latest version

Ultimate GDPR & CCPA¶

How to¶

Activation¶

To activate the Ultimate GDPR & CCPA Compliance Toolkit for WordPress (Ultimate GDPR & CCPA), follow these steps:

Step 1 - In your wordpress dashboard, navigate to Plugins.
Step 2 - Locate the Ultimate GDPR & CCPA Compliance Toolkit for WordPress (Ultimate GDPR & CCPA) from the list of plugins. Click on Activate, then wait for the plugin to load and activate.
Step 3 - Once Ultimate GDPR & CCPA Compliance Toolkit for WordPress (Ultimate GDPR & CCPA) is activated, you will see Ultimate GDPR & CCPA in the dashboard.
Step 4 - You can now use the plugin.

Use and Features¶

Note

Before using this plugin, please read the explanation for the use of this plugin in:

European Commission – Data Protection

Original Consilium Europa Regulation document

GDPR INFO

GDPR standardizes data protection law across all 28 EU countries and imposes strict new rules on controlling and processing personally identifiable information (PII). From 25 May 2018 every website collecting data from EU citizens must need the GDPR requirements.

Use and its Features are as follows:

In your wordpress dashboard, navigate to GDPR & CCPA:

Services Manager¶

This is where the cookies that are detected are saved. You can change the cookies’s details here. You can also make a customized cookie to be blocked from your site.

Title - Used only for admin user to navigate through services.

Service name - Name of the service which will be displayed in table created using [render_cookies_list] shortcode.

Script names - Comma separated names of java-script scripts which are to be blocked, to prevent creation of unwanted cookies.

Cookie names - Comma separated names of cookies which are to be blocked. It’s important use actual name of cookie, not name of service.

Type of cookie - Pick the group the cookies belong.

First or Third party? - Option to choose if the cookie is created by the site or by a 3rd party.

Can be blocked? - Option for the cookie to be blocked.

Session or Persistent? - If cookie is deleted when session ends, or if it has set expiry date.

Expiry Time - Fill only if cookie is Persistent.

Purpose - Purpose of the cookie.

Is active? - Option to activate or deactivate. Only services which are active, are being blocked.

What Cookies are used on your website¶

Note

Functionality available since version 1.4

You can render the table with all cookies collected by your website with simple shortcode: [render_cookies_list]

Active cookies will be displayed in a table, like the following:

Note

Your website should be publicly accessible to correctly detect all cookies that are used on it

Age Verification¶

Age verification popup comes with number of predefined skins, we can also set skin to “none” and use custom color and styling. You can all settings access via Ultimate GDPR > Age Verification

Preferences Tab¶

Expiration time

Set age verification expire time [s] – After this time the verification will expire

Position of the age popup

Position (bottom, top and full page layout) – Choose the position of the age popup. Available position are:
- Bottom left
- Bottom right
- Bottom panel
- Top left
- Top right
- Top panel
- Full page layout
Distance from border [px] – Set the distance from the border. By default it is set to 20px.

Button styles

Note

This option work only for the Box style: none which can be set in the Ultimate GDPR & CCPA > Preferences > Popup box – Box style

Button shape – There are two types of button shapes available
- Rounded
- Squared
Button background color – Allow admin to choose the color of the button.
Button text color – Allow admin to choose the color of the button

Popup box

Box style - Box style of the cookie consent popup.
- Red Velvet
- Thin Mint
- Mint Chocolate
- Classic createIT
- Blueberry with Orange
- Blue Velvet
- Matcha
- Classic Dark
- Classic Light
- Oreo
- Blue Shortbread
- Light Mint
- Blue Cupcake
- Matcha
- Mint
- None (example
- Box shape- Shape of the buttons in the age verification popup.
- Background color - Background color of the age verification box.
- Background image – Background image which can be set as a part of the background
- Text color - Text color of the text in the button.

Custom style CSS

Custom style CSS - Custom CSS style for the Age verification popup.

Terms and Conditions¶

Here you will set a page as the Terms and Conditions page, set conditions, and set the page where to redirect.

Instructions - This is how to add a button for consent to accept the terms and condition on the page.

Require logged in users to accept Terms and Conditions (redirect) - Option to have the users logged in first to be able to accept the terms and conditions.

Require not logged in guest to accept Terms and Conditions (redirect) - Option to allow non-logged in users to accept the terms and conditions.

Require not logged in users/guests to accept Privacy Policy (redirect) - Option to allow non-logged in users and guests to accept the terms and conditions.

Page with existing Terms and Conditions - Select a page where the terms and conditions are written.

Page to redirect to after Terms accepted - The page where to redirect after terms and conditions are accepted.

Shortcode Button Styling - How the button for the shortcode looks. You have 2 options: Theme Default or Cookie box buttons

Set consent expire time [s] - Time, in seconds, when the terms and condition is still visible.

Terms version, eg. 1.0 (if you change it, user has to give consent again) - The version of the terms and conditions.

Convert the following text to Terms and Conditions link in all services templates, eg. ‘Terms and Conditions’ - You can make the word you set in the textbox as a link to the Terms and Conditions page.

Do not block user agents (eg. bots) containing the following texts (comma separated)

Download consents log - Button for the admin to download the consent logs of terms and conditions. The downloaded file will be in a .txt format.

Note

If Require logged in users to accept Terms and Condition is enabled, the user can’t be redirected to other parts of the site until the user logs in and accepts the Terms and Conditions.

Privacy Policy¶

Here you will set a page as the Privacy Policy page, set conditions, and set the page where to redirect.

Instructions - This is how to add a button for consent to accept the privacy policy on the page.

Require logged in users to accept Privacy Policy (redirect) - Option to have the users logged in first to be able to accept the privacy policy.

Require not logged in guest to accept Privacy Policy (redirect) - Option to allow non-logged in users to accept the privacy policy.

WordPress Privacy Policy page - Link to create or use the default privacy policy of wordpress.

Page with existing Privacy Policy - Select a page where the privacy policy are written.

Privacy Policy Custom URL - URL link for the Privacy Policy that is not in the site.

Open Privacy Policy in a new Tab - Enable/Disable to show the Privacy policy in new tab.

Page to redirect to after Privacy Policy accepted - The page where to redirect after privacy policy are accepted.

Shortcode Button Styling - How the button for the shortcode looks. You have 2 options: Theme Default or Cookie box buttons

Set consent expire time [s] - Time, in seconds, when the privacy policy is still visible.

Privacy Policy version, eg. 1.0 (if you change it, user has to give consent again) - The version of the privacy policy.

Redirect to Privacy Policy first (if Terms and Conditions also redirect) - Option to show privacy policy first when user opens the site.

Convert the following text to Privacy Policy link in all services templates, eg. ‘Privacy Policy’ -

Do not block user agents (eg. bots) containing the following texts (comma separated)

Download consents log - Button for the admin to download the consent logs of privacy policy. The downloaded file will be in a .txt format.

Note

If Require logged in users to accept Privacy Policy is enabled, the user can’t be redirected to other parts of the site until the user logs in and accepts the Privacy Policy.

Right to be Forgotten¶

Here you can set details for when users request for deletion of stored data.

Admin email to send new request notifications to - Where the email for the request is sent.

User notification email subject - Title of the Email sent for the request.

User notification email message - Content of the Email that is sent for the request.

Set custom URL to page containing Ultimate GDPR & CCPA shortcode for e-mail confirmations (or leave empty for autodetect) - URL link to the page for e-mail confirmation.

[bbPress] Enter the existing user’s email whom the posts will be reassigned to (or leave empty to delete them when forgetting) - Email for whom the posts will be re assigned to.

Right To Be Forgotten requests list - List of users that sent the request.

This is the front end form:

In the front end form, the user can choose which personal data on the site can be forgotten. With this, an email request will be sent to the website admin once the request is Submitted.

Note

The email that the user enters in the form is the email where the user will get his reply or notification for the request.

This is an sample Email for the request:

Note

To add the front end form on a page, create a page and add this shortcode : [ultimate_gdpr_myaccount]

Data Access¶

Here you can set details for when users request for data access.

Email to send new requests notifications to - Where the email for the request is sent.

Mail title - Title of the Email sent for the request.

Mail content - Content of the Email that is sent for the request.

Data access requests list - List of users that sent the request.

This is the front end form:

Note

The email that the user enters in the form is the email where the user will get his reply or notification for the request.

