{"id":9028,"date":"2024-01-25T11:58:17","date_gmt":"2024-01-25T10:58:17","guid":{"rendered":"https:\/\/www.myagileprivacy.com\/helpdesk\/how-to-bring-contact-forms-into-gdpr-compliance\/"},"modified":"2026-01-02T10:48:03","modified_gmt":"2026-01-02T09:48:03","slug":"how-to-make-contact-forms-gdpr-compliant","status":"publish","type":"helpdesk","link":"https:\/\/www.myagileprivacy.com\/en\/helpdesk\/how-to-make-contact-forms-gdpr-compliant\/","title":{"rendered":"How to make contact forms GDPR compliant"},"content":{"rendered":"

When it comes to GDPR compliance for websites, making sure your contact forms are compliant is critical. Contact forms\u2014essential for site-user interaction\u2014collect personal data and must meet GDPR requirements. Here\u2019s how to make sure they conform.<\/p>\n

Compliant Privacy Wording in Contact Forms<\/h2>\n

Contrary to popular belief, a privacy acceptance checkbox isn't always mandatory. If the form serves only to respond to user queries (with no marketing involved), a checkbox can be replaced with an informational sentence like:<\/p>\n

\n

\"By submitting this form, I declare that I have read the privacy policy and authorize the Controller to respond to me as expressed in point a and b of the privacy policy.\"<\/p>\n<\/blockquote>\n

This statement (with \u201cprivacy policy\u201d linked) tells users that their data is processed only to fulfil their specific request. If you do not plan marketing (e.g. newsletters, SMS, WhatsApp, telemarketing) with the data collected, this solution is sufficient.
\n\"standard<\/p>\n

Adding a Checkbox for Marketing Consent<\/h2>\n

If you plan to use collected contacts for marketing, you must include an optional, not-preselected checkbox<\/strong> with this text:<\/p>\n

\n

\"I give consent to receive promotional materials as stated in point c of the privacy policy.\"<\/p>\n<\/blockquote>\n

Again, \u201cprivacy policy\u201d should link to your full privacy statement.
\n\"Checkbox<\/p>\n

For a hands-on guide to adding this checkbox, see this article<\/a>.<\/p>\n

In addition to adding the checkbox to your forms, you also need to make sure you\u2019ve selected the option for newsletters and marketing communications in the Policy Assistant. Go to My Agile Privacy\u00ae<\/sup> > Policy Assistant<\/em>, and proceed to the Site Features step<\/p>\n

Here, make sure to tick the Newsletter<\/em> option, which will enable point c mentioned earlier in the policies.<\/p>\n

\"\"<\/p>\n

Important note:<\/strong> Once you enable the Newsletter option, a second option will appear:
\n\u201cI keep data for a maximum of 24 months from the last meaningful interaction.\u201d<\/em><\/p>\n

But what does \u201clast meaningful interaction\u201d mean?<\/strong>
\nIt refers to the last time a user interacted with one of your communications or a form on your site. For example, opening an email, clicking a link within an email, or submitting a contact request through a form on your site.<\/p>\n

You must select this additional option only if the data is actually stored for a maximum of 24 months. Otherwise, do not check it and simply proceed.<\/p>\n

Saving the Marketing Consent<\/h2>\n

It\u2019s important to keep a record of users\u2019 consent. Regulations do not specify a required retention method; you can save each submission in your site\u2019s database or keep the administrator\u2019s notification email. Alternatively, you can implement a double opt-in mechanism, which involves sending an additional verification email to the user to confirm the email address and the user\u2019s consent.<\/p>\n

Managing Google ReCaptcha on GDPR-Compliant Forms<\/h2>\n

Another key GDPR requirement for contact forms is handling Google ReCaptcha. While useful against spam, ReCaptcha installs cookies and performs fingerprinting, so must be blocked until consent is granted.<\/p>\n

