SITE-Verifier

Check your website for GDPR Compliance now! It could not be easier: Enter a URL and activate with a valid email. Within a few minutes the result will be provided to you in a report!

SITE-Verifier was developed to check the privacy statement of a website for compliance with the GDPR.

The General Data Protection Regulation (GDPR) has been in force since 25 May 2018. Since then, website operators must meet certain requirements as soon as they pursue a commercial intention with their website. In principle, however, the GDPR does not only impose obligations on companies. A so-called “commercial intention” also exists if a website has integrated a banner which the operator expects to generate potential income. The GDPR does not apply to websites which are used exclusively for family or personal purposes. And these are probably only the fewest …

Meanwhile, there are many data protection generators on the Internet, with which website admins can create a privacy policy for their website. Often these data protection generators also ask for technical details of the website, e.g. for integration of social media, 3rd party cookies, storage time of access logs and much more.



Do I need a privacy policy at all?

As soon as personal data is processed by the website, a privacy policy becomes mandatory. Basically, it can be said that this is the case with most websites. As a common example IP addresses are given.

Dieses Bild hat ein leeres Alt-Attribut. Der Dateiname ist 2.jpg

In one case, the German Federal Court of Justice (BGH) submitted two questions to the European Court of Justice (ECJ) on the interpretation of European data protection law, which concerned the data protection treatment of dynamic IP addresses and the conditions for their processing. In its ruling (case no. C-582/14), the ECJ stated that dynamic IP addresses are personal data if the operator of the website … “has legal means of identifying the user concerned on the basis of the additional information available to his Internet access provider”. IP addresses are stored in the web server log files by default, whether it is an Apache web server or an IIS. Hardly any website operator takes the trouble to disable this default web server behavior. Often a website operator has no way to influence these configurations, because the pages are provided by a hosting provider. However, this does not release the website operator from the obligation to inform the website visitors about the storage and possible processing. The subject of personal data however extends beyond IP addresses. Email addresses, contact information, credit card data, etc. are frequently requested. Here the direct personal reference is even more evident than with IP addresses. In principle, the existence of a correct data protection declaration takes the wind out of any questions about the processing of personal data from the outset. Just as with a required imprint, a data protection declaration also creates an impression of professionalism!



How does SITE-Verifier work?

SITE-Verifier scans the website and tries to find the privacy statement embedded in it. Usually this is done automatically. In the rare case that a privacy statement is present on the website but is not found by SITE-Verifier, the link to the privacy statement can be entered separately. Important: The Privacy Policy should always be linked on the home page so that visitors to the website have direct access to it.



What is special about SITE-Verifier?

A website’s privacy policy is designed to educate the visitor about what information is “collected”, where the information is transferred, what rights the website visitor has with respect to the information, how to exercise those rights, and much more.

Web sites actually always include content from third parties. This can be cookies, but also fonts, external scripts, styles and other content. When these contents are integrated and displayed in the visitor’s browser, personal data is always transferred to third parties. A visitor to the website is initially unaware of this. Maybe he doesn’t care – but it is essential that the person responsible for the website includes this in his privacy policy. If a visitor wants to know where his or her data could potentially appear during his or her visit to the website, he or she should be able to find this in the privacy policy.

And this is exactly what is special about SITE-Verifier: After SITE-Verifier automatically finds the embedded privacy statement, the website will be searched for any embedded third-party content. SITE-Verifier also performs other checks, including whether the website is encrypted when you access it, whether the encryption of login fields is consistent, whether social media is included in accordance with data protection regulations, and much more. The results are used to check the privacy policy of the website. If SITE-Verifier detects a discrepancy between the technical image of the website and the privacy policy, it will note this in the report. Depending on the severity of the discrepancy, more or less points will then be deducted from the privacy rating. In addition, the data protection declaration is compared with other requirements of the GDPR. For example, it is checked whether the data protection declaration contains the necessary specifications such as purpose limitation, contact information, rights of data subjects, etc. Here too, any discrepancy is noted in the report and at the same time leads to a lower data protection rating for the website. Of course, SITE-Verifier will also show in the report how to increase privacy and make the privacy statement better.

SITE-Verifier is the perfect control tool to check a website’s embedded privacy statement.

SITE-Verifier’s report shows the remaining gaps, which can then be closed using the suggestions for improvement. So if you don’t want to consult a lawyer to provide a waterproof privacy statement for your website, SITE-Verifier is the perfect control tool!