Overview
The General Data Protection Regulation Compliance (GDPR) is a European Union (EU) regulation relating to the processing of personal data, privacy, and consent for EU citizens. Companies that market or sell products to EU citizens, including ClickBank and ClickBank Sellers, must abide by GDPR restrictions regarding the use of customer data.
ClickBank and ClickBank Sellers must have a valid lawful basis in order to process customer data. When an EU customer purchases a product, you as the ClickBank Seller can use their information to deliver the product or troubleshoot issues with the product.
However, sellers cannot use their contact information for other purposes, such as marketing communications, unless they consent.
ClickBank has updated our user interface (UI) in many areas to give EU customers the ability to consent to marketing communications from sellers, and to communicate each customer's selection to sellers. All ClickBank sellers must comply with customers' decisions regarding the use of their data.
ClickBank made changes to several portions of our purchase process to comply with GDPR. These changes took effect on May 23, 2018.
This article contains the following sections:
- Consent on Order Form
- ClickBank Seller Notification
- Rights Guaranteed by GDPR
- ClickBank Seller Responsibilities
- Additional Resources & Related Articles
Consent on Order Form
When a customer arrives on the ClickBank order form, their IP address and billing address is used to determine their location, with the billing address taking precedence. If the customer is located in the EU, a checkbox is displayed. The customer has the option the indicate consent to receive marketing communication by checking this check box.
The Advanced Custom Order Form template will be updated to include the ability to style this consent box. ClickBank Sellers can download a new ACOF bundle that contains the consent box.
ClickBank Seller Notification
ClickBank Sellers are notified via ClickBank of a customer's consent selection through multiple channels:
- Confirmation Email:
The order confirmation email that is sent we send to you specifies whether the customer has declined consent. - Instant Notifications:
Instant Notifications (version 6.1) includes a new parameter called "declinedConsent." This parameter indicates customer's consent selection. The parameter values include:-
nil – The customer is not affected by GDPR.
-
true – The GDPR customer did not consent to marketing communications.
-
false – The GDPR customer consented to marketing communications.
-
- Orders API Returns:
The Orders API includes a new parameter called "declinedConsent." This parameter indicates the customer's consent selection. The parameter has the following values:
-
nil – The customer is not affected by GDPR.
-
true – The GDPR customer did not consent to marketing communications.
- false – The GDPR customer consented to marketing communications.
-
- Transactions Reporting Display:
The Transactions Reporting Display now includes a "Declined Marketing" column which contains an X if the customer has declined consent for marketing communications.
Rights Guaranteed by GDPR
The GDPR guarantees a number of rights to EU citizens. This section explains each right, and the actions that ClickBank and ClickBank Sellers must take to comply with these rights.
- Right to be Informed
EU citizens have the right to be informed about the collection and use of their personal data. ClickBank provides information through the ClickBank Privacy Policy and through the information on the order form. To comply with this right, sellers should update their privacy policies and should clearly disclose how they use customers’ data. - Right of Access
EU citizens have the right to request access to their information, and request information about how their data is being used. Companies must verify the identity of the requester and then promptly provide the information. Sellers must provide EU citizens with a copy of their data, in a commonly used electronic format, within 30 days of receiving a proper request from the customer or from ClickBank. - Right to Rectification
EU citizens have the right to update, correct, or complete their personal information. Customers can update their information by creating a customer account. When a customer does so, ClickBank overwrites the old information and sends an email to the seller explaining the change. Sellers must update any records containing the old information, to remove the old information and include the new information, within 30 days of receiving a proper request from the customer or from ClickBank. - Right to Erasure
EU citizens have the right to request the deletion of their information. Customers can make this request via email. When we have verified the information to be deleted, ClickBank sends an email to the seller explaining the change. Sellers must delete the specific user data according to the communication from ClickBank, within 30 days of receiving a proper request from the customer or from ClickBank. - Right to Restrict Processing
EU citizens have a right to request that that their data no longer be processed or used. Customers can exercise this right by unsubscribing from marketing communications or by cancelling ongoing subscriptions.
Sellers must comply with customers' decisions regarding the use of their information for marketing communications. If ClickBank contacts sellers with any other restrictions on the ongoing use of a customer's personal information, sellers must comply. - Rights Related to Automated Decision Making Including Profiling
The rights specified in the GDPR also apply to automated processing of customers' data. As a consequence, the automatic upsells feature is disabled for EU customers.
Sellers do not need to take any action to ensure compliance with this right, unless they are using the customer’s data in this fashion for their own purposes.
ClickBank Seller Responsibilities
Under GDPR, you are obligated to comply with customers' wishes regarding their data. In particular, you must use their contact information only for the purposes to which they consent.
- If a customer does not consent to marketing communications, you must use their contact information solely to service and support the product that they have already purchased.
- If a customer consents to marketing communications, you may send them marketing communications through their contact information.
- If a customer unsubscribes from your marketing communications, you must comply with the new selection promptly.
- If ClickBank contacts you and asks you to update or delete a customer's information, do so promptly.
Additional Resources & Related Articles
- GUIDE: Guide to the General Data Protection Regulation
- ClickBank Official Guide to GDPR
- DOWNLOAD: Advanced Custom Order Form Bundle
- KNOWLEDGE BASE ARTICLE: Advanced Custom Order Form
- KNOWLEDGE BASE ARTICLE: Transaction Reporting