Privacy Settings (GDPR)

  • Updated

To be GDPR compliant, consent is needed from your visitors when they sign up, so it is clear how their private data will be used after they create an account. This can be found in your IDX Control panel, under the Settings tab > PRIVACY.

Screenshot 2023-10-27 at 9.42.07 AM.png 

On the Privacy Settings page, we've added the ability to put in the URLs (full https:// URLs) into the settings page to your website's Privacy Policy, Cookie Policy, and Terms of Use, if you have Admin level permissions on your account. 

Expressed Consent on Sign Up Form

To do this, we've added an (optional) setting on the Privacy Settings page. This checkbox, when turned on, is a required field that has links to your Privacy Policy, Cookie Policy and Terms of Use. When clicked by a lead, it gives you the protection of expressed consent to use their data as outlined in the policies. 

Screenshot 2023-10-27 at 9.45.44 AM.png

Create Your Privacy Policy

Most real estate websites don't even have a customized privacy policy- and if they do have a privacy policy, it's a generic boilerplate thing that they probably copy-pasted from another website. The time that this was workable is over with the GDPR. Take a look at our Privacy Policy to get an idea of what should be in it. There's a lot! We cannot write this for you, but we can help you with what's applicable to Showcase IDX.

The main section you'll need to use in the section regarding transferring data out of the EU. You'll want to add this section for Showcase IDX. We highly recommend if you have a high number of visitors and leads from EU countries to contact a GDPR consultant and/or your legal counsel to make sure that you are in compliance. Forget the threat of big fines for a second, if you have a lot of European visitors and leads (I'm looking at you Florida), they will expect this kind of privacy protection and it might not be good for business.

In your privacy policy, you can add these sections where necessary:

Section: Transfers of your information outside the European Economic Area

Server log information

Information collected when you visit and register an account on our website is transferred outside of the EEA and stored on the servers of our IDX search plugin provider, Showcase IDX. You can access their privacy policy here:http://showcaseidx.com/privacy-policy

Country of storage: The United States.

Safeguards used: Our third party hosting provider has self-certified its compliance with the GDPR.

Section: Disclosure of your information to service providers

We use a number of third parties to provide us with services which are necessary to run our business or to assist us with running our business and who process your information for us on our behalf. These include the following:

Create Your Cookie Policy

Most real estate websites don't have a cookie policy. Under the GDPR, you need one. It's going to be a bit of a pain the butt to create because you need to list all the cookies that your website and a lot of plugins drop cookies. Here's a handy guide to get started and you can find our website's cookie policy here. Unfortunately, as much as we'd love to do all this for you, we can't. We're just a plugin on your site. But here are some snippets that should help you fill out the parts pertaining to Showcase IDX.

Essential Cookies
Firstly, Showcase IDX's cookies should be considered Essential Cookies on your website. This is an important distinction. Here's a very easy to understand guide about how the EU is now treating cookies, from Wired.

Persistent Cookies
The Showcase IDX cookies are persistent.

First Party Cookies
This can be a little confusing, but it's by which domain drops the cookie, not that it's from a 3rd party... so the Showcase IDX cookies are cookies placed on your device by our website domain.

List of Cookies

The main cookie set by Showcase IDX does not contain any personally identifiable information and just a token that we use to tell who is who based on the session. This lets us do a bunch of fancy stuff. It's remarkably private. We do store some information about the user before they sign up, but that is in the browser cache of their own device and it's accessed without going through or onto our servers. We also track analytics on our search pages through using Google Analytics. This lets us see how the IDX is being used, and we use this information to make educated fact-based decisions that improve the product. It is anonymized and we cannot see what individual sites or customers are doing. Only the aggregate of all instances of our product.

 

Name of Cookie Essential or Non-essential? Type of cookie First or Third party? Session or Persistent? Expiry Time Purpose
sidx_token Essential Session Controller First Party Persistent 20 years IDX
_ga & _gid Non-Essential Tracking Third Party Persistent 24 hours Google Analytics

 

In the section of your Cookie Policy about functional cookies, you can add this:

Functional cookies

These are cookies that are designed for purposes such as enhancing a website’s functionality. These are either not strictly essential for the website or functionality which you have requested to work, or are cookies which serve non-essential purposes in addition to their essential purpose. We use the following functional cookies on our website:

- First party, persistent cookies to recognize you when you use our IDX search and personalize it to you. These cookies are: sidx_token. These cookies expire after 2 years.