This is an sample Email for the request:

Note

To add the front end form on a page, create a page and add this shortcode : [ultimate_gdpr_myaccount]

Data Breach¶

Here you can set details for when there is a data breach in the site. An email will be sent informing about data breach to all users which left their email at your site.

Mail title - Title of the Email sent for the request.

Mail content - Content of the Email that is sent for the request.

Collect user emails from services - Option to collect emails form the following plugins if enabled.

ARForms

Gravity Forms

Mailster

Woocommerce

WP User data

WP Simple Paypal Shopping Cart

Data Rectification¶

Here you can set details for when users request for data rectification.

Email to send admin notifications to - Where the email for the request is sent.

User Mail title - Title of the Email sent for the request.

User Mail content - Content of the Email that is sent for the request.

Set custom URL to page containing Ultimate GDPR & CCPA shortcode as the e-mail confirmation target page (or leave empty for autodetect)

Data rectification requests list - List of users that sent the request.

This is the front end form:

The data the user adds in the Current data text area will be overridden/replaced by the data the user adds in Rectified data text area. Once submitted, an email will be sent to the site admin to notify him of the request.

An email to notify the user that the request is accepted will be sent once the admin of the site selected the email of the user he would like to approve the request and clicked on Send data to selected emails button.

Note

The email that the user enters in the form is the email where the user will get his reply or notification for the request.

Unsubscribe¶

Option to delete user’s data on their requested service once the user confirmed their email.

Hide Unsubscribe Tab - This option hide the Unsubscribe tab of the GDPR & CCPA shortcode.

Automatically unsubscribe users who confirmed their mail - Option to automatically unsubscribe the user without admin confirmation once the user confirmed their email.

Automatically send email about unsubscription to users who confirmed their email - Option to automatically send an email about the unsubscription once the user confirmed their email.

Email to send admin notifications to - Where the email for the request is sent.

User Mail title - Title of the Email sent for the request.

User Mail content - Content of the Email that is sent for the request.

Set custom URL to page containing Ultimate GDPR & CCPA shortcode as the e-mail confirmation target page (or leave empty for autodetect)

Data rectification requests list - List of users that sent the request.

Enter custom subheader for ‘Unsubscribe’ tab in ‘my account’ shortcode (or leave empty for default content)

A confirmation email will be sent to the user’s email to confirm the request to unsubscribe to this service.

Note

The email that the user enters in the form is the email where the user will get his reply or notification for the request.

This is an sample Email for the confirmation:

Services¶

A checkbox for consent can be added at the first field or at the last field of the form. These options can be added to the Services that gathers personal information from users.

Services options¶

Recaptcha key (for myaccount shortcode submissions) - Used to add reCAPTCHA to your site.

Recaptcha secret key (for myaccount shortcode submissions) - Used for communication between your site and Google. Be sure to keep it a secret.

Note

To create a new Google reCAPTCHA for your site, click on this link.

When logging consents of users who did not accept Privacy Policy, log their IP - This feature will work when “When logging consents of users who did not accept Privacy Policy, log their IP” is activated. The IP of the user will be shown with the user id and time of consent.

When logging consents of users who did not accept Privacy Policy, log their User Agent - This feature will work when “When logging consents of users who did not accept Privacy Policy, log their User Agent” is activated. The browser and computer details of the user will be shown with the user id and time of consent.

ARForms:¶

[ARForms] Inject consent checkbox to all forms - Option to add consent check box in all pages with ARForms.

[ARForms] Hide from Forget Me Form - This function is not applicable for this plugin

bbPress:¶

[bbPress] Name - What is shown in the Forget Me Form as the bbPress’s name.

[bbPress] Description - What is shown in the Forget Me Form to describe bbPress.

[bbPress] Inject consent checkbox to all forms - Option to add consent check box in all pages with bbPress.

[bbPress] Hide from Forget Me Form - Option to hide it from Forget Me Form.

BuddyPress:¶

[BuddyPress] Name - What is shown in the Forget Me Form as the BuddyPress’s name.

[BuddyPress] Description - What is shown in the page to describe the BuddyPress.

[BuddyPress] Inject consent checkbox to all forms - Option to add consent check box in all pages with BuddyPress.

[BuddyPress] Hide from Forget Me Form - Option to hide it from Forget Me Form.

Calendar Form:¶

[Calendar Form] Name - What is shown in the Forget Me Form as the Calendar Form’s name.

[Calendar Form] Description - What is shown in the page to describe the Calendar Form.

[Calendar Form] Inject consent checkbox to all forms - Option to add consent check box in all pages with Calendar Form.

[Calendar Form] Hide from Forget Me Form - Option to hide it from Forget Me Form.

Contact Form CFDB7:¶

[Contact Form CFDB7] Name - What is shown in the Forget Me Form as the Contact Form CFDB7’s name.

[Contact Form CFDB7] Description - What is shown in the page to describe the Contact Form CFDB7.

[Contact Form CFDB7] Hide from Forget Me Form - Option to hide it from Forget Me Form.

WPForms Lite:¶

[WPForms Lite] Inject consent checkbox to all forms - Option to add consent check box in all pages with WPForms Lite.

[WPForms Lite] Hide from Forget Me Form - This function is not applicable for this plugin.

Contact Form 7:¶

[Contact Form 7] Name - What is shown in the Forget Me Form as the Contact Form 7’s name.

[Contact Form 7] Description - What is shown in the page to describe the Contact Form 7.

[Contact Form 7] Inject consent checkbox to all forms - Option to add consent check box in all pages with Contact Form 7.

[Contact Form 7] Inject consent checkbox as the first field instead of the last - Option to add the consent checkbox at the first field in the Contact Form 7.

[GDPR Accepted] Filter for Email sent at the bottom of contact form 7 - By default (no text added) the option is deactivated. With added text (for example: “GDPR ACCEPTED:”). This option will add the custom text + GDPR Accepted date at the end of the send message.

[Contact Form 7] Hide from Forget Me Form - This function is not applicable for this plugin.

Waitlist for WooCommerce - Back In Stock Notifier¶

[Waitlist for WooCommerce - Back In Stock Notifier] Name - What is shown in the Forget Me Form as the Waitlist for WooCommerce - Back In Stock Notifier’s name.

[Waitlist for WooCommerce - Back In Stock Notifier] Description - What is shown in the page to describe the Waitlist for WooCommerce - Back In Stock Notifier.

[Waitlist for WooCommerce - Back In Stock Notifier] Inject consent checkbox to all forms - Option to add consent check box in all pages with Waitlist for WooCommerce - Back In Stock Notifier.

[Waitlist for WooCommerce - Back In Stock Notifier] Display consent checkbox for logged in user - Option to add consent check box in all pages with Waitlist for WooCommerce - Back In Stock Notifier ONLY for logged in users.

[Waitlist for WooCommerce - Back In Stock Notifier] Hide from Forget Me Form - Option to hide it from Forget Me Form.

eForm - WordPress Form Builder:¶

[eForm - WordPress Form Builder] Name - What is shown in the Forget Me Form as the eForm - WordPress Form Builder’s name.

[eForm - WordPress Form Builder] Description - What is shown in the page to describe the eForm - WordPress Form Builder.

[eForm - WordPress Form Builder] Inject consent checkbox to all forms - Option to add consent check box in all pages with eForm - WordPress Form Builder.

[eForm - WordPress Form Builder] Hide from Forget Me Form - Option to hide it from Forget Me Form.

Events Manager:¶

[Events Manager] Inject consent checkbox to all forms - Option to add consent check box in all pages with Events Manager.

[Events Manager] Hide from Forget Me Form - This function is not applicable for this plugin.

Flamingo:¶

[Flamingo] Name - What is shown in the Forget Me Form as the Flamingo’s name.

[Flamingo] Description - What is shown in the page to describe the Flamingo.

[Flamingo] Hide from Forget Me Form - This function is not applicable for this plugin.

Formcraft:¶

[Formcraft] Name - What is shown in the Forget Me Form as the Formcraft’s name.

[Formcraft] Description - What is shown in the page to describe the Formcraft.

[Formcraft] Inject consent checkbox to all forms (Premium) - Option to add consent check box in all pages with Formcraft Premium version.

[Formcraft] Inject consent checkbox to all forms (Basic) - Option to add consent check box in all pages with Formcraft Basic version.

[Formcraft] Hide from Forget Me Form - Hide from Forget Me Form -** Option to hide it from Forget Me Form.

Formidable Forms:¶

[Formidable Forms] Name - What is shown in the Forget Me Form as the Formidable Forms’ name.

