Please note that the information provided herein is for general informational purposes only and does not constitute legal advice; it has not been prepared with your specific circumstances in mind and therefore may not be suitable for use in your business. By relying on the information contained in this message, you assume all risk and liability that may result.

What is the GDPR?

GDPR is an acronym for the General Data Protection Regulation. The purpose of the GDPR is to protect user data, and to ensure users located in the EU are in control of their personal data by allowing users to easily opt-out and remove their personal data as they see fit. For app developers, this means that implementing your own application’s system(s) for handling your customer opt-in, data capture, and data storage is required. Additionally, you’ll need the infrastructure to handle end-user requests to, among other things: opt-out, rectify, access, and to be forgotten - essential to comply with the GDPR (but we’re not your legal team, so please consult with a licensed attorney in order to address your specific needs).

What is required of App Developers right now?

Your apps and integrations will continue to interact and operate with Weebly’s services. However, the original Weebly developer agreement you accepted and consented to when you initially registered as a developer states that you are responsible for complying with any changes implemented by Weebly, as is the case with the new GDPR legislation. It is imperative that you read the Weebly Data Processing Agreement available here, and share this document with your legal and business teams to take the necessary actions to ensure your own compliance. Weebly assumes no liability on your behalf. By continuing to use Weebly’s services you shall be deemed to have accepted the terms and conditions of Weebly’s standard Data Processing Agreement.

As part of GDPR compliance, Weebly will be providing and automatically displaying a cookie notification banner on published sites when visited from a European IP address. Until the site visitor consents to the use of cookies through this banner, cookie-setting functionality will not work on the published site – including any new cookies your app may attempt to set. If your app relies on published site cookies, it may be impacted by this change. Cookie functionality will be restored on the next page load after the user’s cookie consent is obtained.

GDPR Considerations for Your Weebly Apps

If any of your apps published on the Weebly App Center have users in the European Union (EU) and your app uses “consent” as the lawful basis for data processing, the GDPR may require that you obtain end user consent before any personal data may be collected, transported, or used (to the extent originating from an end user located in the EU). Your app’s interface must include a data usage consent form so users know exactly how your app will use their personal data. App developers who are also data controllers are responsible for the protection of consumer data, no matter where it eventually resides. This means that software can no longer be launched with known vulnerabilities or bugs that could expose consumer data to unauthorized third parties or attackers. Likewise, developers need to make sure that any code used for data processing is protected by a safeguard like encryption so that customer information is secure from prying eyes, whether it’s being stored in the cloud or sent over the Internet.

To support user’s rights, Weebly will expose specific interfaces for users to submit their data export/forget requests. Weebly will implement the following procedure(s) for relaying users’ export/forget requests to you, our app developer, for processing and remittance.

Data Export/Forget Requests

Apps available in the Weebly App Center can utilize OAuth to request access to a Weebly user’s personal data, including their name and email address. If a Weebly User requests an export of their data or to be forgotten under the GDPR, Weebly will contact the registered developer account email of any apps where the user has granted OAuth access.

App Developers, who have received personal data through their “vendor” relationship with Weebly, must respond by certifying they have deleted all data, or by sending Weebly (or the user) all personal data in its possession within 30 days of when the App User’s original request was received.

In cases where an App User has written app reviews under that email address, the app review data will be included accordingly. Additionally, if App Reviewers make a forget request, all of their app reviews will be deleted entirely (in addition to forgetting any personal information).

How Weebly is Helping Site Owners with GDPR

It is highly recommended for app developers to become familiar with the information and resources Weebly is providing to site owners. If you have any questions, comments, or concerns, feel free to ask in the Weebly Developer Community or in the Weebly Help Center.

Weebly created this GDPR FAQ for Weebly site owners to provide them with information about the GDPR, as well as resources to help them prepare their sites for GDPR compliance.

Additionally, we’ve published site owner responsibilities about GDPR here.

Help make these docs better!