What is GDPR?
The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It’s a very important regulation that helps people to protect their data. You can learn more about what is GDPR at the following links: GDPR: How it Affects WordPress Site Owners and Developers and The Complete WordPress GDPR Guide: What Does the New Data Regulation Mean for Your Website, Business and Data?.
What user information does Nextend Social Login stores when a user registers?
Nextend Social Login stores the first and last name, email address, profile picture (as “avatar”) and access token.
At the Global settings → Privacy you can disable storing any of these personal data. If you chose to store them, you should include the reasons why do you need their data.
What happens if I disable the first and last name or email or avatar or access token fields?
Nextend Social Login will not store the disabled information. For instance, disabling the First name and Last name storing means that the users will receive a randomly generated username. This random username can’t be used to track back to their original name.
Disabling the email address means the users will not have any email address during the registration process. WordPress requires every user to have an email address. So as soon as they go to their profile to make any changes there, WordPress will not let them save their changes unless an email address is entered.
Sync data
When you are using the Pro Addon it’s possible to request extra information from the users who log in or register at certain providers. For instance, you can request and store the link of the user’s Profile from Facebook. These fields are optional and disabled by default. They’re only used if the website’s administrator enabled them.
If you chose to store any extra information you should include the reasons why do you need this data from your users.
GDPR also requires you to allow a way for users to edit all information you store from them. If you are using the Sync Data feature you must make sure that your users have a way to edit the information you ask down. This means you must provide (i.e. code) a way for the users to view and edit the information you store from them.
The Sync Data fields are added automatically to WordPress’ Export Personal Data result.
Possible Sync data related issues
Nextend Social Login only provides an option to ask down extra fields to store them in the given meta key. If you change this meta key after user information was asked down, you’ll need to make sure to update the meta key at the previously stored user data.
Custom fields
When you ask custom information form the users before the registration process finishes you’ll need to make sure that users can edit this information later. In your Privacy Policy you’ll need to address why do you ask this information and what do you do with it. It’s your responsibility to make sure that the asked custom fields are added to WordPress’ Export Personal Data result.
WordPress tools: Export and Erase
Any user can request all information you store from them. WordPress introduced a feature for this purpose at the Tools. Nextend Social Login does not affect the Erase Personal Data, as it does not create anything that could be erased this way. However, the Export Personal data tool will export everything Nextend Social Login stores. Including:
- First and last name
- Avatar
- Access token
- Sync data fields
Terms of service
When your users register your site, you must provide them Privacy Policy to read. Here they can learn what information do you store from them and what do you do with that information. Nextend Social Login allows you to add a custom Terms and Conditions text at the Global settings → Privacy tab. You can use this feature to display a message which tells them that by clicking the registration button, they agree these terms and conditions. You can also use this field to link to your Privacy Policy page. When the visitor hits any social registration button, they’ll see this message.
The actual registration process happens when they click the Register button. Until that happens, Nextend Social Login does not store any information from them.
Important note
Using Nextend Social Login does NOT guarantee compliance to GDPR. This plugin gives you general tools and this article provides general information, but is NOT meant to serve as complete compliance package. Compliance to GDPR is an ongoing process that involves your whole business. Nextend can’t take responsibility for making sure that your website GDPR compliant with Nextend Social Login on it, it’s your responsibility to make the site GDPR compliant.