[Formidable Forms] Description - What is shown in the page to describe the Formidable Forms.

[Formidable Forms] Inject consent checkbox to all forms - Option to add consent check box in all pages with Formidable Forms.

[Formidable Forms] Inject consent checkbox as the first field instead of the last - Option to add the consent checkbox at the first field in the Formidable Forms.

[Formidable Forms] Hide from Forget Me Form - Hide from Forget Me Form -** Option to hide it from Forget Me Form.

Gravity Forms:¶

[Gravity Forms] Inject consent checkbox to all forms - Option to add consent check box in all pages with Gravity Forms.

[Gravity Forms] Inject consent checkbox as the first field instead of the last - Option to add the consent checkbox at the first field in the Gravity Forms.

[Gravity Forms] Hide from Forget Me Form - This function is not applicable for this plugin.

Klaviyo:¶

[Klaviyo] Inject consent checkbox to all forms - Option to add consent check box in all pages with Klaviyo.

[Klaviyo] Inject Hide from Forget Me Form - This function is not applicable for this plugin.

Mailchimp:¶

[Mailchimp] Inject consent checkbox to order fields - Option to add consent check box in all pages with Mailchimp.

[Mailchimp] Inject consent checkbox as the first field instead of the last - Option to add the consent checkbox at the first field in the Mailchimp.

[Mailchimp] Inject Hide from Forget Me Form - This function is not applicable for this plugin.

Mailerlite:¶

[Mailerlites] Inject consent checkbox to all forms - Option to add consent check box in all pages with Mailerlite.

[Mailerlites] Inject Hide from Forget Me Form - This function is not applicable for this plugin.

Mailster:¶

[Mailster] Name - What is shown in the Forget Me Form as the Mailster’s name.

[Mailster] Description - What is shown in the page to describe the Mailster.

[Mailster] Inject consent checkbox to all forms - Option to add consent check box in all pages with Mailster.

[Mailster] Inject consent checkbox as the first field instead of the last - Option to add the consent checkbox at the first field in the Mailster.

[Mailster] Inject consent checkbox to unsubscribe forms - Option to add the consent checkbox in all Mailster’s unsubscribe forms.

[Mailster] Hide from Forget Me Form - Hide from Forget Me Form -** Option to hide it from Forget Me Form.

Metorik Helper:¶

[Metorik Helper] Inject consent checkbox to all forms - Option to add consent check box in all pages with Metorik Helper.

[Metorik Helper] Inject Hide from Forget Me Form - This function is not applicable for this plugin.

Ninja-Forms:¶

[Ninja-Forms] Name - What is shown in the Forget Me Form as the Ninja-Forms’ name.

[Ninja-Forms] Description - What is shown in the page to describe the Ninja-Forms.

[Ninja-Forms] Inject consent checkbox to all forms - Option to add consent check box in all pages with Ninja-Forms.

[Ninja-Forms] Inject Hide from Forget Me Form - Hide from Forget Me Form -** Option to hide it from Forget Me Form.

Quform:¶

[Quform] Name - What is shown in the Forget Me Form as the Quform’s name.

[Quform] Description - What is shown in the page to describe the Quform.

[Quform] Inject consent checkbox to all forms - Option to add consent check box in all pages with Quform.

[Quform] Inject consent checkbox as the first field instead of the last - Option to add the consent checkbox at the first field in the Quform.

[Quform] Inject Hide from Forget Me Form - Hide from Forget Me Form -** Option to hide it from Forget Me Form.

Ultimate Member:¶

[Ultimate Member] Inject consent checkbox to all forms - Option to add consent check box in all pages with Ultimate Member.

[Ninja-Forms] Inject Hide from Forget Me Form - This function is not applicable for this plugin.

Woocommerce:¶

[Woocommerce] Description - What is shown in the page to describe the Woocommerce.

[Woocommerce] Inject consent checkbox to order fields - Option to add consent check box in all pages with Woocommerce.

[Woocommerce] Inject consent checkbox to account forms - Option to add consent checkbox in Woocommerce register form.

[Woocommerce] Inject consent checkbox to checkout - Option to add consent checkbox in Woocommerce checkout page.

[Woocommerce] Additional checkout consent label - Text added here will be shown in the additional consent checkbox.

[Woocommerce] Inject additional consent checkbox to checkout - Option to add consent check box in checkout page (this consent isn’t required to be accepted by the user).

[Woocommerce] Inject Hide from Forget Me Form - This function is not applicable for this plugin.

Wordfence:¶

[Wordfence] Block Wordfence cookies when a user doesn’t accept Functionality cookies

[Wordfence] Inject Hide from Forget Me Form - This function is not applicable for this plugin.

WP Comments:¶

[WP Comments] Name - What is shown in the Forget Me Form as the WP Comments’s name.

[WP Comments] Description - What is shown in the page to describe the WP Comments.

[WP Comments] Inject consent checkbox to comments fields - Option to add consent check box in all pages with WP Comments.

[WP Comments] Hide from Forget Me Form - Option to hide it from Forget Me Form.

wpForo:¶

[wpForo] Name - What is shown in the Forget Me Form as the wpForo’s name.

[wpForo] Description - What is shown in the page to describe the WP Comments.

[wpForo] Inject consent checkbox to all forms - Option to add consent check box in all pages with wpForo.

[wpForo] Hide from Forget Me Form - Option to hide it from Forget Me Form.

WP Job Manager:¶

[WP Job Manager] Name - What is shown in the Forget Me Form as the WP Job Manager’s name.

[WP Job Manager] Description - What is shown in the page to describe the WP Job Manager.

[WP Job Manager] Hide from Forget Me Form - Option to hide it from Forget Me Form.

WordPress Posts:¶

[WordPress Posts] Name - What is shown in the Forget Me Form as the WordPress Posts’s name.

[WordPress Posts] Description - What is shown in the page to describe the WordPress Posts.

[WordPress Posts] Hide from Forget Me Form - Option to hide it from Forget Me Form.

WP User data:¶

[WP User data] Name - What is shown in the Forget Me Form as the WP User data’s name.

[WP User data] Description - What is shown in the page to describe the WP User data.

[WP User] Inject consent checkbox to User network signup form fields

[WP User] Inject consent checkbox to User register form fields

[WP User] Inject consent checkbox to lost password form fields

[WP User] Hide from Forget Me Form - Option to hide it from Forget Me Form.

YITH Woocommerce Wishlist:¶

[YITH Woocommerce Wishlist] Name - What is shown in the Forget Me Form as the YITH Woocommerce Wishlist’s name.

[YITH Woocommerce Wishlist] Description - What is shown in the page to describe YITH Woocommerce Wishlist.

[YITH Woocommerce Wishlist] Hide from Forget Me Form - Option to hide it from Forget Me Form.

Youtube:¶

[Youtube] Remove youtube iframes until Necessary cookies accepted

[Youtube] Inject Hide from Forget Me Form - This function is not applicable for this plugin.

Note

If you would like to add the checkbox for consent in a different place than the one provided by the GDPR & CCPA Plugin, click on this link for a sample on how to do it. The sample is using Contact Form 7 but you can do this with other forms.

This is how it would look on the page.

Pseudonymization¶

Here you can set which information are encrypted.

Warning

This feature is experimental and may lead to irreversible data lost! After encryption, it may be impossible for anyone to decrypt your data. Read Instructions first, before setting the encryption.

Automatically encrypt new data - Option to automatically encrypt new data inputted in the site.
Automatically decrypt all data on the fly (if you have anything encrypted, this is recommended) - Option to automatically decrypt all data inputted in the site to the database.
Select data to encrypt - Select which data are encrypted in the site.
- [Woocommerce] Pseudonymize first and last name - Option to encrypt the first and last name when using woocommerce.
- [Woocommerce] Pseudonymize address information - Option to encrypt the address information when using woocommerce.
- [Woocommerce] Pseudonymize billing email - Option to encrypt the billing email when using woocommerce.
- [WP User data] Pseudonymize first and last name - Option to encrypt the first and last name when using WP user data.
- [WP Simple Paypal Shopping Cart] Pseudonymize user order data - Option to encrypt the user order data when using WP Simple Paypal Shopping Cart.

Plugins¶

Here you can see which plugins are compatible with the GDPR & CCPA plugin.

Add to Page¶

These are samples on how to add the Ultimate GDPR & CCPA features and shortcodes.

Terms and Conditions¶

To add terms and conditions on the site, create a page where all the terms and conditions are written.

