WP Brizy Cookie Information (Storage & Funktion)
Hello my Browser shows me you are including the folowwing cookies on the my WP Page. Can you tell me how long you store them and how you use them?
- brz-firstVisit
- brz-showedPopupsInSessionTimeLine
- brz-sessions
- brz-lastVisit
- brz-pagesViews
- brz-pagesViewsInSessionTimeLine
I need this information to put it in my Cookie Page for our Website visitors.
Thank you!
Greetings
Susanne
-
Hi,
Could you please send us the URL link of the site where you encounter this cookie?
Thank you!
Best regards,
Sandra0 -
Hi Sandra,
I've made a clean install of a WordPress test site with a single empty Brizy page. Browser cache and all cookies are emptied. Additionally I installed the consent tool Complianz. After a cookie scan the tool detects seven Brizy cookies:
The cookie "brz-authorized" was not found this time. So unfortunately I can not reproduce this behavior.
This is the URL: https://schirms.de
Why does Brizy store these pop-up cookies, although this is an empty site, set up from scratch and no pop-up in use?
Furthermore I try to block the use of Google Fonts by Complianz, but obviously it does not work. This is a hole mess.
I've talked to the lawyer of one of my customers. He recommends not to use Brizy in GDPR countries als long as the usage of cookies and google fonts can not be prevented.
I would be very glad, if you took your customers concerns regarding GDPR requirements into account. Legal certainty is crucial for professional web developers.
Uli
0 -
Dear Brizy team,
after consultation with a media lawyer I come to the conclusion, that using Brizy is not safe in GDPR countries. One reason is the usage of Google fonts, which can not be deactivated. The other reason is the usage of cookies, which can not be prevented.
If there is no way to deactivate cookies, the least thing which must be done, is to explain the exact purpose of each cookie to the visitors in the cookie statement. Unfortunately in this thread only general information can be found, this ist not sufficient. The information on https://cookiedatabase.org/service/brizy/ is incomplete and obviously incorrect in some cases. If you use https://www.cookiebot.com/ to check the same website, you will see, that the report judges the Brizy cookies in a whole different way and clearly states the website as not compliant with GDPR.
I kindly ask the Brizy team to investigate the purpose of each cookie and leave the explanation in this thread, so that Brizy customers and website visitors get a clear understanding. You are the only ones who can do this.
Please fill in the required data and categorize each cookie [functional, statistics, preferences, marketing]. In case of statistical data also state if it is anonymized:
Cookie Name: brz-pagesViews
Stored data:
Purpose:
Category:
Storage time:Cookie Name: brz-pagesViewsInSessionTimeLine
Stored data:
Purpose:
Category:
Storage time:Cookie Name: brz-firstVisit
Stored data:
Purpose:
Category:
Storage time:Cookie Name: brz-lastVisit
Stored data:
Purpose:
Category:
Storage time:Cookie Name: brz-showedPopupsInSessionTimeLine
Stored data:
Purpose:
Category:
Storage time:Cookie Name: brz-showedPopups
Stored data:
Purpose:
Category:
Storage time:Cookie Name: brz-sessions
Stored data:
Purpose:
Category:
Storage time:In case any of the cookies are not categorized as functional or anonymous statistical, please explain how the storage of those cookies can be prevented prior user consent.
Thank you very much for the clarification.
Uli
1 -
+1 on the request of Uli.
0 -
Hi,
This message is created and sent in collaboration with the Brizy managers.
These plugins scan for cookies in the plugin files, not in the browser. It may be a case when a user will never see these cookies in his/her browser.
On your site, you don't use any popups, so Brizy doesn't need to store any cookie on the user's browser (you can see this in the console on your website)If you use Brizy Popus and display conditions, then Brizy will store these cookies on the user's browser, to know when should the popup appear. For example, if you set up to display the popup only once per visitor only once per week, then a cookie is needed to store this info in the browser.
These cookies are not stored on the Brizy servers or any 3rd parties. So, this is ok for GDPR.Regarding Google Fonts, we already have a beta version with this fix, where you can remove all Google Fonts and upload your own font on your server, which is compatible with GDPR. This fix we'll be released soon with other improvements.
We know how important is GDPR for you and we'll continue to improve our builder to comply with GDPR rules.
Thank you!
Best regards,
Sandra0 -
Hi Sandra,
thank you for sharing this statement of your Brizy managers.
Let me contribute some more information on this subject. Generally speaking there are two types of cookies:
1. Client side cookies
2. Server side cookiesCookie scanners like Complianz or Cookiebot detect both types of cookies. In the visitors browser only client side cookies are displayed. You can find more information on this topic here (paragraph 3):
GDPR applies to both kinds of cookies, regardless of where the cookies are stored. As soon as user data is stored in any cookie, GDPR must be observed. If user data is stored in any cookie, which does not belong to the category 'strictly necessary' or 'functional', user consent is mandatory. This can also be found in the document I linked above:
"If you have a server side cookie which the scan report lists as ‘statistics’ ‘preferences’ or ‘marketing’, then you need to take action."
