The general data protection rules or GDPR were passed by EU legislators to protect the privacy of individuals and ensure that no one is collecting more personal data than necessary and is also treating any data collected with extreme care. Bottom line, the rules are good for us as individuals but make it difficult for business to operate as following all the strict GDPR regulations is quite a lot of work and not always easy to do.
Riddle offers a fully GDPR compliant quiz maker, but we leave it up to you – the creator – to make use of our GDPR safe tools. After all, Riddle quizzes are created all over the world and there are still a lot of places, where the privacy laws are more relaxed. Should you decide not to follow the suggestions below, keep in mind though, that as long as your content may be accessed by EU citizens, you need to comply with GDPR.
To further complicate matters, the EU has recently cancelled the Privacy Shield Agreement with the U.S. This means that you essentially should not store and personal identifiable information of EU citizens on U.S. Servers. When choosing a quiz maker, make sure that all data stays on EU servers and not on the EU cloud of a U.S. cloud operator. Riddle operates its own server infrastructure from a banking grade, secure data center in Frankfurt, Germany with backup servers located in Luxembourg. Riddle also never adds any trackers or cookies other than a simple session cookie to the quiz. That is a key requirement to allow you to create GDPR safe content on our site.
Follow these steps when creating content on Riddle to keep your content GDPR safe:
Do not add any Youtube or Twitter content. We do add consent banners when adding Youtube or Twitter content and you can alter the consent banners, but these 2 services still load cookies and trackers that are at least debatable. If you want to use video content, upgrade to our Team Plan and upload your own mp4 videos, which are hosted on the Riddle servers.
Enable the checkbox “Ask for permission to collect quiz responses”
If this option is activated, Riddle will only save the quiz data along with the form data, if the user has given express consent for this. If consent is not given, you will see a “n/a” value in your lead download for the respective entry. Granted, this will make the leads you collect less valuable, but if you come up with a good reason why the user should consent, you should be o.k. A good reason may be “Allow us to see your quiz answers, so we can provide you with a customized report about your quiz results” for example.
Also, make sure to turn on the options “Save lead data with Riddle” and use “Double-opt-in”
If you choose not to save lead data on the Riddle servers, make sure to pick another save method that is GDPR safe. Most popular e-mail marketing tools are U.S. based companies and probably problematic. When you store your lead data on our servers, we will encrypt that data and only you will be able to access it on your private space on our servers from where you can download it in CSV or Excel format and then import into a tool of your choice. When storing leads with us, we also give you the ability to search for leads and permanently delete them – another key GDPR requirement (the right to be forgotten).
You can also use our webhook to send leads to an endpoint of your choice (your inhouse CRM system for example). Ask us for details using the chat bubble at the bottom of this page.
We would like to argue that any use of the Facebook Pixel is not GDPR compliant. However, if you must use a Facebook pixel with your quiz, we provide you with a safe method to do so.
On the publish step of your Riddle, navigate to the Extras section and enable the “Display a pixel warning overlay” option. This will stop the Facebook Pixel from loading until the user has given consent. Make sure to adapt the opt-in text according to your local legal requirements.
If Facebook tracking is extremely important to you, you can also enable the option to not allow the user to even start the quiz without giving consent to your Facebook Pixel.
Our social sharing buttons are GDPR safe as they do not load any code from the respective social network until the user clicks on them. Many share buttons pre-load code from the social networks, which makes them unsuitable. If sharing and therefore loading the share dialogue is something you can safely do, is debatable. If you want to be on the safe side, disable all sharing.
Other Riddle defaults that make your quiz GDPR safe
- We serve all Google fonts from our own servers.
- All lead data stored on our servers is encrypted.
- We never add trackers or cookies – other than a necessary session cookie – to the quiz.
- Our servers are in a banking grade data center in Germany, operated by ourselves with backups in Luxembourg.
- We do not use Cloudflare or any other CDNs operated by U.S. companies. Our CDN is operated and managed by us and also located in Germany.