Fun with Squarespace: GDPR, Cookies and Privacy Policies

Written By Katy Carlisle

Alright party people 🥳 Let’s be honest. Nobody is all like “oh data protection, that’s so sexy” but it’s an obligation for some of us and good practice even if it isn’t legally required. So let’s look at how we can add this information to our Squarespace websites.

Firstly, it’s time for the giant disclaimer klaxon! As much as my love for Legally Blonde is true, I am not a lawyer and this information is based on my understanding of the regulations. Basically don’t sue me, okay? Diolch (that’s Welsh for thanks).

What even is GDPR?

It stands for General Data Protection Regulation but you probably don’t care about that. Basically it’s the rules around collecting information from anyone in the EU. And despite Brexit, that will still include the UK as it’s going to be implemented here under the imaginatively titled “UK GDPR”.

So if people from the EU or the UK might be visiting your Squarespace website, you should follow the rules. Will anyone care if you don’t? Probably not, but this could be the slippery slope into an utterly lawless society. Also all the cool kids are doing it.

There’s a lot of detail relating to GDPR available elsewhere online, so I’m just going to focus on the three main areas that relate to your Squarespace website.

1. Create a privacy policy

This is like the one document to rule them all. It should cover things like the information you collect, what you do with it, and how people can contact you about their data. And it doesn’t just relate to your website either; your privacy policy is about how you manage data across your business.

There are lots of templates online for creating privacy policies but my favourite is this template from the ICO, who are the official organisation around data protection in the UK. Their document includes guidance and links to the relevant information on their website.

When you’re creating your policy, you will need to know a bit more about how Squarespace collects people’s data and they have handily put together some sample messages that you can use in your policy. Yay!

Once you’ve filled in the template, you can either save it as a PDF and upload it, or copy and paste the information into a page on your website. I prefer creating a new page in the Not Linked section and then adding a link to that page from the footer, and from the cookies banner.

Doing it as a page means it’s easier to update whereas with a document you’d need to re-upload it if you made any changes, but it doesn’t really matter, so don’t overthink it.

And if you want a bit of extra help putting your document together, my freelance friend Hugo over at HugeHug actually enjoys writing privacy policies. Weird.

2. Add a cookies banner

You need to tell people if you use cookies, and get their consent. Squarepace have made this easy with their cookies banner tool and they also an article with information about what cookies they use.

Go to Settings > Cookies & Visitor Data and tick the box next to Enable Cookies Banner. You can then optionally customise the message and change the style of your banner. You can also add a link to your privacy policy in the text.

To be properly compliant with GDPR, I’d recommend using the button or text option as the CTA Type (CTA stands for Call To Action) and using a word like “Accept” or “OK” so that people are actively opting in as opposed to just dismissing the message.

I like to have mine on the light theme and in the bottom left corner, but have a play around and see what looks best on your website.

3. Allow people to opt in to marketing

GDPR might seem like a bit of a ball-ache and when the rules came in lots of companies were complaining about having to get consent when signing people up to mailing lists. But actually it makes a lot of sense. Think back to all the spammy emails you’ve got that you never signed up for. They’re annoying and the chance of you interacting with them in a meaningful way are minimal.

On the other hand, if people have actively said yes to you sending emails to them, you may have a smaller audience but it will be much more engaged and likely to turn into sales.

There are several ways to add people to your mailing list, so let’s look at the GDPR implications for each one. Squarespace also has more information about marketing emails in their help guide.

In a newsletter block

This is a basic way to ask people to sign up for your mailing list and it doesn’t have a tick box for opting in so this is a bit of a grey area. My interpretation is that if you’re only using this block to ask people to sign up to your mailing list (and you’re clear about what they will get) then they are taking a positive action to opt in by adding their email address. However I suspect some people would disagree with this and say it’s not enough consent.

To me though, it would be weird to have a sign up block specifically for your newsletter, and then to have a tick box to opt in. Like, why else would they be adding their email in this scenario? But again, I’m not a lawyer, and if you want to err on the side of caution, you can use the double opt in setting so people need to click on a link in an email to confirm their subscription.

You can also add information about what people are signing up for in the Disclaimer field when editing the newsletter block.

What definitely wouldn’t be allowed is if people were forced to sign up to your newsletter in order to get a free download, for example. For this case, it’s better to use a form block (see below) so they can explicitly opt in to future communications from you.

In a promotional pop-up

This is essentially the same as with a newsletter block so if you need an option to ask for specific consent, it’s best to use the button option and direct to a page where you use a form block.

If you haven’t spotted Squarespace’s built in pop-up tool, it’s under Marketing > Promotional Pop-Up.

In a form block

If you need people to tick a box so that they actively opt in to hearing from you, for example they are providing their email to get an e-book, rather than to receive marketing materials, then the form block is your friend.

After asking for their email and any other relevant information, you can either add a single “Yes please” check box and make it not required, or use a radio field with “Yes please” and “No thanks” and make it required. These responses can then be stored in either MailChimp or a Google Spreadsheet (link these under the Storage tab).

In MailChimp, you can use the Segment tool to filter people who have opted in before sending out emails.

This form block method weirdly doesn’t work with Squarespace Campaigns, which is their own email marketing tool. Personally I still prefer MailChimp anyway as it’s free to get started.

During the checkout process

Under Commerce > Checkout > Mailing Lists you can give people the option to sign up for marketing emails or a newsletter. As people already buying from you these are super-hot leads, so it’s great to have their permission to contact them about more products or services they might like.

Once you’ve connected your email marketing tool of choice, you’ll see an option to customise the text people see encouraging them to sign up, and under that a box that says Checked by Default. Make sure this is unticked (or unchecked for our pals across the pond) so people have to actively opt in.

Wasn’t that totes the best time you like, ever had?

Shall we do it again? I’ll call you. Better still, sign up to my delighful newsletter below 👇 and get more fun than you can shake a stick at, delivered sporadically into your inbox. Aahhh go on go on go on go on go on.

Katy Carlisle

Squarespace website design and training.

http://www.sqspqueen.com
Previous

Spacers gonna space
Next

If you like it then you should have put a favicon on it