As per scan report, none of the Brizy cookies are categorized as 'strictly necessary':
Strictly necessary:
- none -Preferences:
- brz-sessionsStatistics:
- brz-firstVisit
- brz-lastVisit
- brz-pages
- brz-pagesViewsInSessionTimeLineMarketing:
- brz-showedPopupsInSessionTimeLineQuote:
"These cookies are not stored on the Brizy servers or any 3rd parties. So, this is ok for GDPR."
I clearly disagree to the conclusion of your Brizy managers, that these cookies are 'ok for GDPR', as a result of not being stored on the Brizy servers or any 3rd parties! GDPR compliance not only relies on the sharing with third parties, but also on the function [functional, statistics, preferences, marketing].As per GDPR it is also highly recommended to explain the function of every single cookies in use in the privacy statement, even if all cookies are 'strictly necessary'. I want to do this.
So how can I get this information if not through you? You are the developers, you must know. Why don't you just go ahead and fill the form I've prepared above? Why does Cookiebot categorize none of the cookies as 'strictly necessary' and clearly states in it's scan-report, my site does not comply with GDPR? Cookiebot is the most popular service for checking GDPR compliance and it will come to the same result for any website created with Brizy! Shouldn't you take action here?
Uli
1 -
You let all this uncommented for 25 days meanwhile. I've also provided a heap of research and suggestions to Dimi and got no answer so far. Please let the public know, what your plans are.
Uli
0 -
Hi Uli,
Thank you for your message. Dimi received all your details and messages and already sends a reply. We are working on this aspect and we are trying to improve it. When we will have certain information and details, we immediately will make them public.
Best regards,
Sandra0 -
Another 3 months passed by and no improvements so far. Every website built with Brizy does not comply with GDPR as per statement of cookiebot.com.
You released heaps of new features meanwhile but seam not to take care about urgent GDPR omissions.
I've got not a singe answer on my questions and suggestions.
What is going on?
Uli
1 -
Hi,
Thank you for getting in touch with us.
Could you please see this article about Brizy Cloud GDPR, it will help with your question.
Best regards, Nelea.
0 -
Hi Nelea,
I checked the article, but it does not answer any of my questions. The article is related to Brizy Cloud. This thread concerns Brizy WordPress Plugin.
Please refer to this post. I am waiting since 4 months to get an answer concerning cookies which Brizy uses and cookiebot.com claims to be not GDPR compliant!
To give you a better understanding of my concerns, let me explain the situation as good as I can:
I am a web designer in an agency and sell ready-made websites. These websites have to comply with the GDPR regulations, I promise this to my clients and my clients expect it. We really like working with Brizy because it allows us to be very productive. Many of our clients use the free service Cookiebot.com to check their website for GDPR compliance. Cookiebot.com is by far the most popular service to do this check, it is recommended everywhere. Unfortunately, Cookiebot.com comes up with a negative result for every website created with Brizy, see this post. Now I have the problem of explaining to my clients. My clients also have a problem because they don't know if their website is legally compliant. And the Brizy team also has a problem because your clients are unhappy with this situation. I think it is in the interest of everyone involved to find a good solution. I understand very well that your team has a lot of work to do and wants to provide more features for Brizy. But: GDPR compliance is not a feature, it is an indispensable basic requirement and should be worked on with the highest priority.I could send you the scan result of my website, but it's in German, so it wouldn't help you much. I suggest you create your own scan. It's completely free and you don't need to register. Just go to cookiebot.com and enter the URL and your email address, it's that easy. The scan takes about 15 minutes and you will get the results by email.The result will always be the same: This site does not comply with the GDPR because the cookies used are not classified as 'functional' by Cookiebot and therefore user consent is mandatory. The big problem is: there is no way to prevent Brizy from setting these cookies. User consent is therefore useless and would contradict the GDPR.Basically, there are now two possibilities:1. the scan result is wrong because the cookies used must all be classified as 'functional'.2. the scan result is correct because the cookies used are actually not 'functional'.Only the Brizy team can answer the question of which of the two possibilities is correct.Let us assume that the first option applies. In this case, you should contact Cookiebot and arrange for the categorisation of the cookies to be changed. Unfortunately, I cannot answer your question as to how exactly this categorisation is done by Cookiebot. The only thing I have found is this explanation:"The cookies are categorized as necessary by the provider(s) of the cookies, whom the cookiebot's researches have been in touch with.
