Skip to main content

WP Brizy Cookie Information (Storage & Funktion)

Comments

85 comments

  • Ulrich Schirm

    Dear Brizy team,

    after consultation with a media lawyer I come to the conclusion, that using Brizy is not safe in GDPR countries. One reason is the usage of Google fonts, which can not be deactivated. The other reason is the usage of cookies, which can not be prevented.

    If there is no way to deactivate cookies, the least thing which must be done, is to explain the exact purpose of each cookie to the visitors in the cookie statement. Unfortunately in this thread only general information can be found, this ist not sufficient. The information on https://cookiedatabase.org/service/brizy/ is incomplete and obviously incorrect in some cases. If you use https://www.cookiebot.com/ to check the same website, you will see, that the report judges the Brizy cookies in a whole different way and clearly states the website as not compliant with GDPR.

    I kindly ask the Brizy team to investigate the purpose of each cookie and leave the explanation in this thread, so that Brizy customers and website visitors get a clear understanding. You are the only ones who can do this.

    Please fill in the required data and categorize each cookie [functional, statistics, preferences, marketing]. In case of statistical data also state if it is anonymized:

    Cookie Name: brz-pagesViews
    Stored data:
    Purpose:
    Category:
    Storage time:
    Cookie Name: brz-pagesViewsInSessionTimeLine
    Stored data:
    Purpose:
    Category:
    Storage time:
    Cookie Name: brz-firstVisit
    Stored data:
    Purpose:
    Category:
    Storage time:
    Cookie Name: brz-lastVisit
    Stored data:
    Purpose:
    Category:
    Storage time:
    Cookie Name: brz-showedPopupsInSessionTimeLine
    Stored data:
    Purpose:
    Category:
    Storage time:
    Cookie Name: brz-showedPopups
    Stored data:
    Purpose:
    Category:
    Storage time:
    Cookie Name: brz-sessions
    Stored data:
    Purpose:
    Category:
    Storage time:

    In case any of the cookies are not categorized as functional or anonymous statistical, please explain how the storage of those cookies can be prevented prior user consent.

    Thank you very much for the clarification.

    Uli

     

    1
  • Ulrich Schirm

    Hi Sandra,

    thank you for sharing this statement of your Brizy managers.

    Let me contribute some more information on this subject. Generally speaking there are two types of cookies:

    1. Client side cookies
    2. Server side cookies

    Cookie scanners like Complianz or Cookiebot detect both types of cookies. In the visitors browser only client side cookies are displayed. You can find more information on this topic here (paragraph 3):

    Why does your scanner find cookies and trackers that I cannot myself find on my website? Where do they come from?

    GDPR applies to both kinds of cookies, regardless of where the cookies are stored. As soon as user data is stored in any cookie, GDPR must be observed. If user data is stored in any cookie, which does not belong to the category 'strictly necessary' or 'functional', user consent is mandatory. This can also be found in the document I linked above:

    "If you have a server side cookie which the scan report lists as ‘statistics’ ‘preferences’ or ‘marketing’, then you need to take action."

    As per scan report, none of the Brizy cookies are categorized as 'strictly necessary':

    Strictly necessary:
    - none -

    Preferences:
    - brz-sessions

    Statistics:
    - brz-firstVisit
    - brz-lastVisit
    - brz-pages
    - brz-pagesViewsInSessionTimeLine

    Marketing:
    - brz-showedPopupsInSessionTimeLine

    Quote:
    "These cookies are not stored on the Brizy servers or any 3rd parties. So, this is ok for GDPR."


    I clearly disagree to the conclusion of your Brizy managers, that these cookies are 'ok for GDPR', as a result of not being stored on the Brizy servers or any 3rd parties! GDPR compliance not only relies on the sharing with third parties, but also on the function [functional, statistics, preferences, marketing].

    As per GDPR it is also highly recommended to explain the function of every single cookies in use in the privacy statement, even if all cookies are 'strictly necessary'. I want to do this.

    So how can I get this information if not through you? You are the developers, you must know. Why don't you just go ahead and fill the form I've prepared above? Why does Cookiebot categorize none of the cookies as 'strictly necessary' and clearly states in it's scan-report, my site does not comply with GDPR? Cookiebot is the most popular service for checking GDPR compliance and it will come to the same result for any website created with Brizy! Shouldn't you take action here?

    Uli

    1
  • Ulrich Schirm

    Another 3 months passed by and no improvements so far. Every website built with Brizy does not comply with GDPR as per statement of cookiebot.com.