Add the button to accept the terms and condition, add the shortcode: [ultimate_gdpr_terms_accept]

After publishing the page for the terms and conditions, in your dashboard go to Ultimate GDPR & CCPA > Terms and Conditions.

You will be redirected to the Terms and Conditions settings.

In Page with existing Terms and Conditions, choose the page that you made with the terms and conditions are written.

Add the needed information and details. For more details on Terms and Conditions, click here.

Note

Admin can download consent logs for admin to know what consent the user gave for Terms and Conditions. You can find the download button at the bottom of Ultimate GDPR & CCPA > Terms and Conditions.

Privacy Policy¶

To add privacy policy on the site, create a page where all the privacy policy are written.

To add the button to accept the privacy policy, add the shortcode: [ultimate_gdpr_policy_accept]

After publishing the page for the privacy policy, in your dashboard go to Ultimate GDPR & CCPA > Privacy Policy.

You will be redirected to the Privacy Policy settings.

In Page with existing Privacy Policy, choose the page that you made with the privacy policy are written.

Add the needed information and details. For more details on Privacy Policy, click here.

Note

Admin can download consent logs for admin to know what consent the user gave for Privacy Policy. You can find the download button at the bottom of Ultimate GDPR & CCPA > Privacy Policy.

Right To Be Forgotten¶

To add the Right to be Forgotten on your site, create a page where your want to show the Forget Me tab.

In the page you created, add the shortcode: [ultimate_gdpr_myaccount]

After publishing the page with the shortcode, in your dashboard go to Ultimate GDPR & CCPA > Right To Be Forgotten.

You will be redirected to the Right to be forgotten settings.

Add the needed information and details. For more details on Right To Be Forgotten settings, click here.

When a user sends a request, an email to confirm the request will be sent to the user.

Depending on the option set in the Right to be forgotten settings:

Automatically forget users who confirmed their mail is DISABLED

If the option Automatically unsubscribe users who confirmed their mail is disabled, the user must confirm the request in the email first for the request to be posted in the Right To Be Forgotten request list.

In the Right To Be Forgotten request list, the admin of the site have the option to approve or delete the request.

If the admin approves the request, select the services to unsubscribe the user from (these services are selected by the user for what services he would like to be forgotten). Then select the user you would like to forget by selecting the check box below Email user / remove request, then click the Forget and notify selected users button.

An email to notify the user that the request to be forgotten is approved.

Automatically forget users who confirmed their mail is ENABLED

If the option Automatically forget users who confirmed their mail is enabled, when the user confirm the request in the email the user will automatically be forgotten from the services the user have selected without any admin intervention.

The user request will be posted in the Right To Be Forgotten request list.

If the option Automatically send email about data removal to users who confirmed their email is enabled, once the user confirms the request in the email the user will receive an email to notify the user for the request to be forgotten.

Data Access¶

To add the Data Access request on your site, create a page where your want to show the Personal Data Access tab.

In the page you created, add the shortcode: [ultimate_gdpr_myaccount]

After publishing the page with the Data Access request, in your dashboard go to Ultimate GDPR & CCPA > Data Access.

You will be redirected to the Data access settings.

Add the needed information and details. For more details on Data Access settings, click here.

When a user sends a request, it is posted in Data access requests list.

An email with data attached will be sent to the user once the admin of the site selected the email of the user he would like to approve the request and clicked on Send data to selected emails button.

Data Rectification¶

To add the Data Rectification request on your site, create a page where your want to show the Data Rectification tab.

In the page you created, add the shortcode: [ultimate_gdpr_myaccount]

After publishing the page with the Data Rectification, in your dashboard go to Ultimate GDPR & CCPA > Data Rectification.

You will be redirected to the Data Rectification settings.

Add the needed information and details. For more details on Data Rectification settings, click here.

When a user sends a request, an email to confirm the request will be sent to the user. The user must first confirm the request before it is posted in Data rectification requests list.

An email to notify the user that the request is accepted will be sent once the admin of the site selected the email of the user he would like to approve the request and clicked on Send data to selected emails button.

Unsubscribe¶

To add the Unsubscribe request on your site, create a page where your want to show the Unsubscription tab.

In the page you created, add the shortcode: [ultimate_gdpr_myaccount]

After publishing the page with the Unsubscribe, in your dashboard go to Ultimate GDPR & CCPA > Unsubscribe.

You will be redirected to the Unsubscribe settings.

Add the needed information and details. For more details on Unsubscribe settings, click here.

When a user sends a request, an email to confirm the request will be sent to the user.

Depending on the option set in the Unsubscribe settings:

Automatically unsubscribe users who confirmed their mail is DISABLED

If the option Automatically unsubscribe users who confirmed their mail is disabled, the user must confirm the request in the email first for the request to be posted in the Unsubscribe request list.

In the Unsubscribe request list, the admin of the site have the option to approve or delete the request.

If the admin approves the request, select the services to unsubscribe the user from (these services are selected by the user for what services he would like to be unsubscribed). Then select the user you would like to unsubscribe by selecting the check box below Email user / remove request, then click the Unsubscribe and notify selected users button.

An email to notify the user that the request to unsubscribe is approved.

Automatically unsubscribe users who confirmed their mail is ENABLED

If the option Automatically unsubscribe users who confirmed their mail is enabled, when the user confirm the request in the email the user will automatically be unsubscribe from the services the user have selected without any admin intervention.

The user request will be posted in the Unsubscribe request list.

If the option Automatically send email about unsubscription to users who confirmed their email is enabled, once the user confirms the request in the email the user will receive an email to notify the user for the unsubscription.

Cookies Management¶

What Cookies are used on your website¶

Note

Functionality available since version 1.4

You can show a table with all cookies collected by your website with simple shortcode: [render_cookies_list]

Active cookies will be displayed in a table, like the following:

Note

Your website should be publicly accessible to correctly detect all cookies that are used on it

Whitelist Cookies¶

When a scenario that the set default privacy group is ‘Block All’ and the user will select ‘Block All’ cookie, the user will see the cookie popup over and over since the user blocked saving cookies and there is no way for the system to know that the user already accepted the cookie consent.

Whitelist cookies are cookies that are allowed even if you choose to Block all cookies in the site.

You can add whitelisted cookies in Ultimate GDPR & CCPA > Cookie Consent > Preferences:

This way you can allow selected cookies to be accepted even if cookie setting is set to ‘Block All’.

Use Services Manager¶

This is where the cookies that are detected are saved. You can change the cookies’s details here. You can also make a customized cookie to be blocked/accepted in your site.

To detect cookies that are used in your site, click the Scan for cookies button at the bottom of Ultimate GDPR & CCPA > Cookie Consent > Cookie consent settings.

Note

To have the Block All cookies functionality working, you must first detect all cookies and save them in the Services Manager.

The cookies that are detected is then shown in the Ultimate GDPR & CCPA > Cookie Consent > Services Manager.

In Ultimate GDPR & CCPA > Cookie Consent > Services Manager you will see:

Title - Used only for admin user to navigate through services.

ID - Identifier for the cookie script.

Service name - Name of the service which will be displayed in table created using [render_cookies_list] short code.

Script names - Comma separated names of java-script scripts which are to be blocked, to prevent creation of unwanted cookies.

Note

Plugin searches html content of <script>, <noscript> and <iframe> tags. If plugin finds any of “script names” it removes entire content of given tag.

Cookie names - Comma separated names of cookies which are to be blocked. It’s important use actual name of cookie, not name of service. For example – to block google analytics user must input “_ga” instead of “Google Analytics”.

Type of cookie - Drop-down allowing user to pick which category should the cookie be in. This allows user to agree for chosen cookie group.

First or Third party ? - First party cookies are cookies created by website itself, the rest are 3rd party.

Can be blocked ? - When user creates new service, you should test if blocking works as intended.

By default all cookies we do not recognise that is detected by Scan for cookie option have this field set to false.

This field is used only to display information in table created using [render_cookies_list] shortcode.

Session or Persistent ? - If cookie is deleted when session ends, or if it has set expiry date.

This field is used only to display information in table created using [render_cookies_list] shortcode.

Expiry Time - Fill only if cookie is Persistent. Input how long cookie is stored and use seconds.

Purpose - Purpose of the cookie. This field is used only to display information in table created using [render_cookies_list] shortcode.

Do you want to activate this service? - Option to activate or deactivate.

Note

Only services which are active, are being blocked. Unchecking this checkbox makes the plugin ignore this service.

