GDPR Compliance
How to implement WonderPush GDPR Compliance tools
The GDPR (General Data Protection Regulation) adopted by countries of the European Union requires you to get user consent before collecting any type of personally identifiable information.
While this sounds quite simple, implementation can lead to complex application logic.
Fortunately, WonderPush gives you the tools to make the implementation quite simple.
It works like this:
- at initialization time, WonderPush lets you declare that user consent is required,
- when this is the case, all your calls to WonderPush SDKs will fail until user gives his/her consent using the
setUserConsent
API available in all our SDKs.
WonderPush goes beyond what is strictly required by GDPR: we give you the tools to let users download or delete part or all of their WonderPush related data.
Declaring that consent is required
All our SDKs let you declare that user consent is required. This is done like this:
WonderPush.push(["init", {
webKey: "YOUR_WEBKEY",
requiresUserConsent: true,
}]);
buildConfigField 'boolean', 'WONDERPUSH_REQUIRES_USER_CONSENT', 'true'
#import <WonderPush/WonderPush.h>
- (BOOL)application:(UIApplication *)application willFinishLaunchingWithOptions:(NSDictionary *)launchOptions {
[WonderPush setRequiresUserConsent:YES];
[WonderPush setClientId:@"YOUR_CLIENT_ID" secret:@"YOUR_CLIENT_SECRET"];
[WonderPush setupDelegateForApplication:application];
[WonderPush setupDelegateForUserNotificationCenter];
return YES;
}
func application(_ application: UIApplication, willFinishLaunchingWithOptions launchOptions: [UIApplicationLaunchOptionsKey: Any]?) -> Bool {
WonderPush.setRequiresUserConsent(true)
WonderPush.setClientId("YOUR_CLIENT_ID", secret: "YOUR_CLIENT_SECRET")
WonderPush.setupDelegateForApplication(application)
WonderPush.setupDelegateForUserNotificationCenter()
}
Our Cordova SDK requires you set that property when installing the plugin. See the REQUIRES_USER_CONSENT variable
Setting user consent
All our SDKs let you give or remove user consent. This is done like this:
// Give consent
WonderPush.setUserConsent(true);
// Remove consent
WonderPush.setUserConsent(false);
//Give consent
WonderPush.setUserConsent(true);
//Remove consent
WonderPush.setUserConsent(false);
// Give consent
[WonderPush setUserConsent:YES];
// Remove consent
[WonderPush setUserConsent:NO];
// Give consent
WonderPush.setUserConsent(true);
// Remove consent
WonderPush.setUserConsent(false);
WonderPush.setUserConsent(true);
What happens while consent is not given
When you've specified that your app or website required user consent, the WonderPush SDK is not initialized until users give their consent using the setUserConsent
API.
If you are using our Website SDK, calls to WonderPush made before consent is given will result in rejecting Promise
objects.
On other SDKs, the calls will simply be ignored.
What happens when users give their consent then remove it
When consent is given, the WonderPush SDKs function normally. You can put properties, track events and set tags.
When users withdraw their consent, any data you've sent to WonderPush is still available, but our SDKs “shut down” and do not let you record any more data.
You can still use the data that was collected while consent was given.
Giving users control over their data
All our SDKs provide methods to download or clear all or part of each user's data:
clearEventsHistory
clears all events recorded using trackEvent.clearPreferences
clears all the installation properties,clearAllData
deletes any event, installation and potential user objects associated with all installations present on the device,downloadAllData
initiates the download of all the WonderPush data related to the current installation, in JSON format
See the documentation of the SDK you're using for more detail on how to use these methods.
Update your privacy terms
Remember to update your website's privacy policy
When you have finished integrating WonderPush, we recommend that you copy and adapt to your needs the article below to keep your privacy policies compliant with the GDPR:
Web push notifications:
We provide news and updates on our sites via web push notifications.
To benefit from this free service, operated with our push provider WonderPush (https://www.wonderpush.com/), you must first subscribe by clicking on an authorization request controlled by your browser and your device when you visit our website.
The navigation data that we could store and process in order to operate this service and send you relevant messages is anonymized and kept on WonderPush servers for a maximum of 90 days and never shared to third parties. We do not store any recognizable data, neither IP address about you or your device in connection with the push notification service.
You can stop receiving our web push notifications at any time by unsubscribing.
Here is how to manage your web push subscription and to delete associated data
(https://docs.wonderpush.com/docs/manage-your-data-and-unsubscribe-from-web-push-notifications)
Updated almost 4 years ago