Skip to main content

General Data Protection Regulation Compliance

ClickBank’s GDPR Compliance outlines how it handles personal data of EU users in line with General Data Protection Regulation.

Updated over 3 weeks ago

Overview

The General Data Protection Regulation Compliance (GDPR) is a European Union (EU) regulation relating to the processing of personal data, privacy, and consent for EU citizens. Companies that market or sell products to EU citizens, including ClickBank and ClickBank Sellers, must abide by GDPR restrictions regarding the use of customer data.

ClickBank and ClickBank Sellers must have a valid lawful basis in order to process customer data. When an EU customer purchases a product, you as the ClickBank Seller can use their information to deliver the product or troubleshoot issues with the product.

However, sellers cannot use their contact information for other purposes, such as marketing communications, unless they consent.

ClickBank has updated our user interface (UI) in many areas to give EU customers the ability to consent to marketing communications from sellers, and to communicate each customer's selection to sellers. All ClickBank sellers must comply with customers' decisions regarding the use of their data.

ClickBank made changes to several portions of our purchase process to comply with GDPR. These changes took effect on May 23, 2018.

This article contains the following sections:

Consent on Order Form

When a customer arrives on the ClickBank order form, their IP address and billing address is used to determine their location, with the billing address taking precedence. If the customer is located in the EU, a checkbox is displayed. The customer has the option the indicate consent to receive marketing communication by checking this check box.

This image shows a checkbox on the ClickBank order form above the Pay Now button. The checkbox is labeled 'Yes, I'd like to receive exclusive content and promotions from this vendor.'

The Advanced Custom Order Form template will be updated to include the ability to style this consent box. ClickBank Sellers can download a new ACOF bundle that contains the consent box.

ClickBank Seller Notification

ClickBank Sellers are notified via ClickBank of a customer's consent selection through multiple channels:

  • Confirmation Email:
    The order confirmation email that is sent we send to you specifies whether the customer has declined consent.

    Email_Consent.png

  • Instant Notifications:
    Instant Notifications (version 6.1) includes a new parameter called "declinedConsent." This parameter indicates customer's consent selection. The parameter values include:

    • nil – The customer is not affected by GDPR.

    • true – The GDPR customer did not consent to marketing communications.

    • false – The GDPR customer consented to marketing communications.

  • Orders API Returns:
    The Orders API includes a new parameter called "declinedConsent." This parameter indicates the customer's consent selection. The parameter has the following values:

    • nil – The customer is not affected by GDPR.

    • true – The GDPR customer did not consent to marketing communications.

    • false – The GDPR customer consented to marketing communications.

  • Transactions Reporting Display:
    The Transactions Reporting Display now includes a "Declined Marketing" column which contains an X if the customer has declined consent for marketing communications.

    This image shows a portion of the Transactions Reporting table, including the Declined Marketing column. An x in this column indicates that the customer has declined marketing communications.

Rights Guaranteed by GDPR

The GDPR guarantees a number of rights to EU citizens. This section explains each right, and the actions that ClickBank and ClickBank Sellers must take to comply with these rights.

  • Right to be Informed
    EU citizens have the right to be informed about the collection and use of their personal data. ClickBank provides information through the ClickBank Privacy Policy and through the information on the order form. To comply with this right, sellers should update their privacy policies and should clearly disclose how they use customers’ data.

  • Right of Access
    EU citizens have the right to request access to their information, and request information about how their data is being used. Companies must verify the identity of the requester and then promptly provide the information. Sellers must provide EU citizens with a copy of their data, in a commonly used electronic format, within 30 days of receiving a proper request from the customer or from ClickBank.

  • Right to Rectification
    EU citizens have the right to update, correct, or complete their personal information. Customers can update their information by creating a customer account. When a customer does so, ClickBank overwrites the old information and sends an email to the seller explaining the change. Sellers must update any records containing the old information, to remove the old information and include the new information, within 30 days of receiving a proper request from the customer or from ClickBank.

  • Right to Erasure
    EU citizens have the right to request the deletion of their information. Customers can make this request via email. When we have verified the information to be deleted, ClickBank sends an email to the seller explaining the change. Sellers must delete the specific user data according to the communication from ClickBank, within 30 days of receiving a proper request from the customer or from ClickBank.

  • Right to Restrict Processing
    EU citizens have a right to request that their data no longer be processed or used. Customers can exercise this right by unsubscribing from marketing communications or by cancelling ongoing subscriptions.

    Sellers must comply with customers' decisions regarding the use of their information for marketing communications. If ClickBank contacts sellers with any other restrictions on the ongoing use of a customer's personal information, sellers must comply.

  • Rights Related to Automated Decision Making Including Profiling
    The rights specified in the GDPR also apply to the automated processing of customers' data. As a consequence, the automatic upsells feature is disabled for EU customers.

    Sellers do not need to take any action to ensure compliance with this right, unless they are using the customer’s data in this fashion for their own purposes.

ClickBank Seller Responsibilities

Under GDPR, you are obligated to comply with customers' wishes regarding their data. In particular, you must use their contact information only for the purposes to which they consent.

  • If a customer does not consent to marketing communications, you must use their contact information solely to service and support the product that they have already purchased.

  • If a customer consents to marketing communications, you may send them marketing communications through their contact information.

  • If a customer unsubscribes from your marketing communications, you must comply with the new selection promptly.

  • If ClickBank contacts you and asks you to update or delete a customer's information, do so promptly.

Additional Resources & Related Articles

Related Articles
ClickBank Client Contract
Advertising Guidelines
ClickBank Privacy Policy
Security Policy
Your General Data Protection Regulation Rights
Did this answer your question?