How to add Third Party Cookies¶

When a third party cookie is not detected by the cookie scanner, you can add the third party cookies manually.

To add third party cookies, you can add the Cookie name of the cookies that you would like to block in Ultimate GDPR & CCPA > Services Manager under Cookie Names.

Sample third party setup:

Tracking Users Anonymously (Google Analytics)¶

To use this feature correctly, these are some pointers:

In the Ultimate GDPR & CCPA > Services Manager, uncheck the Do you want to activate this service? so that Google Analytics won’t be blocked.

The Google Analytics Tracking ID should be added in Ultimate GDPR & CCPA > Cookie popup for the feature to work since Google Analytics will be blocked as long as the consent isn’t given.

Enable the option for anonymization in Ultimate GDPR & CCPA > Cookie popup. This option will allow you to track anonymously without collecting any user data in compliance with GDPR & CCPA.

What does Tracking Users Anonymously exactly mean?¶

After following the instruction above, IP of all users visiting the website will be altered before sending the tracking data to Google. This will make impossible for search engines to directly assign tracking data to an exact IP Address making this action GDPR & CCPA compliance even if the user didn’t accept cookie consent.

For more advanced information for this functionality access this link.

How to check for cookies¶

Mozilla Firefox¶

In Firefox, press F12 and navigate to Storage tab. There a list of cookies with all necessary information should be displayed.

Google Chrome¶

In Google Chrome, press F12 and navigate to Application tab. Click on the drop down arrow beside Cookies below Storage. The list of cookies with all necessary information should be displayed.

Plugin¶

Cookies can also be detected using plugin’s built in mechanism called “Scan for cookies”. Cookie detection can be done using one button in wp-admin.

Navigate to Ultimate GDPR & CCPA > Cookie Consent. On the bottom of the page click on DScan for cookies button.

Please be patient, since this process might take a while. If no cookies were found please wait for around one hour and try again. In case this does not help please contact our support.

Content Protection¶

This feature is used by using this shortcode: [ultimate_gdpr_protection level=4] & [/ultimate_gdpr_protection]

This feature will hide any content inside the shortcode unless the cookie group chosen by the user of the site will meet the requirements of the shortcode.

To add the shortcode in the page, follow this format:

[ultimate_gdpr_protection level=4]CONTENT[/ultimate_gdpr_protection]

Note

The level in [ultimate_gdpr_protection level=4] is the cookie group condition that needs to be meet for the blur to clear.

Level	Cookie Group
1	Essentials
2	Functionality
3	Analytics
4	Advertising

A label/notice will be shown in front of the blurred area.

You can customize the label/notice in Ultimate GDPR & CCPA > Cookie Consent > Preference tab, under Protection shortcode.

Sample when condition is meet

Customize¶

Terms and Conditions and Privacy Policy¶

Buttons¶

To customize the buttons for Terms and Conditions and Privacy Policy, you have 2 options: Theme Default or Cookie box buttons

Theme Default

This is the default button design that your WP theme is using. It will give you a uniform look to your site.

Cookie box buttons

This option is using the same button design as the Cookie consent. Which you can change in Ultimate GDPR & CCPA > Cookie Consent > Preference Tab.

Note

When you change the look in the Preference Tab, it will not just change the buttons for Terms and Conditions and Privacy Policy. It will affect the look of the buttons for Cookie consent.

Bot Detection¶

Detect whether a bot (Google bot) or a human enters the site and enforce the Terms and Conditions and Privacy Policy.

You can add the bot name in:

Terms and Conditions - Ultimate GDPR & CCPA > Terms and Conditions > Do not block user agents (eg. bots) containing the following texts (comma separated)
Privacy Policy - Ultimate GDPR & CCPA > Privacy Policy > Do not block user agents (eg. bots) containing the following texts (comma separated)

Note

You can see the bot database here

Right to be Forgotten¶

Note

This feature will show the plugins that are integrated in Ultimate GDPR that gather data from the users.

Changing the Text in Forgotten Form¶

You can change the Name and Description that will be shown in the Forget Me tab of the GDPR shortcode.

To customize the text in the form for Right to be Forgotten, go to Ultimate GDPR & CCPA > Services.

Look for the service that you would like to change.

Note

For this example, we’ll use WooCommerce.

Add the Changes that you want, then click on the Save Changes button.

It should reflect in the form:

Modify Right to be Forgotten Form¶

There are 2 ways to remove an option in the Right to be Forgotten form.

Note

This example will remove the WP Comment from the Right to be Forgotten form.

Adding a filter in the functions.php of the theme that is used

Add this filter in the file:

add_filter( 'ct_ultimate_gdpr_model_services_default', 'my_services' );
function my_services( $services ) {

foreach( $services as $key => $val ) {
if ( $val == 'CT_Ultimate_GDPR_Service_WP_Comments' ) {
unset( $services[ $key ] );
}
}
return $services;

}

Overwrite the Shortcode’s template

Create a Php file in your theme with a file name: shortcode-myaccount.php

Then add this code in the file:

<?php

/** @var CT_Ultimate_GDPR_Service_Abstract $service */
foreach ( $options['services'] as $service ):

if ( $service->get_id() == 'wp_comments' ) :
continue;
endif;

?>
<div class="ct-ultimate-gdpr-service-options">
<div class="ct-ultimate-gdpr-service-option">
<input type="checkbox" name="ct-ultimate-gdpr-service-forget[]"
value="<?php echo esc_attr( $service->get_id() ); ?>">
</div>
<div class="ct-ultimate-gdpr-service-details">
<div class="ct-ultimate-gdpr-service-title"><?php echo esc_html( $service->get_name() ); ?></div>
<div class="ct-ultimate-gdpr-service-description"><?php echo esc_html( $service->get_description() ); ?></div>
</div>
</div>


<?php endforeach; ?>

Export/Import Options¶

Starting from Ultimate GDPR & CCPA v1.6.3, you can export or import the current plugin settings or the services from Service Manager of your Ultimate GDPR & CCPA Plugin.

This will give you an efficient and fast way to copy your current GDPR settings to another site that has Ultimate GDPR & CCPA Plugin installed.

Services from Service Manager¶

Export¶

To export the Services in the Service Manager of a Ultimate GDPR & CCPA Plugin, follow these steps:

In your dashboard, go to Ultimate GDPR & CCPA > Ultimate GDPR & CCPA > Introduction tab.

Look for the Export/import options section of the page.

Under Export/import options, you sill see the Export services button.

Click on the button and a .json file will be downloaded.

This file contains a copy of the cookies that are saved/added and its settings in the Service Manager.

Import¶

To import the Services from a Service Manager of another GDPR & CCPA Plugin from a .json file, follow these steps:

In your dashboard, go to Ultimate GDPR & CCPA > Ultimate GDPR & CCPA > Introduction tab.

Look for the Export/import options section of the page.

Under Export/import options, you will see the Choose file button below the Export Services button.

Click on the button and you will be asked to choose the .json file for the services.

Once you have chosen a file, below the Choose file button you will see the Import services to Service Manager button.

Click on the Import services to Service Manager button, this will import all the details in the .json file.

You will see the changes in Ultimate GDPR & CCPA > Services Manager.

Integration for Additional Plugins¶

WP Super Cache Integration¶

By integrating WP Super Cache with Ultimate GDPR & CCPA, it will allow to save custom cookies.

Installation instruction for WP Super Cache

Create wp-super-cache-plugins folder in wp-content/plugins/ and add This file (remember to unzip it).
To make it work, do the following:
Open wp-content/wp-cache-config.php and change the line under $wp_cache_plugins_dir:

From:
$wp_cache_plugins_dir = WPCACHEHOME . 'plugins';
To:
$wp_cache_plugins_dir = WP_CONTENT_DIR . "/plugins/wp-super-cache-plugins/";;
In result, on Plugins page of WP Super Cache settings (/wp-admin/options-general.php?page=wpsupercache&tab=plugins) you will have only one plugin: this plugin, called Ultimate GDPR - WP Super Cache integration
Follow the instruction on the page /wp-admin/options-general.php?page=wpsupercache&tab=plugins.

Other Integration¶

Adding Fields to wp_admin¶

add_option_fields() - Function used to add fields to wp_admin. A good example of usage is in class service-contect-form.php or service-bbpress.php

Plugin with Forms¶

front_action() - If plugin has forms (for example contact form) you should add a function which injects consent checkbox which allows processing of data. You should add checkbox template to plugin’s hooks.

