In principle, the integration of Hotjar can only be carried out on the basis of consent, since other legal bases are not suitable.
A data processing agreement must be concluded with Hotjar Limited that meets the criteria of Art. 28 GDPR.
The documents must be archived so that they can be proven to the supervisory authority if necessary.
In addition to the above information, the data protection information must also contain the mandatory information from Art. 13 or 14 GDPR: Name and contact details of the controller, if necessary the contact details of the data protection officer, the purposes for which the personal data are to be processed, the legitimate interests, if the processing is based on Article 6 (1) f GDPR, the duration of the processing, information on the rights of the data subjects including the right to lodge a complaint with a supervisory authority, the possibility of simply revoking consent given, and information as to whether the Provision of the data is required by law or contract or what the possible consequences of non-provision would be. In the event that the data is used for automated decision-making, including profiling, meaningful information about the logic involved and the scope and impact on the data subject must be provided. The processing of the data must also be documented in the list of processing activities in accordance with Art. 30 GDPR. The information required for this can already be found in the privacy statement, which can be created from the previous information.
Make your website compliant today! The GDPR complete package for your website and webshop.
In wenigen Schritten konfiguriert, eingebunden und DSGVO konform.
Website und Webshop unabhängig. Für jedes CMS.
bei monatlicher Abbuchung
bei jährlicher Abbuchung