    You released heaps of new features meanwhile but seam not to take care about urgent GDPR omissions.

    I've got not a singe answer on my questions and suggestions.

    What is going on?

    Uli

     

    1
  • Sandra Prunici

    Hi,

    The cookies are used to store some details in the browser for faster access to the information. In your case, I suppose that you have some Brizy pop-ups on the page, therefore it is stored the information about the access on the site to understand how to open the pop-ups because now you can add some display conditions to the pop-ups. Here, you can find where are stored the cookies and here you can find how long it will be saved on the browser. Here isn't a correct response because each site is different.

    Thanks!

    Best regards,
    Sandra

    0
  • Viktor M

    Hi Susanne and Sandra,

    I find the same cookies on one of our websites too. We use the Generate Press (GP) theme and it seems these cookies kick in the mobile version only and prevent the (GP) hamburger menu from working. The menu works fine in non-Brizy pages. We don't use any Brizy pop-ups whatsoever. Why are these cookies used and how can we avoid them in our situation?

    Sandra, how could I send you privately the link to the website for you to take a look?

    Many thanks and best wishes,

    Viktor

    0
  • Sandra Prunici

    Hi Viktor,

    You can send us here the URL link of the site to investigate this inconvenience. If you don't want to make it public, let us know and we will delete it before approving your message. Having the URL we could investigate also what Brizy cookies are stored in the browser. I checked on my test site but I didn't find some Brizy cookies. See here.

    Thanks!

    Best regards,
    Sandra

     

    0
  • Viktor M

    Hi Sandra,

    I replied over email but probably it didn't reach you.

    The website is  (PLEASE DELETE WHEN PUBLIC) and I also don't find any cookies stored locally. However, Cookiebot reports 6 Brizy cookies as in this report (PLEASE DELETE WHEN PUBLIC)

    Again, if not accepted, these cookies break the mobile menu. Cache was clear and even disabled. What could be going wrong?

    Many thanks,

    Viktor

    0
  • Viktor M

    It seems Cookiebot is finding some non-typical cookies in

    /wp-content/plugins/brizy/public/editor-build/163-wp/editor/js/preview.js

    As Sussane wrote initially. What is this file for? The website seems to be working fine without it but Cookiebot still finds the cookies elsewhere.

    Here is a paragraph from Cookiebot's explanation on their advanced scanner:

    It is also important to understand that many cookies are so-called dynamic cookies. These – unlike ‘classical’ http/Javascript cookies – are not being set when the website is loaded. They are being set during the visit depending on the user’s behavior on your website.

    0
  • Sandra Prunici

    Hi Viktor,

    I checked the site you send us but I didn't find any cookie-related with Brizy. See here. The cookie you found may be related with the preview mode. If you check the cookies when you see on the page from the preview mode https://jmp.sh/z5jk8yz, then it is possible to generate the cookie you talk about in the last reply. This is not shown when the page is in live mode.

    Also, from the report, the source and initiator for the cookie find by Cookiebot is the Autoptimize plugin. See here https://jmp.sh/cuDQg4Z.

    Best regards,
    Sandra

    0
  • Viktor M

    Hi Sandra,

    As I said, the browsers don't see these cookies but Cookiebot and Complianz.io (WP plugin) detect them. Run a check by either and you will see them show up.

    Viktor

    0
  • Sandra Prunici

    Hi,

    Could you please deactivate the Autoptimize plugin and after 10 minutes to generate another report? From the report you send us, as we show you in the last screenshot, these cookies aren't generated by Brizy but by Autoptimize.

    Best regards,
    Sandra

    0
  • Viktor M

    Hi Sandra,

    I deactivated all caching. You can generate a new report from https://www.cookiebot.com/en/ yourself for any site.

    Thanks,

    Viktor

    0
  • Sandra Prunici

    Hi,

    Thank you for all these details. We could identify them and already send a request to our team. Please allow us a bit more time as we need to check and investigate this a bit deeper.

    Thanks!

    Best regards,
    Sandra

    0
  • Viktor M

    Wonderful news Sandra! Thank you very much for the support and please keep me posted on the issue.

    Best wishes,
    Viktor

    0
  • Complianz GDPR/CCPA

    Hi Viktor and Sandra,

    This is Leon from Complianz, the plugin used to detect these cookies.

    I would like to add that these cookies are actually placed in local storage, that is why they don't appear on your screenshot. The easiest way to detect them is via the front-end -> inspect -> application -> local storage.

    The most important question would be to find out the functionality of these cookies, we can then determine whether prior consent is required. 