Do not forget about validation for this field. You can use service-bbpress.php::front_action() as an example.

If plugin stores any user data¶

If plugin stores any user data you should implement following functions:

collect() - collects data stored by plugin

is_forgettable() - must return true

forget() - handle removing data stored for given user

breach_recipients_filter() - usually gets all users whose data is stored by plugin

If plugin creates cookies¶

If plugin creates cookies you should list them like in service-google-analytics.php::cookies_to_block_filter().

It’s a good idea to copy this function and update cookie names and CT_Ultimate_GDPR_Model_Group::LEVEL_

If plugin adds cookies¶

If plugin adds cookies using js functions, use script_blacklist_filter().

It’s similar to cookies_to_block_filter(). Instead of cookie names, use some unique string which appears in the code.

Common Issues¶

Incompatible with the Theme¶

There are thousands of plugins that are compatible with WordPress. Ultimate GDPR & CCPA is coded to be compatible with themes that are using WordPress Coding Standards, but some themes and plugins do not follow this standards and may cause issues with compatibility.

These are some steps to troubleshoot if there’s error/s when Ultimate GDPR & CCPA is activated:

Note

Create a Backup for your site before doing these steps to prevent any issue with your site.

Check for Theme Conflicts

Change into a default WordPress theme and check if the issue still persist.

If the issue doesn’t persist, the issue is caused by the theme.

If the issue still persist, please proceed with Check for Plugin Conflicts.

Incompatible with Plugins¶

With the thousands of plugins that are available, one or more plugins have a chance to conflict with Ultimate GDPR & CCPA. We’re doing our best to integrate plugins user’s are using that are in conflict with Ultimate GDPR & CCPA.

To know which plugin is causing the conflict, follow this instructions:

Check for Plugin Conflicts

Disable all the plugins except for Ultimate GDPR & CCPA. Check if the issue is there, if not proceed with these instruction.

Activate plugins one at a time. After activating a plugin, check if the issue is there.

If the issue is not there, deactivate the plugin again and activate another plugin. Repeat this process until the issue is recreated.

If the issue is there, then this issue is due to this plugin.

Check the plugin’s settings if there is a setting that is making the conflict with Ultimate GDPR & CCPA.

For premium plugin integration, share test access to website with the mentioned plugin for faster integration.

You can also manually integrate plugins by following these instructions.

Issues with 3rd Party Plugin¶

Fatal Error Fix¶

For issues with this error:

Error

Fatal error: Cannot redeclare tgmpa() (previously declared in home/siteURL/public_html/wp-content/plugins/ct-ultimate-gdpr/vendor/optimus-prime-plugin-update/class-tgm-plugin-activation.php:2127) in home/siteURL/public_html/wpcontent/themes/personal_folder/inc/plugins/class-tgm-plugin-activation.php on line 2118

A plugin to resolve this issue is created. To get this plugin, click on: Ultimate GDPR & CCPA Fix

Install and activate this plugin.

Advanced Custom Fields (ACF) Conflict¶

Plugins and themes which uses ACF may conflict with Ultimate GDPR & CCPA plugin.

To resolve this issue, you can add this plugin, Ultimate GDPR ACF Fix, to your site.

This will resolve the conflict with Ultimate GDPR & CCPA’s use of ACF with the plugin or premium theme that also uses ACF.

Themes using ACF

MyListing Theme

Plugins using ACF

WooCommerce Attach Me!

Missing information about available update¶

If the information about the available update is missing from your plugin section or you wish to always be sure you are using the latest version of the Ultimate GDPR & CCPA plugin please add:

add_filter( ‘auto_update_plugin’, ‘__return_true’ );

to functions.php file, which will allow all the pages used by the site to auto-update instead of having to click the ‘update link’.

Plugin Translation¶

Multilingual website¶

For Multilingual websites, you can use plugins to translate GDPR & CCPA to 2 or more languages.

WordPress Multilingual Plugin (WPML Plugin)¶

To use this option, you need to have installed WordPress Multilingual Plugin (WPML Plugin), which you can buy here.

Note

This plugin isn’t part of the GDPR & CCPA Plugin bundle, to use this function you must have the WPML Plugin.

Follow how to translate using WordPress Multilingual Plugin (WPML Plugin).

Loco Translate¶

Loco Translate is a free plugin for translation, which you can download here.

Loco Translate will use the PO and MO file to translate the plugin.

Follow how to translate using Loco Translate.

How to translate Enter custom subheader for ‘Unsubscribe’ tab in ‘my account’ shortcode¶

Single language website¶

If the site uses only one language version and it is not English, the only way to use the phrase in the correct language is to enter it directly to the textarea available on path *Ultimate GDPR & CCPA > Unsubscribe > Enter custom subheader for ‘Unsubscribe’ tab in ‘my account’ shortcode (or leave empty for default content)

Multilingual website¶

To translate this phrase for a multilangual page please follow WordPress Multilingual Plugin (WPML Plugin).

Translate Using POT file¶

To translate the plugin, it will need a POT (Portable Object Template) file to work.

POT is generated from plugin files and contain all phrases from the plugin that can be translated to a different language.

Note

The POT file for this plugin is ct-ultimate-gdpr.pot, and the path to it is /wp-content/plugins/ct-ultimate-gdpr/lang/

The translation editor will create PO (Portable Object) and MO (Machine Object) file from the plugin POT file. The only file we are able to edit is the PO file.

In the PO file, we are saving both English and the translations for this phrases. All translations you created are added there. Saving the changes there will also update the MO file that is used by the plugin.

How to translate plugin using Poedit¶

Note

To ensure that plugin will work correctly, don’t translate the string Ultimate GDPR & CCPA plugin.

Install a translation editor like Poedit.
Copy the ct-ultimate-gdpr.pot file from /wp-content/plugins/ct-ultimate-gdpr/lang/. Paste it on the desktop of your computer.
Open the Poedit application and click on Create new translation option.
Choose the PO file to translate.
You will be ask what language to translate the file into, choose the language as to what you need.
You will see at the Poedit application that at the left side are the Source Text (English words) and at the right side are the Translations.
When you click on a word from the source text, at the very right side you will see Translation Suggestions for the word that was clicked.
You can add your translation at the Translation: area at the bottom or click on the best of the suggested translations of the word.
Click on a word from the source text one by one and translate.
Once done translating the words in the Source text, save the file.
When saving a file, “ct-ultimate-gdpr-” should be added to the default file name.
Once saved, it will create a PO and MO file.
Copy the PO and MO file to the WordPress language directory located at /wp-content/languages/plugins/.
In your WP, activate the GDPR & CCPA plugin. Once activated, navigate your dashboard to Settings > General.
You will see the General Settings of your site. To activate the translation, look for the Site Language and select the one that you like.
After selecting the site language, click the Save Changes button and a loading icon will show. Once the loading icon disappear, the translation should be done.

For more information on how to translate a plugin using Poedit, click this link.

Translate Using WPML Plugin¶

To use this option, you need to have installed WordPress Multilingual Plugin (WPML Plugin), which you can buy here.

Note

This plugin isn’t part of the GDPR & CCPA Plugin bundle, to use this function you must have the WPML Plugin.

To be able to fully integrate the translation functionality of WPML plugin:

Install the WPML Plugin in your site. Once installed, activate these plugins:
You will be asked to setup the WPML Plugin after you have installed it.
Go to WPML > Theme and plugins localization, scroll down ang look for Ultimate GDPR & CCPA under Strings in the plugins. Click the checkbox at the side and click on Scan selected plugins for strings button at the bottom of the page.
This should scan all the string in the plugin.
Go to WPML > String Translation, click on the drop-down box for In domain and look for the domain for Ultimate GDPR & CCPA.
Note

The strings in Ultimate GDPR & CCPA are separated by parts.
- admin_texts_ct-ultimate-gdpr-cookie - The strings in the cookie advance settings.
- ct-ultimate-gdpr - Other string use by the plugin.
Choose a string to translate, click + and add the translation of the string by language.
Go to Pages and create a new page for the translated pages. For the popup, once you have translated the strings, it should automatically translate.
If you already have pages created, click on the page created. Look for the Language section of the page. Click on the plus sign or gear sign for the language you would like translate. This will open a page to create a translated version of the page of the language.
Go to Appearance > Menu and create a new menu for the pages.
If you already have menus created, choose a menu to add to the translated language site. Click on Synchronize menus between languages, Click on the Sync button.
You will see the changes on the site.

Sample English

Sample Polish

Translating using Loco Translate¶

Loco Translate is a free plugin for translation, which you can download here.

