent(true);

// Remove consent
WonderPush.setUserConsent(false);
WonderPush.setUserConsent(true);

What happens while consent is not given

When you've specified that your app or website required user consent, the WonderPush SDK is not initialized until users give their consent using the setUserConsent API.

If you are using our Website SDK, calls to WonderPush made before consent is given will result in rejecting Promise objects.

On other SDKs, the calls will simply be ignored.

What happens when users give their consent then remove it

When consent is given, the WonderPush SDKs function normally. You can put properties, track events and set tags.

When users withdraw their consent, any data you've sent to WonderPush is still available, but our SDKs “shut down” and do not let you record any more data.

You can still use the data that was collected while consent was given.

Giving users control over their data

All our SDKs provide methods to download or clear all or part of each user's data:

  • clearEventsHistory clears all events recorded using trackEvent.
  • clearPreferences clears all the installation properties,
  • clearAllData deletes any event, installation and potential user objects associated with all installations present on the device,
  • downloadAllData initiates the download of all the WonderPush data related to the current installation, in JSON format

See the documentation of the SDK you're using for more detail on how to use these methods.

Update your privacy terms

🚧

Remember to update your website's privacy policy

When you have finished integrating WonderPush, we recommend that you copy and adapt to your needs the article below to keep your privacy policies compliant with the GDPR:

Web push notifications:
We provide news and updates on our sites via web push notifications.
To benefit from this free service, operated with our push provider WonderPush (https://www.wonderpush.com/), you must first subscribe by clicking on an authorization request controlled by your browser and your device when you visit our website.
The navigation data that we could store and process in order to operate this service and send you relevant messages is anonymized and kept on WonderPush servers for a maximum of 90 days and never shared to third parties. We do not store any recognizable data, neither IP address about you or your device in connection with the push notification service.
You can stop receiving our web push notifications at any time by unsubscribing.
Here is how to manage your web push subscription and to delete associated data
(https://docs.wonderpush.com/docs/manage-your-data-and-unsubscribe-from-web-push-notifications)