This is how Cookiebot knows about some cookies and automatically put them into categories."Another popular cookie scanning service is the WordPress plugin Complianz. Complianz maintains its own public database for cookies: Cookiedatabase.org Recently, a Complianz employee posted in this Brizy support thread to correctly categorise Brizy cookies. Meanwhile when I run the scan of my website with Complianz, all cookies are categorized as 'functional'. The only problem is: Cookiebot.com comes to a different assessment and is by far the most popular service for GDPR scans.If you are unable to convince Cookiebot.com that the categorisation is wrong, then you should clarify it yourself. This could be done by asking your developers and clearly defining the function, content and purpose of each cookie. A suitable place would be, for example, your public support forum or, even better, your own privacy policy statement at: https://www.brizy.io/privacy/ Should anyone claim that a website created with Brizy is not GDPR compliant regarding the cookies, it would be very easy to point to your public statement.Now let us assume that the second option applies (Cookiebot scan result is correct).In this case, you must find out the cause and eliminate it. It may not be permissible for your cookies to be stored permanently. According to the GDPR, user consent must be requested again after 365 days at the latest. Please also note that the use of a cookie IDs is not permitted. This is considered as personal data and makes it possible to recognize visitors if the cookie is stored permanently. In my opinion, you should only use session cookies that are automatically deleted at the end of the session. This would probably be the safest way to ensure compliance with the GDPR. It would probably also be a good idea to seek legal advice on this sensitive issue.In any case, please take this issue seriously. Legal certainty is crucial not only for professional Brizy customers.Best regards,Uli0 -
Hi Uli,
We talked to our managers about the problem with Cookiebot - they said that they already discussed a few months ago with the team from Cookiebot and they said that they would update them based on this problem. We have written them again and at the moment we are waiting for an answer from them. We hope that they will fix it shortly. Please, accept my sincere apologies for the difficulties you faced.
Best regards, Nelea.
0 -
Hi Nelea,
I understand that dealing with with Cookiebot.com can be a process that takes its time. I appreciate that you have written them again.
But why are you not answering the questions asked in this post in the meantime? This would give everyone a clear understanding of the cookies purpose.
Uli
0 -
Hi,
We will love to help you with this question, but unfortunately, we will have an exact explanation about each cookie after Cookiebot we'll make the changes in Brizy.
Best regards, Nelea
0 -
Brizzy does not comply with GDPR
Brizzy uses cookies, as explained above. There is no way to prevent Brizzy websites from doing so, even by using consent banners. This violates the GDPR and Brizzy cannot currently be used legally in the EU. Fines are already being imposed for using Google Fonts, as described in this thread.
Will you work on the cookie problem?
If so, with what priority?Please give me a reason, why I should continue using Brizzy.
Uli
0 -
Hello Uli,
Thank you for your message!
I responded to you here and we will continue our conversation in this post. Thank you!
Kind regards,
Doina
0 -
Doina,
this thread is all about Cookies, not Google Fonts. So please answer my questions regarding Cookies in this thread.
Uli
0 -
Hello Uli,
Thank you for your message!
We have created an issue for this and we'll try to solve it as soon as possible. Thank you for your patience!
With the best regards,
Doina
0 -
Cookiebot marks every website created with Brizy as not GDPR compliant:
The reason is, that Brizy uses the following server side cookies:
brz-firstVisit
brz-lastVisit
brz-pagesViews
brz-pagesViewsInSessionTimeLine
brz-sessions
brz-showedPopupsInSessionTimeLineThis has been complained about long time ago. You failed to deal with this problem and give any help to your customers, who have to comply with GDPR.
Why are you ignoring this for so long time?
0 -
Hello,
We are working on this aspect, we are not ignoring this message, we simply cannot solve this problem for the moment. This issue needs to be fixed from both sides, from the Brizy part, and from the Cookiebot part. We are still waiting for a fix from the Cookiebot part. When we have an answer from the Cookiebot team, we will let you know. We are sorry that you have to wait so long and that this issue has a negative impact on your website, but as I said, it does not depend only on the Brizy team, at the moment we are working on this aspect, and we hope that it will be resolved as soon as possible.
Best regards, Nelea.
0 -
Thank you Nelea for this explanation. I'd be glad to get updated about the progress in this issue.
Uli
0 -
I’m testing Brizy at the moment, but only with a test-installation. If there is an issue with the GDPR since more than a year I don’t know at the moment if it’s a good idea to build a official website with Brizy for wordpress. I guess this point is very important for all webmasters in the European Union - more important than some new website-features. Do you have an update with Brizy and the GDPR-problem?
0 -
Hi Machael,
Brizy cookies store information about Brizy popups. I can confirm that our cookies do not track any user's personal data nor do we transmit data to external servers.