Loco Translate will use the PO and MO file to translate the plugin.

To translate using Loco Translate Plugin, install and activate the plugin.

Click Home to view all the translatable plugins and themes.

Choose Ultimate GDPR & CCPA under Bundle name then you will be redirected to a page with all the available translations. You can create or edit a translation.

Edit a Translation¶

The languages you see here are the available PO and MO files for translating Ultimate GDPR & CCPA. It can be found in your wordpress language folder or plugin folder.

To edit an existing translation, click on the language file you want to edit. You will be directed to the PO file with the words that are translated and not translated.

Click on a word/phrase that you would like to translate and add the translation below the Source Text under Language Translation.

You will see a star icon indication beside the translated word/phrase that you have added/edited the translation.

Once you are done adding/editing the words/phrases in the translation, click on the the Save button to save the file.

Create New Translation¶

To create a new translation, you click on the New Language link below the Ultimate GDPR & CCPA word.

You will be redirected to an option for the template of the PO file. You can opt to Create Template or Skip template. Creating a template will make this the default template for all your translations of Ultimate GDPR & CCPA in Loco Translate.

Note

The created template will be updated by clicking the Edit template link beside new language and click on the Sync button. If there is a new/updated version of the template, this will sync with the template that is in the plugin folder.

Creating a new translation, you will be redirected to Initializing new translations in “ct-ultimate-gdpr” where you can choose what language you would like to make a translation and choose a location where you would like to save the file made.

Click on the Start translating button and you will be redirected to translating area with the source text and a blank translation.

Same as editing a translation, click on a word/phrase that you would like to translate and add the translation below the Source Text under Language Translation.

You will see a star icon indication beside the translated word/phrase that you have added/edited the translation.

Once you are done adding/editing the words/phrases in the translation, click on the the Save button to save the file.

Downloads for Language Version¶

Ultimate GDPR & CCPA Plugins is pre-packed with several language versions available for download below.

German (version 2.6)

French (version 2.6)

Spanish (version 2.6)

Norwegian (version 2.6)

Russian (version 2.6)

Polish (version 2.6)

Italian (version 2.6)

Dutch (version 2.6)

Croatian (version 2.6)

Hungarian (version 2.6)

Romanian (version 2.6)

Czech (version 2.6)

Slovak (version 2.6)

Portugese (version 2.6)

Danish (version 2.6)

Bulgarian (version 2.6)

Can’t find your language? Write us an email to support@createit.pl – we’re constantly improving.

Compatible Plugins¶

Shortcodes¶

Plugin Shortcodes¶

[render_cookies_list]¶

This shortcode will let you show the cookies that are saved in Services Manager.

You can also display the each cookie in a separate row by adding the parameter: display_single_cookies=true

Sample for the shortcode w/ parameter:

Output:

FAQs¶

Plugin¶

3rd Party Cookies¶

What are third-party cookies?¶

In “third-party cookie”, the word “party” refers to the domain as specified in the cookie; the website that is placing the cookie.

So, for example, if you visit example.com and the domain of the cookie placed on your computer is example.com, then this is a first-party cookie.

If, however, you visit example.com and the cookie placed on your computer says some-other-site.com, then there are third-party cookies generated.

Blocking Cookies¶

Why are some cookies not Blocked?¶

These are some of the reasons why this happens:

User have visited the site before the plugin was activated.

We don’t want to block all the cookies since the user already interacted with the site.

These cookies are saved in the users computer and could be removed by clearing the computer’s cache history.

Cookie is essential for the site to work. (example: PHP session)

These are cookies that are needed for your site to work properly. These cookies are usually added in the cookie whitelist.

To know more about Cookie Whitelist, read this part of the documentation.

The cookie is a “third party” type.

Opposite to a “first party” cookie, a “third party” cookie couldn’t be block using standard programmatical methods.

The only way to do it is to prevent the script that is adding the cookie from initializing.

We’re trying to find ways to do so, but there are some rare occasions that it isn’t possible/difficult to block such scripts.

You can read more information about third party cookies here.

The cookies are created by other plugins that are not integrated with Ultimate GDPR & CCPA.

Cookies that are generated by the active plugins in the site.

How to remove cookies that are generated before plugin is installed?¶

It’s not always possible to remove existing cookies. For example “third-party” cookies cannot be removed programmatically. The only way to “block” them is to prevent them from creating.

Users can also remove them manually, by going to the browser settings and clear cookies there (users can also use CTRL + Shift + Delete shortcut to open the browser settings for clear cookies).

Google Analytics Stats¶

How to use Google Tag Manager?¶

Using the Google Tag Manager to manage your Google Analytics makes it faster and easier.

Note

Install Google Tag Manager first in your site so that it can monitor the sites activity.

In the Tag Manager, create the Tag for Google Analytics. You can use a pre-existing Google Analytics ID.

By using Google Tag Manager, you can customize how Google Analytics behave in your site.

For information on how to install and setup Google Tag Manager, click here.

Other Issues¶

Why is the plugin slowing down the site?¶

Plugin includes experimental feature Pseudonymization. Which is encrypting user data in database, then on page load user data is decrypted.

This type of functionality can require some server resources. If you see higher load on server, we recommend to disable Pseudonymization.

The Transparency & Consent Framework (TCF)¶

How to Enable TCF 2.2 Settings¶

Navigate to Ultimate GDPR & CCPA panel > choose Ad Choices

Click Enabled button and Save Changes.

This is the new pop-up that will appear when TCF 2.2 is enabled. Customize Ad Choices pop-up box.

Google Consent Mode v2¶

Our TCF 2.2 compliant modal supports Google Consent Mode. If option is enabled plugin is transmitting user consent choices to GTM or gtag.js.

Note

Note: We’re proud to say our plugin is certified by Google as a Consent Management Platform (CMP), with a TCF CMP ID: 408. This means we meet Google’s standards for managing user consents properly.

GTM Configuration overview¶

This section provides an overview of how Google Tag Manager (GTM) manages consent mode. For in-depth guidance, consider consulting a GTM/SEO expert.

Advanced Implementation vs. Basic Implementation of Consent Mode¶

Consent mode enables your site to communicate users’ consent status. It works to dynamically adapt the behavior of Analytics, Ads, and third-party tags based on user consent.

Basic Implementation primarily involves waiting to load Google tags until after users have provided their consent. This straightforward approach can lead to significant data gaps, as no tracking occurs until consent is granted. While basic implementation allows for some level of conversion modeling, it lacks the depth of insights provided by behavioral modeling, which is crucial for understanding user behavior comprehensively.

Tag Behavior	Behavioral Modeling in GA4	Conversion Modeling
Google tags are loaded after obtaining user consent.	Not available, leading to gaps in understanding user behavior.	Limited, with general models based on non-specific variables.

Advanced Implementation, conversely, maximizes the potential of consent mode. By loading Google tags before the consent dialog appears and utilizing cookieless pings for users who decline consent, it enables the full suite of modeling tools in GA4. Behavioral modeling uses machine learning to fill data gaps, offering insights into user behavior, acquisition sources, and conversion paths, even without full user identifiers.

Tag Behavior	Behavioral Modeling in GA4	Conversion Modeling
Preemptive tag loading with cookieless data collection for declined consent.	Enabled, providing insights based on modeled data like daily active users, conversion rates, and more, across different demographics and device types.	Enhanced, offering detailed analysis and optimization capabilities.

Hint

More info: https://support.google.com/analytics/answer/9976101

Understanding Behavioral Modeling Visibility and Criteria¶

Google utilizes Behavioral Modeling to mitigate the impact of missing data when users decline consent. However, for Behavioral Modeling to be employed and for its insights to be visible in your GA4 reports, certain criteria and thresholds must be met:

Consent Mode Activation: Consent mode must be enabled across all site pages.
Advanced Implementation: Tags must load before the consent dialog is displayed, allowing for cookieless data collection from users who decline consent.
Data Volume Requirements: A minimum of 1,000 events per day with analytics_storage=’denied’ for at least 7 days. And at least 1,000 daily users sending events with analytics_storage=’granted’ for at least 7 of the previous 28 days.

These thresholds ensure there’s sufficient data for Google’s machine learning models to accurately estimate user behavior based on observed consented interactions.