However, blocking ReCaptcha without notice may disable your form input unexpectedly. To avoid this, add this code near your contact form\u2014it displays a warning if the ReCaptcha cookie isn\u2019t accepted. The warning disappears automatically if the user consents.<\/p>\n

<div class="map_custom_notify map_api_key_google_recaptcha showConsentAgain mapShowItem">\n    Warning: Your Cookie choices may not allow the form to be sent. Click here to review your preferences.\n<\/div><\/code><\/pre>\n
Here\u2019s how the message will appear:
\n\"Message<\/p>\n
Want to show custom warning messages if cookies are not accepted? Follow the guide How to customise the My Agile Privacy\u00ae<\/sup> cookie banner<\/a>.<\/p>\n
Following these steps ensures your contact form is both functional and GDPR compliant.<\/p>\n","protected":false},"template":"","categoria-helpdesk":[28],"versione-plugin":[30],"class_list":["post-9028","helpdesk","type-helpdesk","status-publish","hentry","categoria-helpdesk-onboard","versione-plugin-wp-edition"],"acf":{"helpdesk_in_evidenza":true,"helpdesk_ordine":"3","elenco_faq_articolo":[{"domanda":"Is the privacy policy checkbox mandatory in contact forms?","risposta":"No, the privacy policy checkbox is not mandatory if the form is only used to respond to user requests, without any marketing activities. It is sufficient to include an informational text stating that the data will only be used to respond to the request, along with a link to the privacy policy."},{"domanda":"When is it necessary to add a marketing consent checkbox?","risposta":"The marketing consent checkbox is necessary when you want to use the collected data for marketing activities as well, such as newsletters, SMS, or telemarketing. It must be optional and not pre-checked."},{"domanda":"How should users' marketing consent be stored?","risposta":"Regulations do not specify a precise storage method. You can save each submission in the site's database, keep the administrator notification email, or adopt a double opt-in mechanism, which involves sending a verification email to the user to confirm their consent."},{"domanda":"What is meant by 'last significant interaction' in the context of data retention?","risposta":"'Last significant interaction' refers to the last time a user interacted with a communication or a form on the site, for example opening an email, clicking a link within an email, or submitting a contact request through a form."},{"domanda":"How should Google ReCaptcha be managed to be GDPR compliant?","risposta":"Google ReCaptcha installs cookies and fingerprinting, so it must be blocked preventively under the GDPR. To avoid the form becoming unusable without the user understanding why, it is recommended to display a notice near the form informing the user that their cookie choices may prevent the form from being submitted, with the option to review their preferences."},{"domanda":"What needs to be done in the My Agile Privacy Policy Assistant to enable marketing consent?","risposta":"You need to access My Agile Privacy\u00ae > Policy Assistant and proceed to the 'Site Features' step, where you must check the 'Newsletter' option. This enables point c of the privacy policy relating to marketing communications."},{"domanda":"Is it always necessary to select the 24-month data retention option that appears after enabling the Newsletter?","risposta":"No, this option should only be selected if the data is actually retained for a maximum of 24 months from the last significant interaction. Otherwise, it does not need to be checked."}]},"_links":{"self":[{"href":"https:\/\/www.myagileprivacy.com\/en\/wp-json\/wp\/v2\/helpdesk\/9028","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.myagileprivacy.com\/en\/wp-json\/wp\/v2\/helpdesk"}],"about":[{"href":"https:\/\/www.myagileprivacy.com\/en\/wp-json\/wp\/v2\/types\/helpdesk"}],"wp:attachment":[{"href":"https:\/\/www.myagileprivacy.com\/en\/wp-json\/wp\/v2\/media?parent=9028"}],"wp:term":[{"taxonomy":"categoria-helpdesk","embeddable":true,"href":"https:\/\/www.myagileprivacy.com\/en\/wp-json\/wp\/v2\/categoria-helpdesk?post=9028"},{"taxonomy":"versione-plugin","embeddable":true,"href":"https:\/\/www.myagileprivacy.com\/en\/wp-json\/wp\/v2\/versione-plugin?post=9028"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}