Data privacy

Validated by: Jari Ala-Varvi — CIPP/E certified Data Protection Officer @ Opsec

Last updated: October 28, 2020

Volument solves all the common privacy-concerns in today's analytics:

  1. Respect users’ privacy: Volument is the only system for conversion optimization that respects your visitors’ privacy.
  2. No ugly banners: Make a better first impression, bounce less visitors, and get more conversions as a result.
  3. Obey the law: Volument is compatible with CCPA, GDPR, PERC, and the ePrivacy directive. No fear of getting punished.
  4. Get more data: Volument strikes the best balance between privacy, data accuracy, and statistical significance.

How it works

Volument can be installed so that it shows the right kind of banner depending on the visitor's location on the globe. Look for instructions on how to setup this on your site.

No banner needed

Volument does not collect any personally identifiable information so no “cookie banner” is needed in most locations, including

  • USA
  • Australia
  • South America
  • Russia
  • Asia

Notice only

Volument displays a non-interactive cookie notice on countries where required by the law. Here's how it looks with the default settings:

Here are the laws for requiring the notice for accessing the device information, such as the browser's URL.

Andorra: Section 20(2), Law 20/2014 of the Electronic Communications Law

Bulgaria: Section 4a(2) of the Electronic Commerce Act

Czech Republic: Article 89(3) of the Electronic Communications Act

Estonia: Electronic Communications Act 102, Moments 1 and 3

Finland: Laki sähköisen viestinnän palveluista ja Traficom

Germany: Telemedia Act of 2007. Moment 15 §3

Guernsey: Implementation of Privacy Directive,(Guernsey) Ordinance, 2004. Section 4, moments 1 and 2

Hungary: Article 155(4) of Act C of 2003 on Electronic Communications

Kosovo: Law No. 04/L-109 on Electronic Communications

Liechtenstein: Law of 17 March 2006 on Electronic Communications Act and Data Protection Act (DSG) of 4 October 2018

Luxembourg: Act of 30 May 2005 and Articles 88-2 and 88-4 of the Code of Criminal Procedure, Moments 4 and 2

Malta: Processing of Personal Data Regulations of 2003.

Netherlands: Article 11.7a, Telecommunications Act, 1998

Poland: Article 173, 174, 209, and 210 of the Telecommunications Act 2004

Romania: Article 4(5) of Law No. 506/2004 on the Processing of Personal Data and the Protection of Privacy in the Electronic Communications Sector

San Marino: Article 111 of Law No. 171 of 21 December 2018, Protection of Natural Persons with Regard to the Processing of Personal Data

Serbia: Article 126 of the Law on Electronic Communications 2014 (Official Gazette of the Republic of Serbia, No. 62/2014)

Slovenia: Article 157 of the Electronic Communications Act 2012

Spain: Article 22(2) of Law No. 34/2002, of 11 July 2002, on Information Society Services and Electronic Commerce

Sweden: Section 18 of Chapter 6 of the Electronic Communications Act (2003*:389)

Switzerland: Articles 45c and 53 of the Telecommunications Act 1997

Option to choose

Volument asks for an explicit user consent on countries where required by the law. Here's how it looks with the default settings:

Here's a list of countries and their laws requiring the opt-in consent for accessing the device information.

Albania: Article 123(6) of Law No. 9918 (as amended) of 19 May 2008 on Electronic Communications in the Republic of Albania

Austria: Section 20 of Law 20/2014, of 16 October, regulating electronic contracting and operators who carry out their economic activity in a digital space

Belgium: Article 129 of Law of 13 June 2005 on Electronic Communications

Croatia: Article 100(4) of the Electronic Communications Act implementing the Directive on Privacy and Electronic Communications

Cyprus: Article 99 of the Electronic Communications and Postal Services Regulations Act 2004 (Law 112 (I)/2004) (as amended)

Denmark: Executive Order No. 1148 of 9 December 2011 on Information and Consent Required in Case of Storing or Accessing Information in End-User Terminal Equipment

France: Article 82 of the Act No. 78-17 of 6 January 1978 on Data Processing, Data Files and Individual Liberties (as amended)