Hint

More info: https://support.google.com/analytics/answer/11161109

Cookies Management¶

Interested in using user Cookie Preferences to control scripts and cookies loading in the browser? Our TCF Modal, integrated with Google Tag Manager (GTM), offers a solution for managing cookies. This interactive demonstration showcases the dynamic control of tags based on user-selected consent:

Real-time script loading: observe how the activation of GTM tags (Analytics, Marketing, Functional) is adjusted in response to user consents.
Consent-driven tag control: discover how GTM tags adapt to consent changes with detailed logs

To explore the full capabilities of our consent implementation and understand how it can be adapted to include various other tags (e.g., Facebook Pixel, Google Analytics, and more), visit our Cookies Management Demo page.

Hint

Cookies Management Demo: https://www.createit.com/gdpr/tcf-gtm-demo/

Testing your setup¶

To make sure everything is working as it should, you can use these tools:

Google Tag Assistant: A tool to help check if the consent signals are being correctly sent: https://developers.google.com/tag-platform/security/guides/consent-debugging
Chrome Addon ‘Analytics Debugger’: Use this Chrome extension to debug and verify analytics data: https://chromewebstore.google.com/detail/analytics-debugger/ilnpmccnfdjdjjikgkefkcegefikecdc

Hint

Note: When Google Consent Mode (GCM v2) is correctly set up, it will communicate the choices made in the “Cookie Preferences” tab of the TCF modal to Google Services.

Translations¶

Our TCF modal already includes those translations:

English
Catalan
Czech
Danish
German
Greek
Spanish
Finnish
French
Galician
Croatian
Hungarian
Italian
Dutch
Norwegian
Polish
Portuguese (Brazil)
Romanian
Russian
Serbian (Cyrillic)
Serbian (Latin)
Swedish
Turkish
Chinese

Hint

WPML Support: Our plugin is compatible with the WPML plugin. It automatically detects the language and displays the appropriate modal for each language.

Customizing translations

You can change TCF modal texts on your website by using a WordPress filter. This lets you edit just one piece of text or all the phrases you see.
Remember, some parts of the text, like the list of partners, their reasons, examples, and explanations, come straight from the Transparency & Consent Framework (TCF) v2.2 official website. We use these to make sure everything is correct and follows their rules.

Note: This section is for those familiar with WordPress development. Changing these settings can affect how the plugin works, so please be careful.

<?php

/**
 * functions.php
 * Overwrite translations when using TCF modal (Ultimate GDPR & CCPA plugin)
 * Add this snippet to your functions.php (theme) or use custom wordpress plugin
 * You can customize each translation that is displayed in TCF modal.
 * List of partners, purposes, examples, descriptions can't be customized (those are fetched from official site of The Transparency & Consent Framework (TCF) v2.2)
 */

function ct_tcf_custom_translations($translations) {

    /**
     * Overwrite all strings from main translations
     * List of available languages for TCF modal:
     * 'en'  => 'English',
     * 'ca'  => 'Catalan',
     * 'cs'  => 'Czech',
     * 'da'  => 'Danish',
     * 'de'  => 'German',
     * 'el'  => 'Greek',
     * 'es'  => 'Spanish',
     * 'fi'  => 'Finnish',
     * 'fr'  => 'French',
     * 'gl'  => 'Galician',
     * 'hr'  => 'Croatian',
     * 'hu'  => 'Hungarian',
     * 'it'  => 'Italian',
     * 'nl'  => 'Dutch',
     * 'no'  => 'Norwegian',
     * 'pl'  => 'Polish',
     * 'pt_br' => 'Portuguese (Brazil)',
     * 'ro'  => 'Romanian',
     * 'ru'  => 'Russian',
     * 'sr_cyrl' => 'Serbian (Cyrillic)',
     * 'sr_latn' => 'Serbian (Latin)',
     * 'sv'  => 'Swedish',
     * 'tr'  => 'Turkish',
     * 'zh'  => 'Chinese'
     */

    $my_custom_translations['en'] = [
        "decline2" => "Withdraw to all",
        "consentModal" => [
            "title" => "Customise Ad Choices",
            "tab1_title" => "Ad Choices",
            "tab2_title" => "Cookie Preferences"
        ],
        "tab2" => [
            "description" => "You can manage your cookie settings for our website. We use different types of cookies to enhance your browsing experience, analyze site traffic, and personalize content and ads. While necessary cookies are always active, you have control over the other categories. Please note that changing these settings may affect your experience on our site.",
            "necessaryCookies" => "Necessary Cookies",
            "necessaryCookiesDesc" => "These are crucial for the basic operations of our website. They enable core functionalities such as security, network management, and accessibility. As they are essential for the website to work correctly, they cannot be turned off.",
            "functionalCookies" => "Functional Cookies",
            "functionalCookiesDesc" => "These cookies enable additional features on our website for a more personalized experience. They remember your preferences and settings, like language or location, making your experience more convenient and tailored.",
            "analyticsCookies" => "Analytics Cookies",
            "analyticsCookiesDesc" => "These cookies help us understand how visitors interact with our website. They collect information about your use of the site, which pages you visit, and how you navigate the site. This data is used to improve the website's functionality and user experience.",
            "advertisingCookies" => "Advertising Cookies",
            "advertisingCookiesDesc" => "These cookies are used to display relevant advertisements to you. They track your online activity to tailor advertising to your interests. By not allowing these cookies, the ads you see may be less relevant to you."
        ],
        "purposes" => [
            "purposes" => "Purposes",
            "special_purposes" => "Special Purposes",
            "features" => "Features",
            "special_features" => "Special Features",
            "partners" => "Partners",
            "li_partners" => "Partners (Legitimate Interest)",
            "cookies" => "Cookie Preferences"
        ],
        "purposeItem" => [
            "service" => "service",
            "services" => "services",
            "details" => "details"
        ],
        "serviceItem" => [
            "privacyPolicy" => "Privacy policy",
            "legitimateInterestClaim" => "Legitimate Interest claim",
            "purposesConsent" => "Purposes (Consent)",
            "purposesLegitimateInterest" => "Purposes (Legitimate Interest)",
            "specialPurposes" => "Special Purposes",
            "features" => "Features",
            "dataDeclaration" => "Data Declaration",
            "maximumCookieLifetime" => "Maximum cookie lifetime",
            "cookieExpiryRefreshed" => "Cookie expiry may be refreshed during the lifetime.",
            "trackingMethodCookies" => "Tracking method: Cookies",
            "trackingMethodOthers" => "Tracking method: Others",
            "andOthers" => "and others",
            "deviceStorage" => "Device storage",
            "standardRetention" => "Standard retention",
            "purposes" => "Purposes",
            "dataRetention" => "Data retention",
            "examples" => "Examples",
            "partners" => "Partners"
        ],
        'acceptAll' => 'Accept all',
        'acceptSelected' => 'Accept selected',
        'close' => 'Close',
        'consentNotice' => [
            'changeDescription' => 'There were changes since your last visit, please renew your consent.',
            'title' => 'Cookie Consent',
            'description' => 'Hi! Could we please enable some additional services for {purposes}? You can always change or withdraw your consent later.',
            'learnMore' => 'Let me choose',
            'testing' => 'Testing mode!',
        ],
        'contextualConsent' => [
            'acceptAlways' => 'Always',
            'acceptOnce' => 'Yes',
            'description' => 'Do you want to load external content supplied by {title}?',
        ],
        'decline' => 'I decline',
        'ok' => 'That\'s ok',
        'poweredBy' => 'Realized with Klaro!',
        'privacyPolicy' => [
            'name' => 'privacy policy',
            'text' => 'To learn more, please read our {privacyPolicy}.',
        ],
        'save' => 'Save',
        'service' => [
            'disableAll' => [
                'description' => 'Use this switch to enable or disable all services.',
                'title' => 'Enable or disable all services',
            ],
            'optOut' => [
                'description' => 'This services is loaded by default (but you can opt out)',
                'title' => '(opt-out)',
            ],
            'purpose' => 'purpose',
            'purposes' => 'purposes',
            'required' => [
                'description' => 'This services is always required',
                'title' => '(always required)',
            ],
        ],
    ];


    /**
     * OR just overwrite strings one by one
     */
    $my_custom_translations['en']["save"] = 'Save';
    $my_custom_translations['en']["service"]['required']['title'] = '(always required)';

    return $my_custom_translations;
}
add_filter('ct_ultimate_gdpr_tcf_translations', 'ct_tcf_custom_translations');

Ultimate GDPR & CCPA Compliance Toolkit for WordPress

(Ultimate GDPR & CCPA)

User Manual

Ultimate GDPR & CCPA¶