0 -
Hi George, another user was writing about this problem here. We need a classification if cookies are functional, statistic, marketing... And we need information about storage time, purpose, storage data. If the cookies are not only functional (for example for marketing) then it must be possible to deactivate with the consent-tool. Please can you publish an statement of Brizy with detailed informationen about Brizy cookies (stored data, purpose, category, storage time)? The information your “cookies do not track user’s personal data” is not complete for a correct GDPR-information in a cookie-banner. Can you build a page with official and actually information about brizy-cookies?
0 -
Hi Michael,
Please take a look at our cookie policy at https://www.brizy.io/cookie-policy. Are you referring to a document like this?
0 -
No, this isn’t what we need! Users of the Brizy Wordpress Plugin need detailed information about every cookie that the Brizy Plugin set. At the moment this are probably the following cookies:
- brz-sessions
- brz-lastVisit
- brz-pagesViews
- brz-pagesViewsInSessionTimeLine
- brz-showedPopups
- brz-showedPopupsInSessionTimeLine
- brz-firstVisit
It seems you don’t understand the problem. Also other users in this thread were writing one year ago about this problem. We need information for every (!) of these cookies about:
- classification
- storage time
- purpose
- storage data
You can look here https://cookiedatabase.org/service/brizy/
If you click on “learn more” for a cookie you can see the details. But unfortunately the information there is not complete. For example: https://cookiedatabase.org/cookie/brizy/brz-showedpopups/
There is no information about the storage time. But we need this information. Also a problem is: The classification of the cookie is “marketing / tracking”. So it’s not a functional cookie only. Users of the website can decline marketing-cookies and the consent-tool have to stop this cookie. Is Brizy running instead if all cookies without the classification “functional” are decline of a website-user?
I hope you can understand the problematic. At the moment it’s not really possible to build a GDPR-compliant-website with Brizy.
0 -
It is unfortunately obvious that Brizy is not GDPR compliant and it is equally obvious that the Brizy team has neither the knowledge nor the intention to change this. Statements like "I can confirm that our cookies do not track any user's personal data nor do we transmit data to external servers" by KC George prove that the GDPR issue is largely misunderstood.
Even major updates like Brizy 2.4 have shown that absolutely no testing is done regarding GDPR compliance:
- Brizy 2.4 connects to youtobe.com without reason and prior user consent, violating GDPR. Only users notice such massive glitches, not the Brizy team. See this thread: Next GDPR fail: Brizy 2.4 connects to youtube.com
-
To prevent the automatic connection to google.font.api, all pre-installed fonts must be deleted individually, and your own fonts must then be uploaded individually with all font styles. A process that takes about 30 minutes per website, extremely cumbersome and time-consuming. I bet no Brizy developer has ever attempted a GDPR compliant website, otherwise it would have long been noticed that it is an absolute imposition. See this thread: Deactivating google fonts is very URGENT
- Brizy's contact form, for example, cannot be used within the scope of the GDPR because only Google ReCaptcha is available as spam protection. The manufacturer of a page builder, which cannot even manage something as important as a GDPR-compliant contact form, proves that it simply does not care about data protection and all customers in the EU.
As an agency, you should avoid Brizy at all costs, because the popular service cookiebot.com identifies every Brizy website as not GDPR compliant. The discussion with the clients might be difficult, because not only agencies in the EU are obliged to deliver GDPR compliant websites. Do you seriously want to claim to your customers that cookiebot.com is wrong? A customer who finds this thread will ask for his money back! The Brizy team consistently refuses to explain the function of cookies in detail and claims that the problem is on the side of cookiebot.com. Absolutely ridiculous.
My sobering prediction: Brizy will never become GDPR compliant before it becomes obsolete anyway due to the full-site-editing feature since WordPress 5.9.
0 -
Why are you holding back my comment since 6 days?
0 -
Hi Michael,
Sorry for not getting back earlier. We have started compiling a list of all our cookies. We hope to send you our document soon. We will cover these details about each cookie.
- Name:
- Function: What data the cookie collects and how Brizy WP uses the collected data
- Purpose: Functional / Marketing/ Tracking / Preference / Statistics/ Statistics (anonymous)
- Expiry: The duration for which it gets saved
You are right. The information about Brizy cookies in https://cookiedatabase.org/ is inaccurate and incomplete. None of our cookies are for Marketing/ Tracking. We will also work with Complianz.io to cleanup the incorrect data about Brizy cookies in their database
0 -
Hi Ulrich,
We had withheld your comment because this Community Forum is meant for asking for support and giving support. If you have a support question, feel free to ask, we will be happy to help.
0
Please sign in to leave a comment.
Comments
85 comments