Gibraltar: Regulations 5(1) and (2) of Communications (Personal Data and Privacy) Regulations 2006

Greece: Article 4(5) of the Law 3471/2006 on the Protection of Personal Data and Privacy in the Electronic Telecommunications Sector and Amendment of Law 2472/1997

Ireland: Article 5(3), (4), and (5) of the S.I. No. 336/2011 - European Communities (Electronic Communications Networks and Services) (Privacy and Electronic Communications) Regulations 2011

Italy: Article 122 of the Personal Data Protection Code, Legislative Decree No. 196/2003

Latvia: Section 7.1 of the Law on Information Society Services of 4 November 2004

Lithuania: Article 61 of the Law on Electronic Communications of 15 April 2004, No. IX-2135

Monaco: Article 14-2 of Act No. 1.165 on the Protection of Personal Data (23 December 1993)

Montenegro: Article 172 of the Law on Electronic Communications 40/2013

Norway: Section 2-7b of the Electronic Communications Act

Portugal: Articles 5, 14, and 15 of Law No. 46/2012 of 29 August 2012

Republic of Macedonia: Article 168(5) of the Law on Electronic Communications 2018

Slovakia: Section 55 of the Act No. 351/2011 Coll. on Electronic Communications

Turkey: Article 10 of the Law on Protection of Personal Data No. 6698

UK: Section 6 of the Privacy and Electronic Communications (EC Directive) Regulations 2003

We send the answers to our servers so that you can see how many people did not agree to data collection.

The “Do not track” preference

Volument respects the “Do not track” user option available in web browsers. When enabled, Volument does not track.

We send this preferece to our servers so that you can see how many people have this setting on.

Privacy FAQ

Why privacy is important?

People don't want their personal information to be shared or abused. You should respect this and the people will trust you back.

What data is tracked

Look for the details from our privacy policy.

How is this different from Google Analytics?

Google Analytics uses a cookie called _ga to identify people. This requires you to display a cookie notice in all the countries on the globe. Moreover, In Europe you need users’ explicit permission to collect personally identifiable information.

With Volument you don't need to display the banner in most countries and you only need a banner for anonymous data collection in Europe.

Why the cookie banner is needed in Europe?

Article 5 / Statement 3 in the ePrivacy directive says following about website analytics:

Member States shall ensure that the use of electronic communications networks to store information or to gain access to information stored in the terminal equipment of a subscriber or user is only allowed on condition that the subscriber or user concerned is provided with clear and comprehensive information in accordance with Directive 95/46/EC, inter alia about the purposes of the processing, and is offered the right to refuse such processing by the data controller. This shall not prevent any technical storage or access for the sole purpose of carrying out or facilitating the transmission of a communication over an electronic communications network, or as strictly necessary in order to provide an information society service explicitly requested by the subscriber or user.

Basically: The browser and device information (like the URL) is private data and you need a permission to access it for non-essential purposes such as analytics. This applies to GDPR compatible analytics as well.

Note that ePrivacy is just a directive and it is applied by the local laws as stated in this document.

How about Fathom, Plausible, and Simple Analytics?

These tools falsely claim that no banner is needed. Two likely reasons:

  1. “No cookie banners” is their major selling point so they avoid mentioning ePrivacy in purpose.
  2. They did not consult law specialists when building the service.

Why most websites are breaking the law?

It's a mix of the following:

  1. They don't care. Privacy is a subject that feels irrelevant and boring. Nobody else seems to care either, so why to bother. The rumored penalties are for the big and evil only.
  2. They don't know. They've done their due diligence without asking a privacy expert. “We think we're safe.“
  3. They hate cookie banners. They have learned to hate those ugly and distractive dialogs. They don't want to be part of that scene.
  4. Local policy only They apply the local privacy law, such as the CCPA for everyone, including the visitors from Europe.
{"desc":" { .edits }","title":"Data privacy","url":"/learn/data-privacy","key":"data-privacy","created":"2020-10-07T09:45:40.138Z","modified":"2020-11-02T06:42:33.635Z","createdISO":"2020-10-07","modifiedISO":"2020-11-02"}