Depositphotos_174525924_m-2015

Firstly, just like every other online service, as it seems in the last week, we have updated our Privacy Policy into a new behemoth 8,500-word document that outlines how we deal with online privacy. Europeans are very concerned about online privacy. It's not like we're not concerned about it in the United States, but the new General Data Privacy Regulation (GDPR) from the European Union is a new wide-reaching online privacy law. We talked about it in this recent blog post.

This law threatens American online services, companies, and websites with hefty fines if they mess up the privacy of EU citizens and that EU citizen reports it. We actually think the spirit of the law is great, so we have put in place some new functionality and publicly posted policies (Privacy and Cookie policies) in order to be ready for the GDPR.

 

What do Showcase IDX customers have to do to get ready for GDPR with Showcase IDX?

 

1. Set up the expressed consent checkbox in the lead sign-up form

A big part of getting ready for GDPR is getting consent from your visitors as they sign up, so it's clear how their private data will be used after they create an account. To do this, we've added an (optional) setting on the new Privacy Settings page. This checkbox, when turned on, is a required field that has links to your Privacy Policy, Cookie Policy and Terms of Use. When clicked by a lead, it gives you the protection of expressed consent to use their data as outlined in the policies. On the Privacy Settings page, we've added the ability to put in the URLs (full https:// URLs) into the settings page to create the links to your Privacy Policy, Cookie Policy, and Terms of Use.

 

2. Updated Privacy Policy

Most real estate websites don't have a customized privacy policy and if they do have a privacy policy it's a generic boilerplate thing that they probably copy-pasted from another website. The time that this was workable is over with the GDPR. Take a look at our Privacy Policy to get an idea of what should be in it. There's a lot. We cannot write this for you, but we can help you with what's applicable to Showcase IDX.

The main section you'll need to use in the section regarding transferring data out of the EU. You'll want to add this section for Showcase IDX. We highly recommend if you have a high number of visitors and leads from EU countries to contact a GDPR consultant and/or your legal counsel to make sure that you are in compliance. Forget the threat of big fines for a second, if you have a lot of European visitors and leads (I'm looking at you Florida), they will expect this kind of privacy protection and it might not be good for business.

In your privacy policy, you can add these sections where necessary:

Section: Transfers of your information outside the European Economic Area

Server log information

Information collected when you visit and register an account on our website is transferred outside of the EEA and stored on the servers of our IDX search plugin provider, Showcase IDX. You can access their privacy policy here: http://showcaseidx.com/privacy-policy

Country of storage: The United States.

Safeguards used: our third party hosting provider has self-certified its compliance with the GDPR.

Section: Disclosure of your information to service providers

We use a number of third parties to provide us with services which are necessary to run our business or to assist us with running our business and who process your information for us on our behalf. These include the following:

 

3. Updated Cookie Policy

Most real estate websites don't have a cookie policy. Period. Under the GDPR you need one. It's going to be a bit of a pain the butt to create because you need to list all the cookies that your website and a lot of plugins drop cookies. Here's a handy guide to get started and you can find our website's cookie policy, here. Unfortunately, as much as we'd love to do all this for you, we can't. We're just a plugin on your site. But here are some snippets that should help you fill out the parts pertaining to Showcase IDX.

Essential Cookie
Firstly, Showcase IDX's cookies should be considered Essential Cookies on your website. This is an important distinction. Here's a very easy to understand guide about how the EU is now treating cookies, from Wired.

Persistent Cookies
The Showcase IDX cookies are persistent.

First Party Cookies
This can be a little confusing, but it's by which domain drops the cookie, not that it's from a 3rd party... so the Showcase IDX cookies are cookies placed on your device by our website domain.

List of Cookies

The main cookie set by Showcase IDX does not contain any personally identifiable information and just a token that we use to tell who is who based on the session. This lets us do a bunch of fancy stuff. It's remarkably private. We do store some information about the user before they sign up, but that is in the browser cache of their own device and it's accessed without going through or onto our servers. We also track analytics on our search pages through using Google Analytics. This lets us see how the IDX is being used, and we use this information to make educated fact-based decisions that improve the product. It is anonymized and we cannot see what individual sites or customer are doing. Only the aggregate of all instances of our product.

 

Name of Cookie Essential or Non-essential? Type of cookie First or Third party? Session or Persistent? Expiry Time Purpose
sidx_token Essential Session Controller First Party Persistent 20 years IDX
_ga & _gid Non-Essential Tracking Third Party Persistent 24 hours Google Analytics

 

In the section of your Cookie Policy about functional cookies, you can add this:

Functional cookies

These are cookies that are designed for purposes such as enhancing a website’s functionality. These are either not strictly essential for the website or functionality which you have requested to work, or are cookies which serve non-essential purposes in addition to their essential purpose. We use the following functional cookies on our website:

- First party, persistent cookies to recognize you when you use our IDX search and personalize it to you. These cookies are: sidx_token. These cookies expire after 2 years.

 

Screen Shot 2018-05-25 at 12.29.29 PMPrivacySettings