Helpdesk
/
Wp Edition

How to make contact forms GDPR compliant

When it comes to GDPR compliance for websites, ensuring that your contact forms adhere to regulations is crucial. These forms, essential for user interaction, collect personal data and must comply with GDPR guidelines. In this article, we'll explore how to adjust them correctly.

Bringing Privacy wording on contact forms into compliance

Contrary to common belief, a privacy acceptance checkbox is not always necessary. If the form is solely intended for responding to specific user inquiries without involving marketing activities, the checkbox can be replaced with informational text:

"By submitting this form, I declare that I have read the privacy policy and authorize the Controller to respond to me as expressed in point a and b of the privacy policy."

This text, which should include a link to the privacy policy page, informs users that their data will be processed solely to address their request, as detailed in points a and b of the policy. If no marketing activities (e.g., newsletters, SMS marketing, WhatsApp marketing, general telemarketing, etc.) are planned with the collected data, this approach is typically sufficient.

standard privacy policy on contact forms

Added checkbox for Consent to Marketing communications.

If you intend to use the collected contacts for marketing activities, additional attention is required. It's essential to include an optional checkbox in the form, which must not be preselected. Accompany this checkbox with the following text:

"I give consent to receive promotional materials as stated in point c of the privacy policy."

Again, "privacy policy" will be a link to the corresponding page.

Checkbox for marketing consent in contact forms

A practical guide to entering the marketing consent checkbox, you can refer to this article.

Finally, to make marketing consent effective, it is necessary to enable point c mentioned above in the site's privacy policy. This is done by accessing:

My Agile Privacy > list policy > personal data policy

and selecting the option to enable marketing consent, found below the content. Once done, point c will be visible and active in the policy.

settings to enable marketing consent in privacy policy

Saving the marketing consensus

It's crucial to document the consent given by users. Since there are no specific regulations from the authorities on how this information should be stored, one approach is to save the form submission to the website's database or retain the notification email received from the administrator.

How to manage Google ReCaptcha on a GDPR-compliant form

Another critical aspect of GDPR compliance for contact forms is handling Google ReCaptcha. While effective against spam, this tool installs cookies and conducts fingerprinting activities, which fall under GDPR regulations and must be preemptively blocked.

However, blocking Google ReCaptcha without informing the user may disrupt the contact form's functionality without explanation. To address this, we've devised a code to be inserted near the contact form. This code displays a warning to users, advising them to review their cookie preferences to ensure proper form operation if they haven't accepted the Google ReCaptcha cookie. Otherwise, the warning message will automatically disappear.

To implement this warning, simply add the following block of code near the contact form:

<div class="map_custom_notify map_api_key_google_recaptcha showConsentAgain" style="display: block;">
    Warning: Your Cookie choices may not allow the form to be sent. Click here to review your preferences.
</div>

This is how the alert will be shown:
Message notifying the user when the Google Recaptcha Cookie has not been accepted

This message is shown or hidden automatically based on the cookie preferences expressed by the user.

Want to know how to insert customised warning messages for users if cookies are not accepted? Follow the instructions in the guide How to customise the My Agile Privacy cookie banner.

This ensures that the contact form remains functional while complying with GDPR regulations.

Navigazione rapida
rely on our experts for a professional installation service
a Formula Agile SRL project
VAT ID 04524510403 - REA: RN418884
Viale Medici 16/A, 47922 Rimini (RN) - Italy
Share capital 12'000€
PEC formulaagilesrl[at]legalmail.it
For assistance: info[at]myagileprivacy.com
GDPR and privacy present complexities that extend beyond achieving website compliance. Compliance obligations span across all business aspects and necessitate expert analysis.
When it comes to implementing Banners and Policies, trust My Agile Privacy—the only solution that excludes unnecessary implementations not mandated by regulations.
Logo CMP partner GoogleLogo CMP partner GoogleLogo IAB Europe approved
My Agile Privacy

This site uses technical and profiling cookies. 

You can accept, reject, or customize the cookies by clicking the desired buttons. 

By closing this notice, you will continue without accepting. 

In addition, this site installs Google Analytics version 4 (GA4), Facebook Remarketing with anonymous data transmission via proxy. 

By giving your consent, the data will be sent anonymously, thus protecting your privacy.