    If consent is needed, the best way to manage this is by integrating with the WP Consent API, or directly with Complianz. I linked to documentation for both solutions. Feel free to reach out to us for any help.

    Kind regards,

    Leon Wimmenhoeve
    Complianz

     

    0
  • Sandra Prunici

    Hi Leon,

    Thank you for your implication and reply to this post. We could already identify them and our team are already informed about this aspect.
    We will take into consideration your proposal. If we will find needed, we will contact you for more details.

    Thank you!

    Best regards,
    Sandra

    0
  • Christian Lueters

    Hi Sandra and the Brizy investigation team,

    "Thank you for all these details. We could identify them and already send a request to our team. Please allow us a bit more time as we need to check and investigate this a bit deeper."

    This has been a month ago, I assume that you found the time to investigate... Is there an outcome that is relevant to the public? Can you share your results please?

    Thanks, C.

    0
  • Sandra Prunici

    Hi Christian,

    I'm sorry but for the moment we didn't receive a notification from the team regarding this inconvenience and question. We are investigating this case and when we will have some certain responses will immediately inform you here. In this month we had and continue to have a lot of planned work and releases for new features and options we work a lot (Blog on Cloud, Membership for Brizy WordPress and more other amazing features). Please allow us a bit more time for this.
    Thank you for your understanding and patience.

    Best regards,
    Sandra

    0
  • Ulrich Schirm

    Hi Sandra,

    your answer is urgently awaited regarding the six cookies mentioned above to get cookie banners lined up with DSGVO regulations:

    1. Classification (function)
    2. Storage time

    Any progress so far?

    Kind regards,
    Uli

     

    0
  • Sandra Prunici

    Hi Uli,

    These cookies are used for pop-up logistics. They store information about how many time was displayed or opened/closed the pop-up. It is related to global pop-ups and internal pop-ups. They are created automatically and their information is deleted when is deleted the site&host cache and cookie.

    Best regards,
    Sandra

    0
  • Viktor M

    Hi Sandra,

    Thanks for the clarification. The problem still remains that they are active even if the website or page uses no pop-ups whatsoever. Is your team looking into amending this?

    Many thanks,

    Viktor

    0
  • Sandra Prunici

    Hi Viktor,

    These cookies don't store some information about visitors, their data and therefore doesn't break the GDPR rules. They are related only to the pop-ups' activity. 

    Best regards,
    Sandra

    0
  • Ulrich Schirm

    Hi Victor,

    here is my understanding: By declaring the cookies necessary for the pop-up functionality, those cookies can be stored even prior user consent. They store no personalized information, so in my opinion this would cause no interference with DGPR.

    Uli

    0
  • Viktor M

    Thanks Sandra and Uli!

    0
  • Complianz GDPR/CCPA

    Hi Everyone,

    Just our two cents.

    Strictly speaking, these cookies should be declared as anonymized statistical cookies and can be set prior to consent in EU countries, if these are stored locally and data is not stored and shared, anywhere or to anyone. If not, you will be looking at a consent status for Germany, and other EU countries.

    As a similar example: https://cookiedatabase.org/cookie/elementor/elementor/

    Please make sure you take both GDPR & ePrivacy in consideration, whereby the latter is about cookies.

    regards Aert

    0
  • Ulrich Schirm

    Hi Aert,

    thanks for this clarification.

    How can these cookies be declared as "anonymized statistical" in the cookiedatabase.org. Can you do it, or should it be done by the Brizy team? This would ease the use of the Complianz plug-in a lot.

    Uli

    0
  • Sandra Prunici

    Hi Aert,

    Thank you for your message. Yes, these cookies are stored locally and used for statistics and internal analytics. See here.

    Best regards,
    Sandra

    0
  • Complianz GDPR/CCPA

    Hi,

    @Uli, I will add them to cookiedatabase.org.
    @sandra, great!:)

    regards Aert

    0
  • Ulrich Schirm

    Hi Sandra,

    on the screenshot you linked, the cookie description is: "Registers statistical data on user' behavior".

    It does not say, that data is anonymized. User consent prior cookie storage in EU is not required, only if data is anonymized.

    Can you please confirm, how anonymization is implemented in the storage of user data.

    In my opinion: It would be highly desirable that Brizy does not store any "statistical data on user' behavior" with respect to privacy considerations!

    Uli

    0
  • Sandra Prunici

    Hi Uli,

    Thank you for the message. All these data aren't stored on the Brizy servers but are stored internally and aren't shared by Brizy. 

    Best regards,
    Sandra

    0

Please sign in to leave a comment.